Wei Ma

Wei Ma

A Coder, A Researcher, A Scientist

About Wei Ma, Ph.D.

Currently, I am a research scientist at Singapore Management University (SMU) with a strong focus on cybersecurity and software engineering. I have published over 25 papers in top-tier conferences and journals, including TIFS, ICSE, ISSTA, ASE, TOSEM, and EMSE. My research spans across program analysis and AI-driven software security, smart-contract auditing and DeFi governance, large-scale fuzzing and vulnerability detection, and mutation testing for trustworthy AI.

During my Ph.D. studies at University of Luxembourg, I developed foundational expertise in software testing methodologies, working closely with Prof. Yves Le Traon and Prof. Mike Papadakis. In my postdoctoral work, I expanded into cybersecurity research, focusing on the intersection of software engineering and intelligent system security, resulting in industry-leading contributions to code model security, Web3 security governance, and robust AI for code.

At SMU, I collaborate with Prof. Lingxiao Jiang, and during my time at Nanyang Technological University (NTU), I worked with Prof. Yang Liu and Prof. Yi Li. I serve as a reviewer for premier conferences and journals, including ISSTA, TOSEM, ASE NIER, JSS, JSA, KNOSYS, and EMSE.

I am currently on the academic job market seeking faculty positions. If you are interested in my research or potential collaboration, please feel free to contact me at weima@smu.edu.sg or weima93@gmail.com.

News

  • Our paper, Beyond Final Code: A Process-Oriented Error analysis of Software Development Agents in Real-World GitHub Scenarios has been accepted by ICSE 2026 (cycle 2).
  • Our paper, Detecting DeFi Fraud with a Graph-Transformer Language Model has been accepted by IEEE Transactions on Information Forensics and Security (TIFS).
  • Our paper, Runtime Verification of Tactical Data Link has been accepted by ISSRE 2025 Industry Track with (2 accept and 1 strong accept).
  • Our paper, MazeBreaker: Multi-Agent Reinforcement Learning for Dynamic Jailbreaking of LLM Security Defenses has been accepted by ICSE 2026 (cycle 1).

Research Interests

🔒 Cybersecurity Focus

  • Software Security & Vulnerability Detection: Advanced techniques for identifying and mitigating security vulnerabilities in software systems
  • Web3 & Blockchain Security: Smart-contract auditing, DeFi governance analysis, and decentralized system security
  • AI-Driven Security: Leveraging machine learning for automated security analysis and threat detection
  • Code Model Security: Adversarial attacks and defenses for large language models in software engineering

🔧 Software Engineering Excellence

  • Software Testing: Mutation testing, fuzz testing, and comprehensive quality assurance methodologies
  • Trustworthy AI: Robustness evaluation, interpretability analysis, and reliable AI system deployment
  • Code Intelligence: Syntax-semantic modeling and controllability analysis of code foundation models
  • Program Analysis: Static and dynamic analysis techniques for software understanding and verification

Security Highlights

  • 🏆 Awards & Recognition: ICSE 2025 Industry Track Best Paper Award; ICSME 2020 Distinguished Paper Award; ICSE 2021 industry impact
  • 🔍 Audit & Governance: Explainable findings and auditor workflows for smart-contract security; Large-scale empirical study across major DeFi applications
  • 🛡️ Industry Transfer: Code knowledge-graph fuzzing and root-cause analysis
  • 🤖 MazeBreaker: Multi-agent RL for dynamic jailbreaking of LLM defenses (ICSE 2026)
  • ⚡ LLM for Security: Attacking and hardening code models; secure software supply chain; trustworthy/robust AI for code & systems

Academic Appointments

  • Research Scientist, Singapore Management University (Oct. 2024 – Present)
  • Research Fellow, Nanyang Technological University (Oct. 2022 – Oct. 2024)
  • Research Assistant, University of Luxembourg (May 2022 – Sep. 2023)

Publication

Please click my Google Scholar to check my full publications. * co-first author, # corresponding author

🔧 Software Testing & Security

My research in software testing focuses on enhancing the efficiency and practicality of mutation testing and fuzz testing methodologies. I develop novel approaches for commit-aware mutation testing, delta-oriented testing strategies, and intelligent fuzz driver generation to improve software quality assurance processes.

  1. Wei Ma; Thierry Titcheu Chekam; Mike Papadakis; Mark Harman; MuDelta: Delta-Oriented Mutation Testing at Commit Time, the 43rd International Conference on Software Engineering (ICSE 2021), Madrid, Spain.
  2. Wei Ma; T. Laurent; M. Ojdanić; T. T. Chekam; A. Ventresque and M. Papadakis. Commit-Aware Mutation Testing, 2020 IEEE International Conference on Software Maintenance and Evolution Adelaide, SA, Australia, 2020, pp. 394-405, (ICSME ‘20, IEEE Computer Society TCSE Distinguished Paper Award)
  3. Miloš Ojdanić; Wei Ma; Thomas Laurent; Thierry Titcheu Chekam; Anthony Ventresque; and Mike Papadakis. 2022. On the use of commit-relevant mutants. Empirical Softw. Engg. 27, 5 (Sep 2022). https://doi.org/10.1007/s10664-022-10138-1 (EMSE ‘22)
  4. Xu, Hanxiang; Wei Ma; Ting Zhou; Yanjie Zhao; Kai Chen; Qiang Hu; Yang Liu; and Haoyu Wang. A Code Knowledge Graph-Enhanced System for LLM-Based Fuzz Driver Generation. (ICSE-Industry-Track, Best Paper Award, 2025)
  5. Cen Zhang; Yaowen Zheng; Mingqiang Bai; Yeting Li; Wei Ma; Xiaofei Xie; Yuekang Li; Limin Sun; and Yang Liu. 2024. How Effective Are They? Exploring Large Language Model Based Fuzz Driver Generation. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis Association for Computing Machinery, New York, NY, USA, 1223–1235 (ISSTA ‘24)

🛡️ AI Security & Trustworthy Systems

I investigate the robustness and security of AI systems, particularly focusing on adversarial attacks on code models, security defenses for LLMs, and test selection methods for deep neural networks. My work addresses critical challenges in ensuring the reliability and trustworthiness of AI-powered software systems in cybersecurity contexts.

  1. Wei Ma; Mike Papadakis; Anestis Tsakmalis; Maxime Cordy; Yves Le Traon; Test Selection for Deep Learning Systems, ACM Transactions on Software Engineering and Methodology, 2021, 30(2): 1-22.
  2. Zhihao Lin; Wei Ma; Mingyi Zhou; Yanjie Zhao; Haoyu Wang; Yang Liu; Jun Wang; Li Li; MazeBreaker: Multi-Agent Reinforcement Learning for Dynamic Jailbreaking of LLM Security Defenses, 48th ICSE, Brazil, 2026.
  3. Qiang Hu; Yuejun Guo; Xiaofei Xie; Maxime Cordy; Wei Ma#; Mike Papadakis; Lei Ma; and Yves Le Traon. 2025. Assessing the Robustness of Test Selection Methods for Deep Neural Networks. ACM Trans. Softw. Eng. Methodol. Just Accepted (January 2025, TOSEM ‘25). https://doi.org/10.1145/3715693
  4. Jie Zhang; Wei Ma#; Qiang Hu; Shangqing Liu; Xiaofei Xie; Yves Le Traon; and Yang Liu. 2023. A Black-Box Attack on Code Models via Representation Nearest Neighbor Search. In Findings of the Association for Computational Linguistics: Empirical Methods in Natural Language Processing, 2023, pages 9706–9716, Singapore. Association for Computational Linguistics. (EMNLP-Findings ‘23)
  5. Dang, X.; Li, Y.; Wei Ma. et al. Towards Exploring the Limitations of Test Selection Techniques on Graph Neural Networks: An Empirical Study. Empirical Software Engineering 29, 112 (2024). (EMSE ‘24)
  6. Hu, Qiang; Yuejun Guo; Maxime Cordy; Xiaofei Xie; Wei Ma; Mike Papadakis; and Yves Le Traon. “Towards Understanding Model Quantization for Reliable Deep Neural Network Deployment.” In 2023 IEEE/ACM 2nd International Conference on AI Engineering–Software Engineering for AI (CAIN), pp. 56-67. IEEE, 2023.
  7. Qiang Hu; Yuejun Guo; Maxime Cordy; Xiaofei Xie; Wei Ma; Mike Papadakis; and Yves Le Traon. 2022. Towards exploring the limitations of active learning: an empirical study. In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering IEEE Press, 917–929.(ASE ‘22)

🔒 Cybersecurity & Web3 Security

This represents my core cybersecurity research focus. I explore security challenges in decentralized systems and Web3 applications, emphasizing governance issues in DeFi protocols, smart contract auditing using LLM-based agents, vulnerability detection methods, and comprehensive analysis of security threats in blockchain ecosystems. This work directly contributes to securing the next generation of financial and decentralized infrastructure.

  1. Wei Ma; Chenguang Zhu; Ye Liu; Xiaofei Xie; Yi Li; A Comprehensive Study of Governance Issues in Decentralized Finance Applications, ACM Transactions on Software Engineering and Methodology, 2025.
  2. Wei Ma; Daoyuan Wu; Yuqiang Sun; Tianwen Wang; Shangqing Liu; Jian Zhang; Yue Xue; Yang Liu; Combining Fine-tuning and LLM-based Agents for Intuitive Smart Contract Auditing with Justifications, IEEE/ACM 47th International Conference on Software Engineering (ICSE 2025), Ottawa, Canada.
  3. Sun, Dianxiang; Wei Ma; Liming Nie; and Yang Liu. Sok: Comprehensive analysis of rug pull causes, datasets, and detection tools in defi. (ISSTA 2025)
  4. Shangqing Liu; Wei Ma#; Jian Wang; Xiaofei Xie; Ruitao Feng; and Yang Liu. 2024. Enhancing Code Vulnerability Detection via Vulnerability-Preserving Data Augmentation. In Proceedings of the 25th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES 2024). Association for Computing Machinery, New York, NY, USA, 166–177. https://doi.org/10.1145/3652032.3657564
  5. Wei Ma, Junjie Shi, Jiaxi Qiu, Cong Wu, Jing Chen, Lingxiao Jiang, Shangqing Liu, Yang Liu, Xiang Yang. Detecting DeFi Fraud with a Graph-TransformerLanguage Model. In IEEE Transactions on Information Forensics & Security.
  6. Qiang Wang, Zhiyuan Hu, Wei Ma#, Qiang Chen, Yueling Zhang, and Geguang Pu. Runtime Verification of Tactical Data Link. ISSRE 2025 Industry Track.

🤖 Code Intelligence & Foundation Models

I study the fundamental capabilities and practical applications of LLMs in software engineering. My research investigates syntax and semantic understanding in code pre-trained models, develops generic code embedding techniques, and explores collaborative software learning through AI-based tools for program understanding and automated debugging. This work bridges software engineering and AI to enhance developer productivity and code quality.

  1. Wei Ma; Shangqing Liu; Mengjie Zhao; Xiaofei Xie; Wenhang Wang; Qiang Hu; Jie Zhang; Yang Liu; Unveiling Code Pre-Trained Models: Investigating Syntax and Semantics Capacities, ACM TOSEM, 2024, 33(7): 1-29.
  2. Wei Ma; Mengjie Zhao; Ezekiel Soremekun; Qiang Hu; Jie M. Zhang; Mike Papadakis; Maxime Cordy; Xiaofei Xie; and Yves Le Traon. 2022. GraphCode2Vec: generic code embedding via lexical and program dependence analyses. In Proceedings of the 19th International Conference on Mining Software Repositories Association for Computing Machinery, New York, NY, USA, 524–536. (MSR ‘22)
  3. Zhihao Lin; Wei Ma; Tao Lin; Yaowen Zheng; Jingquan Ge; Jun Wang; Jacques Klein; Tegawende Bissyande; Yang Liu; and Li Li. 2024. Open-Source AI-based SE Tools: Opportunities and Challenges of Collaborative Software Learning. ACM Trans. Softw. Eng. Methodol. Just Accepted (December 2024). https://doi.org/10.1145/3708529 (TOSEM ‘25)
  4. Junjie Shi; Wei Ma#; Chen Chi; Lingxiao Jiang. Debugging For LLM-Based Software (FSE 2030 Workshop, FSE’ 2025)
  5. Z. Lin; M. Zhou; Wei Ma; C. Chen; Y. Yang; J. Wang; C. Hu; L. Li. HomeRepair: Learn to Repair OpenHarmony Apps, (FSE 2025 Industry Track, Accept)
  6. Shangqing Liu; Yanzhou Li; Xiaofei Xie; Wei Ma#; Guozhu Meng; and Yang Liu. 2024. Automated Commit Intelligence by Pre-training. ACM Trans. Softw. Eng. Methodol. 33, 8, Article 201 (November 2024), 30 pages. https://doi.org/10.1145/3674731 (TOSEM ‘25)
  7. Wenhan Wang; Yanzhou Li; Anran Li; Jian Zhang; Wei Ma; and Yang Liu. 2024. An Empirical Study on Noisy Label Learning for Program Understanding. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. Association for Computing Machinery, New York, NY, USA, Article 95, 1–12.(ICSE ‘24)