Miaoqian Lin

I am a Postdoctoral Researcher at The University of Hong Kong, working with Prof. Ho Chen. I received my Ph.D. from the University of Chinese Academy of Sciences, where I was advised by Prof. Kai Chen. I feel very fortunate to work with excellent researchers.
My research focuses on software security, program analysis, and AI for security. Specifically, I have designed and implemented automated analysis tools for large-scale bug detection. My work has detected hundreds of previously unknown security bugs in widely used programs. Based on my research, I have also contributed hundreds of bug-fixing patches to the mainline of the Linux kernel.
Selected publications
- USENIX SecurityBugAuditor: Detecting Bugs via Inconsistent Defensive Code AuditingIn Proceedings of the 35th USENIX Security Symposium, 2026
@inproceedings{lin2026bugauditor, author = {Lin, Miaoqian and Chen, Kai and Chen, Hao}, title = {BugAuditor: Detecting Bugs via Inconsistent Defensive Code Auditing}, booktitle = {USENIX Security Symposium}, date = {2026-08-12/2026-08-14}, address = {Baltimore, MD, USA}, } - S&PSpecAuditor: Generating Audit Specifications for LLM-Driven Bug DetectionIn Proceedings of the 47th IEEE Symposium on Security and Privacy, 2026Artifact Available · Functional · Reproducible
@inproceedings{lin2026specauditor, author = {Lin, Miaoqian and Chen, Hao}, title = {SpecAuditor: Generating Audit Specifications for LLM-Driven Bug Detection}, booktitle = {IEEE Symposium on Security \& Privacy}, date = {2026-05-18/2026-05-21}, address = {San Francisco, CA, USA}, } - NDSSUncovering the Iceberg from the Tip: Generating API Specifications for Bug Detection via Specification Propagation AnalysisIn Proceedings of the 32nd Network and Distributed System Security Symposium, 2025Artifact Available · Functional · Reproducible
@inproceedings{lin2025uncovering, author = {Lin, Miaoqian and Chen, Kai and Yang, Yi and Liu, Jinghua}, title = {Uncovering the Iceberg from the Tip: Generating API Specifications for Bug Detection via Specification Propagation Analysis}, booktitle = {Network and Distributed System Security Symposium}, date = {2025-02-24/2025-02-28}, address = {San Diego, CA, USA}, } - USENIX SecurityDetecting API Post-Handling Bugs Using Code and Description in PatchesIn Proceedings of the 32nd USENIX Security Symposium, 2023
@inproceedings{lin2023detecting, author = {Lin, Miaoqian and Chen, Kai and Xiao, Yang}, title = {Detecting API Post-Handling Bugs Using Code and Description in Patches}, booktitle = {USENIX Security Symposium}, date = {2023-08-09/2023-08-11}, address = {Anaheim, CA, USA}, }