Guanhong Tao

I am an incoming Assistant Professor in Kahlert School of Computing at the University of Utah starting Fall 2024. My research focuses on the security and safety of AI-enabled systems, aiming to empower system providers and individual users to counteract attacks and biases. I am broadly interested in a range of topics in Security and Privacy relating to machine learning, including backdoor threats, adversarial generative AI, and machine learning for security. My projects are consistently published in conferences such as IEEE S&P / USENIX Security / CCS / NDSS, NeurIPS / ICML / ICLR, CVPR / ECCV / ACL, and ICSE / FSE. I am a recipient of Maurice H. Halstead Memorial Award (for exemplary contributions to software engineering research), ECCV AROW Workshop Best Paper Award (2022), and OOPSLA Distinguished Paper Award (2019).

I obtained my Ph.D. from Purdue University under the supervision of Xiangyu Zhang. I received my bachelor’s degree from Zhejiang University.

News

Jun, 2024	One paper accepted to USENIX Security 2024. Congrats to Shengwei and Lu!
May, 2024	Invited to serve on the Program Committee of IEEE S&P 2025
May, 2024	Successfully passed the Ph.D. dissertation defense
Apr, 2024	Four papers to appear in IEEE S&P 2024

Selected Publications

S&P

Distribution Preserving Backdoor Attack in Self-supervised Learning

Guanhong Tao*, Zhenting Wang*, Shiwei Feng, Guangyu Shen, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

Bib PDF Code

@inproceedings{tao2023distribution,
  title = {Distribution Preserving Backdoor Attack in Self-supervised Learning},
  author = {Tao*, Guanhong and Wang*, Zhenting and Feng, Shiwei and Shen, Guangyu and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
  year = {2024},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

S&P

On Large Language Models’ Resilience to Coercive Interrogation

Zhuo Zhang, Guangyu Shen, Guanhong Tao, Siyuan Cheng, and Xiangyu Zhang

In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

Bib PDF

@inproceedings{zhang2024large,
  title = {On Large Language Models’ Resilience to Coercive Interrogation},
  author = {Zhang, Zhuo and Shen, Guangyu and Tao, Guanhong and Cheng, Siyuan and Zhang, Xiangyu},
  booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
  pages = {252--252},
  year = {2024},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

USENIX Security

Hard-label Black-box Universal Adversarial Patch Attack

Guanhong Tao, Shengwei An, Siyuan Cheng, Guangyu Shen, and Xiangyu Zhang

In Proceedings of the 32nd USENIX Security Symposium, Anaheim, CA, USA, 2023

Bib PDF Code

@inproceedings{tao2023hard,
  author = {Tao, Guanhong and An, Shengwei and Cheng, Siyuan and Shen, Guangyu and Zhang, Xiangyu},
  title = {Hard-label Black-box Universal Adversarial Patch Attack},
  booktitle = {Proceedings of the 32nd USENIX Security Symposium},
  year = {2023},
  location = {Anaheim, CA, USA},
  isbn = {978-1-939133-37-3},
  pages = {697--714},
  publisher = {USENIX Association},
}

ACL

Backdooring Neural Code Search

Weisong Sun*, Yuchen Chen*, Guanhong Tao*, Chunrong Fang, Xiangyu Zhang, Quanjun Zhang, and Bin Luo

In Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics, Toronto, Canada, 2023

Bib PDF Code

@inproceedings{sun2023backdooring,
  title = {Backdooring Neural Code Search},
  author = {Sun*, Weisong and Chen*, Yuchen and Tao*, Guanhong and Fang, Chunrong and Zhang, Xiangyu and Zhang, Quanjun and Luo, Bin},
  booktitle = {Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics},
  year = {2023},
  location = {Toronto, Canada},
}

NDSS

BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense

Siyuan Cheng, Guanhong Tao, Yingqi Liu, Shengwei An, Xiangzhe Xu, Shiwei Feng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Shiqing Ma, and others

In Proceedings of the 30th Network and Distributed System Security Symposium, San Diego, CA, USA, 2023

Bib PDF

@inproceedings{cheng2023beagle,
  title = {BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense},
  author = {Cheng, Siyuan and Tao, Guanhong and Liu, Yingqi and An, Shengwei and Xu, Xiangzhe and Feng, Shiwei and Shen, Guangyu and Zhang, Kaiyuan and Xu, Qiuling and Ma, Shiqing and others},
  booktitle = {Proceedings of the 30th Network and Distributed System Security Symposium},
  year = {2023},
  location = {San Diego, CA, USA},
}

ICLR

FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning

Kaiyuan Zhang, Guanhong Tao, Qiuling Xu, Siyuan Cheng, Shengwei An, Yingqi Liu, Shiwei Feng, Guangyu Shen, Pin-Yu Chen, Shiqing Ma, and others

In Proceedings of the Eleventh International Conference on Learning Representations, Kigali, Rwanda, 2023

AROW Best Paper Award Bib PDF

ECCV 2022 Workshop on Adversarial Robustness in the Real World (AROW 2022)

@inproceedings{zhang2022flip,
  title = {FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning},
  author = {Zhang, Kaiyuan and Tao, Guanhong and Xu, Qiuling and Cheng, Siyuan and An, Shengwei and Liu, Yingqi and Feng, Shiwei and Shen, Guangyu and Chen, Pin-Yu and Ma, Shiqing and others},
  booktitle = {Proceedings of the Eleventh International Conference on Learning Representations},
  year = {2023},
  location = {Kigali, Rwanda},
}

NeurIPS

BIRD: Generalizable Backdoor Detection and Removal for Deep Reinforcement Learning

Xuan Chen, Wenbo Guo, Guanhong Tao, Xiangyu Zhang, and Dawn Song

In Proceedings of Thirty-seventh Conference on Neural Information Processing Systems, New Orleans, LA, USA, 2023

Bib PDF

@inproceedings{chen2023bird,
  title = {BIRD: Generalizable Backdoor Detection and Removal for Deep Reinforcement Learning},
  author = {Chen, Xuan and Guo, Wenbo and Tao, Guanhong and Zhang, Xiangyu and Song, Dawn},
  booktitle = {Proceedings of Thirty-seventh Conference on Neural Information Processing Systems},
  year = {2023},
  location = {New Orleans, LA, USA},
}

CVPR

Detecting Backdoors in Pre-trained Encoders

Shiwei Feng, Guanhong Tao, Siyuan Cheng, Guangyu Shen, Xiangzhe Xu, Yingqi Liu, Kaiyuan Zhang, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Vancouver, Canada, 2023

Bib PDF

@inproceedings{feng2023detecting,
  title = {Detecting Backdoors in Pre-trained Encoders},
  author = {Feng, Shiwei and Tao, Guanhong and Cheng, Siyuan and Shen, Guangyu and Xu, Xiangzhe and Liu, Yingqi and Zhang, Kaiyuan and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages = {16352--16362},
  year = {2023},
  location = {Vancouver, Canada},
}

S&P

Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security

Guanhong Tao, Yingqi Liu, Guangyu Shen, Qiuling Xu, Shengwei An, Zhuo Zhang, and Xiangyu Zhang

In Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2022

Bib PDF Code

@inproceedings{tao2022model,
  title = {Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security},
  author = {Tao, Guanhong and Liu, Yingqi and Shen, Guangyu and Xu, Qiuling and An, Shengwei and Zhang, Zhuo and Zhang, Xiangyu},
  booktitle = {Proceedings of the 43rd IEEE Symposium on Security and Privacy},
  pages = {1372--1389},
  year = {2022},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

S&P

PICCOLO: Exposing Complex Backdoors in NLP Transformer Models

Yingqi Liu, Guangyu Shen, Guanhong Tao, Shengwei An, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2022

Bib PDF

@inproceedings{liu2022piccolo,
  title = {PICCOLO: Exposing Complex Backdoors in NLP Transformer Models},
  author = {Liu, Yingqi and Shen, Guangyu and Tao, Guanhong and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 43rd IEEE Symposium on Security and Privacy},
  pages = {1561--1561},
  year = {2022},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

FSE

RULER: Discriminative and Iterative Adversarial Training for Deep Neural Network Fairness

Guanhong Tao*, Weisong Sun*, Tingxu Han*, Chunrong Fang, and Xiangyu Zhang

In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Singapore, 2022

Bib PDF Code

@inproceedings{tao2022ruler,
  title = {RULER: Discriminative and Iterative Adversarial Training for Deep Neural Network Fairness},
  author = {Tao*, Guanhong and Sun*, Weisong and Han*, Tingxu and Fang, Chunrong and Zhang, Xiangyu},
  booktitle = {Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
  volume = {2022},
  year = {2022},
  location = {Singapore},
}

CVPR

Better Trigger Inversion Optimization in Backdoor Scanning

Guanhong Tao, Guangyu Shen, Yingqi Liu, Shengwei An, Qiuling Xu, Shiqing Ma, Pan Li, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA, 2022

Oral Bib PDF Code

4.2% (344/8161) submissions are accepted with an oral presentation.

@inproceedings{tao2022better,
  title = {Better Trigger Inversion Optimization in Backdoor Scanning},
  author = {Tao, Guanhong and Shen, Guangyu and Liu, Yingqi and An, Shengwei and Xu, Qiuling and Ma, Shiqing and Li, Pan and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages = {13368--13378},
  year = {2022},
  location = {New Orleans, LA, USA},
}

ICSE

TRADER: Trace Divergence Analysis and Embedding Regulation for Debugging Recurrent Neural Networks

Guanhong Tao, Shiqing Ma, Yingqi Liu, Qiuling Xu, and Xiangyu Zhang

In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, Seoul, South Korea, 2020

Bib PDF Code Slides

@inproceedings{tao2020trader,
  author = {Tao, Guanhong and Ma, Shiqing and Liu, Yingqi and Xu, Qiuling and Zhang, Xiangyu},
  title = {TRADER: Trace Divergence Analysis and Embedding Regulation for Debugging Recurrent Neural Networks},
  year = {2020},
  isbn = {9781450371216},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {https://doi.org/10.1145/3377811.3380423},
  doi = {10.1145/3377811.3380423},
  booktitle = {Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering},
  pages = {986--998},
  numpages = {13},
  location = {Seoul, South Korea},
  series = {ICSE '20},
}

CCS

ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation

Yingqi Liu, Wen-Chuan Lee, Guanhong Tao, Shiqing Ma, Yousra Aafer, and Xiangyu Zhang

In Proceedings of the 26th ACM Conference on Computer and Communications Security, London, United Kingdom, 2019

Bib PDF

@inproceedings{liu2019abs,
  author = {Liu, Yingqi and Lee, Wen-Chuan and Tao, Guanhong and Ma, Shiqing and Aafer, Yousra and Zhang, Xiangyu},
  title = {ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation},
  booktitle = {Proceedings of the 26th ACM Conference on Computer and Communications Security},
  series = {CCS '19},
  year = {2019},
  isbn = {978-1-4503-6747-9},
  location = {London, United Kingdom},
  pages = {1265--1282},
  numpages = {18},
  url = {http://doi.acm.org/10.1145/3319535.3363216},
  doi = {10.1145/3319535.3363216},
  acmid = {3363216},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {ai trojan attacks, artificial brain stimulation, deep learning system},
  google_scholar_id = {Tyk-4Ss8FVUC},
}

NDSS

NIC: Detecting Adversarial Samples with Neural Network Invariant Checking

Shiqing Ma, Yingqi Liu, Guanhong Tao, Wen-Chuan Lee, and Xiangyu Zhang

In Proceedings of the 26th Network and Distributed System Security Symposium, San Diego, CA, USA, 2019

Bib PDF

@inproceedings{ma2019nic,
  author = {Ma, Shiqing and Liu, Yingqi and Tao, Guanhong and Lee, Wen{-}Chuan and Zhang, Xiangyu},
  title = {{NIC:} Detecting Adversarial Samples with Neural Network Invariant Checking},
  booktitle = {Proceedings of the 26th Network and Distributed System Security Symposium},
  year = {2019},
  location = {San Diego, CA, USA},
  url = {https://www.ndss-symposium.org/ndss-paper/nic-detecting-adversarial-samples-with-neural-network-invariant-checking/},
  google_scholar_id = {qjMakFHDy7sC},
}

NeurIPS

Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples

Guanhong Tao, Shiqing Ma, Yingqi Liu, and Xiangyu Zhang

In Proceedings of Thirty-second Conference on Neural Information Processing Systems, Montréal, Canada, 2018

Spotlight Bib PDF Code Poster Slides

3.5% (168/4856) submissions are accepted with a spotlight presentation.

@inproceedings{tao2018attacks,
  title = {Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples},
  author = {Tao, Guanhong and Ma, Shiqing and Liu, Yingqi and Zhang, Xiangyu},
  booktitle = {Proceedings of Thirty-second Conference on Neural Information Processing Systems},
  pages = {7728--7739},
  year = {2018},
  location = {Montréal, Canada},
  publisher = {Curran Associates, Inc.},
  url = {http://papers.nips.cc/paper/7998-attacks-meet-interpretability-attribute-steered-detection-of-adversarial-samples.pdf},
  google_scholar_id = {9yKSN-GCB0IC},
}

Awards & Honors

Maurice H. Halstead Memorial Research Award, Apr 2023
ECCV 2022 AROW Workshop Best Paper Award, Oct 2022
ICLR Highlighted Reviewer, Apr 2022
CSAW 2021 Best Applied Security Paper Award TOP-10 Finalists, Nov 2021
OOPSLA 2019 Distinguished Paper Award, Oct 2019

Teaching

Guest Lecture, CS 431: Software Engineering, Rutgers University, Spring 2023
Guest Lecture, CS 529: Security Analytics, Purdue University, Fall 2019, Fall 2020, Fall 2022, Fall 2023
Teaching Assistant, CS 240: Programming in C, Purdue University, Spring 2020
Teaching Assistant, CS 590: Program Analysis For Deep Learning, Purdue University, Fall 2019

Services

Program Chair / Organizer
- BANDS The 1st ICLR Workshop on Backdoor Attacks and Defenses in Machine Learning
- AISCC NDSS 2024 Workshop on AI System with Confidential Computing
Program Committee / Reviewer
- IEEE S&P IEEE Symposium on Security and Privacy: 2021 (Shadow), 2025
- RAID International Symposium on Research in Attacks, Intrusions and Defenses: 2024
- FSE ACM Symposium on the Foundations of Software Engineering: 2023 (Artifact Evaluation)
- NeurIPS Conference on Neural Information Processing Systems: 2021, 2022, 2023, 2024
- ICML International Conference on Machine Learning: 2021, 2022, 2023, 2024
- ICLR International Conference on Learning Representations: 2022 (Highlighted), 2023, 2024
- CVPR IEEE/CVF Conference on Computer Vision and Pattern Recognition: 2022, 2023
- ECCV European Conference on Computer Vision: 2022
- ICCV International Conference on Computer Vision: 2023
- ACL Annual Meeting of the Association for Computational Linguistics: 2023
- EMNLP Conference on Empirical Methods in Natural Language Processing: 2023
- AAAI Annual AAAI Conference on Artificial Intelligence: 2024
- DPML ICLR Workshop on Distributed and Private Machine Learning: 2021
- AGI ICLR AGI Workshop: 2024
- TDSC IEEE Transactions on Dependable and Secure Computing
- T-IFS IEEE Transactions on Information Forensics & Security
- TOPS ACM Transactions on Privacy and Security
- TMLR Transactions on Machine Learning Research