Publications | Guanhong Tao

2026

ICSE

Rethinking the Evaluation of Secure Code Generation

Shih-Chieh Dai, Jun Xu, and Guanhong Tao

In Proceedings of the 48th International Conference on Software Engineering, Rio de Janeiro, Brazil, 2026

@inproceedings{dai2026rethinking,
  author = {Dai, Shih-Chieh and Xu, Jun and Tao, Guanhong},
  title = {Rethinking the Evaluation of Secure Code Generation},
  year = {2026},
  publisher = {Association for Computing Machinery},
  booktitle = {Proceedings of the 48th International Conference on Software Engineering},
  location = {Rio de Janeiro, Brazil},
  series = {ICSE '26},
}

2025

NeurIPS

Temporal Logic-Based Multi-Vehicle Backdoor Attacks against Offline RL Agents in End-to-end Autonomous Driving

Xuan Chen, Shiwei Feng, Zikang Xiong, Shengwei An, Yunshu Mao, Lu Yan, Guanhong Tao, Wenbo Guo, and Xiangyu Zhang

In Proceedings of Thirty-Ninth Conference on Neural Information Processing Systems, San Diego, USA, 2025

Bib

@inproceedings{chen2025temporal,
  title = {Temporal Logic-Based Multi-Vehicle Backdoor Attacks against Offline RL Agents in End-to-end Autonomous Driving},
  author = {Chen, Xuan and Feng, Shiwei and Xiong, Zikang and An, Shengwei and Mao, Yunshu and Yan, Lu and Tao, Guanhong and Guo, Wenbo and Zhang, Xiangyu},
  booktitle = {Proceedings of Thirty-Ninth Conference on Neural Information Processing Systems},
  year = {2025},
  location = {San Diego, USA}
}

EMNLP

Profiler: Black-box AI-generated Text Origin Detection via Context-aware Inference Pattern Analysis

Hanxi Guo, Siyuan Cheng, Xiaolong Jin, Zhuo Zhang, Guangyu Shen, Kaiyuan Zhang, Shengwei An, Guanhong Tao, and Xiangyu Zhang

In Proceedings of The 2025 Conference on Empirical Methods in Natural Language Processing, Suzhou, China, 2025

Bib

@inproceedings{guo2025profiler,
  title = {Profiler: Black-box AI-generated Text Origin Detection via Context-aware Inference Pattern Analysis},
  author = {Guo, Hanxi and Cheng, Siyuan and Jin, Xiaolong and Zhang, Zhuo and Shen, Guangyu and Zhang, Kaiyuan and An, Shengwei and Tao, Guanhong and Zhang, Xiangyu},
  booktitle = {Proceedings of The 2025 Conference on Empirical Methods in Natural Language Processing},
  year = {2025},
  location = {Suzhou, China}
}

FSE Workshop

A Systematic Threat Modeling of LLM Applications

Guanhong Tao, Siyuan Cheng, Zhuo Zhang, Junmin Zhu, Guangyu Shen, Wanjing Han, Mu Zhang, and Xiangyu Zhang

In FSE 2025 Workshop on LLM App Store Analysis (LLMapp), Trondheim, Norway, 2025

Bib PDF

@inproceedings{tao2025systematic,
  title = {A Systematic Threat Modeling of LLM Applications},
  author = {Tao, Guanhong and Cheng, Siyuan and Zhang, Zhuo and Zhu, Junmin and Shen, Guangyu and Han, Wanjing and Zhang, Mu and Zhang, Xiangyu},
  booktitle = {FSE 2025 Workshop on LLM App Store Analysis (LLMapp)},
  year = {2025},
  location = {Trondheim, Norway}
}

S&P

Alleviating the Fear of Losing Alignment in LLM Fine-tuning

Kang Yang, Guanhong Tao, Xun Chen, and Jun Xu

In Proceedings of the 46th IEEE Symposium on Security and Privacy, San Francisco, USA, 2025

Bib PDF

@inproceedings{yang2025alleviating,
  title = {Alleviating the Fear of Losing Alignment in LLM Fine-tuning},
  author = {Yang, Kang and Tao, Guanhong and Chen, Xun and Xu, Jun},
  booktitle = {Proceedings of the 46th IEEE Symposium on Security and Privacy},
  year = {2025},
  location = {San Francisco, USA},
  organization = {IEEE Computer Society},
}

S&P

BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target

Guangyu Shen, Siyuan Cheng, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Hanxi Guo, Lu Yan, Xiaolong Jin, Shengwei An, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 46th IEEE Symposium on Security and Privacy, San Francisco, USA, 2025

Bib PDF

@inproceedings{shen2025bait,
  title = {BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target},
  author = {Shen, Guangyu and Cheng, Siyuan and Zhang, Zhuo and Tao, Guanhong and Zhang, Kaiyuan and Guo, Hanxi and Yan, Lu and Jin, Xiaolong and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 46th IEEE Symposium on Security and Privacy},
  year = {2025},
  location = {San Francisco, USA},
  organization = {IEEE Computer Society},
}

2024

NeurIPS

BiScope: AI-generated Text Detection by Checking Memorization of Preceding Tokens

Hanxi Guo, Siyuan Cheng, Xiaolong Jin, Zhuo Zhang, Kaiyuan Zhang, Guanhong Tao, Guangyu Shen, and Xiangyu Zhang

In Proceedings of Thirty-Eighth Conference on Neural Information Processing Systems, Vancouver, Canada, 2024

Bib PDF

@inproceedings{guo2024biscope,
  title = {BiScope: AI-generated Text Detection by Checking Memorization of Preceding Tokens},
  author = {Guo, Hanxi and Cheng, Siyuan and Jin, Xiaolong and Zhang, Zhuo and Zhang, Kaiyuan and Tao, Guanhong and Shen, Guangyu and Zhang, Xiangyu},
  booktitle = {Proceedings of Thirty-Eighth Conference on Neural Information Processing Systems},
  year = {2024},
  location = {Vancouver, Canada},
}

NeurIPS Workshop

SkewAct: Red Teaming Large Language Models via Activation-Skewed Adversarial Prompt Optimization

Hanxi Guo, Siyuan Cheng, Guanhong Tao, Guangyu Shen, Zhuo Zhang, Shengwei An, Kaiyuan Zhang, and Xiangyu Zhang

In NeurIPS 2024 Workshop on Red Teaming GenAI: What Can We Learn from Adversaries?, Vancouver, Canada, 2024

Bib PDF

@inproceedings{guo2024skewact,
  title = {SkewAct: Red Teaming Large Language Models via Activation-Skewed Adversarial Prompt Optimization},
  author = {Guo, Hanxi and Cheng, Siyuan and Tao, Guanhong and Shen, Guangyu and Zhang, Zhuo and An, Shengwei and Zhang, Kaiyuan and Zhang, Xiangyu},
  booktitle = {NeurIPS 2024 Workshop on Red Teaming GenAI: What Can We Learn from Adversaries?},
  year = {2024},
  location = {Vancouver, Canada}
}

ACSAC

Exploring Inherent Backdoors in Deep Learning Models

Guanhong Tao, Siyuan Cheng, Zhenting Wang, Shiqing Ma, Shengwei An, Yingqi Liu, Guangyu Shen, Zhuo Zhang, Yunshu Mao, and Xiangyu Zhang

In Proceedings of the Annual Computer Security Applications Conference, Hawaii, USA, 2024

Bib PDF

@inproceedings{tao2024exploring,
  title = {Exploring Inherent Backdoors in Deep Learning Models},
  author = {Tao, Guanhong and Cheng, Siyuan and Wang, Zhenting and Ma, Shiqing and An, Shengwei and Liu, Yingqi and Shen, Guangyu and Zhang, Zhuo and Mao, Yunshu and Zhang, Xiangyu},
  booktitle = {Proceedings of the Annual Computer Security Applications Conference},
  pages = {},
  year = {2024},
  location = {Hawaii, USA}
}

ECCV

UNIT: Backdoor Mitigation via Automated Neural Distribution Tightening

Siyuan Cheng, Guangyu Shen, Kaiyuan Zhang, Guanhong Tao, Shengwei An, Hanxi Guo, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 18th European Conference on Computer Vision, Milan, Italy, 2024

Bib PDF

@inproceedings{cheng2024unit,
  title = {UNIT: Backdoor Mitigation via Automated Neural Distribution Tightening},
  author = {Cheng, Siyuan and Shen, Guangyu and Zhang, Kaiyuan and Tao, Guanhong and An, Shengwei and Guo, Hanxi and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 18th European Conference on Computer Vision},
  pages = {},
  year = {2024},
  location = {Milan, Italy},
  organization = {Springer}
}

USENIX Security

Rethinking the Invisible Protection against Unauthorized Image Usage in Stable Diffusion

Shengwei An, Lu Yan, Siyuan Cheng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Guanhong Tao, and Xiangyu Zhang

In Proceedings of the 33rd USENIX Security Symposium, Philadelphia, PA, USA, 2024

Bib PDF

@inproceedings{an2024rethinking,
  author = {An, Shengwei and Yan, Lu and Cheng, Siyuan and Shen, Guangyu and Zhang, Kaiyuan and Xu, Qiuling and Tao, Guanhong and Zhang, Xiangyu},
  title = {Rethinking the Invisible Protection against Unauthorized Image Usage in Stable Diffusion},
  booktitle = {Proceedings of the 33rd USENIX Security Symposium},
  year = {2024},
  location = {Philadelphia, PA, USA},
  publisher = {USENIX Association}
}

S&P

Distribution Preserving Backdoor Attack in Self-supervised Learning

Guanhong Tao*, Zhenting Wang*, Shiwei Feng, Guangyu Shen, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

Bib PDF Code

@inproceedings{tao2023distribution,
  title = {Distribution Preserving Backdoor Attack in Self-supervised Learning},
  author = {Tao*, Guanhong and Wang*, Zhenting and Feng, Shiwei and Shen, Guangyu and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
  year = {2024},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society}
}

S&P

ODSCAN: Backdoor Scanning for Object Detection Models

Siyuan Cheng, Guangyu Shen, Guanhong Tao, Kaiyuan Zhang, Zhuo Zhang, Shengwei An, Xiangzhe Xu, Yingqi Liu, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

Bib PDF

@inproceedings{cheng2024odscan,
  title = {ODSCAN: Backdoor Scanning for Object Detection Models},
  author = {Cheng, Siyuan and Shen, Guangyu and Tao, Guanhong and Zhang, Kaiyuan and Zhang, Zhuo and An, Shengwei and Xu, Xiangzhe and Liu, Yingqi and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
  pages = {119--119},
  year = {2024},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society}
}

S&P

On Large Language Models’ Resilience to Coercive Interrogation

Zhuo Zhang, Guangyu Shen, Guanhong Tao, Siyuan Cheng, and Xiangyu Zhang

In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

Bib PDF

@inproceedings{zhang2024large,
  title = {On Large Language Models’ Resilience to Coercive Interrogation},
  author = {Zhang, Zhuo and Shen, Guangyu and Tao, Guanhong and Cheng, Siyuan and Zhang, Xiangyu},
  booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
  pages = {252--252},
  year = {2024},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

S&P

Exploring the Orthogonality and Linearity of Backdoor Attacks

Kaiyuan Zhang, Siyuan Cheng, Guangyu Shen, Guanhong Tao, Shengwei An, Anuran Makur, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

Bib PDF

@inproceedings{zhang2024exploring,
  title = {Exploring the Orthogonality and Linearity of Backdoor Attacks},
  author = {Zhang, Kaiyuan and Cheng, Siyuan and Shen, Guangyu and Tao, Guanhong and An, Shengwei and Makur, Anuran and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
  pages = {225--225},
  year = {2024},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society}
}

NDSS

Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering

Rui Zhu, Di Tang, Siyuan Tang, Zihao Wang, Guanhong Tao, Shiqing Ma, Xiaofeng Wang, and Haixu Tang

In Proceedings of the 31st Network and Distributed System Security Symposium, San Diego, CA, USA, 2024

Bib PDF

@inproceedings{zhu2024gradient,
  title = {Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering},
  author = {Zhu, Rui and Tang, Di and Tang, Siyuan and Wang, Zihao and Tao, Guanhong and Ma, Shiqing and Wang, Xiaofeng and Tang, Haixu},
  booktitle = {Proceedings of the 31st Network and Distributed System Security Symposium},
  year = {2024},
  location = {San Diego, CA, USA}
}

CVPR

LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning

Siyuan Cheng, Guanhong Tao, Yingqi Liu, Guangyu Shen, Shengwei An, Shiwei Feng, Xiangzhe Xu, Kaiyuan Zhang, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Seattle WA, USA, 2024

Bib PDF

@inproceedings{cheng2024lotus,
  title = {LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning},
  author = {Cheng, Siyuan and Tao, Guanhong and Liu, Yingqi and Shen, Guangyu and An, Shengwei and Feng, Shiwei and Xu, Xiangzhe and Zhang, Kaiyuan and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  year = {2024},
  location = {Seattle WA, USA}
}

AAAI

Elijah: Eliminating Backdoors Injected in Diffusion Models via Distribution Shift

Shengwei An, Sheng-Yen Chou, Kaiyuan Zhang, Qiuling Xu, Guanhong Tao, Guangyu Shen, Siyuan Cheng, Shiqing Ma, Pin-Yu Chen, Tsung-Yi Ho, and others

In Proceedings of the 38th AAAI Conference on Artificial Intelligence, Vancouver, Canada, 2024

Bib PDF

@inproceedings{an2024elijah,
  title = {Elijah: Eliminating Backdoors Injected in Diffusion Models via Distribution Shift},
  author = {An, Shengwei and Chou, Sheng-Yen and Zhang, Kaiyuan and Xu, Qiuling and Tao, Guanhong and Shen, Guangyu and Cheng, Siyuan and Ma, Shiqing and Chen, Pin-Yu and Ho, Tsung-Yi and others},
  booktitle = {Proceedings of the 38th AAAI Conference on Artificial Intelligence},
  volume = {38},
  number = {10},
  pages = {10847--10855},
  year = {2024},
  location = {Vancouver, Canada}
}

ICLR

Fusion is Not Enough: Single Modal Attack on Fusion Models for 3D Object Detection

Zhiyuan Cheng, Hongjun Choi, Shiwei Feng, James Chenhao Liang, Guanhong Tao, Dongfang Liu, Michael Zuzak, and Xiangyu Zhang

In Proceedings of the Twelfth International Conference on Learning Representations, Vienna, Austria, 2024

Bib PDF

@inproceedings{cheng2023fusion,
  title = {Fusion is Not Enough: Single Modal Attack on Fusion Models for 3D Object Detection},
  author = {Cheng, Zhiyuan and Choi, Hongjun and Feng, Shiwei and Liang, James Chenhao and Tao, Guanhong and Liu, Dongfang and Zuzak, Michael and Zhang, Xiangyu},
  booktitle = {Proceedings of the Twelfth International Conference on Learning Representations},
  year = {2024},
  location = {Vienna, Austria}
}

EACL

Threat Behavior Textual Search by Attention Graph Isomorphism

Chanwoo Bae, Guanhong Tao, Zhuo Zhang, and Xiangyu Zhang

In Proceedings of the 18th Conference of the European Chapter of the Association for Computational Linguistics (Volume 1: Long Papers), St. Julians, Malta, 2024

Bib PDF

@inproceedings{bae2024threat,
  title = {Threat Behavior Textual Search by Attention Graph Isomorphism},
  author = {Bae, Chanwoo and Tao, Guanhong and Zhang, Zhuo and Zhang, Xiangyu},
  booktitle = {Proceedings of the 18th Conference of the European Chapter of the Association for Computational Linguistics (Volume 1: Long Papers)},
  pages = {2616--2630},
  year = {2024},
  location = {St. Julians, Malta}
}

2023

USENIX Security

Hard-label Black-box Universal Adversarial Patch Attack

Guanhong Tao, Shengwei An, Siyuan Cheng, Guangyu Shen, and Xiangyu Zhang

In Proceedings of the 32nd USENIX Security Symposium, Anaheim, CA, USA, 2023

Bib PDF Code

@inproceedings{tao2023hard,
  author = {Tao, Guanhong and An, Shengwei and Cheng, Siyuan and Shen, Guangyu and Zhang, Xiangyu},
  title = {Hard-label Black-box Universal Adversarial Patch Attack},
  booktitle = {Proceedings of the 32nd USENIX Security Symposium},
  year = {2023},
  location = {Anaheim, CA, USA},
  isbn = {978-1-939133-37-3},
  pages = {697--714},
  publisher = {USENIX Association}
}

USENIX Security

PELICAN: Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis

Zhuo Zhang, Guanhong Tao, Guangyu Shen, Shengwei An, Qiuling Xu, Yingqi Liu, Yapeng Ye, Yaoxuan Wu, and Xiangyu Zhang

In Proceedings of the 32nd USENIX Security Symposium, Anaheim, CA, USA, 2023

Bib PDF

@inproceedings{zhang2023pelican,
  author = {Zhang, Zhuo and Tao, Guanhong and Shen, Guangyu and An, Shengwei and Xu, Qiuling and Liu, Yingqi and Ye, Yapeng and Wu, Yaoxuan and Zhang, Xiangyu},
  title = {{PELICAN}: Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis},
  booktitle = {Proceedings of the 32nd USENIX Security Symposium},
  year = {2023},
  location = {Anaheim, CA, USA},
  isbn = {978-1-939133-37-3},
  pages = {2365--2382}
}

ACL

Backdooring Neural Code Search

Weisong Sun*, Yuchen Chen*, Guanhong Tao*, Chunrong Fang, Xiangyu Zhang, Quanjun Zhang, and Bin Luo

In Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics, Toronto, Canada, 2023

Bib PDF Code

@inproceedings{sun2023backdooring,
  title = {Backdooring Neural Code Search},
  author = {Sun*, Weisong and Chen*, Yuchen and Tao*, Guanhong and Fang, Chunrong and Zhang, Xiangyu and Zhang, Quanjun and Luo, Bin},
  booktitle = {Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics},
  year = {2023},
  location = {Toronto, Canada}
}

NDSS

BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense

Siyuan Cheng, Guanhong Tao, Yingqi Liu, Shengwei An, Xiangzhe Xu, Shiwei Feng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Shiqing Ma, and others

In Proceedings of the 30th Network and Distributed System Security Symposium, San Diego, CA, USA, 2023

Bib PDF

@inproceedings{cheng2023beagle,
  title = {BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense},
  author = {Cheng, Siyuan and Tao, Guanhong and Liu, Yingqi and An, Shengwei and Xu, Xiangzhe and Feng, Shiwei and Shen, Guangyu and Zhang, Kaiyuan and Xu, Qiuling and Ma, Shiqing and others},
  booktitle = {Proceedings of the 30th Network and Distributed System Security Symposium},
  year = {2023},
  location = {San Diego, CA, USA}
}

ICLR

FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning

Kaiyuan Zhang, Guanhong Tao, Qiuling Xu, Siyuan Cheng, Shengwei An, Yingqi Liu, Shiwei Feng, Guangyu Shen, Pin-Yu Chen, Shiqing Ma, and others

In Proceedings of the Eleventh International Conference on Learning Representations, Kigali, Rwanda, 2023

AROW Best Paper Award Bib PDF

ECCV 2022 Workshop on Adversarial Robustness in the Real World (AROW 2022)

@inproceedings{zhang2022flip,
  title = {FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning},
  author = {Zhang, Kaiyuan and Tao, Guanhong and Xu, Qiuling and Cheng, Siyuan and An, Shengwei and Liu, Yingqi and Feng, Shiwei and Shen, Guangyu and Chen, Pin-Yu and Ma, Shiqing and others},
  booktitle = {Proceedings of the Eleventh International Conference on Learning Representations},
  year = {2023},
  location = {Kigali, Rwanda},
}

ICLR

Adversarial Training of Self-supervised Monocular Depth Estimation against Physical-World Attacks

Zhiyuan Cheng, James Chenhao Liang, Guanhong Tao, Dongfang Liu, and Xiangyu Zhang

In Proceedings of the Eleventh International Conference on Learning Representations, Kigali, Rwanda, 2023

Spotlight Bib PDF

5.6% (280/4956) submissions are accepted with a spotlight presentation.

@inproceedings{cheng2023adversarial,
  title = {Adversarial Training of Self-supervised Monocular Depth Estimation against Physical-World Attacks},
  author = {Cheng, Zhiyuan and Liang, James Chenhao and Tao, Guanhong and Liu, Dongfang and Zhang, Xiangyu},
  booktitle = {Proceedings of the Eleventh International Conference on Learning Representations},
  year = {2023},
  location = {Kigali, Rwanda},
}

NeurIPS

BIRD: Generalizable Backdoor Detection and Removal for Deep Reinforcement Learning

Xuan Chen, Wenbo Guo, Guanhong Tao, Xiangyu Zhang, and Dawn Song

In Proceedings of Thirty-seventh Conference on Neural Information Processing Systems, New Orleans, LA, USA, 2023

Bib PDF

@inproceedings{chen2023bird,
  title = {BIRD: Generalizable Backdoor Detection and Removal for Deep Reinforcement Learning},
  author = {Chen, Xuan and Guo, Wenbo and Tao, Guanhong and Zhang, Xiangyu and Song, Dawn},
  booktitle = {Proceedings of Thirty-seventh Conference on Neural Information Processing Systems},
  year = {2023},
  location = {New Orleans, LA, USA}
}

NeurIPS

Django: Detecting Trojans in Object Detection Models via Gaussian Focus Calibration

Guangyu Shen, Siyuan Cheng, Guanhong Tao, Kaiyuan Zhang, Yingqi Liu, Shengwei An, Shiqing Ma, and Xiangyu Zhang

In Proceedings of Thirty-seventh Conference on Neural Information Processing Systems, New Orleans, LA, USA, 2023

Bib PDF

@inproceedings{shen2023django,
  title = {Django: Detecting Trojans in Object Detection Models via Gaussian Focus Calibration},
  author = {Shen, Guangyu and Cheng, Siyuan and Tao, Guanhong and Zhang, Kaiyuan and Liu, Yingqi and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of Thirty-seventh Conference on Neural Information Processing Systems},
  year = {2023},
  location = {New Orleans, LA, USA}
}

NeurIPS

ParaFuzz: An Interpretability-Driven Technique for Detecting Poisoned Samples in NLP

Lu Yan, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Xuan Chen, Guangyu Shen, and Xiangyu Zhang

In Proceedings of Thirty-seventh Conference on Neural Information Processing Systems, New Orleans, LA, USA, 2023

Bib PDF

@inproceedings{yan2023parafuzz,
  title = {ParaFuzz: An Interpretability-Driven Technique for Detecting Poisoned Samples in NLP},
  author = {Yan, Lu and Zhang, Zhuo and Tao, Guanhong and Zhang, Kaiyuan and Chen, Xuan and Shen, Guangyu and Zhang, Xiangyu},
  booktitle = {Proceedings of Thirty-seventh Conference on Neural Information Processing Systems},
  year = {2023},
  location = {New Orleans, LA, USA}
}

CVPR

MEDIC: Remove Model Backdoors via Importance Driven Cloning

Qiuling Xu, Guanhong Tao, Jean Honorio, Yingqi Liu, Shengwei An, Guangyu Shen, Siyuan Cheng, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Vancouver, Canada, 2023

Bib PDF

@inproceedings{xu2023remove,
  title = {MEDIC: Remove Model Backdoors via Importance Driven Cloning},
  author = {Xu, Qiuling and Tao, Guanhong and Honorio, Jean and Liu, Yingqi and An, Shengwei and Shen, Guangyu and Cheng, Siyuan and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  year = {2023},
  location = {Vancouver, Canada}
}

CVPR

Detecting Backdoors in Pre-trained Encoders

Shiwei Feng, Guanhong Tao, Siyuan Cheng, Guangyu Shen, Xiangzhe Xu, Yingqi Liu, Kaiyuan Zhang, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Vancouver, Canada, 2023

Bib PDF

@inproceedings{feng2023detecting,
  title = {Detecting Backdoors in Pre-trained Encoders},
  author = {Feng, Shiwei and Tao, Guanhong and Cheng, Siyuan and Shen, Guangyu and Xu, Xiangzhe and Liu, Yingqi and Zhang, Kaiyuan and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages = {16352--16362},
  year = {2023},
  location = {Vancouver, Canada}
}

S&P

ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes

Shengwei An, Yuan Yao, Qiuling Xu, Shiqing Ma, Guanhong Tao, Siyuan Cheng, Kaiyuan Zhang, Yingqi Liu, Guangyu Shen, Ian Kelk, and others

In Proceedings of the 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2023

Bib PDF

@inproceedings{an2023imu,
  title = {ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes},
  author = {An, Shengwei and Yao, Yuan and Xu, Qiuling and Ma, Shiqing and Tao, Guanhong and Cheng, Siyuan and Zhang, Kaiyuan and Liu, Yingqi and Shen, Guangyu and Kelk, Ian and others},
  booktitle = {Proceedings of the 44th IEEE Symposium on Security and Privacy},
  pages = {899--916},
  year = {2023},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society}
}

FSE

PEM: Representing Binary Program Semantics for Similarity Analysis via a Probabilistic Execution Model

Xiangzhe Xu, Zhou Xuan, Shiwei Feng, Siyuan Cheng, Yapeng Ye, Qingkai Shi, Guanhong Tao, Le Yu, Zhuo Zhang, and Xiangyu Zhang

In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, San Francisco, California, USA, 2023

Bib PDF

@inproceedings{xu2023pem,
  title = {PEM: Representing Binary Program Semantics for Similarity Analysis via a Probabilistic Execution Model},
  author = {Xu, Xiangzhe and Xuan, Zhou and Feng, Shiwei and Cheng, Siyuan and Ye, Yapeng and Shi, Qingkai and Tao, Guanhong and Yu, Le and Zhang, Zhuo and Zhang, Xiangyu},
  booktitle = {Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
  pages = {401--412},
  year = {2023},
  location = {San Francisco, California, USA}
}

ISSTA

Improving Binary Code Similarity Transformer Models by Semantics-Driven Instruction Deemphasis

Xiangzhe Xu, Shiwei Feng, Yapeng Ye, Guangyu Shen, Zian Su, Siyuan Cheng, Guanhong Tao, Qingkai Shi, Zhuo Zhang, and Xiangyu Zhang

In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, Seattle, Washington, USA, 2023

Bib PDF

@inproceedings{xu2023improving,
  author = {Xu, Xiangzhe and Feng, Shiwei and Ye, Yapeng and Shen, Guangyu and Su, Zian and Cheng, Siyuan and Tao, Guanhong and Shi, Qingkai and Zhang, Zhuo and Zhang, Xiangyu},
  title = {Improving Binary Code Similarity Transformer Models by Semantics-Driven Instruction Deemphasis},
  booktitle = {Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis},
  pages = {1106-1118},
  year = {2023},
  location = {Seattle, Washington, USA}
}

2022

S&P

Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security

Guanhong Tao, Yingqi Liu, Guangyu Shen, Qiuling Xu, Shengwei An, Zhuo Zhang, and Xiangyu Zhang

In Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2022

Bib PDF Code

@inproceedings{tao2022model,
  title = {Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security},
  author = {Tao, Guanhong and Liu, Yingqi and Shen, Guangyu and Xu, Qiuling and An, Shengwei and Zhang, Zhuo and Zhang, Xiangyu},
  booktitle = {Proceedings of the 43rd IEEE Symposium on Security and Privacy},
  pages = {1372--1389},
  year = {2022},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society}
}

S&P

PICCOLO: Exposing Complex Backdoors in NLP Transformer Models

Yingqi Liu, Guangyu Shen, Guanhong Tao, Shengwei An, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2022

Bib PDF

@inproceedings{liu2022piccolo,
  title = {PICCOLO: Exposing Complex Backdoors in NLP Transformer Models},
  author = {Liu, Yingqi and Shen, Guangyu and Tao, Guanhong and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 43rd IEEE Symposium on Security and Privacy},
  pages = {1561--1561},
  year = {2022},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society}
}

FSE

RULER: Discriminative and Iterative Adversarial Training for Deep Neural Network Fairness

Guanhong Tao*, Weisong Sun*, Tingxu Han*, Chunrong Fang, and Xiangyu Zhang

In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Singapore, 2022

Bib PDF Code

@inproceedings{tao2022ruler,
  title = {RULER: Discriminative and Iterative Adversarial Training for Deep Neural Network Fairness},
  author = {Tao*, Guanhong and Sun*, Weisong and Han*, Tingxu and Fang, Chunrong and Zhang, Xiangyu},
  booktitle = {Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
  volume = {2022},
  year = {2022},
  location = {Singapore}
}

CVPR

Better Trigger Inversion Optimization in Backdoor Scanning

Guanhong Tao, Guangyu Shen, Yingqi Liu, Shengwei An, Qiuling Xu, Shiqing Ma, Pan Li, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA, 2022

Oral Bib PDF Code

4.2% (344/8161) submissions are accepted with an oral presentation.

@inproceedings{tao2022better,
  title = {Better Trigger Inversion Optimization in Backdoor Scanning},
  author = {Tao, Guanhong and Shen, Guangyu and Liu, Yingqi and An, Shengwei and Xu, Qiuling and Ma, Shiqing and Li, Pan and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages = {13368--13378},
  year = {2022},
  location = {New Orleans, LA, USA},
}

CVPR

Bounded Adversarial Attack on Deep Content Features

Qiuling Xu, Guanhong Tao, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA, 2022

Bib PDF

@inproceedings{xu2022bounded,
  title = {Bounded Adversarial Attack on Deep Content Features},
  author = {Xu, Qiuling and Tao, Guanhong and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages = {15203--15212},
  year = {2022},
  location = {New Orleans, LA, USA}
}

CVPR

Complex Backdoor Detection by Symmetric Feature Differencing

Yingqi Liu, Guangyu Shen, Guanhong Tao, Zhenting Wang, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA, 2022

Bib PDF

@inproceedings{liu2022complex,
  title = {Complex Backdoor Detection by Symmetric Feature Differencing},
  author = {Liu, Yingqi and Shen, Guangyu and Tao, Guanhong and Wang, Zhenting and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages = {15003--15013},
  year = {2022},
  location = {New Orleans, LA, USA}
}

NDSS

MIRROR: Model Inversion for Deep Learning Network with High Fidelity

Shengwei An, Guanhong Tao, Qiuling Xu, Yingqi Liu, Guangyu Shen, Yuan Yao, Jingwei Xu, and Xiangyu Zhang

In Proceedings of the 29th Network and Distributed System Security Symposium, San Diego, CA, USA, 2022

Bib PDF

@inproceedings{an2022mirror,
  title = {MIRROR: Model Inversion for Deep Learning Network with High Fidelity},
  author = {An, Shengwei and Tao, Guanhong and Xu, Qiuling and Liu, Yingqi and Shen, Guangyu and Yao, Yuan and Xu, Jingwei and Zhang, Xiangyu},
  booktitle = {Proceedings of the 29th Network and Distributed System Security Symposium},
  year = {2022},
  location = {San Diego, CA, USA}
}

ICML

Constrained Optimization with Dynamic Bound-scaling for Effective NLP Backdoor Defense

Guangyu Shen, Yingqi Liu, Guanhong Tao, Qiuling Xu, Zhuo Zhang, Shengwei An, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 39th International Conference on Machine Learning, Baltimore, MD, USA, 2022

Bib PDF

@inproceedings{shen2022constrained,
  title = {Constrained Optimization with Dynamic Bound-scaling for Effective {NLP} Backdoor Defense},
  author = {Shen, Guangyu and Liu, Yingqi and Tao, Guanhong and Xu, Qiuling and Zhang, Zhuo and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 39th International Conference on Machine Learning},
  pages = {19879--19892},
  year = {2022},
  location = {Baltimore, MD, USA},
  volume = {162},
  series = {Proceedings of Machine Learning Research},
  publisher = {PMLR}
}

ECCV

Physical Attack on Monocular Depth Estimation in Autonomous Driving with Optimal Adversarial Patches

Zhiyuan Cheng, James Liang, Hongjun Choi, Guanhong Tao, Zhiwen Cao, Dongfang Liu, and Xiangyu Zhang

In Proceedings of the 2022 European Conference on Computer Vision, Tel Aviv, Israel, 2022

Bib PDF

@inproceedings{cheng2022physical,
  title = {Physical Attack on Monocular Depth Estimation in Autonomous Driving with Optimal Adversarial Patches},
  author = {Cheng, Zhiyuan and Liang, James and Choi, Hongjun and Tao, Guanhong and Cao, Zhiwen and Liu, Dongfang and Zhang, Xiangyu},
  booktitle = {Proceedings of the 2022 European Conference on Computer Vision},
  pages = {514--532},
  year = {2022},
  location = {Tel Aviv, Israel},
  organization = {Springer}
}

CAIN

Checkpointing and Deterministic Training for Deep Learning

Xiangzhe Xu, Hongyu Liu, Guanhong Tao, Zhou Xuan, and Xiangyu Zhang

In Proceedings of the 1st International Conference on AI Engineering: Software Engineering for AI, Pittsburgh, PA, USA, 2022

Bib PDF

@inproceedings{xu2022checkpointing,
  author = {Xu, Xiangzhe and Liu, Hongyu and Tao, Guanhong and Xuan, Zhou and Zhang, Xiangyu},
  title = {Checkpointing and Deterministic Training for Deep Learning},
  year = {2022},
  isbn = {9781450392754},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {https://doi.org/10.1145/3522664.3528605},
  doi = {10.1145/3522664.3528605},
  booktitle = {Proceedings of the 1st International Conference on AI Engineering: Software Engineering for AI},
  numpages = {12},
  location = {Pittsburgh, PA, USA},
  series = {CAIN '22}
}

ICSE

Code Search based on Context-aware Code Translation

Weisong Sun, Chunrong Fang, Yuchen Chen, Guanhong Tao, Tingxu Han, and Quanjun Zhang

In Proceedings of the 44th International Conference on Software Engineering, Pittsburgh, PA, USA, 2022

Bib PDF

@inproceedings{sun2022code,
  author = {Sun, Weisong and Fang, Chunrong and Chen, Yuchen and Tao, Guanhong and Han, Tingxu and Zhang, Quanjun},
  title = {Code Search based on Context-aware Code Translation},
  year = {2022},
  isbn = {9781450392211},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {https://doi.org/10.1145/3510003.3510140},
  doi = {10.1145/3510003.3510140},
  booktitle = {Proceedings of the 44th International Conference on Software Engineering},
  pages = {388--400},
  numpages = {13},
  location = {Pittsburgh, PA, USA},
  series = {ICSE '22}
}

2021

ICLR Workshop

FIRM: Detecting Adversarial Audios by Recursive Filters with Randomization

Guanhong Tao, Xiaowei Chen, Yunhan Jia, Zhenyu Zhong, Shiqing Ma, and Xiangyu Zhang

In ICLR 2021 Workshop on Security and Safety in Machine Learning Systems, Virtual Event, 2021

Bib PDF

@inproceedings{tao2021firm,
  title = {FIRM: Detecting Adversarial Audios by Recursive Filters with Randomization},
  author = {Tao, Guanhong and Chen, Xiaowei and Jia, Yunhan and Zhong, Zhenyu and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {ICLR 2021 Workshop on Security and Safety in Machine Learning Systems},
  year = {2021},
  location = {Virtual Event}
}

AAAI

Towards Feature Space Adversarial Attack by Style Perturbation

Qiuling Xu, Guanhong Tao, Siyuan Cheng, and Xiangyu Zhang

In Proceedings of the 35th AAAI Conference on Artificial Intelligence, Virtual Event, 2021

Bib PDF

@inproceedings{xu2021towards,
  title = {Towards Feature Space Adversarial Attack by Style Perturbation},
  author = {Xu, Qiuling and Tao, Guanhong and Cheng, Siyuan and Zhang, Xiangyu},
  booktitle = {Proceedings of the 35th AAAI Conference on Artificial Intelligence},
  volume = {35},
  number = {12},
  pages = {10523--10531},
  year = {2021},
  location = {Virtual Event}
}

ICML

Backdoor Scanning for Deep Neural Networks through K-Arm Optimization

Guangyu Shen, Yingqi Liu, Guanhong Tao, Shengwei An, Qiuling Xu, Siyuan Cheng, Shiqing Ma, and Xiangyu Zhang

In Proceedings of Thirty-eighth International Conference on Machine Learning, Virtual Event, 2021

Bib PDF

@inproceedings{shen2021backdoor,
  title = {Backdoor Scanning for Deep Neural Networks through K-Arm Optimization},
  author = {Shen, Guangyu and Liu, Yingqi and Tao, Guanhong and An, Shengwei and Xu, Qiuling and Cheng, Siyuan and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of Thirty-eighth International Conference on Machine Learning},
  year = {2021},
  location = {Virtual Event}
}

S&P

StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting

Zhuo Zhang, Wei You, Guanhong Tao, Yousra Aafer, Xuwei Liu, and Xiangyu Zhang

In Proceedings of the 42nd IEEE Symposium on Security and Privacy, Virtual Event, 2021

TOP-10 Best Applied Security Paper Bib PDF

CSAW 2021 Best Applied Security Paper Award TOP-10 Finalists

@inproceedings{zhang2021stochfuzz,
  title = {StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting},
  author = {Zhang, Zhuo and You, Wei and Tao, Guanhong and Aafer, Yousra and Liu, Xuwei and Zhang, Xiangyu},
  booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy},
  pages = {659--676},
  year = {2021},
  location = {Virtual Event},
  organization = {IEEE},
}

S&P

OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary

Zhuo Zhang, Yapeng Ye, Wei You, Guanhong Tao, Wen-chuan Lee, Yonghwi Kwon, Yousra Aafer, and Xiangyu Zhang

In Proceedings of the 42nd IEEE Symposium on Security and Privacy, Virtual Event, 2021

Bib PDF

@inproceedings{zhang2021osprey,
  title = {OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary},
  author = {Zhang, Zhuo and Ye, Yapeng and You, Wei and Tao, Guanhong and Lee, Wen-chuan and Kwon, Yonghwi and Aafer, Yousra and Zhang, Xiangyu},
  booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy},
  pages = {813--832},
  year = {2021},
  location = {Virtual Event},
  organization = {IEEE}
}

NDSS

ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation

Le Yu, Shiqing Ma, Zhuo Zhang, Guanhong Tao, Xiangyu Zhang, Dongyan Xu, Vincent E Urias, Han Wei Lin, Gabriela Ciocarlie, Vinod Yegneswaran, and Ashish Gehani

In Proceedings of the 28th Network and Distributed System Security Symposium, Virtual Event, 2021

Bib PDF

@inproceedings{yu2021alchemist,
  title = {ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation},
  author = {Yu, Le and Ma, Shiqing and Zhang, Zhuo and Tao, Guanhong and Zhang, Xiangyu and Xu, Dongyan and Urias, Vincent E and Lin, Han Wei and Ciocarlie, Gabriela and Yegneswaran, Vinod and Gehani, Ashish},
  booktitle = {Proceedings of the 28th Network and Distributed System Security Symposium},
  year = {2021},
  location = {Virtual Event}
}

2020

ICSE

TRADER: Trace Divergence Analysis and Embedding Regulation for Debugging Recurrent Neural Networks

Guanhong Tao, Shiqing Ma, Yingqi Liu, Qiuling Xu, and Xiangyu Zhang

In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, Seoul, South Korea, 2020

Bib PDF Code Slides

@inproceedings{tao2020trader,
  author = {Tao, Guanhong and Ma, Shiqing and Liu, Yingqi and Xu, Qiuling and Zhang, Xiangyu},
  title = {TRADER: Trace Divergence Analysis and Embedding Regulation for Debugging Recurrent Neural Networks},
  year = {2020},
  isbn = {9781450371216},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {https://doi.org/10.1145/3377811.3380423},
  doi = {10.1145/3377811.3380423},
  booktitle = {Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering},
  pages = {986--998},
  numpages = {13},
  location = {Seoul, South Korea},
  series = {ICSE '20}
}

ICSE

CPC: Automatically Classifying and Propagating Natural Language Comments via Program Analysis

Juan Zhai, Xiangzhe Xu, Yu Shi, Guanhong Tao, Minxue Pan, Shiqing Ma, Lei Xu, Weifeng Zhang, Lin Tan, and Xiangyu Zhang

In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, Seoul, South Korea, 2020

Bib PDF

@inproceedings{zhai2020cpc,
  author = {Zhai, Juan and Xu, Xiangzhe and Shi, Yu and Tao, Guanhong and Pan, Minxue and Ma, Shiqing and Xu, Lei and Zhang, Weifeng and Tan, Lin and Zhang, Xiangyu},
  title = {CPC: Automatically Classifying and Propagating Natural Language Comments via Program Analysis},
  year = {2020},
  isbn = {9781450371216},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {https://doi.org/10.1145/3377811.3380427},
  doi = {10.1145/3377811.3380427},
  booktitle = {Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering},
  pages = {1359--1371},
  numpages = {13},
  location = {Seoul, South Korea},
  series = {ICSE '20}
}

FSE

Correlations Between Deep Neural Network Model Coverage Criteria and Model Quality

Shenao Yan, Guanhong Tao, Xuwei Liu, Juan Zhai, Shiqing Ma, Lei Xu, and Xiangyu Zhang

In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Virtual Event, 2020

Bib PDF

@inproceedings{yan2020correlations,
  author = {Yan, Shenao and Tao, Guanhong and Liu, Xuwei and Zhai, Juan and Ma, Shiqing and Xu, Lei and Zhang, Xiangyu},
  title = {Correlations Between Deep Neural Network Model Coverage Criteria and Model Quality},
  year = {2020},
  isbn = {9781450370431},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {https://doi.org/10.1145/3368089.3409671},
  doi = {10.1145/3368089.3409671},
  booktitle = {Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
  pages = {775--787},
  numpages = {13},
  keywords = {Software Testing, Deep Neural Networks},
  location = {Virtual Event},
  series = {ESEC/FSE 2020}
}

2019

CCS

ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation

Yingqi Liu, Wen-Chuan Lee, Guanhong Tao, Shiqing Ma, Yousra Aafer, and Xiangyu Zhang

In Proceedings of the 26th ACM Conference on Computer and Communications Security, London, United Kingdom, 2019

Bib PDF

@inproceedings{liu2019abs,
  author = {Liu, Yingqi and Lee, Wen-Chuan and Tao, Guanhong and Ma, Shiqing and Aafer, Yousra and Zhang, Xiangyu},
  title = {ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation},
  booktitle = {Proceedings of the 26th ACM Conference on Computer and Communications Security},
  series = {CCS '19},
  year = {2019},
  isbn = {978-1-4503-6747-9},
  location = {London, United Kingdom},
  pages = {1265--1282},
  numpages = {18},
  url = {http://doi.acm.org/10.1145/3319535.3363216},
  doi = {10.1145/3319535.3363216},
  acmid = {3363216},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {ai trojan attacks, artificial brain stimulation, deep learning system}
}

NDSS

NIC: Detecting Adversarial Samples with Neural Network Invariant Checking

Shiqing Ma, Yingqi Liu, Guanhong Tao, Wen-Chuan Lee, and Xiangyu Zhang

In Proceedings of the 26th Network and Distributed System Security Symposium, San Diego, CA, USA, 2019

Bib PDF

@inproceedings{ma2019nic,
  author = {Ma, Shiqing and Liu, Yingqi and Tao, Guanhong and Lee, Wen{-}Chuan and Zhang, Xiangyu},
  title = {{NIC:} Detecting Adversarial Samples with Neural Network Invariant Checking},
  booktitle = {Proceedings of the 26th Network and Distributed System Security Symposium},
  year = {2019},
  location = {San Diego, CA, USA},
  url = {https://www.ndss-symposium.org/ndss-paper/nic-detecting-adversarial-samples-with-neural-network-invariant-checking/}
}

OOPSLA

BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation

Zhuo Zhang, Wei You, Guanhong Tao, Guannan Wei, Yonghwi Kwon, and Xiangyu Zhang

Proceedings of the ACM on Programming Languages, Athens, Greece, 2019

Distinguished Paper Award Bib PDF

ACM SIGPLAN Distinguished Paper Award

@article{zhang2019bda,
  author = {Zhang, Zhuo and You, Wei and Tao, Guanhong and Wei, Guannan and Kwon, Yonghwi and Zhang, Xiangyu},
  title = {BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation},
  journal = {Proceedings of the ACM on Programming Languages},
  issue_date = {October 2019},
  volume = {3},
  number = {OOPSLA},
  year = {2019},
  location = {Athens, Greece},
  issn = {2475-1421},
  pages = {137:1--137:31},
  articleno = {137},
  numpages = {31},
  url = {http://doi.acm.org/10.1145/3360563},
  doi = {10.1145/3360563},
  acmid = {3360563},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {Abstract Interpretation, Binary Analysis, Data Dependence, Path Sampling},
}

2018

NeurIPS

Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples

Guanhong Tao, Shiqing Ma, Yingqi Liu, and Xiangyu Zhang

In Proceedings of Thirty-second Conference on Neural Information Processing Systems, Montréal, Canada, 2018

Spotlight Bib PDF Code Poster Slides

3.5% (168/4856) submissions are accepted with a spotlight presentation.

@inproceedings{tao2018attacks,
  title = {Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples},
  author = {Tao, Guanhong and Ma, Shiqing and Liu, Yingqi and Zhang, Xiangyu},
  booktitle = {Proceedings of Thirty-second Conference on Neural Information Processing Systems},
  pages = {7728--7739},
  year = {2018},
  location = {Montréal, Canada},
  publisher = {Curran Associates, Inc.},
  url = {http://papers.nips.cc/paper/7998-attacks-meet-interpretability-attribute-steered-detection-of-adversarial-samples.pdf},
}

CCS

Precise Android API Protection Mapping Derivation and Reasoning

Yousra Aafer, Guanhong Tao, Jianjun Huang, Xiangyu Zhang, and Ninghui Li

In Proceedings of the 25th ACM Conference on Computer and Communications Security, Toronto, Canada, 2018

Bib PDF

@inproceedings{aafer2018precise,
  author = {Aafer, Yousra and Tao, Guanhong and Huang, Jianjun and Zhang, Xiangyu and Li, Ninghui},
  title = {Precise Android API Protection Mapping Derivation and Reasoning},
  booktitle = {Proceedings of the 25th ACM Conference on Computer and Communications Security},
  series = {CCS '18},
  year = {2018},
  isbn = {978-1-4503-5693-0},
  location = {Toronto, Canada},
  pages = {1151--1164},
  numpages = {14},
  url = {http://doi.acm.org/10.1145/3243734.3243842},
  doi = {10.1145/3243734.3243842},
  acmid = {3243842},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {access control, android, permission model}
}

IEEE Trans. Reliab.

MalPat: Mining Patterns of Malicious and Benign Android Apps via Permission-Related APIs

Guanhong Tao, Zibin Zheng, Ziying Guo, and Michael R. Lyu

IEEE Transactions on Reliability, 2018

Bib PDF

@article{tao2017malpat,
  author = {Tao, Guanhong and Zheng, Zibin and Guo, Ziying and Lyu, Michael R.},
  title = {MalPat: Mining Patterns of Malicious and Benign Android Apps via Permission-Related APIs},
  journal = {{IEEE} Transactions on Reliability},
  volume = {67},
  number = {1},
  pages = {355--369},
  year = {2018},
  url = {https://doi.org/10.1109/TR.2017.2778147},
  doi = {10.1109/TR.2017.2778147}
}