Publications

2024

1. S&P

   Distribution Preserving Backdoor Attack in Self-supervised Learning

   Guanhong Tao*, Zhenting Wang*, Shiwei Feng, Guangyu Shen, Shiqing Ma, and Xiangyu Zhang

   In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

   Bib PDF Code

   @inproceedings{tao2023distribution,
     title = {Distribution Preserving Backdoor Attack in Self-supervised Learning},
     author = {Tao*, Guanhong and Wang*, Zhenting and Feng, Shiwei and Shen, Guangyu and Ma, Shiqing and Zhang, Xiangyu},
     booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
     year = {2024},
     location = {San Francisco, CA, USA},
     organization = {IEEE Computer Society},
   }

2. S&P

   ODSCAN: Backdoor Scanning for Object Detection Models

   Siyuan Cheng, Guangyu Shen, Guanhong Tao, Kaiyuan Zhang, Zhuo Zhang, Shengwei An, Xiangzhe Xu, Yingqi Liu, Shiqing Ma, and Xiangyu Zhang

   In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

   Bib PDF

   @inproceedings{cheng2024odscan,
     title = {ODSCAN: Backdoor Scanning for Object Detection Models},
     author = {Cheng, Siyuan and Shen, Guangyu and Tao, Guanhong and Zhang, Kaiyuan and Zhang, Zhuo and An, Shengwei and Xu, Xiangzhe and Liu, Yingqi and Ma, Shiqing and Zhang, Xiangyu},
     booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
     pages = {119--119},
     year = {2024},
     location = {San Francisco, CA, USA},
     organization = {IEEE Computer Society}
   }

3. S&P

   On Large Language Models’ Resilience to Coercive Interrogation

   Zhuo Zhang, Guangyu Shen, Guanhong Tao, Siyuan Cheng, and Xiangyu Zhang

   In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

   Bib PDF

   @inproceedings{zhang2024large,
     title = {On Large Language Models’ Resilience to Coercive Interrogation},
     author = {Zhang, Zhuo and Shen, Guangyu and Tao, Guanhong and Cheng, Siyuan and Zhang, Xiangyu},
     booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
     pages = {252--252},
     year = {2024},
     location = {San Francisco, CA, USA},
     organization = {IEEE Computer Society},
   }

4. S&P

   Exploring the Orthogonality and Linearity of Backdoor Attacks

   Kaiyuan Zhang, Siyuan Cheng, Guangyu Shen, Guanhong Tao, Shengwei An, Anuran Makur, Shiqing Ma, and Xiangyu Zhang

   In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

   Bib PDF

   @inproceedings{zhang2024exploring,
     title = {Exploring the Orthogonality and Linearity of Backdoor Attacks},
     author = {Zhang, Kaiyuan and Cheng, Siyuan and Shen, Guangyu and Tao, Guanhong and An, Shengwei and Makur, Anuran and Ma, Shiqing and Zhang, Xiangyu},
     booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
     pages = {225--225},
     year = {2024},
     location = {San Francisco, CA, USA},
     organization = {IEEE Computer Society}
   }

5. USENIX Security

   Rethinking the Invisible Protection against Unauthorized Image Usage in Stable Diffusion

   Shengwei An, Lu Yan, Siyuan Cheng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Guanhong Tao, and Xiangyu Zhang

   In Proceedings of the 33rd USENIX Security Symposium, Philadelphia, PA, USA, 2024

   Bib PDF

   @inproceedings{an2024rethinking,
     author = {An, Shengwei and Yan, Lu and Cheng, Siyuan and Shen, Guangyu and Zhang, Kaiyuan and Xu, Qiuling and Tao, Guanhong and Zhang, Xiangyu},
     title = {Rethinking the Invisible Protection against Unauthorized Image Usage in Stable Diffusion},
     booktitle = {Proceedings of the 33rd USENIX Security Symposium},
     year = {2024},
     location = {Philadelphia, PA, USA},
     publisher = {USENIX Association}
   }

6. NDSS

   Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering

   Rui Zhu, Di Tang, Siyuan Tang, Zihao Wang, Guanhong Tao, Shiqing Ma, Xiaofeng Wang, and Haixu Tang

   In Proceedings of the 31st Network and Distributed System Security Symposium, San Diego, CA, USA, 2024

   Bib PDF

   @inproceedings{zhu2024gradient,
     title = {Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering},
     author = {Zhu, Rui and Tang, Di and Tang, Siyuan and Wang, Zihao and Tao, Guanhong and Ma, Shiqing and Wang, Xiaofeng and Tang, Haixu},
     booktitle = {Proceedings of the 31st Network and Distributed System Security Symposium},
     year = {2024},
     location = {San Diego, CA, USA}
   }

7. CVPR

   LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning

   Siyuan Cheng, Guanhong Tao, Yingqi Liu, Guangyu Shen, Shengwei An, Shiwei Feng, Xiangzhe Xu, Kaiyuan Zhang, Shiqing Ma, and Xiangyu Zhang

   In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Seattle WA, USA, 2024

   Bib PDF

   @inproceedings{cheng2024lotus,
     title = {LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning},
     author = {Cheng, Siyuan and Tao, Guanhong and Liu, Yingqi and Shen, Guangyu and An, Shengwei and Feng, Shiwei and Xu, Xiangzhe and Zhang, Kaiyuan and Ma, Shiqing and Zhang, Xiangyu},
     booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
     year = {2024},
     location = {Seattle WA, USA}
   }

8. AAAI

   Elijah: Eliminating Backdoors Injected in Diffusion Models via Distribution Shift

   Shengwei An, Sheng-Yen Chou, Kaiyuan Zhang, Qiuling Xu, Guanhong Tao, Guangyu Shen, Siyuan Cheng, Shiqing Ma, Pin-Yu Chen, Tsung-Yi Ho, and  others

   In Proceedings of the 38th AAAI Conference on Artificial Intelligence, Vancouver, Canada, 2024

   Bib PDF

   @inproceedings{an2024elijah,
     title = {Elijah: Eliminating Backdoors Injected in Diffusion Models via Distribution Shift},
     author = {An, Shengwei and Chou, Sheng-Yen and Zhang, Kaiyuan and Xu, Qiuling and Tao, Guanhong and Shen, Guangyu and Cheng, Siyuan and Ma, Shiqing and Chen, Pin-Yu and Ho, Tsung-Yi and others},
     booktitle = {Proceedings of the 38th AAAI Conference on Artificial Intelligence},
     volume = {38},
     number = {10},
     pages = {10847--10855},
     year = {2024},
     location = {Vancouver, Canada}
   }

9. ICLR

   Fusion is Not Enough: Single Modal Attack on Fusion Models for 3D Object Detection

   Zhiyuan Cheng, Hongjun Choi, Shiwei Feng, James Chenhao Liang, Guanhong Tao, Dongfang Liu, Michael Zuzak, and Xiangyu Zhang

   In Proceedings of the Twelfth International Conference on Learning Representations, Vienna, Austria, 2024

   Bib PDF

   @inproceedings{cheng2023fusion,
     title = {Fusion is Not Enough: Single Modal Attack on Fusion Models for 3D Object Detection},
     author = {Cheng, Zhiyuan and Choi, Hongjun and Feng, Shiwei and Liang, James Chenhao and Tao, Guanhong and Liu, Dongfang and Zuzak, Michael and Zhang, Xiangyu},
     booktitle = {Proceedings of the Twelfth International Conference on Learning Representations},
     year = {2024},
     location = {Vienna, Austria}
   }

10. EACL

    Threat Behavior Textual Search by Attention Graph Isomorphism

    Chanwoo Bae, Guanhong Tao, Zhuo Zhang, and Xiangyu Zhang

    In Proceedings of the 18th Conference of the European Chapter of the Association for Computational Linguistics (Volume 1: Long Papers), St. Julians, Malta, 2024

    Bib PDF

    @inproceedings{bae2024threat,
      title = {Threat Behavior Textual Search by Attention Graph Isomorphism},
      author = {Bae, Chanwoo and Tao, Guanhong and Zhang, Zhuo and Zhang, Xiangyu},
      booktitle = {Proceedings of the 18th Conference of the European Chapter of the Association for Computational Linguistics (Volume 1: Long Papers)},
      pages = {2616--2630},
      year = {2024},
      location = {St. Julians, Malta}
    }

2023

1. USENIX Security

   Hard-label Black-box Universal Adversarial Patch Attack

   Guanhong Tao, Shengwei An, Siyuan Cheng, Guangyu Shen, and Xiangyu Zhang

   In Proceedings of the 32nd USENIX Security Symposium, Anaheim, CA, USA, 2023

   Bib PDF Code

   @inproceedings{tao2023hard,
     author = {Tao, Guanhong and An, Shengwei and Cheng, Siyuan and Shen, Guangyu and Zhang, Xiangyu},
     title = {Hard-label Black-box Universal Adversarial Patch Attack},
     booktitle = {Proceedings of the 32nd USENIX Security Symposium},
     year = {2023},
     location = {Anaheim, CA, USA},
     isbn = {978-1-939133-37-3},
     pages = {697--714},
     publisher = {USENIX Association},
   }

2. USENIX Security

   PELICAN: Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis

   Zhuo Zhang, Guanhong Tao, Guangyu Shen, Shengwei An, Qiuling Xu, Yingqi Liu, Yapeng Ye, Yaoxuan Wu, and Xiangyu Zhang

   In Proceedings of the 32nd USENIX Security Symposium, Anaheim, CA, USA, 2023

   Bib PDF

   @inproceedings{zhang2023pelican,
     author = {Zhang, Zhuo and Tao, Guanhong and Shen, Guangyu and An, Shengwei and Xu, Qiuling and Liu, Yingqi and Ye, Yapeng and Wu, Yaoxuan and Zhang, Xiangyu},
     title = {{PELICAN}: Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis},
     booktitle = {Proceedings of the 32nd USENIX Security Symposium},
     year = {2023},
     location = {Anaheim, CA, USA},
     isbn = {978-1-939133-37-3},
     pages = {2365--2382}
   }

3. ACL

   Backdooring Neural Code Search

   Weisong Sun*, Yuchen Chen*, Guanhong Tao*, Chunrong Fang, Xiangyu Zhang, Quanjun Zhang, and Bin Luo

   In Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics, Toronto, Canada, 2023

   Bib PDF Code

   @inproceedings{sun2023backdooring,
     title = {Backdooring Neural Code Search},
     author = {Sun*, Weisong and Chen*, Yuchen and Tao*, Guanhong and Fang, Chunrong and Zhang, Xiangyu and Zhang, Quanjun and Luo, Bin},
     booktitle = {Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics},
     year = {2023},
     location = {Toronto, Canada},
   }

4. NDSS

   BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense

   Siyuan Cheng, Guanhong Tao, Yingqi Liu, Shengwei An, Xiangzhe Xu, Shiwei Feng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Shiqing Ma, and  others

   In Proceedings of the 30th Network and Distributed System Security Symposium, San Diego, CA, USA, 2023

   Bib PDF

   @inproceedings{cheng2023beagle,
     title = {BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense},
     author = {Cheng, Siyuan and Tao, Guanhong and Liu, Yingqi and An, Shengwei and Xu, Xiangzhe and Feng, Shiwei and Shen, Guangyu and Zhang, Kaiyuan and Xu, Qiuling and Ma, Shiqing and others},
     booktitle = {Proceedings of the 30th Network and Distributed System Security Symposium},
     year = {2023},
     location = {San Diego, CA, USA},
   }

5. ICLR

   FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning

   Kaiyuan Zhang, Guanhong Tao, Qiuling Xu, Siyuan Cheng, Shengwei An, Yingqi Liu, Shiwei Feng, Guangyu Shen, Pin-Yu Chen, Shiqing Ma, and  others

   In Proceedings of the Eleventh International Conference on Learning Representations, Kigali, Rwanda, 2023

   AROW Best Paper Award Bib PDF

   ECCV 2022 Workshop on Adversarial Robustness in the Real World (AROW 2022)

   @inproceedings{zhang2022flip,
     title = {FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning},
     author = {Zhang, Kaiyuan and Tao, Guanhong and Xu, Qiuling and Cheng, Siyuan and An, Shengwei and Liu, Yingqi and Feng, Shiwei and Shen, Guangyu and Chen, Pin-Yu and Ma, Shiqing and others},
     booktitle = {Proceedings of the Eleventh International Conference on Learning Representations},
     year = {2023},
     location = {Kigali, Rwanda},
   }

6. ICLR

   Adversarial Training of Self-supervised Monocular Depth Estimation against Physical-World Attacks

   Zhiyuan Cheng, James Chenhao Liang, Guanhong Tao, Dongfang Liu, and Xiangyu Zhang

   In Proceedings of the Eleventh International Conference on Learning Representations, Kigali, Rwanda, 2023

   Spotlight Bib PDF

   5.6% (280/4956) submissions are accepted with a spotlight presentation.

   @inproceedings{cheng2023adversarial,
     title = {Adversarial Training of Self-supervised Monocular Depth Estimation against Physical-World Attacks},
     author = {Cheng, Zhiyuan and Liang, James Chenhao and Tao, Guanhong and Liu, Dongfang and Zhang, Xiangyu},
     booktitle = {Proceedings of the Eleventh International Conference on Learning Representations},
     year = {2023},
     location = {Kigali, Rwanda},
   }

7. NeurIPS

   BIRD: Generalizable Backdoor Detection and Removal for Deep Reinforcement Learning

   Xuan Chen, Wenbo Guo, Guanhong Tao, Xiangyu Zhang, and Dawn Song

   In Proceedings of Thirty-seventh Conference on Neural Information Processing Systems, New Orleans, LA, USA, 2023

   Bib PDF

   @inproceedings{chen2023bird,
     title = {BIRD: Generalizable Backdoor Detection and Removal for Deep Reinforcement Learning},
     author = {Chen, Xuan and Guo, Wenbo and Tao, Guanhong and Zhang, Xiangyu and Song, Dawn},
     booktitle = {Proceedings of Thirty-seventh Conference on Neural Information Processing Systems},
     year = {2023},
     location = {New Orleans, LA, USA},
   }

8. NeurIPS

   Django: Detecting Trojans in Object Detection Models via Gaussian Focus Calibration

   Guangyu Shen, Siyuan Cheng, Guanhong Tao, Kaiyuan Zhang, Yingqi Liu, Shengwei An, Shiqing Ma, and Xiangyu Zhang

   In Proceedings of Thirty-seventh Conference on Neural Information Processing Systems, New Orleans, LA, USA, 2023

   Bib PDF

   @inproceedings{shen2023django,
     title = {Django: Detecting Trojans in Object Detection Models via Gaussian Focus Calibration},
     author = {Shen, Guangyu and Cheng, Siyuan and Tao, Guanhong and Zhang, Kaiyuan and Liu, Yingqi and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
     booktitle = {Proceedings of Thirty-seventh Conference on Neural Information Processing Systems},
     year = {2023},
     location = {New Orleans, LA, USA}
   }

9. NeurIPS

   ParaFuzz: An Interpretability-Driven Technique for Detecting Poisoned Samples in NLP

   Lu Yan, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Xuan Chen, Guangyu Shen, and Xiangyu Zhang

   In Proceedings of Thirty-seventh Conference on Neural Information Processing Systems, New Orleans, LA, USA, 2023

   Bib PDF

   @inproceedings{yan2023parafuzz,
     title = {ParaFuzz: An Interpretability-Driven Technique for Detecting Poisoned Samples in NLP},
     author = {Yan, Lu and Zhang, Zhuo and Tao, Guanhong and Zhang, Kaiyuan and Chen, Xuan and Shen, Guangyu and Zhang, Xiangyu},
     booktitle = {Proceedings of Thirty-seventh Conference on Neural Information Processing Systems},
     year = {2023},
     location = {New Orleans, LA, USA}
   }

10. CVPR

    MEDIC: Remove Model Backdoors via Importance Driven Cloning

    Qiuling Xu, Guanhong Tao, Jean Honorio, Yingqi Liu, Shengwei An, Guangyu Shen, Siyuan Cheng, and Xiangyu Zhang

    In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Vancouver, Canada, 2023

    Bib PDF

    @inproceedings{xu2023remove,
      title = {MEDIC: Remove Model Backdoors via Importance Driven Cloning},
      author = {Xu, Qiuling and Tao, Guanhong and Honorio, Jean and Liu, Yingqi and An, Shengwei and Shen, Guangyu and Cheng, Siyuan and Zhang, Xiangyu},
      booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
      year = {2023},
      location = {Vancouver, Canada}
    }

11. CVPR

    Detecting Backdoors in Pre-trained Encoders

    Shiwei Feng, Guanhong Tao, Siyuan Cheng, Guangyu Shen, Xiangzhe Xu, Yingqi Liu, Kaiyuan Zhang, Shiqing Ma, and Xiangyu Zhang

    In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Vancouver, Canada, 2023

    Bib PDF

    @inproceedings{feng2023detecting,
      title = {Detecting Backdoors in Pre-trained Encoders},
      author = {Feng, Shiwei and Tao, Guanhong and Cheng, Siyuan and Shen, Guangyu and Xu, Xiangzhe and Liu, Yingqi and Zhang, Kaiyuan and Ma, Shiqing and Zhang, Xiangyu},
      booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
      pages = {16352--16362},
      year = {2023},
      location = {Vancouver, Canada},
    }

12. S&P

    ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes

    Shengwei An, Yuan Yao, Qiuling Xu, Shiqing Ma, Guanhong Tao, Siyuan Cheng, Kaiyuan Zhang, Yingqi Liu, Guangyu Shen, Ian Kelk, and  others

    In Proceedings of the 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2023

    Bib PDF

    @inproceedings{an2023imu,
      title = {ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes},
      author = {An, Shengwei and Yao, Yuan and Xu, Qiuling and Ma, Shiqing and Tao, Guanhong and Cheng, Siyuan and Zhang, Kaiyuan and Liu, Yingqi and Shen, Guangyu and Kelk, Ian and others},
      booktitle = {Proceedings of the 44th IEEE Symposium on Security and Privacy},
      pages = {899--916},
      year = {2023},
      location = {San Francisco, CA, USA},
      organization = {IEEE Computer Society}
    }

13. FSE

    PEM: Representing Binary Program Semantics for Similarity Analysis via a Probabilistic Execution Model

    Xiangzhe Xu, Zhou Xuan, Shiwei Feng, Siyuan Cheng, Yapeng Ye, Qingkai Shi, Guanhong Tao, Le Yu, Zhuo Zhang, and Xiangyu Zhang

    In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, San Francisco, California, USA, 2023

    Bib PDF

    @inproceedings{xu2023pem,
      title = {PEM: Representing Binary Program Semantics for Similarity Analysis via a Probabilistic Execution Model},
      author = {Xu, Xiangzhe and Xuan, Zhou and Feng, Shiwei and Cheng, Siyuan and Ye, Yapeng and Shi, Qingkai and Tao, Guanhong and Yu, Le and Zhang, Zhuo and Zhang, Xiangyu},
      booktitle = {Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
      pages = {401--412},
      year = {2023},
      location = {San Francisco, California, USA}
    }

14. ISSTA

    Improving Binary Code Similarity Transformer Models by Semantics-Driven Instruction Deemphasis

    Xiangzhe Xu, Shiwei Feng, Yapeng Ye, Guangyu Shen, Zian Su, Siyuan Cheng, Guanhong Tao, Qingkai Shi, Zhuo Zhang, and Xiangyu Zhang

    In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, Seattle, Washington, USA, 2023

    Bib PDF

    @inproceedings{xu2023improving,
      author = {Xu, Xiangzhe and Feng, Shiwei and Ye, Yapeng and Shen, Guangyu and Su, Zian and Cheng, Siyuan and Tao, Guanhong and Shi, Qingkai and Zhang, Zhuo and Zhang, Xiangyu},
      title = {Improving Binary Code Similarity Transformer Models by Semantics-Driven Instruction Deemphasis},
      booktitle = {Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis},
      pages = {1106-1118},
      year = {2023},
      location = {Seattle, Washington, USA}
    }

2022

1. S&P

   Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security

   Guanhong Tao, Yingqi Liu, Guangyu Shen, Qiuling Xu, Shengwei An, Zhuo Zhang, and Xiangyu Zhang

   In Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2022

   Bib PDF Code

   @inproceedings{tao2022model,
     title = {Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security},
     author = {Tao, Guanhong and Liu, Yingqi and Shen, Guangyu and Xu, Qiuling and An, Shengwei and Zhang, Zhuo and Zhang, Xiangyu},
     booktitle = {Proceedings of the 43rd IEEE Symposium on Security and Privacy},
     pages = {1372--1389},
     year = {2022},
     location = {San Francisco, CA, USA},
     organization = {IEEE Computer Society},
   }

2. S&P

   PICCOLO: Exposing Complex Backdoors in NLP Transformer Models

   Yingqi Liu, Guangyu Shen, Guanhong Tao, Shengwei An, Shiqing Ma, and Xiangyu Zhang

   In Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2022

   Bib PDF

   @inproceedings{liu2022piccolo,
     title = {PICCOLO: Exposing Complex Backdoors in NLP Transformer Models},
     author = {Liu, Yingqi and Shen, Guangyu and Tao, Guanhong and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
     booktitle = {Proceedings of the 43rd IEEE Symposium on Security and Privacy},
     pages = {1561--1561},
     year = {2022},
     location = {San Francisco, CA, USA},
     organization = {IEEE Computer Society},
   }

3. FSE

   RULER: Discriminative and Iterative Adversarial Training for Deep Neural Network Fairness

   Guanhong Tao*, Weisong Sun*, Tingxu Han*, Chunrong Fang, and Xiangyu Zhang

   In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Singapore, 2022

   Bib PDF Code

   @inproceedings{tao2022ruler,
     title = {RULER: Discriminative and Iterative Adversarial Training for Deep Neural Network Fairness},
     author = {Tao*, Guanhong and Sun*, Weisong and Han*, Tingxu and Fang, Chunrong and Zhang, Xiangyu},
     booktitle = {Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
     volume = {2022},
     year = {2022},
     location = {Singapore},
   }

4. CVPR

   Better Trigger Inversion Optimization in Backdoor Scanning

   Guanhong Tao, Guangyu Shen, Yingqi Liu, Shengwei An, Qiuling Xu, Shiqing Ma, Pan Li, and Xiangyu Zhang

   In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA, 2022

   Oral Bib PDF Code

   4.2% (344/8161) submissions are accepted with an oral presentation.

   @inproceedings{tao2022better,
     title = {Better Trigger Inversion Optimization in Backdoor Scanning},
     author = {Tao, Guanhong and Shen, Guangyu and Liu, Yingqi and An, Shengwei and Xu, Qiuling and Ma, Shiqing and Li, Pan and Zhang, Xiangyu},
     booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
     pages = {13368--13378},
     year = {2022},
     location = {New Orleans, LA, USA},
   }

5. CVPR

   Bounded Adversarial Attack on Deep Content Features

   Qiuling Xu, Guanhong Tao, and Xiangyu Zhang

   In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA, 2022

   Bib PDF

   @inproceedings{xu2022bounded,
     title = {Bounded Adversarial Attack on Deep Content Features},
     author = {Xu, Qiuling and Tao, Guanhong and Zhang, Xiangyu},
     booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
     pages = {15203--15212},
     year = {2022},
     location = {New Orleans, LA, USA}
   }

6. CVPR

   Complex Backdoor Detection by Symmetric Feature Differencing

   Yingqi Liu, Guangyu Shen, Guanhong Tao, Zhenting Wang, Shiqing Ma, and Xiangyu Zhang

   In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA, 2022

   Bib PDF

   @inproceedings{liu2022complex,
     title = {Complex Backdoor Detection by Symmetric Feature Differencing},
     author = {Liu, Yingqi and Shen, Guangyu and Tao, Guanhong and Wang, Zhenting and Ma, Shiqing and Zhang, Xiangyu},
     booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
     pages = {15003--15013},
     year = {2022},
     location = {New Orleans, LA, USA}
   }

7. NDSS

   MIRROR: Model Inversion for Deep Learning Network with High Fidelity

   Shengwei An, Guanhong Tao, Qiuling Xu, Yingqi Liu, Guangyu Shen, Yuan Yao, Jingwei Xu, and Xiangyu Zhang

   In Proceedings of the 29th Network and Distributed System Security Symposium, San Diego, CA, USA, 2022

   Bib PDF

   @inproceedings{an2022mirror,
     title = {MIRROR: Model Inversion for Deep Learning Network with High Fidelity},
     author = {An, Shengwei and Tao, Guanhong and Xu, Qiuling and Liu, Yingqi and Shen, Guangyu and Yao, Yuan and Xu, Jingwei and Zhang, Xiangyu},
     booktitle = {Proceedings of the 29th Network and Distributed System Security Symposium},
     year = {2022},
     location = {San Diego, CA, USA}
   }

8. ICML

   Constrained Optimization with Dynamic Bound-scaling for Effective NLP Backdoor Defense

   Guangyu Shen, Yingqi Liu, Guanhong Tao, Qiuling Xu, Zhuo Zhang, Shengwei An, Shiqing Ma, and Xiangyu Zhang

   In Proceedings of the 39th International Conference on Machine Learning, Baltimore, MD, USA, 2022

   Bib PDF

   @inproceedings{shen2022constrained,
     title = {Constrained Optimization with Dynamic Bound-scaling for Effective {NLP} Backdoor Defense},
     author = {Shen, Guangyu and Liu, Yingqi and Tao, Guanhong and Xu, Qiuling and Zhang, Zhuo and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
     booktitle = {Proceedings of the 39th International Conference on Machine Learning},
     pages = {19879--19892},
     year = {2022},
     location = {Baltimore, MD, USA},
     volume = {162},
     series = {Proceedings of Machine Learning Research},
     publisher = {PMLR}
   }

9. ECCV

   Physical Attack on Monocular Depth Estimation in Autonomous Driving with Optimal Adversarial Patches

   Zhiyuan Cheng, James Liang, Hongjun Choi, Guanhong Tao, Zhiwen Cao, Dongfang Liu, and Xiangyu Zhang

   In Proceedings of the 2022 European Conference on Computer Vision, Tel Aviv, Israel, 2022

   Bib PDF

   @inproceedings{cheng2022physical,
     title = {Physical Attack on Monocular Depth Estimation in Autonomous Driving with Optimal Adversarial Patches},
     author = {Cheng, Zhiyuan and Liang, James and Choi, Hongjun and Tao, Guanhong and Cao, Zhiwen and Liu, Dongfang and Zhang, Xiangyu},
     booktitle = {Proceedings of the 2022 European Conference on Computer Vision},
     pages = {514--532},
     year = {2022},
     location = {Tel Aviv, Israel},
     organization = {Springer}
   }

10. CAIN

    Checkpointing and Deterministic Training for Deep Learning

    Xiangzhe Xu, Hongyu Liu, Guanhong Tao, Zhou Xuan, and Xiangyu Zhang

    In Proceedings of the 1st International Conference on AI Engineering: Software Engineering for AI, Pittsburgh, PA, USA, 2022

    Bib PDF

    @inproceedings{xu2022checkpointing,
      author = {Xu, Xiangzhe and Liu, Hongyu and Tao, Guanhong and Xuan, Zhou and Zhang, Xiangyu},
      title = {Checkpointing and Deterministic Training for Deep Learning},
      year = {2022},
      isbn = {9781450392754},
      publisher = {Association for Computing Machinery},
      address = {New York, NY, USA},
      url = {https://doi.org/10.1145/3522664.3528605},
      doi = {10.1145/3522664.3528605},
      booktitle = {Proceedings of the 1st International Conference on AI Engineering: Software Engineering for AI},
      numpages = {12},
      location = {Pittsburgh, PA, USA},
      series = {CAIN '22}
    }

11. ICSE

    Code Search based on Context-aware Code Translation

    Weisong Sun, Chunrong Fang, Yuchen Chen, Guanhong Tao, Tingxu Han, and Quanjun Zhang

    In Proceedings of the 44th International Conference on Software Engineering, Pittsburgh, PA, USA, 2022

    Bib PDF

    @inproceedings{sun2022code,
      author = {Sun, Weisong and Fang, Chunrong and Chen, Yuchen and Tao, Guanhong and Han, Tingxu and Zhang, Quanjun},
      title = {Code Search based on Context-aware Code Translation},
      year = {2022},
      isbn = {9781450392211},
      publisher = {Association for Computing Machinery},
      address = {New York, NY, USA},
      url = {https://doi.org/10.1145/3510003.3510140},
      doi = {10.1145/3510003.3510140},
      booktitle = {Proceedings of the 44th International Conference on Software Engineering},
      pages = {388--400},
      numpages = {13},
      location = {Pittsburgh, PA, USA},
      series = {ICSE '22}
    }

2021

1. ICLR Workshop

   FIRM: Detecting Adversarial Audios by Recursive Filters with Randomization

   Guanhong Tao, Xiaowei Chen, Yunhan Jia, Zhenyu Zhong, Shiqing Ma, and Xiangyu Zhang

   In ICLR 2021 Workshop on Security and Safety in Machine Learning Systems, Virtual Event, 2021

   Bib PDF

   @inproceedings{tao2021firm,
     title = {FIRM: Detecting Adversarial Audios by Recursive Filters with Randomization},
     author = {Tao, Guanhong and Chen, Xiaowei and Jia, Yunhan and Zhong, Zhenyu and Ma, Shiqing and Zhang, Xiangyu},
     booktitle = {ICLR 2021 Workshop on Security and Safety in Machine Learning Systems},
     year = {2021},
     location = {Virtual Event}
   }

2. AAAI

   Towards Feature Space Adversarial Attack by Style Perturbation

   Qiuling Xu, Guanhong Tao, Siyuan Cheng, and Xiangyu Zhang

   In Proceedings of the 35th AAAI Conference on Artificial Intelligence, Virtual Event, 2021

   Bib PDF

   @inproceedings{xu2021towards,
     title = {Towards Feature Space Adversarial Attack by Style Perturbation},
     author = {Xu, Qiuling and Tao, Guanhong and Cheng, Siyuan and Zhang, Xiangyu},
     booktitle = {Proceedings of the 35th AAAI Conference on Artificial Intelligence},
     volume = {35},
     number = {12},
     pages = {10523--10531},
     year = {2021},
     location = {Virtual Event}
   }

3. ICML

   Backdoor Scanning for Deep Neural Networks through K-Arm Optimization

   Guangyu Shen, Yingqi Liu, Guanhong Tao, Shengwei An, Qiuling Xu, Siyuan Cheng, Shiqing Ma, and Xiangyu Zhang

   In Proceedings of Thirty-eighth International Conference on Machine Learning, Virtual Event, 2021

   Bib PDF

   

   @inproceedings{shen2021backdoor,
     title = {Backdoor Scanning for Deep Neural Networks through K-Arm Optimization},
     author = {Shen, Guangyu and Liu, Yingqi and Tao, Guanhong and An, Shengwei and Xu, Qiuling and Cheng, Siyuan and Ma, Shiqing and Zhang, Xiangyu},
     booktitle = {Proceedings of Thirty-eighth International Conference on Machine Learning},
     year = {2021},
     location = {Virtual Event},
     google_scholar_id = {0EnyYjriUFMC}
   }

4. S&P

   StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting

   Zhuo Zhang, Wei You, Guanhong Tao, Yousra Aafer, Xuwei Liu, and Xiangyu Zhang

   In Proceedings of the 42nd IEEE Symposium on Security and Privacy, Virtual Event, 2021

   TOP-10 Best Applied Security Paper Bib PDF

   CSAW 2021 Best Applied Security Paper Award TOP-10 Finalists

   @inproceedings{zhang2021stochfuzz,
     title = {StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting},
     author = {Zhang, Zhuo and You, Wei and Tao, Guanhong and Aafer, Yousra and Liu, Xuwei and Zhang, Xiangyu},
     booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy},
     pages = {659--676},
     year = {2021},
     location = {Virtual Event},
     organization = {IEEE},
   }

5. S&P

   OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary

   Zhuo Zhang, Yapeng Ye, Wei You, Guanhong Tao, Wen-chuan Lee, Yonghwi Kwon, Yousra Aafer, and Xiangyu Zhang

   In Proceedings of the 42nd IEEE Symposium on Security and Privacy, Virtual Event, 2021

   Bib PDF

   @inproceedings{zhang2021osprey,
     title = {OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary},
     author = {Zhang, Zhuo and Ye, Yapeng and You, Wei and Tao, Guanhong and Lee, Wen-chuan and Kwon, Yonghwi and Aafer, Yousra and Zhang, Xiangyu},
     booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy},
     pages = {813--832},
     year = {2021},
     location = {Virtual Event},
     organization = {IEEE}
   }

6. NDSS

   ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation

   Le Yu, Shiqing Ma, Zhuo Zhang, Guanhong Tao, Xiangyu Zhang, Dongyan Xu, Vincent E Urias, Han Wei Lin, Gabriela Ciocarlie, Vinod Yegneswaran, and Ashish Gehani

   In Proceedings of the 28th Network and Distributed System Security Symposium, Virtual Event, 2021

   Bib PDF

   @inproceedings{yu2021alchemist,
     title = {ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation},
     author = {Yu, Le and Ma, Shiqing and Zhang, Zhuo and Tao, Guanhong and Zhang, Xiangyu and Xu, Dongyan and Urias, Vincent E and Lin, Han Wei and Ciocarlie, Gabriela and Yegneswaran, Vinod and Gehani, Ashish},
     booktitle = {Proceedings of the 28th Network and Distributed System Security Symposium},
     year = {2021},
     location = {Virtual Event}
   }

2020

1. ICSE

   TRADER: Trace Divergence Analysis and Embedding Regulation for Debugging Recurrent Neural Networks

   Guanhong Tao, Shiqing Ma, Yingqi Liu, Qiuling Xu, and Xiangyu Zhang

   In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, Seoul, South Korea, 2020

   Bib PDF Code Slides

   @inproceedings{tao2020trader,
     author = {Tao, Guanhong and Ma, Shiqing and Liu, Yingqi and Xu, Qiuling and Zhang, Xiangyu},
     title = {TRADER: Trace Divergence Analysis and Embedding Regulation for Debugging Recurrent Neural Networks},
     year = {2020},
     isbn = {9781450371216},
     publisher = {Association for Computing Machinery},
     address = {New York, NY, USA},
     url = {https://doi.org/10.1145/3377811.3380423},
     doi = {10.1145/3377811.3380423},
     booktitle = {Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering},
     pages = {986--998},
     numpages = {13},
     location = {Seoul, South Korea},
     series = {ICSE '20},
   }

2. ICSE

   CPC: Automatically Classifying and Propagating Natural Language Comments via Program Analysis

   Juan Zhai, Xiangzhe Xu, Yu Shi, Guanhong Tao, Minxue Pan, Shiqing Ma, Lei Xu, Weifeng Zhang, Lin Tan, and Xiangyu Zhang

   In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, Seoul, South Korea, 2020

   Bib PDF

   @inproceedings{zhai2020cpc,
     author = {Zhai, Juan and Xu, Xiangzhe and Shi, Yu and Tao, Guanhong and Pan, Minxue and Ma, Shiqing and Xu, Lei and Zhang, Weifeng and Tan, Lin and Zhang, Xiangyu},
     title = {CPC: Automatically Classifying and Propagating Natural Language Comments via Program Analysis},
     year = {2020},
     isbn = {9781450371216},
     publisher = {Association for Computing Machinery},
     address = {New York, NY, USA},
     url = {https://doi.org/10.1145/3377811.3380427},
     doi = {10.1145/3377811.3380427},
     booktitle = {Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering},
     pages = {1359--1371},
     numpages = {13},
     location = {Seoul, South Korea},
     series = {ICSE '20}
   }

3. FSE

   Correlations Between Deep Neural Network Model Coverage Criteria and Model Quality

   Shenao Yan, Guanhong Tao, Xuwei Liu, Juan Zhai, Shiqing Ma, Lei Xu, and Xiangyu Zhang

   In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Virtual Event, 2020

   Bib PDF

   @inproceedings{yan2020correlations,
     author = {Yan, Shenao and Tao, Guanhong and Liu, Xuwei and Zhai, Juan and Ma, Shiqing and Xu, Lei and Zhang, Xiangyu},
     title = {Correlations Between Deep Neural Network Model Coverage Criteria and Model Quality},
     year = {2020},
     isbn = {9781450370431},
     publisher = {Association for Computing Machinery},
     address = {New York, NY, USA},
     url = {https://doi.org/10.1145/3368089.3409671},
     doi = {10.1145/3368089.3409671},
     booktitle = {Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
     pages = {775--787},
     numpages = {13},
     keywords = {Software Testing, Deep Neural Networks},
     location = {Virtual Event},
     series = {ESEC/FSE 2020}
   }

2019

1. CCS

   ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation

   Yingqi Liu, Wen-Chuan Lee, Guanhong Tao, Shiqing Ma, Yousra Aafer, and Xiangyu Zhang

   In Proceedings of the 26th ACM Conference on Computer and Communications Security, London, United Kingdom, 2019

   Bib PDF

   

   @inproceedings{liu2019abs,
     author = {Liu, Yingqi and Lee, Wen-Chuan and Tao, Guanhong and Ma, Shiqing and Aafer, Yousra and Zhang, Xiangyu},
     title = {ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation},
     booktitle = {Proceedings of the 26th ACM Conference on Computer and Communications Security},
     series = {CCS '19},
     year = {2019},
     isbn = {978-1-4503-6747-9},
     location = {London, United Kingdom},
     pages = {1265--1282},
     numpages = {18},
     url = {http://doi.acm.org/10.1145/3319535.3363216},
     doi = {10.1145/3319535.3363216},
     acmid = {3363216},
     publisher = {ACM},
     address = {New York, NY, USA},
     keywords = {ai trojan attacks, artificial brain stimulation, deep learning system},
     google_scholar_id = {Tyk-4Ss8FVUC},
   }

2. NDSS

   NIC: Detecting Adversarial Samples with Neural Network Invariant Checking

   Shiqing Ma, Yingqi Liu, Guanhong Tao, Wen-Chuan Lee, and Xiangyu Zhang

   In Proceedings of the 26th Network and Distributed System Security Symposium, San Diego, CA, USA, 2019

   Bib PDF

   

   @inproceedings{ma2019nic,
     author = {Ma, Shiqing and Liu, Yingqi and Tao, Guanhong and Lee, Wen{-}Chuan and Zhang, Xiangyu},
     title = {{NIC:} Detecting Adversarial Samples with Neural Network Invariant Checking},
     booktitle = {Proceedings of the 26th Network and Distributed System Security Symposium},
     year = {2019},
     location = {San Diego, CA, USA},
     url = {https://www.ndss-symposium.org/ndss-paper/nic-detecting-adversarial-samples-with-neural-network-invariant-checking/},
     google_scholar_id = {qjMakFHDy7sC},
   }

3. OOPSLA

   BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation

   Zhuo Zhang, Wei You, Guanhong Tao, Guannan Wei, Yonghwi Kwon, and Xiangyu Zhang

   Proceedings of the ACM on Programming Languages, Athens, Greece, 2019

   Distinguished Paper Award Bib PDF

   ACM SIGPLAN Distinguished Paper Award

   @article{zhang2019bda,
     author = {Zhang, Zhuo and You, Wei and Tao, Guanhong and Wei, Guannan and Kwon, Yonghwi and Zhang, Xiangyu},
     title = {BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation},
     journal = {Proceedings of the ACM on Programming Languages},
     issue_date = {October 2019},
     volume = {3},
     number = {OOPSLA},
     year = {2019},
     location = {Athens, Greece},
     issn = {2475-1421},
     pages = {137:1--137:31},
     articleno = {137},
     numpages = {31},
     url = {http://doi.acm.org/10.1145/3360563},
     doi = {10.1145/3360563},
     acmid = {3360563},
     publisher = {ACM},
     address = {New York, NY, USA},
     keywords = {Abstract Interpretation, Binary Analysis, Data Dependence, Path Sampling},
   }

2018

1. NeurIPS

   Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples

   Guanhong Tao, Shiqing Ma, Yingqi Liu, and Xiangyu Zhang

   In Proceedings of Thirty-second Conference on Neural Information Processing Systems, Montréal, Canada, 2018

   Spotlight Bib PDF Code Poster Slides

   

   3.5% (168/4856) submissions are accepted with a spotlight presentation.

   @inproceedings{tao2018attacks,
     title = {Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples},
     author = {Tao, Guanhong and Ma, Shiqing and Liu, Yingqi and Zhang, Xiangyu},
     booktitle = {Proceedings of Thirty-second Conference on Neural Information Processing Systems},
     pages = {7728--7739},
     year = {2018},
     location = {Montréal, Canada},
     publisher = {Curran Associates, Inc.},
     url = {http://papers.nips.cc/paper/7998-attacks-meet-interpretability-attribute-steered-detection-of-adversarial-samples.pdf},
     google_scholar_id = {9yKSN-GCB0IC},
   }

2. CCS

   Precise Android API Protection Mapping Derivation and Reasoning

   Yousra Aafer, Guanhong Tao, Jianjun Huang, Xiangyu Zhang, and Ninghui Li

   In Proceedings of the 25th ACM Conference on Computer and Communications Security, Toronto, Canada, 2018

   Bib PDF

   @inproceedings{aafer2018precise,
     author = {Aafer, Yousra and Tao, Guanhong and Huang, Jianjun and Zhang, Xiangyu and Li, Ninghui},
     title = {Precise Android API Protection Mapping Derivation and Reasoning},
     booktitle = {Proceedings of the 25th ACM Conference on Computer and Communications Security},
     series = {CCS '18},
     year = {2018},
     isbn = {978-1-4503-5693-0},
     location = {Toronto, Canada},
     pages = {1151--1164},
     numpages = {14},
     url = {http://doi.acm.org/10.1145/3243734.3243842},
     doi = {10.1145/3243734.3243842},
     acmid = {3243842},
     publisher = {ACM},
     address = {New York, NY, USA},
     keywords = {access control, android, permission model}
   }

3. IEEE Trans. Reliab.

   MalPat: Mining Patterns of Malicious and Benign Android Apps via Permission-Related APIs

   Guanhong Tao, Zibin Zheng, Ziying Guo, and Michael R. Lyu

   IEEE Transactions on Reliability, 2018

   Bib PDF

   

   @article{tao2017malpat,
     author = {Tao, Guanhong and Zheng, Zibin and Guo, Ziying and Lyu, Michael R.},
     title = {MalPat: Mining Patterns of Malicious and Benign Android Apps via Permission-Related APIs},
     journal = {{IEEE} Transactions on Reliability},
     volume = {67},
     number = {1},
     pages = {355--369},
     year = {2018},
     url = {https://doi.org/10.1109/TR.2017.2778147},
     doi = {10.1109/TR.2017.2778147},
     google_scholar_id = {UeHWp8X0CEIC}
   }