Zhengyu Zhao<br><font style="font-family:隶书" size="5">(赵正宇)</font>'s Homepage

About Me

I am an Associate Professor at Xi’an Jiaotong University (XJTU), China. I was a postdoc at CISPA Helmholtz Center for Information Security, Germany, hosted by Prof. Michael Backes. I received my PhD in from Radboud University, Netherlands, supervised by Prof. Martha Larson. My general research interest is Machine Learning Security (MLSec); Most of my work has concentrated on analyzing the vulnerability of deep neural networks to various attacks, e.g., adversarial examples and data poisons.

Resources

Selected Publications [Google Scholar][DBLP]

Rethinking Realism: Towards More Transferable and Less Suspicious Adversarial Images

Zhengyu Zhao

PhD thesis, Radboud University, 2022.
Revisiting Transferable Adversarial Image Examples: Attack Categorization, Evaluation Guidelines, and New Insights

Zhengyu Zhao*, Hanwei Zhang*, Renjue Li*, Ronan Sicre, Laurent Amsaleg, Michael Backes, Qi Li, Chao Shen

arXiv

Code
Composite Backdoor Attacks Against Large Language Models

Hai Huang, Zhengyu Zhao, Yun Shen, Michael Backes, Yang Zhang

North American Chapter of the Association for Computational Linguistics (NAACL) Findings, 2024.
Physical 3D Adversarial Attacks against Monocular Depth Estimation in Autonomous Driving

Junhao Zheng, Chenhao Lin, Jiahao Sun, Zhengyu Zhao, Qian Li, Chao Shen

IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2024.

Code
Quantization Aware Attack: Enhancing Transferable Adversarial Attacks by Model Quantization

Yulong Yang, Chenhao Lin, Qian Li, Zhengyu Zhao, Haoran Fan, Dawei Zhou, Nannan Wang, Tongliang Liu, Chao Shen

IEEE Transactions on Information Forensics and Security (TIFS), 2024.

Code
Image Shortcut Squeezing: Countering Perturbative Availability Poisons with Compression

Zhuoran Liu, Zhengyu Zhao, Martha Larson

International Conference on Machine Learning (ICML), 2023.

Code
Is Adversarial Training Really a Silver Bullet for Mitigating Data Poisoning?

Rui Wen, Zhengyu Zhao, Zhuoran Liu, Michael Backes, Tianhao Wang, Yang Zhang

International Conference on Learning Representations (ICLR), 2023. (Spotlight)

Code
Adversarial Image Color Transformations in Explicit Color Filter Space

Zhengyu Zhao, Zhuoran Liu, Martha Larson

IEEE Transactions on Information Forensics and Security (TIFS), 2023.

Code Video BMVC 2020 version
Membership Inference Attacks by Exploiting Loss Trajectory

Yiyong Liu, Zhengyu Zhao, Michael Backes, Yang Zhang

ACM Conference on Computer and Communications Security (CCS), 2022.

Code Video
On Success and Simplicity: A Second Look at Transferable Targeted Attacks

Zhengyu Zhao, Zhuoran Liu, Martha Larson

Neural Information Processing Systems (NeurIPS), 2021.

Code Video 中文解读 Rank Top-1 on ARES Leaderboard
Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel

Zhuoran Liu, Niels Samwel, Léo Weissbart, Zhengyu Zhao, Dirk Lauret, Lejla Batina, Martha Larson

Network and Distributed System Security Symposium (NDSS), 2021.

Code Video
Towards Large yet Imperceptible Adversarial Image Perturbations with Perceptual Color Distance

Zhengyu Zhao, Zhuoran Liu, Martha Larson

IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2020.

Code Video
Who's Afraid of Adversarial Queries? The Impact of Image Modifications on Content-based Image Retrieval

Zhuoran Liu, Zhengyu Zhao, Martha Larson

ACM International Conference on Multimedia Retrieval (ICMR), 2019.

Code
From Volcano to Toyshop: Adaptive Discriminative Region Discovery for Scene Recognition

Zhengyu Zhao, Martha Larson

ACM International Conference on Multimedia (ACM MM), 2018.

Code Reproducibility companion paper at ACM MM 2019

Services

Area Chair/Senior Program Committee of NeurIPS, AAAI
Program Committee of ICLR, ICML, CVPR, ICCV, ECCV, ACL, IJCAI, AISTATS, BMVC, FAccT
Journal Reviewer of TPAMI, TIFS, TDSC, IJCV, PR
Poster Session Co-Chair of ACM MM 2019
Task Co-Organizer of Pixel Privacy and Multimedia Satellite at MediaEval 2018-2020

Honors & Awards

Doctoral Consortium Award, CVPR 2021
Outstanding Reviewer of NeurIPS 2023 (~10%), AISTATS 2023 (~11%), BMVC 2022 (~8%), BMVC 2020 (~6%)
Top 1% in CVPR 2021 Unrestricted Adversarial Attacks on ImageNet Competition
Student Travel Grant, ACM MM 2018 & 2019

Invited Talks

Security and Privacy Risks of AI Large Models, ICIG2023, 2023-09-23.
Adversarial Examples and Data Poisons, Saarland University (Guest Lecture), 2023-06-19.
Computer Vision in Adversarial Scenarios, LIS - Ecole Centrale Marseille, 2023-03-03. [Slides]
Computer Vision against Adversarial Perturbations, Hong Kong PolyU, 2022-12-16. [Slides]
Transferable and Stealthy Adversarial Images, Alibaba Turing Lab, 2022-03-03. [Slides]
Transferability of Targeted Attacks, AI TIME, 2022-02-17. [Video (in Chinese)] [Slides]

Teaching

Teaching Assistant, Advanced Lecture: Attacks Against Machine Learning Models (2023 Summer), Saarland University

Miscellaneous

I like simple yet effective research ideas.
I respect Dr. Nicholas Carlini for his long-term dedication to evaluating adversarial robustness.
I love music, particularly Chinese music.