avatar

Zhengyu Zhao
(赵正宇)

Xi'an Jiaotong University
zhengyu.zhao (at) xjtu.edu.cn




⭐Selected

As senior author

  • PoInit-of-View: Poisoning Initialization of Views Transfers Across Multiple 3D Reconstruction Systems (CVPR 2026)
  • Improving Adversarial Transferability on Vision Transformers via Forward Propagation Refinement (CVPR 2025)
  • CLIP is Strong Enough to Fight Back: Test-time Counterattacks towards Zero-shot Adversarial Robustness of CLIP (CVPR 2025)
  • Improving Integrated Gradient-based Transferable Adversarial Examples by Refining the Integration Path (AAAI 2025)
  • Revisiting Training-Inference Trigger Intensity in Backdoor Attacks (USENIX Security 2025)
  • Typographic Attacks in a Multi-Image Setting (NAACL 2025)
  • Adversarial Example Soups: Improving Transferability and Stealthiness for Free (TIFS 2025)
  • Image Shortcut Squeezing: Countering Perturbative Availability Poisons with Compression (ICML 2023)
  • Is Adversarial Training Really a Silver Bullet for Mitigating Data Poisoning? (ICLR 2023 Spotlight)
  • Membership Inference Attacks by Exploiting Loss Trajectory (CCS 2022)

    • As junior author

  • Revisiting Transferable Adversarial Images: Systemization, Evaluation, and New Insights (TPAMI 2025)
  • Adversarial Image Color Transformations in Explicit Color Filter Space (TIFS 2023)
  • On Success and Simplicity: A Second Look at Transferable Targeted Attacks (NeurIPS 2021)
  • Towards Large yet Imperceptible Adversarial Image Perturbations with Perceptual Color Distance (CVPR 2020)
  • Adversarial Color Enhancement: Generating Unrestricted Adversarial Images by Optimizing a Color Filter (BMVC 2020)
  • Who's Afraid of Adversarial Queries? The Impact of Image Modifications on Content-based Image Retrieval (ICMR 2019)
  • From Volcano to Toyshop: Adaptive Discriminative Region Discovery for Scene Recognition (MM 2018)

    • Adversarial Machine Learning: Foundations
    1. Finetune Like You Pretrain: Boosting Zero-shot Adversarial Robustness in Vision-language Models
      Songlong Xing, Weijie Wang, Zhengyu Zhao, Jindong Gu, Philip Torr, Nicu Sebe
      IEEE Conference on Computer Vision and Pattern Recognition (CVPR) Findings, 2026.
      Code
    2. Pay Less Attention to Function Words for Free Robustness of Vision-Language Models
      Qiwei Tian, Chenhao Lin, Zhengyu Zhao, Chao Shen
      International Conference on Learning Representations (ICLR), 2026.
      Code
    3. Revisiting Transferable Adversarial Images: Systemization, Evaluation, and New Insights
      Zhengyu Zhao, Hanwei Zhang, Renjue Li, Ronan Sicre, Laurent Amsaleg, Michael Backes, Qi Li, Qian Wang, Chao Shen
      IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2025.
      Code 中文解读
    4. Improving Adversarial Transferability on Vision Transformers via Forward Propagation Refinement
      Yuchen Ren, Zhengyu Zhao, Chenhao Lin, Bo Yang, Lu Zhou, Zhe Liu, Chao Shen
      IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2025.
      Code
    5. CLIP is Strong Enough to Fight Back: Test-time Counterattacks towards Zero-shot Adversarial Robustness of CLIP
      Songlong Xing, Zhengyu Zhao, Nicu Sebe
      IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2025.
      Code
    6. Improving Integrated Gradient-based Transferable Adversarial Examples by Refining the Integration Path
      Yuchen Ren, Zhengyu Zhao, Chenhao Lin, Bo Yang, Lu Zhou, Zhe Liu, Chao Shen
      AAAI Conference on Artificial Intelligence (AAAI), 2025.
      Code
    7. Revisiting Training-Inference Trigger Intensity in Backdoor Attacks
      Chenhao Lin, Chenyang Zhao, Shiwei Wang, Longtian Wang, Chao Shen, Zhengyu Zhao
      USENIX Security Symposium (USENIX Security), 2025.
      Code
    8. Typographic Attacks in a Multi-Image Setting
      Xiaomeng Wang, Zhengyu Zhao, Martha Larson
      North American Chapter of the Association for Computational Linguistics (NAACL), 2025.
      Code
    9. Adversarial Example Soups: Improving Transferability and Stealthiness for Free
      Bo Yang, Hengwei Zhang, Jindong Wang, Yulong Yang, Chenhao Lin, Chao Shen, Zhengyu Zhao
      IEEE Transactions on Information Forensics and Security (TIFS), 2025.
      Code 中文解读
    10. Collapse-Aware Triplet Decoupling for Adversarially Robust Image Retrieval
      Qiwei Tian, Chenhao Lin, Zhengyu Zhao, Qian Li, Chao Shen
      International Conference on Machine Learning (ICML), 2024.
      Code
    11. Image Shortcut Squeezing: Countering Perturbative Availability Poisons with Compression
      Zhuoran Liu, Zhengyu Zhao, Martha Larson
      International Conference on Machine Learning (ICML), 2023.
      Code
    12. Is Adversarial Training Really a Silver Bullet for Mitigating Data Poisoning?
      Rui Wen, Zhengyu Zhao, Zhuoran Liu, Michael Backes, Tianhao Wang, Yang Zhang
      International Conference on Learning Representations (ICLR), 2023. Spotlight
      Code
    13. Membership Inference Attacks by Exploiting Loss Trajectory
      Yiyong Liu, Zhengyu Zhao, Michael Backes, Yang Zhang
      ACM Conference on Computer and Communications Security (CCS), 2022.
      Code
    14. On Success and Simplicity: A Second Look at Transferable Targeted Attacks
      Zhengyu Zhao, Zhuoran Liu, Martha Larson
      Neural Information Processing Systems (NeurIPS), 2021.
      Code 中文解读
    15. Towards Large yet Imperceptible Adversarial Image Perturbations with Perceptual Color Distance
      Zhengyu Zhao, Zhuoran Liu, Martha Larson
      IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2020.
      Code
    16. Who's Afraid of Adversarial Queries? The Impact of Image Modifications on Content-based Image Retrieval
      Zhuoran Liu, Zhengyu Zhao, Martha Larson
      ACM International Conference on Multimedia Retrieval (ICMR), 2019.
      Code

    Adversarial Machine Learning: Applications
    1. PoInit-of-View: Poisoning Initialization of Views Transfers Across Multiple 3D Reconstruction Systems
      Weijie Wang, Songlong Xing, Zhengyu Zhao, Nicu Sebe, Bruno Lepri
      IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2026.
      Code
    2. Privacy on the Fly: A Predictive Adversarial Transformation Network for Mobile Sensor Data
      Tianle Song, Chenhao Lin, Yang Cao, Zhengyu Zhao, Jiahao Sun, Chong Zhang, Le Yang, Chao Shen
      AAAI Conference on Artificial Intelligence (AAAI), 2026. Oral
      Code 中文解读
    3. ControlLoc: Physical-World Hijacking Attack on Camera-based Perception in Autonomous Driving
      Chen Ma*, Ningfei Wang*, Zhengyu Zhao, Qian Wang, Qi Alfred Chen, Chao Shen
      ACM Conference on Computer and Communications Security (CCS), 2025.
      Code
    4. Revisiting Adversarial Patch Defenses on Object Detectors: Unified Evaluation, Large-Scale Dataset, and New Insights
      Junhao Zheng, Jiahao Sun, Chenhao Lin, Zhengyu Zhao, Chen Ma, Chong Zhang, Cong Wang, Qian Wang, Chao Shen
      International Conference on Computer Vision (ICCV), 2025.
      Code
    5. Universally Unfiltered and Unseen: Input-Agnostic Multimodal Jailbreaks against Text-to-Image Model Safeguards
      Song Yan, Hui Wei, Jinlong Fei, Guoliang Yang, Zhengyu Zhao, Zheng Wang
      ACM International Conference on Multimedia (MM), 2025.
      Code
    6. Resisting Bag-based Attribute Profiling by Adding Adversarial Items to Existing Media Profiles
      Zhuoran Liu, Zhengyu Zhao, Martha Larson
      IEEE Transactions on Information Forensics and Security (TIFS), 2025.
      Code Preliminary version@UMAP 2021
    7. Evading Deepfake Detectors via Adversarially Degrading and Restoring Forged Images
      Zhengli Shi, Chenhao Lin, Zhengyu Zhao, Peter Peer, Chao Shen
      IEEE International Conference on Multimedia and Expo (ICME), 2025. Oral
      Code
    8. Physical 3D Adversarial Attacks against Monocular Depth Estimation in Autonomous Driving
      Junhao Zheng, Chenhao Lin, Jiahao Sun, Zhengyu Zhao, Qian Li, Chao Shen
      IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2024.
      Code
    9. Composite Backdoor Attacks Against Large Language Models
      Hai Huang, Zhengyu Zhao, Yun Shen, Michael Backes, Yang Zhang
      North American Chapter of the Association for Computational Linguistics (NAACL) Findings, 2024.
      Code
    10. Level Up with ML Vulnerability Identification: Leveraging Domain Constraints in Feature Space for Robust Android Malware Detection
      Hamid Bostani, Zhengyu Zhao, Zhuoran Liu, Veelasha Moonsamy
      ACM Transactions on Privacy and Security (TOPS), 2024.
      Code
    11. Adversarial Image Color Transformations in Explicit Color Filter Space
      Zhengyu Zhao, Zhuoran Liu, Martha Larson
      IEEE Transactions on Information Forensics and Security (TIFS), 2023.
      Code Preliminary version@BMVC 2020

    Machine Learning for Security
    1. A Survey of Defenses against AI-generated Visual Media: Detection, Disruption, and Authentication
      Jingyi Deng, Chenhao Lin, Zhengyu Zhao, Shuai Liu, Zhe Peng, Qian Wang, Chao Shen
      ACM Computing Surveys (CSUR), 2025.
      Code
    2. D3: Training-Free AI-Generated Video Detection Using Second-Order Features
      Chende Zheng, Ruiqi Suo, Chenhao Lin, Zhengyu Zhao, Le Yang, Shuai Liu, Minghui Yang, Cong Wang, Chao Shen
      International Conference on Computer Vision (ICCV), 2025.
      Code
    3. Breaking Semantic Artifacts for Generalized AI-generated Image Detection
      Chende Zheng, Chenhao Lin, Zhengyu Zhao, Hang Wang, Xu Guo, Shuai Liu, Chao Shen
      Neural Information Processing Systems (NeurIPS), 2024.
      Code
    4. Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel
      Zhuoran Liu, Niels Samwel, Léo Weissbart, Zhengyu Zhao, Dirk Lauret, Lejla Batina, Martha Larson
      Network and Distributed System Security Symposium (NDSS), 2021.
      Code
    5. From Volcano to Toyshop: Adaptive Discriminative Region Discovery for Scene Recognition
      Zhengyu Zhao, Martha Larson
      ACM International Conference on Multimedia (MM), 2018.
      Code Reproducibility companion paper@MM 2019