Group
Services
Publications
Home
Zhengyu Zhao
(赵正宇)
Xi'an Jiaotong University
zhengyu.zhao (at) xjtu.edu.cn
⭐Mainly Contributed
As senior author
PoInit-of-View: Poisoning Initialization of Views Transfers Across Multiple 3D Reconstruction Systems (CVPR 2026)
Detecting Backdoors in Object Detection via Pre-NMS Prediction Distribution Shift (ECCV 2026)
Improving Adversarial Transferability on Vision Transformers via Forward Propagation Refinement (CVPR 2025)
CLIP is Strong Enough to Fight Back: Test-time Counterattacks towards Zero-shot Adversarial Robustness of CLIP (CVPR 2025)
Revisiting Adversarial Patch Defenses on Object Detectors: Unified Evaluation, Large-Scale Dataset, and New Insights (ICCV 2025)
Improving Integrated Gradient-based Transferable Adversarial Examples by Refining the Integration Path (AAAI 2025)
Revisiting Training-Inference Trigger Intensity in Backdoor Attacks (USENIX Security 2025)
Adversarial Example Soups: Improving Transferability and Stealthiness for Free (TIFS 2025)
Universally Unfiltered and Unseen: Input-Agnostic Multimodal Jailbreaks against Text-to-Image Model Safeguards (MM 2025)
Typographic Attacks in a Multi-Image Setting (NAACL 2025)
Is Adversarial Training Really a Silver Bullet for Mitigating Data Poisoning? (ICLR 2023 Spotlight)
Image Shortcut Squeezing: Countering Perturbative Availability Poisons with Compression (ICML 2023)
Membership Inference Attacks by Exploiting Loss Trajectory (CCS 2022)
As junior author
Revisiting Transferable Adversarial Images: Systemization, Evaluation, and New Insights (TPAMI 2025)
Adversarial Image Color Transformations in Explicit Color Filter Space (TIFS 2023)
On Success and Simplicity: A Second Look at Transferable Targeted Attacks (NeurIPS 2021)
Towards Large yet Imperceptible Adversarial Image Perturbations with Perceptual Color Distance (CVPR 2020)
Adversarial Color Enhancement: Generating Unrestricted Adversarial Images by Optimizing a Color Filter (BMVC 2020)
Who's Afraid of Adversarial Queries? The Impact of Image Modifications on Content-based Image Retrieval (ICMR 2019)
From Volcano to Toyshop: Adaptive Discriminative Region Discovery for Scene Recognition (MM 2018)
Adversarial Machine Learning: Foundations
Finetune Like You Pretrain: Boosting Zero-shot Adversarial Robustness in Vision-language Models
Songlong Xing, Weijie Wang,
Zhengyu Zhao
, Jindong Gu, Philip Torr, Nicu Sebe
IEEE Conference on Computer Vision and Pattern Recognition
(CVPR)
Findings, 2026.
Code
Pay Less Attention to Function Words for Free Robustness of Vision-Language Models
Qiwei Tian, Chenhao Lin,
Zhengyu Zhao
, Chao Shen
International Conference on Learning Representations
(ICLR)
, 2026.
Code
Revisiting Transferable Adversarial Images: Systemization, Evaluation, and New Insights
Zhengyu Zhao
, Hanwei Zhang, Renjue Li, Ronan Sicre, Laurent Amsaleg, Michael Backes, Qi Li, Qian Wang, Chao Shen
IEEE Transactions on Pattern Analysis and Machine Intelligence
(TPAMI)
, 2025.
Code
中文解读
Improving Adversarial Transferability on Vision Transformers via Forward Propagation Refinement
Yuchen Ren,
Zhengyu Zhao
, Chenhao Lin, Bo Yang, Lu Zhou, Zhe Liu, Chao Shen
IEEE Conference on Computer Vision and Pattern Recognition
(CVPR)
, 2025.
Code
CLIP is Strong Enough to Fight Back: Test-time Counterattacks towards Zero-shot Adversarial Robustness of CLIP
Songlong Xing,
Zhengyu Zhao
, Nicu Sebe
IEEE Conference on Computer Vision and Pattern Recognition
(CVPR)
, 2025.
Code
Improving Integrated Gradient-based Transferable Adversarial Examples by Refining the Integration Path
Yuchen Ren,
Zhengyu Zhao
, Chenhao Lin, Bo Yang, Lu Zhou, Zhe Liu, Chao Shen
AAAI Conference on Artificial Intelligence
(AAAI)
, 2025.
Code
Revisiting Training-Inference Trigger Intensity in Backdoor Attacks
Chenhao Lin, Chenyang Zhao, Shiwei Wang, Longtian Wang, Chao Shen,
Zhengyu Zhao
USENIX Security Symposium
(USENIX Security)
, 2025.
Code
Revisiting Adversarial Patch Defenses on Object Detectors: Unified Evaluation, Large-Scale Dataset, and New Insights
Junhao Zheng, Jiahao Sun, Chenhao Lin,
Zhengyu Zhao
, Chen Ma, Chong Zhang, Cong Wang, Qian Wang, Chao Shen
International Conference on Computer Vision
(ICCV)
, 2025.
Code
Adversarial Example Soups: Improving Transferability and Stealthiness for Free
Bo Yang, Hengwei Zhang, Jindong Wang, Yulong Yang, Chenhao Lin, Chao Shen,
Zhengyu Zhao
IEEE Transactions on Information Forensics and Security
(TIFS)
, 2025.
Code
中文解读
Collapse-Aware Triplet Decoupling for Adversarially Robust Image Retrieval
Qiwei Tian, Chenhao Lin,
Zhengyu Zhao
, Qian Li, Chao Shen
International Conference on Machine Learning
(ICML)
, 2024.
Code
Image Shortcut Squeezing: Countering Perturbative Availability Poisons with Compression
Zhuoran Liu,
Zhengyu Zhao
, Martha Larson
International Conference on Machine Learning
(ICML)
, 2023.
Code
Is Adversarial Training Really a Silver Bullet for Mitigating Data Poisoning?
Rui Wen,
Zhengyu Zhao
, Zhuoran Liu, Michael Backes, Tianhao Wang, Yang Zhang
International Conference on Learning Representations
(ICLR)
, 2023.
Spotlight
Code
Membership Inference Attacks by Exploiting Loss Trajectory
Yiyong Liu,
Zhengyu Zhao
, Michael Backes, Yang Zhang
ACM Conference on Computer and Communications Security
(CCS)
, 2022.
Code
On Success and Simplicity: A Second Look at Transferable Targeted Attacks
Zhengyu Zhao
, Zhuoran Liu, Martha Larson
Neural Information Processing Systems
(NeurIPS)
, 2021.
Code
中文解读
Towards Large yet Imperceptible Adversarial Image Perturbations with Perceptual Color Distance
Zhengyu Zhao
, Zhuoran Liu, Martha Larson
IEEE Conference on Computer Vision and Pattern Recognition
(CVPR)
, 2020.
Code
Who's Afraid of Adversarial Queries? The Impact of Image Modifications on Content-based Image Retrieval
Zhuoran Liu,
Zhengyu Zhao
, Martha Larson
ACM International Conference on Multimedia Retrieval
(ICMR)
, 2019.
Code
Adversarial Machine Learning: Applications
PoInit-of-View: Poisoning Initialization of Views Transfers Across Multiple 3D Reconstruction Systems
Weijie Wang, Songlong Xing,
Zhengyu Zhao
, Nicu Sebe, Bruno Lepri
IEEE Conference on Computer Vision and Pattern Recognition
(CVPR)
, 2026.
Code
SlowPerception: Physical-World Latency Attack against Camera-based Perception in Autonomous Driving
Chen Ma*, Ningfei Wang*,
Zhengyu Zhao
, Qian Wang, Qi Alfred Chen, Chao Shen
ACM Conference on Computer and Communications Security
(CCS)
, 2026.
Code
Privacy on the Fly: A Predictive Adversarial Transformation Network for Mobile Sensor Data
Tianle Song, Chenhao Lin, Yang Cao,
Zhengyu Zhao
, Jiahao Sun, Chong Zhang, Le Yang, Chao Shen
AAAI Conference on Artificial Intelligence
(AAAI)
, 2026.
Oral
Code
中文解读
Revealing the Impact of Visual Text Style on Attribute-based Descriptions Produced by Large Visual Language Models
Xiaomeng Wang, Martha Larson,
Zhengyu Zhao
ACM International Conference on Multimedia Retrieval
(ICMR)
, 2026
Code
ControlLoc: Physical-World Hijacking Attack on Camera-based Perception in Autonomous Driving
Chen Ma*, Ningfei Wang*,
Zhengyu Zhao
, Qian Wang, Qi Alfred Chen, Chao Shen
ACM Conference on Computer and Communications Security
(CCS)
, 2025.
Code
Universally Unfiltered and Unseen: Input-Agnostic Multimodal Jailbreaks against Text-to-Image Model Safeguards
Song Yan, Hui Wei, Jinlong Fei, Guoliang Yang,
Zhengyu Zhao
, Zheng Wang
ACM International Conference on Multimedia
(MM)
, 2025.
Code
Resisting Bag-based Attribute Profiling by Adding Adversarial Items to Existing Media Profiles
Zhuoran Liu,
Zhengyu Zhao
, Martha Larson
IEEE Transactions on Information Forensics and Security
(TIFS)
, 2025.
Code
Preliminary version@UMAP 2021
Typographic Attacks in a Multi-Image Setting
Xiaomeng Wang,
Zhengyu Zhao
, Martha Larson
North American Chapter of the Association for Computational Linguistics
(NAACL)
, 2025.
Code
Evading Deepfake Detectors via Adversarially Degrading and Restoring Forged Images
Zhengli Shi, Chenhao Lin,
Zhengyu Zhao
, Peter Peer, Chao Shen
IEEE International Conference on Multimedia and Expo
(ICME)
, 2025.
Oral
Code
Physical 3D Adversarial Attacks against Monocular Depth Estimation in Autonomous Driving
Junhao Zheng, Chenhao Lin, Jiahao Sun,
Zhengyu Zhao
, Qian Li, Chao Shen
IEEE Conference on Computer Vision and Pattern Recognition
(CVPR)
, 2024.
Code
Composite Backdoor Attacks Against Large Language Models
Hai Huang,
Zhengyu Zhao
, Yun Shen, Michael Backes, Yang Zhang
North American Chapter of the Association for Computational Linguistics
(NAACL) Findings
, 2024.
Code
Level Up with ML Vulnerability Identification: Leveraging Domain Constraints in Feature Space for Robust Android Malware Detection
Hamid Bostani,
Zhengyu Zhao
, Zhuoran Liu, Veelasha Moonsamy
ACM Transactions on Privacy and Security
(TOPS)
, 2024.
Code
Adversarial Image Color Transformations in Explicit Color Filter Space
Zhengyu Zhao
, Zhuoran Liu, Martha Larson
IEEE Transactions on Information Forensics and Security
(TIFS)
, 2023.
Code
Preliminary version@BMVC 2020
Multimedia Security
Beyond Pixels: Mining Compressed Domain Artifacts for Efficient AI-Generated Video Detection
Anran Zhu, Zhengli Shi, Chende Zheng, Chenhao Lin,
Zhengyu Zhao
, Le Yang, Chong Zhang, Shuai Liu, Chao Shen
International Conference on Machine Learning
(ICML)
, 2026.
Code
A Survey of Defenses against AI-generated Visual Media: Detection, Disruption, and Authentication
Jingyi Deng, Chenhao Lin,
Zhengyu Zhao
, Shuai Liu, Zhe Peng, Qian Wang, Chao Shen
ACM Computing Surveys
(CSUR)
, 2025.
Code
D3: Training-Free AI-Generated Video Detection Using Second-Order Features
Chende Zheng, Ruiqi Suo, Chenhao Lin,
Zhengyu Zhao
, Le Yang, Shuai Liu, Minghui Yang, Cong Wang, Chao Shen
International Conference on Computer Vision
(ICCV)
, 2025.
Code
Breaking Semantic Artifacts for Generalized AI-generated Image Detection
Chende Zheng, Chenhao Lin,
Zhengyu Zhao
, Hang Wang, Xu Guo, Shuai Liu, Chao Shen
Neural Information Processing Systems
(NeurIPS)
, 2024.
Code
Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel
Zhuoran Liu, Niels Samwel, Léo Weissbart,
Zhengyu Zhao
, Dirk Lauret, Lejla Batina, Martha Larson
Network and Distributed System Security Symposium
(NDSS)
, 2021.
Code
From Volcano to Toyshop: Adaptive Discriminative Region Discovery for Scene Recognition
Zhengyu Zhao
, Martha Larson
ACM International Conference on Multimedia
(MM)
, 2018.
Code
Reproducibility companion paper@
MM
2019