avatar

Zhengyu Zhao
(赵正宇)

Xi'an Jiaotong University
zhengyu.zhao (at) xjtu.edu.cn


Security of Machine Learning: Foundations

  1. Revisiting Transferable Adversarial Image Examples: Attack Categorization, Evaluation Guidelines, and New Insights
    Zhengyu Zhao, Hanwei Zhang, Renjue Li, Ronan Sicre, Laurent Amsaleg, Michael Backes, Qi Li, Chao Shen
    Code
  2. Revisiting Training-Inference Trigger Intensity in Backdoor Attacks
    Chenhao Lin, Chenyang Zhao, Shiwei Wang, Longtian Wang, Chao Shen, Zhengyu Zhao
    USENIX Security Symposium (USENIX Security), 2025.
  3. Improving Adversarial Transferability on Vision Transformers via Forward Propagation Refinement
    Yuchen Ren, Zhengyu Zhao, Chenhao Lin, Bo Yang, Lu Zhou, Zhe Liu, Chao Shen
    IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2025.
    Code
  4. Improving Integrated Gradient-based Transferable Adversarial Examples by Refining the Integration Path
    Yuchen Ren, Zhengyu Zhao, Chenhao Lin, Bo Yang, Lu Zhou, Zhe Liu, Chao Shen
    Association for the Advancement of Artificial Intelligence (AAAI), 2025.
    Code
  5. Adversarial Example Soups: Improving Transferability and Stealthiness for Free
    Bo Yang, Hengwei Zhang, Jindong Wang, Yulong Yang, Chenhao Lin, Chao Shen, Zhengyu Zhao
    IEEE Transactions on Information Forensics and Security (TIFS), 2025.
  6. Collapse-Aware Triplet Decoupling for Adversarially Robust Image Retrieval
    Qiwei Tian, Chenhao Lin, Zhengyu Zhao, Qian Li, Chao Shen
    International Conference on Machine Learning (ICML), 2024.
    Code
  7. Quantization Aware Attack: Enhancing Transferable Adversarial Attacks by Model Quantization
    Yulong Yang, Chenhao Lin, Qian Li, Zhengyu Zhao, Haoran Fan, Dawei Zhou, Nannan Wang, Tongliang Liu, Chao Shen
    IEEE Transactions on Information Forensics and Security (TIFS), 2024.
    Code
  8. Hard Adversarial Example Mining for Improving Robust Fairness
    Chenhao Lin, Xiang Ji, Yulong Yang, Qian Li, Zhengyu Zhao, Zhe Peng, Run Wang, Liming Fang, Chao Shen
    IEEE Transactions on Information Forensics and Security (TIFS), 2024.
    Code
  9. Image Shortcut Squeezing: Countering Perturbative Availability Poisons with Compression
    Zhuoran Liu, Zhengyu Zhao, Martha Larson
    International Conference on Machine Learning (ICML), 2023.
    Code
  10. Is Adversarial Training Really a Silver Bullet for Mitigating Data Poisoning?
    Rui Wen, Zhengyu Zhao, Zhuoran Liu, Michael Backes, Tianhao Wang, Yang Zhang
    International Conference on Learning Representations (ICLR), 2023. Spotlight
    Code
  11. Adversarial Image Color Transformations in Explicit Color Filter Space
    Zhengyu Zhao, Zhuoran Liu, Martha Larson
    IEEE Transactions on Information Forensics and Security (TIFS), 2023.
    Code
  12. Membership Inference Attacks by Exploiting Loss Trajectory
    Yiyong Liu, Zhengyu Zhao, Michael Backes, Yang Zhang
    ACM Conference on Computer and Communications Security (CCS), 2022.
    Code Video
  13. On Success and Simplicity: A Second Look at Transferable Targeted Attacks
    Zhengyu Zhao, Zhuoran Liu, Martha Larson
    Neural Information Processing Systems (NeurIPS), 2021.
    Code Video 中文解读 Rank Top-1 on ARES Leaderboard
  14. Towards Large yet Imperceptible Adversarial Image Perturbations with Perceptual Color Distance
    Zhengyu Zhao, Zhuoran Liu, Martha Larson
    IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2020.
    Code Video
  15. Adversarial Color Enhancement: Generating Unrestricted Adversarial Images by Optimizing a Color Filter
    Zhengyu Zhao, Zhuoran Liu, Martha Larson
    British Machine Vision Conference (BMVC), 2020.
    Code Video
  16. Who's Afraid of Adversarial Queries? The Impact of Image Modifications on Content-based Image Retrieval
    Zhuoran Liu, Zhengyu Zhao, Martha Larson
    ACM International Conference on Multimedia Retrieval (ICMR), 2019.
    Code

Security of Machine Learning: Applications

  1. CLIP is Strong Enough to Fight Back: Test-time Counterattacks towards Zero-shot Adversarial Robustness of CLIP
    Songlong Xing, Zhengyu Zhao, Nicu Sebe
    IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2025.
    Code
  2. Nullu: Mitigating Object Hallucinations in Large Vision-Language Models via HalluSpace Projection
    Le Yang, Ziwei Zheng, Boxun Chen, Zhengyu Zhao, Chenhao Lin, Chao Shen
    IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2025.
    Code
  3. Typographic Attacks in a Multi-Image Setting
    Xiaomeng Wang, Zhengyu Zhao, Martha Larson
    North American Chapter of the Association for Computational Linguistics (NAACL), 2025.
    Code
  4. Unlocking Adversarial Suffix Optimization Without Affirmative Phrases: Efficient Black-box Jailbreaking via LLM as Optimizer
    Weipeng Jiang, Zhenting Wang, Juan Zhai, Shiqing Ma, Zhengyu Zhao, Chao Shen
    North American Chapter of the Association for Computational Linguistics (NAACL) Findings, 2025.
  5. Physical 3D Adversarial Attacks against Monocular Depth Estimation in Autonomous Driving
    Junhao Zheng, Chenhao Lin, Jiahao Sun, Zhengyu Zhao, Qian Li, Chao Shen
    IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2024.
    Code
  6. Exploiting the Adversarial Example Vulnerability of Transfer Learning of Source Code
    Yulong Yang, Haoran Fan, Chenhao Lin, Qian Li, Zhengyu Zhao, Chao Shen
    IEEE Transactions on Information Forensics and Security (TIFS), 2024.
    Code
  7. Composite Backdoor Attacks Against Large Language Models
    Hai Huang, Zhengyu Zhao, Yun Shen, Michael Backes, Yang Zhang
    North American Chapter of the Association for Computational Linguistics (NAACL) Findings, 2024.
    Code
  8. Level Up with ML Vulnerability Identification: Leveraging Domain Constraints in Feature Space for Robust Android Malware Detection
    Hamid Bostani, Zhengyu Zhao, Zhuoran Liu, Veelasha Moonsamy
    ACM Transactions on Privacy and Security (TOPS), 2024.
    Code
  9. Towards Transferable and Stealthy Attacks against Object Detection in Autonomous Driving Systems (in Chinese)
    Junhao Zheng, Chenhao Lin, Zhengyu Zhao, Ziyi Jia, Libing Wu, Chao Shen
    Journal of Computer Research and Development (CRaD), 2024.
    Code

Machine Learning for Security

  1. Breaking Semantic Artifacts for Generalized AI-generated Image Detection
    Chende Zheng, Chenhao Lin, Zhengyu Zhao, Hang Wang, Xu Guo, Shuai Liu, Chao Shen
    Neural Information Processing Systems (NeurIPS), 2024.
    Code
  2. Exploiting Facial Relationships and Feature Aggregation for Multi-Face Forgery Detection
    Chenhao Lin, Fangbin Yi, Hang Wang, Jingyi Deng, Zhengyu Zhao, Qian Li, Chao Shen
    IEEE Transactions on Information Forensics and Security (TIFS), 2024.
    Code
  3. Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel
    Zhuoran Liu, Niels Samwel, Léo Weissbart, Zhengyu Zhao, Dirk Lauret, Lejla Batina, Martha Larson
    Network and Distributed System Security Symposium (NDSS), 2021.
    Code Video