Publications (* denotes equal contribution)

2024

• Distribution Preserving Backdoor Attack in Self-supervised Learning
  Guanhong Tao*, Zhenting Wang*, Shiwei Feng, Guangyu Shen, Shiqing Ma, Xiangyu Zhang
  Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P 2024)
  San Francisco, CA, USA, May 2024
  [pdf]  [code]  [bibtex]
• ODSCAN: Backdoor Scanning for Object Detection Models
  Siyuan Cheng, Guangyu Shen, Guanhong Tao, Kaiyuan Zhang, Zhuo Zhang, Shengwei An, Xiangzhe Xu, Yingqi Liu, Shiqing Ma, Xiangyu Zhang
  Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P 2024)
  San Francisco, CA, USA, May 2024
  [pdf]  [bibtex]
• On Large Language Models’ Resilience to Coercive Interrogation
  Zhuo Zhang, Guangyu Shen, Guanhong Tao, Siyuan Cheng, Xiangyu Zhang
  Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P 2024)
  San Francisco, CA, USA, May 2024
  [pdf]  [bibtex]
• Exploring the Orthogonality and Linearity of Backdoor Attacks
  Kaiyuan Zhang, Siyuan Cheng, Guangyu Shen, Guanhong Tao, Shengwei An, Anuran Makur, Shiqing Ma, Xiangyu Zhang
  Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P 2024)
  San Francisco, CA, USA, May 2024
  [pdf]  [bibtex]
• Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering
  Rui Zhu, Di Tang, Siyuan Tang, Zihao Wang, Guanhong Tao, Shiqing Ma, XiaoFeng Wang, Haixu Tang
  Proceedings of the 31st Network and Distributed System Security Symposium (NDSS 2024)
  San Diego, CA, USA, February 2024
  [pdf]  [bibtex]
• LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning
  Siyuan Cheng, Guanhong Tao, Yingqi Liu, Guangyu Shen, Shengwei An, Shiwei Feng, Xiangzhe Xu, Kaiyuan Zhang, Shiqing Ma, Xiangyu Zhang
  IEEE/CVF Conference on Computer Vision and Pattern Recognition 2024 (CVPR 2024)
  Seattle WA, USA, June 2024
  [pdf]  [bibtex]
• Elijah: Eliminating Backdoors Injected in Diffusion Models via Distribution Shift
  Shengwei An, Sheng-Yen Chou, Kaiyuan Zhang, Qiuling Xu, Guanhong Tao, Guangyu Shen, Siyuan Cheng, Shiqing Ma, Pin-Yu Chen, Tsung-Yi Ho, Xiangyu Zhang
  Proceedings of the 38th AAAI Conference on Artificial Intelligence (AAAI 2024)
  Vancouver, Canada, February 2024
  [pdf]  [bibtex]
• Fusion Is Not Enough: Single Modal Attacks on Fusion Models for 3D Object Detection
  Zhiyuan Cheng, Hongjun Choi, Shiwei Feng, James Chenhao Liang, Guanhong Tao, Dongfang Liu, Michael Zuzak, Xiangyu Zhang
  Proceedings of the Twelfth International Conference on Learning Representations (ICLR 2024)
  Vienna, Austria, May 2024
  [pdf]  [bibtex]
• Threat Behavior Textual Search by Attention Graph Isomorphism
  Chanwoo Bae, Guanhong Tao, Zhuo Zhang, Xiangyu Zhang
  Proceedings of the 18th Conference of the European Chapter of the Association for Computational Linguistics (EACL 2024)
  St. Julians, Malta, March 2024
  [pdf]  [bibtex]

2023

• Hard-label Black-box Universal Adversarial Patch Attack
  Guanhong Tao, Shengwei An, Siyuan Cheng, Guangyu Shen, Xiangyu Zhang
  Proceedings of the 32nd USENIX Security Symposium (USENIX Security 2023)
  Anaheim, CA, USA, August 2023
  [pdf]  [code]  [bibtex]
• Backdooring Neural Code Search
  Weisong Sun*, Yuchen Chen*, Guanhong Tao*, Chunrong Fang, Xiangyu Zhang, Quanjun Zhang, Bin Luo
  Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics (ACL 2023)
  Toronto, Canada, July 2023
  [pdf]  [code]  [bibtex]
• PELICAN: Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis
  Zhuo Zhang, Guanhong Tao, Guangyu Shen, Shengwei An, Qiuling Xu, Yingqi Liu, Yapeng Ye, Yaoxuan Wu, Xiangyu Zhang
  Proceedings of the 32nd USENIX Security Symposium (USENIX Security 2023)
  Anaheim, CA, USA, August 2023
  [pdf]  [bibtex]
• BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense
  Siyuan Cheng, Guanhong Tao, Yingqi Liu, Shengwei An, Xiangzhe Xu, Shiwei Feng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Shiqing Ma, Xiangyu Zhang
  Proceedings of the 30th Network and Distributed System Security Symposium (NDSS 2023)
  San Diego, CA, USA, February 2023
  [pdf]  [bibtex]
• FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning
  Kaiyuan Zhang, Guanhong Tao, Qiuling Xu, Siyuan Cheng, Shengwei An, Yingqi Liu, Shiwei Feng, Guangyu Shen, Pin-Yu Chen, Shiqing Ma, Xiangyu Zhang
  Proceedings of the Eleventh International Conference on Learning Representations (ICLR 2023)
  ECCV 2022 Workshop on Adversarial Robustness in the Real World (AROW 2022) Best Paper Award
  Kigali, Rwanda, May 2023
  [pdf]  [bibtex]
• Adversarial Training of Self-supervised Monocular Depth Estimation against Physical-World Attacks
  Zhiyuan Cheng, James Chenhao Liang, Guanhong Tao, Dongfang Liu, Xiangyu Zhang
  Proceedings of the Eleventh International Conference on Learning Representations (ICLR 2023 Spotlight)
  Kigali, Rwanda, May 2023
  [pdf]  [bibtex]
• BIRD: Generalizable Backdoor Detection and Removal for Deep Reinforcement Learning
  Xuan Chen, Wenbo Guo, Guanhong Tao, Xiangyu Zhang, Dawn Song
  Proceedings of Thirty-seventh Conference on Neural Information Processing Systems (NeurIPS 2023)
  New Orleans, LA, USA, December 2023
  [pdf]  [bibtex]
• Django: Detecting Trojans in Object Detection Models via Gaussian Focus Calibration
  Guangyu Shen, Siyuan Cheng, Guanhong Tao, Kaiyuan Zhang, Yingqi Liu, Shengwei An, Shiqing Ma, Xiangyu Zhang
  Proceedings of Thirty-seventh Conference on Neural Information Processing Systems (NeurIPS 2023)
  New Orleans, LA, USA, December 2023
  [pdf]  [bibtex]
• ParaFuzz: An Interpretability-Driven Technique for Detecting Poisoned Samples in NLP
  Lu Yan, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Xuan Chen, Guangyu Shen, Xiangyu Zhang
  Proceedings of Thirty-seventh Conference on Neural Information Processing Systems (NeurIPS 2023)
  New Orleans, LA, USA, December 2023
  [pdf]  [bibtex]
• Remove Model Backdoors via Importance Driven Cloning
  Qiuling Xu, Guanhong Tao, Jean Honorio, Yingqi Liu, Shengwei An, Guangyu Shen, Siyuan Cheng, Xiangyu Zhang
  IEEE/CVF Conference on Computer Vision and Pattern Recognition 2023 (CVPR 2023)
  Vancouver, Canada, June 2023
  [pdf]  [bibtex]
• Detecting Backdoors in Pre-trained Encoders
  Shiwei Feng, Guanhong Tao, Siyuan Cheng, Guangyu Shen, Xiangzhe Xu, Yingqi Liu, Kaiyuan Zhang, Shiqing Ma, Xiangyu Zhang
  IEEE/CVF Conference on Computer Vision and Pattern Recognition 2023 (CVPR 2023)
  Vancouver, Canada, June 2023
  [pdf]  [bibtex]
• ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes
  Shengwei An, Yuan Yao, Qiuling Xu, Shiqing Ma, Guanhong Tao, Siyuan Cheng, Kaiyuan Zhang, Yingqi Liu, Guangyu Shen, Ian Kelk, Xiangyu Zhang
  Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P 2023)
  San Francisco, CA, USA, May 2023
  [pdf]  [bibtex]
• PEM: Representing Binary Program Semantics for Similarity Analysis via A Probabilistic Execution Model
  Xiangzhe Xu, Zhou Xuan, Shiwei Feng, Siyuan Cheng, Yapeng Ye, Qingkai Shi, Guanhong Tao, Le Yu, Zhuo Zhang, Xiangyu Zhang
  Proceedings of the 2023 ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2023)
  San Francisco, California, USA, December 2023
  [pdf]  [bibtex]
• Improving Binary Code Similarity Transformer Models by Semantics-driven Instruction Deemphasis
  Xiangzhe Xu, Shiwei Feng, Yapeng Ye, Guangyu Shen, Zian Su, Siyuan Cheng, Guanhong Tao, Qingkai Shi, Zhuo Zhang, Xiangyu Zhang
  Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023)
  Seattle, Washington, USA, July 2023
  [pdf]  [bibtex]

2022

• Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security
  Guanhong Tao, Yingqi Liu, Guangyu Shen, Qiuling Xu, Shengwei An, Zhuo Zhang, Xiangyu Zhang
  Proceedings of the 43rd IEEE Symposium on Security and Privacy (S&P 2022)
  San Francisco, CA, USA, May 2022
  [pdf]  [code]  [bibtex]
• PICCOLO: Exposing Complex Backdoors in NLP Transformer Models
  Yingqi Liu, Guangyu Shen, Guanhong Tao, Shengwei An, Shiqing Ma, Xiangyu Zhang
  Proceedings of the 43rd IEEE Symposium on Security and Privacy (S&P 2022)
  San Francisco, CA, USA, May 2022
  [pdf]  [bibtex]
• RULER: Discriminative and Iterative Adversarial Training for Deep Neural Network Fairness
  Guanhong Tao*, Weisong Sun*, Tingxu Han*, Chunrong Fang, Xiangyu Zhang
  Proceedings of the 2022 ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2022)
  Singapore, November 2022
  [pdf]  [code]  [bibtex]
• Better Trigger Inversion Optimization in Backdoor Scanning
  Guanhong Tao, Guangyu Shen, Yingqi Liu, Shengwei An, Qiuling Xu, Shiqing Ma, Pan Li, Xiangyu Zhang
  IEEE/CVF Conference on Computer Vision and Pattern Recognition 2022 (CVPR 2022 Oral)
  New Orleans, LA, USA, June 2022
  [pdf]  [code]  [bibtex]
• Bounded Adversarial Attack on Deep Content Features
  Qiuling Xu, Guanhong Tao, Xiangyu Zhang
  IEEE/CVF Conference on Computer Vision and Pattern Recognition 2022 (CVPR 2022)
  New Orleans, LA, USA, June 2022
  [pdf]  [bibtex]
• Complex Backdoor Detection by Symmetric Feature Differencing
  Yingqi Liu, Guangyu Shen, Guanhong Tao, Zhenting Wang, Shiqing Ma, Xiangyu Zhang
  IEEE/CVF Conference on Computer Vision and Pattern Recognition 2022 (CVPR 2022)
  New Orleans, LA, USA, June 2022
  [pdf]  [bibtex]
• MIRROR: Model Inversion for Deep Learning Network with High Fidelity
  Shengwei An, Guanhong Tao, Qiuling Xu, Yingqi Liu, Guangyu Shen, Yuan Yao, Jingwei Xu, Xiangyu Zhang
  Proceedings of the 29th Network and Distributed System Security Symposium (NDSS 2022)
  San Diego, CA, USA, April 2022
  [pdf]  [bibtex]
• Constrained Optimization with Dynamic Bound-scaling for Effective NLP Backdoor Defense
  Guangyu Shen, Yingqi Liu, Guanhong Tao, Qiuling Xu, Zhuo Zhang, Shengwei An, Shiqing Ma, Xiangyu Zhang
  Proceedings of Thirty-ninth International Conference on Machine Learning (ICML 2022)
  Baltimore, MD, USA, July 2022
  [pdf]  [bibtex]
• Physical Attack on Monocular Depth Estimation in Autonomous Driving with Optimal Adversarial Patches
  Zhiyuan Cheng, James Liang, Hongjun Choi, Guanhong Tao, Zhiwen Cao, Dongfang Liu, Xiangyu Zhang
  Proceedings of the 2022 European Conference on Computer Vision (ECCV 2022)
  Tel Aviv, Israel, October 2022
  [pdf]  [bibtex]
• Checkpointing and Deterministic Training for Deep Learning
  Xiangzhe Xu, Hongyu Liu, Guanhong Tao, Zhou Xuan, Xiangyu Zhang
  Proceedings of the 1st International Conference on AI Engineering – Software Engineering for AI (CAIN 2022)
  Pittsburgh, PA, USA, May 2022
  [pdf]  [bibtex]
• Code Search based on Context-aware Code Translation
  Weisong Sun, Chunrong Fang, Yuchen Chen, Guanhong Tao, Tingxu Han, Quanjun Zhang
  Proceedings of the 44th International Conference on Software Engineering (ICSE 2022)
  Pittsburgh, PA, USA, May 2022
  [pdf]  [bibtex]

2021

• FIRM: Detecting Adversarial Audios by Recursive Filters with Randomization
  Guanhong Tao, Xiaowei Chen, Yunhan Jia, Zhenyu Zhong, Shiqing Ma, Xiangyu Zhang
  ICLR 2021 Workshop on Security and Safety in Machine Learning Systems
  Virtually, May 2021
  [pdf]  [bibtex]
• Towards Feature Space Adversarial Attack by Style Perturbation
  Qiuling Xu, Guanhong Tao, Siyuan Cheng, Xiangyu Zhang
  Proceedings of the 35th AAAI Conference on Artificial Intelligence (AAAI 2021)
  Virtually, February 2021
  [pdf]  [bibtex]
• Backdoor Scanning for Deep Neural Networks through K-Arm Optimization
  Guangyu Shen, Yingqi Liu, Guanhong Tao, Shengwei An, Qiuling Xu, Siyuan Cheng, Shiqing Ma, Xiangyu Zhang
  Proceedings of Thirty-eighth International Conference on Machine Learning (ICML 2021)
  Virtually, July 2021
  [pdf]  [bibtex]
• StochFuzz: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting
  Zhuo Zhang, Wei You, Guanhong Tao, Yousra Aafer, Xuwei Liu, Xiangyu Zhang
  Proceedings of the 42nd IEEE Symposium on Security and Privacy (S&P 2021)
  Virtually, May 2021
  CSAW 2021 Best Applied Security Paper Award TOP-10 Finalists
  [pdf]  [bibtex]
• OSPREY: Recovery of Variable and Data Structure via Probabilistic Analysis for Stripped Binary
  Zhuo Zhang, Yapeng Ye, Wei You, Guanhong Tao, Wen-chuan Lee, Yonghwi Kwon, Yousra Aafer, Xiangyu Zhang
  Proceedings of the 42nd IEEE Symposium on Security and Privacy (S&P 2021)
  Virtually, May 2021
  [pdf]  [bibtex]
• ALchemist: Fusing Application and Audit Logs for Precise Attack Provenance without Instrumentation
  Le Yu, Shiqing Ma, Zhuo Zhang, Guanhong Tao, Xiangyu Zhang, Dongyan Xu, Vincent E. Urias, Han Wei Lin, Gabriela Ciocarlie, Vinod Yegneswaran, Ashish Gehani
  Proceedings of the 28th Network and Distributed System Security Symposium (NDSS 2021)
  Virtually, February 2021
  [pdf]  [bibtex]

2020

• TRADER: Trace Divergence Analysis and Embedding Regulation for Debugging Recurrent Neural Networks
  Guanhong Tao, Shiqing Ma, Yingqi Liu, Qiuling Xu, Xiangyu Zhang
  Proceedings of the 42nd International Conference on Software Engineering (ICSE 2020)
  Seoul, South Korea, July 2020 (Virtual)
  [pdf]  [slides]  [video]  [artifact]  [bibtex]
• CPC: Automatically Classifying and Propagating Natural Language Comments via Program Analysis
  Juan Zhai, Xiangzhe Xu, Yu Shi, Guanhong Tao, Minxue Pan, Shiqing Ma, Lei Xu, Weifeng Zhang, Lin Tan, Xiangyu Zhang
  Proceedings of the 42nd International Conference on Software Engineering (ICSE 2020)
  Seoul, South Korea, July 2020 (Virtual)
  [pdf]  [bibtex]
• Correlations Between Deep Neural Network Model Coverage Criteria and Model Quality
  Shenao Yan, Guanhong Tao, Xuwei Liu, Juan Zhai, Shiqing Ma, Lei Xu, Xiangyu Zhang
  Proceedings of the 2020 ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2020)
  Sacramento, CA, USA, November 2020
  [pdf]  [bibtex]

2019

• ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation
  Yingqi Liu, Wen-Chuan Lee, Guanhong Tao, Shiqing Ma, Yousra Aafer, Xiangyu Zhang
  Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS 2019)
  London, UK, November 2019
  [pdf]  [bibtex]
• NIC: Detecting Adversarial Samples with Neural Network Invariant Checking
  Shiqing Ma, Yingqi Liu, Guanhong Tao, Wen-Chuan Lee, Xiangyu Zhang
  Proceedings of the 26th Network and Distributed System Security Symposium (NDSS 2019)
  San Diego, CA, USA, February 2019
  [pdf]  [slides]  [bibtex]
• BDA: Practical Dependence Analysis for Binary Executables by Unbiased Whole-program Path Sampling and Per-path Abstract Interpretation
  Zhuo Zhang, Wei You, Guanhong Tao, Guannan Wei, Yonghwi Kwon, Xiangyu Zhang
  Proceedings of the ACM on Programming Languages Volume 3 Issue OOPSLA (OOPSLA 2019)
  Athens, Greece, October 2019
  ACM SIGPLAN Distinguished Paper Award
  [pdf]  [bibtex]

2018

• Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples
  Guanhong Tao, Shiqing Ma, Yingqi Liu, Xiangyu Zhang
  Proceedings of Thirty-second Conference on Neural Information Processing Systems (NeurIPS 2018 Spotlight)
  Palais des Congrès de Montréal, Montréal, Canada, December 2018
  [pdf]  [slides]  [poster]  [code]  [bibtex]
• Precise Android API Protection Mapping Derivation and Reasoning
  Yousra Aafer, Guanhong Tao, Jianjun Huang, Xiangyu Zhang, Ninghui Li
  Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS 2018)
  Toronto, Canada, October 2018
  [pdf]  [bibtex]
• MalPat: Mining Patterns of Malicious and Benign Android Apps via Permission-Related APIs
  Guanhong Tao, Zibin Zheng, Ziying Guo, Michael R. Lyu
  IEEE Transactions on Reliability, vol. 67, no. 1, March 2018, pp. 355-369
  [pdf]  [bibtex]