About Me

I received my Bachelor’s degree in Optoelectronics Informatics from Huazhong University of Science & Technology (HUST), China. I then switched to studying computer science/information security and obtained my doctoral degree in Australia jointly with CSIRO’s Data61. I subsequently continued my research career in CSIRO’s Data61 as a CERC postdoctoral fellow in 2020, where I am now a research scientist working on machine learning security and privacy.

My primary research interest resides in the joint distribution of adversarial robustness, neural backdoors, robustness/privacy verification, and real-world security & privacy issues of machine learning systems. I publish in top journals and conferences, such as IEEE TDSC, TIFS, ICDCS, SP, NDSS, NeurIPS, ICML, and ACSAC. I also serve as a program committee member and a (sub)reviewer for international conferences/journals like WWW, ACML, NDSS, IEEE SP, Usenix Security, IEEE TDSC, IEEE TIFS, and IEEE TIP. I have been honoured with awards such as the Distinguished Paper Award at the NDSS Symposium. I have been playing drums in my spare time since 2013. Table tennis is my favourite weekly sport.


News

[Feb. 2025] Our paper “Provably Unlearnable Data Examples” got the Distinguished Paper Award at NDSS 2025!
[Jan. 2025] One paper on certified robustness of deep reinforcement learning and two papers on perturbative protections for audio data have been accepted to USENIX Security’25 Cycle 1.
[Jan. 2025] One paper on AI model availability control via modulation has been accepted to WWW’25.
[Nov. 2024] Our paper on certified learnability and another on reinforcement unlearning have been accepted to NDSS’25.
[Jul. 2024] I am invited to serve as a PC member for IEEE SaTML’25.
[Jun. 2024] I am invited to serve as a PC member for CCS’24-LAMPS and the proceedings chair for AJCAI’24.
[May. 2024] Our paper improving double sampling smoothing for addressing curse of dimensionality in randomized smoothing is accepted to ICML’24.
[Apr. 2024] I am invited to serve as a TPC member for NDSS’25.
[Mar. 2024] Two papers are accepted to IEEE SP’24 workshop and TDSC, respectively.
[Dec. 2023] Our paper in reinforcement adversarial attack against video recognition is accepted to AAAI’24.
[Oct. 2023] One paper in face recognition anti-spoofing is accepted to NeurIPS’23.
[Sep. 2023] I will serve as a reviewer for TheWebConf’24.
[Jun. 2023] I am invited to serve as a PC member for ACISP’24.
[Nov. 2022] One paper in style-transfer-based adversarial attack against video classification sytems is accepted to IEEE SP’23.
[Oct. 2022] Our paper in neural backdoor detection is accepted to NDSS’23.


My Research Focuses

Certified robustness/data learnability at scale:

  • Certified learnability for data learnability control (NDSS’25)
  • Certified robustness of DRL agents (USENIX Sec’25)
  • Curse of dimensionality in certified robustness (ICML’24)

Data privacy and learnability control:

  • Perturbative availability poisons (NDSS’25, USENIX Sec’25)
  • Other perturbative protections and unlearning (NDSS’25, USENIX Sec’25, …)

Red teaming and defensive solutions for ML systems:

  • Red teaming and robustness evaluation (SP’23, AAAI’24, …)
  • Defenses against backdoors and adversarial attacks (NDSS’23, NeurIPS’23, ACSAC’19, …)

My ultimate goal is to make AI truly trustworthy through provable guarantees, causality, and human alignment. For prospective students and researchers interested in collaboration: Please feel free to shoot me an email if these align with your research interests.


Mentorship and Collaboration

I have been fortunate to mentor and work with the following talented students (listed in alphabetical order by last name):

  • Yuxin Cao (Tsinghua University –> NUS)
  • Siji Chen (Tsinghua University)
  • Chaoran Li (Swinburne University of Technology –> Li Auto)
  • Wanlun Ma (Swinburne University of Technology)
  • Youwei Shu (Tsinghua University –> NUS)
  • Zihan Wang (University of Queensland)
  • Kai Ye (Tsinghua University –> HKU)