Bio: I am a tenure-track faculty at CISPA Helmholtz Center for Information Security. Prior to that, I obtained my Ph.D. degree from Department of Computer Science at University of Virginia advised by Prof. David Evans in 2022. I received my M.S. degree from Department of Statistics at University of Virginia and my B.S. degree in Mathematics and Applied Mathematics at Tsinghua University in 2017 and 2015, respectively. I am also a member of the European Laboratory for Learning and Intelligent Systems.

Research Interests: My research covers various topics in machine learning and security, including trustworthy machine learning, statistical machine learning, convex/non-convex optimization and deep learning. Recently, I focus on understanding the misbehavior of machine learning models against different adversaries and designing robust systems for various machine learning applications.

Open Positions: I am looking for self-motivated students who are interested in trustworthy machine learning, including PhD students, research assistants, intern and visiting students. Check Open Positions for more details.

Publications

Quickly discover relevant content by filtering publications.
(2025). MASQUE: Diffusion-Based Localized Adversarial Makeup for Facial Privacy. ICLR 2025 FM-Wild Workshop.

PDF Cite ArXiv OpenReview

(2025). DivTrackee versus DynTracker: Promoting Diversity in Anti-Facial Recognition against Dynamic FR Strategy. CCS 2025.

PDF Cite ArXiv

(2024). Can Targeted Clean-Label Poisoning Attacks Generalize?. ArXiv.

PDF Cite Code ArXiv

(2024). Do Parameters Reveal More than Loss for Membership Inference?. TMLR 2024.

PDF Cite Code ArXiv OpenReview

(2024). GASP: Efficient Black-Box Generation of Adversarial Suffixes for Jailbreaking LLMs. ICLR 2025 BuildingTrust Workshop.

PDF Cite Code ArXiv OpenReview

(2024). DiffPAD: Denoising Diffusion-based Adversarial Patch Decontamination. WACV 2025.

Cite ArXiv

Contact