Xiao Zhang

Tenure-Track Faculty

CISPA Helmholtz Center for Information Security

Bio: I am a tenure-track faculty at CISPA Helmholtz Center for Information Security. Prior to that, I obtained my Ph.D. degree from Department of Computer Science at University of Virginia advised by Prof. David Evans in 2022. I received my M.S. degree from Department of Statistics at University of Virginia and my B.S. degree in Mathematics and Applied Mathematics at Tsinghua University in 2017 and 2015, respectively. I am also a member of the European Laboratory for Learning and Intelligent Systems.

Research Interests: My research covers various topics in machine learning and security, including trustworthy machine learning, statistical machine learning, convex/non-convex optimization and deep learning. Recently, I focus on understanding the misbehavior of machine learning models against different adversaries and designing robust systems for various machine learning applications.

Open Positions: I am looking for self-motivated students who are interested in trustworthy machine learning, including PhD students, research assistants, intern and visiting students. Check Open Positions for more details.

Featured Publications

Wenshu Fan, Minxing Zhang, Hongwei Li, Wenbo Jiang, Hanxiao Chen, Xiangyu Yue, Michael Backes, Xiao Zhang

January 2025 CCS 2025

DivTrackee versus DynTracker: Promoting Diversity in Anti-Facial Recognition against Dynamic FR Strategy

We highlight the importance of using dynamic FR strategies to evaluate AFR methods, and propose DivTrackee as a promising countermeasure.

Anshuman Suri, Xiao Zhang, David Evans

November 2024 TMLR 2024

Do Parameters Reveal More than Loss for Membership Inference?

We show how prior claims about black-box access sufficing for optimal membership inference do not hold for most useful settings such as SGD, and validate our findings with a new white-box inference attack.

Fnu Suya, Xiao Zhang, Yuan Tian, David Evans

November 2023 NeurIPS 2023

What Distributions are Robust to Indiscriminate Poisoning Attacks for Linear Learners?

Understand the inherent vulnerabilities to indiscriminate data poisoning attacks for linear learners by studying the optimal poisoning strategy from the perspective of data distribution.

Xiao Zhang, David Evans

May 2022 ICLR 2022

Understanding Intrinsic Robustness using Label Uncertainty

Built upon on a novel definition of label uncertainty, we develop an empirical method to estimate a more realistic intirnsic robustness limit for image classification tasks.

Saeed Mahloujifar, Xiao Zhang, Mohammad Mahmoody, David Evans

December 2019 NeurIPS 2019 (Spotlight)

Empirically Measuring Concentration: Fundamental Limits to Intrinsic Robustness

We develop a method to measure the concentration of image benchmarks using empirical samples and show that concentration of measure does not prohibit the existence of adversarially robust classifiers.

Publications

Quickly discover relevant content by filtering publications.

Subrat Kishore Dutta, Xiao Zhang (2025). IAP: Invisible Adversarial Patch Attack through Perceptibility-Aware Localization and Perturbation Optimization. ICCV 2025.

PDF Cite Code ArXiv

Yuan Xin, Dingfan Chen, Michael Backes, Xiao Zhang (2025). Provably Cost-Sensitive Adversarial Defense via Randomized Smoothing. ICML 2025.

PDF Cite Code ArXiv OpenReview

Advik Raj Basani, Xiao Zhang (2025). GASP: Efficient Black-Box Generation of Adversarial Suffixes for Jailbreaking LLMs. ICLR 2025 BuildingTrust Workshop (Oral).

PDF Cite Code ArXiv OpenReview

Youngjin Kwon, Xiao Zhang (2025). MASQUE: Diffusion-Based Localized Adversarial Makeup for Facial Privacy. ICLR 2025 FM-Wild Workshop.

PDF Cite Code ArXiv OpenReview

Santanu Rathod, Pietro Liò, Xiao Zhang (2025). Predicting Time-varying Flux and Balance in Metabolic Systems using Structured Neural ODE Processes. ICLR 2025 MLGenX Workshop.

PDF Cite ArXiv OpenReview

Jia Fu, Xiao Zhang, Sepideh Pashami, Fatemeh Rahimian, Anders Holst (2025). DiffPAD: Denoising Diffusion-based Adversarial Patch Decontamination. WACV 2025.

PDF Cite ArXiv

See all publications

Contact

xiao.zhang@cispa.de
+49 681 87083 2342
Im oberen Werk 1, St. Ingbert, Saarland 66386
My office is Room 0.28 at CISPA D2 building