Kaiyuan Zhang
How to pronounce? Ph.D. candidate of Computer Science Purdue University Office: Lawson Computer Science Building West Lafayette, IN, 47907-2107 Email: [email protected] Google Scholar | dblp | Twitter | GitHub | LinkedIn |
I am a Ph.D. candidate of Computer Science at Purdue University, co-advised by Prof. Ninghui Li and Prof. Xiangyu Zhang. My research interests focus on security and privacy in machine learning, recently in safe & responsible large language models.
Before joining Purdue, I spent a wonderful year as a visiting graduate student at the University of Illinois at Urbana-Champaign, co-advised by Prof. Tao Xie and Prof. Tianyin Xu. I received an M.S. in Computer Science from the University of Texas at Dallas, advised by Prof. Wei Yang. I was a full-time research assistant advised by Prof. Wei Chen for 1.5 years at Zhejiang University before starting grad school. I was a research intern at Amazon and NEC Labs America.
Research Opportunities: I am always happy to discuss and brainstorm; if you’re a researcher/student (especially underrepresented minorities) interested in security, privacy, or robust AI (Generative AI most recent), please reach out with subject “[Prospective collaboration]” to zhan4057 at purdue dot edu.
Office Hours: I owe a lot to my patient research mentors who generously spent their own time helping me along the way. From September 2024, I will dedicate 2 hours each week to offer mentorship and advice to undergraduate and grad students on any topics you’d like to discuss. If you’re interested, please fill out the AMA form.
Recent Publications [Google Scholar] [dblp] (*: equal contribution)
- CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian Sampling
Kaiyuan Zhang, Siyuan Cheng, Guangyu Shen, Bruno Ribeiro, Shengwei An, Pin-Yu Chen, Xiangyu Zhang, Ninghui Li
Proceedings of the 32nd Network and Distributed System Security Symposium (NDSS 2025)
[paper] [code] [website] - UNIT: Backdoor Mitigation via Automated Neural Distribution Tightening
Siyuan Cheng*, Guangyu Shen*, Kaiyuan Zhang, Guanhong Tao, Shengwei An, Hanxi Guo, Shiqing Ma, Xiangyu Zhang
The 18th European Conference on Computer Vision (ECCV 2024)
[paper] [code] - Rethinking the Invisible Protection against Unauthorized Image Usage in Stable Diffusion
Shengwei An*, Lu Yan*, Siyuan Cheng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Guanhong Tao, Xiangyu Zhang
Proceedings of the 33rd USENIX Security Symposium (USENIX Security 2024)
[paper] [code] - LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning
Siyuan Cheng, Guanhong Tao, Yingqi Liu, Guangyu Shen, Shengwei An, Shiwei Feng, Xiangzhe Xu, Kaiyuan Zhang, Shiqing Ma, Xiangyu Zhang
IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2024)
[paper] [code] - Exploring the Orthogonality and Linearity of Backdoor Attacks
Kaiyuan Zhang*, Siyuan Cheng*, Guangyu Shen, Guanhong Tao, Shengwei An, Anuran Makur, Shiqing Ma, Xiangyu Zhang
Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P 2024)
[paper] [code] [slides] [video] [poster] [website] - ODSCAN: Backdoor Scanning for Object Detection Models
Siyuan Cheng*, Guangyu Shen*, Guanhong Tao, Kaiyuan Zhang, Zhuo Zhang, Shengwei An, Xiangzhe Xu, Yingqi Liu, Shiqing Ma, Xiangyu Zhang
Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P 2024)
[paper] [code] - Elijah: Eliminating Backdoors Injected in Diffusion Models via Distribution Shift
Shengwei An, Sheng-Yen Chou, Kaiyuan Zhang, Qiuling Xu, Guanhong Tao, Guangyu Shen, Siyuan Cheng, Shiqing Ma, Pin-Yu Chen, Tsung-Yi Ho, Xiangyu Zhang
Proceedings of the 38th Annual AAAI Conference on Artificial Intelligence (AAAI 2024)
[paper] [code] - ParaFuzz: An Interpretability-Driven Technique for Detecting Poisoned Samples in NLP
Lu Yan, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Xuan Chen, Guangyu Shen, Xiangyu Zhang
Proceedings of the Thirty-seventh Conference on Neural Information Processing Systems (NeurIPS 2023)
[paper] - Django: Detecting Trojans in Object Detection Models via Gaussian Focus Calibration
Guangyu Shen*, Siyuan Cheng*, Guanhong Tao, Kaiyuan Zhang, Yingqi Liu, Shengwei An, Shiqing Ma, Xiangyu Zhang
Proceedings of the Thirty-seventh Conference on Neural Information Processing Systems (NeurIPS 2023)
[paper] [code] - Your Exploit is Mine: Instantly Synthesizing Counterattack Smart Contract
Zhuo Zhang, Zhiqiang Lin, Marcelo Morales, Xiangyu Zhang, Kaiyuan Zhang
Proceedings of the 32nd USENIX Security Symposium (USENIX Security 2023)
[paper] - ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes
Shengwei An, Yuan Yao, Qiuling Xu, Shiqing Ma, Guanhong Tao, Siyuan Cheng, Kaiyuan Zhang, Yingqi Liu, Guangyu Shen, Ian Kelk, Xiangyu Zhang
Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P 2023)
[paper] [code] - Detecting Backdoors in Pre-trained Encoders
Shiwei Feng, Guanhong Tao, Siyuan Cheng, Guangyu Shen, Xiangzhe Xu, Yingqi Liu, Kaiyuan Zhang, Shiqing Ma, Xiangyu Zhang
Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition 2023 (CVPR 2023)
[paper] [code] - FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning
Kaiyuan Zhang, Guanhong Tao, Qiuling Xu, Siyuan Cheng, Shengwei An, Yingqi Liu, Shiwei Feng, Guangyu Shen, Pin-Yu Chen, Shiqing Ma, Xiangyu Zhang
Proceedings of the Eleventh International Conference on Learning Representations (ICLR 2023)
ECCV 2022 Workshop on Adversarial Robustness in the Real World (AROW 2022), Best Paper Award 🏆
[paper] [code] [slides] [media coverage] - BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense
Siyuan Cheng, Guanhong Tao, Yingqi Liu, Shengwei An, Xiangzhe Xu, Shiwei Feng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Shiqing Ma, Xiangyu Zhang
Proceedings of the 30th Network and Distributed System Security Symposium (NDSS 2023)
[paper] [code]
Selected Awards
- Best Paper Award at ECCV 2022 AROW Workshop, October 2022
- Summer Research Grant, Purdue University, April 2022
- National Scholarship (top 0.2% in China), November 2016
Teaching
Guest Lecture
- “Backdoor Attacks and Defenses in Machine Learning”. Guest lecture at University of Massachusetts, Amherst, COMPSCI 360: Introduction to Computer and Network Security, Graduate Level, invited by Prof. Shiqing Ma, Fall 2023.
- “Backdoor Attacks and Defenses in Machine Learning”. Guest lecture at Purdue University, CS 52900: Security Analytics, Graduate Level, invited by Prof. Berkay Celik, Fall 2022.
Teaching Assistant
- CS 37300: Data Mining and Machine Learning, Undergraduate Level, Prof. Bruno Ribeiro and Prof. Dan Goldwasser, Purdue University, Fall 2022.
- CS 37300: Data Mining and Machine Learning, Undergraduate Level, Prof. Steve Hanneke, Purdue University, Spring 2022.
- CS 47300: Web Information Search And Management, Undergraduate Level, Prof. Hisham R. Benotman, Purdue University, Fall 2021.
- CS 18200: Foundations of Computer Science, Undergraduate Level, Prof. Andres Bejarano, Purdue University, Summer 2021.
- CS 37300: Data Mining and Machine Learning, Undergraduate Level, Prof. Jean Honorio, Purdue University, Spring 2021.
- CS 47300: Web Information Search And Management, Undergraduate Level, Prof. Christopher W. Clifton, Purdue University, Fall 2020.
- Visual Analytics, Undergraduate Level, Prof. Wei Chen, Zhejiang University, Summer 2018.
Professional Services
- Organizers
• The 1st Workshop on Backdoor Attacks and Defenses in Machine Learning (BANDS) at ICLR, 2023
• Machine Learning & Security Seminar at Purdue University, 2021, 2022, 2023 - Journal Reviewers
• IEEE Transactions on Information Forensics and Security (TIFS)
• IEEE Transactions on Dependable and Secure Computing (TDSC)
• ACM Transactions on Privacy and Security (TOPS) - Conference/Workshop Reviewers
• International Conference on Machine Learning (ICML), 2023, 2024
• Neural Information Processing Systems (NeurIPS), 2023, 2024
• International Conference on Learning Representations (ICLR), 2024, 2025
• IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2024, 2025
• IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2023
• ICLR Workshop on Privacy Regulation and Protection in Machine Learning, 2024
• ICML Workshop on Federated Learning and Analytics in Practice, 2023
• ICML Workshop on Adversarial Machine Learning Frontiers, 2022 - External Reviewers
• ACM Conference on Computer and Communications Security (CCS)
• USENIX Security Symposium (USENIX Security)
• IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)
• ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)
• IEEE/ACM International Conference on Automated Software Engineering (ASE)
• International Conference on Computer-Aided Verification (CAV) - Student Volunteers
• ICML 2021, ICLR 2021, ECOOP/ISSTA 2021, CCS 2020, SIGMOD 2020
Personal
- Kaiyuan Zhang’s name is pronounced as
- Basketball is my favorite, I’ve been playing it weekly for more than ten years.
- I love tennis, especially the moments of hitting the ball with the right amount of spin and force.
- I also enjoy kayaking, quietly exploring a creek, enjoy views that can’t be seen from shore.
- I consider myself lucky to be guided by helpful advice and instructions. Here are some notes I collect from time to time.