Mi Zhang's Home Page

Mi Zhang

Professor
Head of Whitzard AI Team
System Software and Security Lab
School of Computer Science and Technology
Fudan University
Shanghai, China
Email: mi_zhang at fudan.edu.cn
Google Scholar| DBLP| Research Gate

Bio Awards Publications Patents Students Service 中文页面

Bio

Research Interests: Intelligent System Security, Machine Learning/Deep Learning Security, AI for Security
My works have been published on top-tier security and AI conferences/journals, including S&P, USENIX Security, CCS, and TDSC for security, and TPAMI, ICML, NeurIPS, ICDE, KDD, SIGIR, CVPR and AAAI for AI.
I have hosted a number of projects funded by National Key Research and Development Program, National Natural Science Foundation of China, National Natural Science Foundation of Shanghai and industry leaders (including Alibaba, Huawei, Baidu, Qianxin).
I have participated in the development of multiple national and industry standards, including the "Basic Security Requirements for Generative Artificial Intelligence Service" and the "White Paper on Standardization of Artificial Intelligence Security" by the National Information Security Standardization Technical Committee (TC260).

Selected Awards and Honors

Distinguished Paper Award Nomination, ACM CCS (2020)
Youth Outstanding Paper Nomination, World Artificial Intelligence Conference (WAIC, 2022)
The 1st Prize, "Huawei Cup" 2nd China Graduate Cybersecurity Innovation Competition - Large Language Model Privacy Track (2023, Mentor)
The 1st Prize, 6th China Open Source Software Innovation Competition - ModelScope Challenge (2023, Mentor)
The 1st Place, DEFCON Autodriving CTF (2022&2021, Mentor)
The Most Valuable Vulnerability Award, China National Vulnerability Database (CNVD), 2021
CCF Science and Technology Award (2nd Prize in Natural Science), 2020
Huawei Excellent Technical Achievement Award, 2020
Shanghai Youth May Fourth Medal (Collective), 2020
Best Paper Award, IEEE/ACM WI/IAT, 2008.

Publications

2024

Neural Dehydration: Effective Erasure of Black-box Watermarks from DNNs with Limited Data

Yifan Lu, Wenxuan Li, Mi Zhang✉, Xudong Pan, Min Yang. The 31th ACM Conference on Computer and Communications Security (CCS, accepted), 2024.

Towards Detection-Recovery Strategy for Robust Decentralized Matrix Factorization

Yuanmin Huang, Mi Zhang✉, Daizong Ding, Erling Jiang, Qifan Xiao, Xiaoyu You, Yuan Tian, Min Yang. The 29th European Symposium on Research in Computer Security (ESORICS, accepted), 2024.

Matryoshka: Exploiting the Over-Parametrization of Deep Learning Models for Covert Data Transmission

Xudong Pan, Mi Zhang✉, Yifan Yan, Shengyao Zhang, Min Yang. IEEE Transaction on Pattern Analysis and Machine Intelligence (TPAMI), Early Access, 2024.

Towards Practical Backdoor Attacks on Federated Learning Systems

Chenghui Shi, Shouling Ji, Xudong Pan, Xuhong Zhang, Mi Zhang✉, Min Yang, Jun Zhou, Jianwei Yin, Ting Wang. IEEE Transactions on Dependable and Secure Computing (TDSC), Early Access, 2024.

BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity Lifting

Huming Qiu, Junjie Sun, Mi Zhang✉, Xudong Pan, Min Yang. 2024 IEEE Symposium on Security and Privacy (S&P), P261-261, 2024.

Navigate Beyond Shortcuts: Debiased Learning through the Lens of Neural Collapse

Yining Wang, Junjie Sun, Chenyue Wang, Mi Zhang✉, Min Yang. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition 2024 (CVPR), P12322-12331, 2024.

CausalPC: Improving the Robustness of Point Cloud Classification by Causal Effect Identification

Yuanmin Huang, Mi Zhang✉, Daizong Ding, Erling Jiang, Zhaoxiang Wang, Min Yang. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition 2024 (CVPR), P19779-19789, 2024.

GNNFingers: A Fingerprinting Framework for Verifying Ownerships of Graph Neural Networks

Xiaoyu You, Youhe Jiang, Jianwei Xu, Mi Zhang✉, Min Yang. The 2024 ACM Web Conference (WWW), P652-663, 2024.

RRL: Recommendation Reverse Learning

Xiaoyu You, Jianwei Xu, Mi Zhang✉, Zechen Gao, Min Yang. The 38th AAAI Conference on Artificial Intelligence (AAAI), P9296-9304, 2024.

2023

SlowBERT: Slow-down Attacks on Input-adaptive Multi-exit BERT

Shengyao Zhang, Xudong Pan, Mi Zhang✉, Min Yang. Findings of the Association for Computational Linguistics (ACL), P9992–10007, 2023.

Cracking White-box DNN Watermarks via Invariant Neuron Transforms

Xudong Pan, Mi Zhang✉, Yifan Yan, Yining Wang, Min Yang. The 29th SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), P1783–1794 2023.

Exorcising “Wraith”: Protecting LiDAR-based Object Detector in Automated Driving System from Appearing Attacks

Qifan Xiao*, Xudong Pan*, Yifan Lu, Mi Zhang✉, Min Yang. The 32nd USENIX Security Symposium (USENIX Security), P2939-2956, 2023.

Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation

Yifan Yan*, Xudong Pan*, Mi Zhang✉, Min Yang. The 32nd USENIX Security Symposium (USENIX Security), P2347-2364, 2023.

RØROS: Building a Responsive Online Recommender System via Meta-Gradients Updating

Xudong Pan, Mi Zhang✉, Duocai Wu. 2023 IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP) 2023.

MaSS: Model-agnostic, Semantic and Stealthy Data Poisoning Attack on Knowledge Graph Embedding

Xiaoyu You, Beina Sheng, Daizong Ding, Mi Zhang✉, Xudong Pan, Min Yang, Fuli Feng. The Web Conference (WWW), P2000-2010, 2023.

Anti-FakeU: Defending Shilling Attacks on Graph Neural Network based Recommender Model

Xiaoyu You, Chi Lee, Daizong Ding, Mi Zhang✉, Fuli Feng, Xudong Pan, Min Yang. The Web Conference (WWW), P938-948, 2023.

AutoGCF: Personalized Aggregation on Neural Graph Collaborative Filtering

Xiaoyu You, Chi Li, Jianwei Xu, Mi Zhang✉. 2023 IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP), 2023.

CAP: Robust Point Cloud Classification via Semantic and Structural Modeling

Daizong Ding, Erling Jiang, Yuanmin Huang, Mi Zhang✉, Wenxuan Li, Min Yang. The IEEE/CVF Conference on Computer Vision and Pattern Recognition 2023 (CVPR), P12260-12270, 2023.

Black-box Adversarial Attack on Time Series Classification

Daizong Ding, Mi Zhang✉, Yuanmin Huang, Erling Jiang, Min Yang. The 37th AAAI Conference on Artificial Intelligence (AAAI), P7358-7368, 2023.

2022

House of Cans: Covert Transmission of Internal Datasets via Capacity-Aware Neuron Steganography

Xudong Pan, Shengyao Zhang, Mi Zhang✉, Yifan Yan, Min Yang. The 36th Annual Conference on Neural Information Processing Systems (NeurIPS) , 2022.

Slowing Down the Aging of Learning-based Malware Detectors with API Knowledge

Xiaohan Zhang, Mi Zhang✉, Yuan Zhang, Ming Zhong, Xin Zhang, Yinzhi Cao, Min Yang. IEEE Transactions on Dependable and Secure Computing (TDSC) , Early Access, 2022.

MetaV: A Meta-Verifier Approach to Task-Agnostic Model Fingerprinting

Xudong Pan, Yifan Yan, Mi Zhang✉, Min Yang. The 28th SIGKDD Conference on Knowledge Discovery and Data Mining (KDD) , P1327-1336, 2022.

Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation

Xudong Pan, Mi Zhang✉, Beina Sheng, Jiaming Zhu, Min Yang. The 31st USENIX Security Symposium (USENIX Security) , P3611-3628, 2022.

Towards Backdoor Attack on Deep Learning based Time Series Classification

Daizong Ding, Mi Zhang✉, Yuanmin Huang, Xudong Pan, Fuli Feng, Erling Jiang, Min Yang. The 38th IEEE International Conference on Data Engineering (ICDE), P1274-1287, 2022.

Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis

Xudong Pan, Mi Zhang✉, Yifan Yan, Jiaming Zhu, Min Yang. The 31st USENIX Security Symposium (USENIX Security), , P3989-4006, 2022.

2021

Understanding the Threats of Trojaned Quantized Neural Network in Model Supply Chains

Xudong Pan, Mi Zhang✉, Yifan Yan, Min Yang. The 38th Annual Computer Security Applications Conference (ACSAC), , P634–645, 2021.

Enhancing Time Series Predictors with Generalized Extreme Value Loss

Mi Zhang✉, Daizong Ding, Xudong Pan, Min Yang. IEEE Transactions on Knowledge and Data Engineering (TKDE), , Early Access, 2021.

A Deep Learning Framework for Self-evolving Hierarchical Community Detection

Daizong Ding, Mi Zhang✉, Hanrui Wang, Xudong Pan, Min Yang, Xiangnan He. The 30th ACM International Conference on Information and Knowledge Management (CIKM), , P372–381, 2021.

Learning to Learn the Future: Modeling Concept Drift in Time Series Prediction

Xiaoyu You, Mi Zhang✉, Daizong Ding, Fuli Feng, Yuanmin Huang. The 30th ACM International Conference on Information and Knowledge Management (CIKM), , P2434–2443, 2021.

TAFA: A Task-Agnostic Fingerprinting Algorithm for Neural Networks

Xudong Pan, Mi Zhang✉, Yifan Lu, Min Yang. The 26th European Symposium on Research in Computer Security (ESORICS), , P542-562, 2021.

2020

A Geometrical Perspective on Image Style Transfer with Adversarial Learning

Xudong Pan, Mi Zhang✉, Daizong Ding, Min Yang. IEEE Transaction on Pattern Analysis and Machine Intelligence (TPAMI), , 44(1), 2020.

Modeling Personalized Out-of-Town Distances in Location Recommendation

Daizong Ding, Mi Zhang✉, Xudong Pan, Xiangnan He, Min Yang. The 20th IEEE International Conference on Data Mining (ICDM), P112-121, 2020.

Improving the Robustness of Wasserstein Embedding by Adversarial PAC-Bayesian Learning

Daizong Ding, Mi Zhang✉, Xudong Pan, Xiangnan He, Min Yang. The 34th AAAI Conference on Artificial Intelligence (AAAI), , P3791-3800, 2020.

Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware

Xiaohan Zhang, Yuan Zhang, Ming Zhong, Daizong Ding, Yinzhi Cao, Yukun Zhang, Mi Zhang✉, Min Yang. ACM Conference on Computer and Communications Security (CCS) , P757-770, 2020. Distinguished Paper Nomination

Justinian's GAAvernor: Robust Distributed Learning with Gradient Aggregation Agent

Xiaohan Zhang, Yuan Zhang, Ming Zhong, Daizong Ding, Yinzhi Cao, Yukun Zhang, Mi Zhang✉, Min Yang. The 29th USENIX Security Symposium (USENIX Security) , P1641-1658, 2020.

Privacy Risks of General-Purpose Language Models

Xudong Pan, Mi Zhang✉, Shouling Ji, Min Yang. 2020 IEEE Symposium on Security and Privacy (S&P) , P1471-1488, 2020. WAIC Youth Distinguished Paper Nomination

2019

Modeling Extreme Events in Time Series Prediction

Daizong Ding, Mi Zhang✉, Xudong Pan, Xiangnan He, Min Yan The 25th SIGKDD Conference on Knowledge Discovery and Data Mining (KDD) , P1114-1122, 2019.

2018

Theoretical Analysis of Image-to-Image Translation with Adversarial Learning

Xudong Pan, Mi Zhang✉, Daizong Ding The 35th International Conference on Machine Learning (ICML) , P4006-4015, 2018.

Geographical Feature Extraction for Entities in Location-based Social Networks

Xudong Pan, Mi Zhang✉, Daizong Ding The 2018 World Wide Web Conference (WWW) , P833-842, 2018.

2017 and Before

BayDNN: Friend Recommendation with Bayesian Personalized Ranking Deep Neural Network

Daizong Ding, Mi Zhang✉, Shao-Yuan Li, Jie Tang, Xiaotie Chen, Zhi-Hua Zhou The 2017 ACM Conference on Information and Knowledge Management (CIKM), P1479-1488, 2017.

Cold Start in Recommender Systems: A Semi-Supervised Co-Training Algorithm

Mi Zhang✉, Jie Tang, Xuchen Zhang, Xiangyang Xue The 37th Annual ACM SIGIR Conference (SIGIR), 2014.

A Double-Ranking Strategy for Long-Tail Product Recommendation

Mi Zhang, Neil Hurley, Wei Li, Xiangyang Xue The 2012 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), 2012.

Novelty and Diversity in Top-N Recommendation-Analysis and Evaluation

Neil Hurley and Mi Zhang✉ ACM transaction of internet technology (TOIT), 10(4), 14, 2011.

Niche Product Retrieval in Top-N Recommendation

Mi Zhang and Neil Hurley the 2010 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), P74-81, 2010. Best Paper Award

Statistical Attack Detection

Neil Hurley, Zunping Cheng, Mi Zhang 2009 ACM International Conference on Recommender Systems (ACM Recsys), P149-156, 2009.

Evaluating the Diversity of Top-N Recommendations

Mi Zhang and Neil Hurley 21th IEEE International Conference on Tools with Artificial Intelligence (ICTAI), P457–460, 2009.

Enhancing Diversity in Top-N Recommendation

Mi Zhang and Neil Hurley The 2009 ACM International Conference on Recommender Systems (ACM Recsys), P397-400, 2009.

Top-N Novel Recommendation by User Profile Partitioning

Mi Zhang and Neil Hurley The 2009 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), P508-515, 2009.

Statistical Modeling of Diversity in Top-N Recommender Systems

Mi Zhang and Neil Hurley The 2009 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), P490-497, 2009.

Spam User Detection: Problem Definition and Strategy Analysis

Mi Zhang and Neil Hurley The 19th Irish Conference on Artificial Intelligence and Cognitive Science (AICS), 2008.

Avoiding Monotony: Improving the Diversity of Recommendation Lists

Mi Zhang and Neil Hurley 2008 ACM International Conference on Recommender Systems (ACM Recsys), P123-130, 2008.

Analysis of Methods for Novel Case Selection

Neil Hurley and Mi Zhang 20th IEEE International Conference on Tools with Artificial Intelligence (ICTAI), P217-224, 2008.

Using A Depth Tree Framework to Evaluate Change Impacts of Modifications to IT Infrastructure

Min Yang, Mi Zhang, et al., International Joint Conference on e-Business and Telecommunications, In Conjunction with ACM SIGMIS, 2006.

A Security Model Design in Web Service Environment

Mi Zhang, et al., The 5th International Conference on Computer and Information Technology (CIT 2005), 2005.

A Web Service-based Framework for Supply Chain Management

Mi Zhang, et al., The 8th IEEE International Symposium on Object-Oriented Real Time Distributed Computing (ISORC 2005), 2005.

Patents

A Method to Improve the Prediction Performance of Time Series Forecasting System. Invention Patent, China, 2022.
A Method of Training Data Reconstruction based on Exclusive Neurons. Invention Patent, China, 2022.
A Neural Network Fingerprint Detection Method Decoupled with Downstream Tasks. Invention Patent, China, 2022.
A Method to Improve the Effectiveness of Social Network Hierarchical Community Detection and Division. Invention Patent, China, 2022.
A Neural Network Fingerprint Detection Method based on Adaptive Fingerprint and Meta-Learning. Invention Patent, China, 2022.
An Anti-aging Enhancement Method of Malware Detection Model based on API Relationship Graph. Invention Patent, China, 2021.
Deep Learning-based Malware Detection Method adapted to Smart Chip Hierarchical Architecture. Invention Patent, China, 2021.
A Method for Constructing Android API Semantic Graph based on Code Documents. Invention Patent, China, 2021.
Real-time Detection System for Malicious Behaviors based on Dynamic Behavior Sequence and Deep Learning. Invention Patent, China, 2021.
A Defense Agent for Enhancing the Robustness of Distributed Learning Systems. Invention Patent, China, 2020.

Students

PhD Students:
- Current: Qifan Xiao (2020-), Yifan Lu (2021-), Yuanmin Huang (2021-), Yining Wang (2022-), Wenxuan Li (2022-), Feifei Li (2023-), Huming Qiu (2023-), Jiagui Chen (2024-), Yiming Sun (2024-), Xi Li (2024-), Chen Chen (2024-)
- Graduated: Daizong Ding (2017-2023, Huawei), Xudong Pan (2018-2023, Fudan), Xiaoyu You (2017-2024, ECUST)
Master Students:
- Current: Junjie Sun (2022-), Yanghao Lv (2022-), Zechen Gao (2022-), Xinnuo Chen (2023-), Zhaoxiang Wang (2023-), Chenyue Wang (2023-), Zhenfei Zhang (2024-), Liangchen Pu (2024-), Yuquan Wang (2024-), Jiahao Gu (2024-), Runjie Wang (2024-), Zixuan Zhu (2024-), Yao Mao (2024-)
- Graduated: Xuchen Zhang (2013-2016, ByteDance), Ri Xu (Huawei), Xiaoyang Ma (Tencent), Li Wang (Ant Group), Chengchun Zhu (ByteDance), Ruozhi Huang (2017-2020, Tencent), Duocai Wu (2018-2021, Ant Group), Hanrui Wang (2018-2021, NetEase), Jiaming Zhu (2019-2021, Ant Group), Yifan Yan (2020-2022, Alibaba), Chi Li (2020-2022, Alibaba), Beina Sheng (2020-2023, ByteDance), Erling Jiang (2021-2023, Alibaba), Youhe Jiang (2021-2023, Alibaba), Jianwei Xu (2021-2023, Selected Cadre of Liaoning Province), Shengyao Zhang (2021-2024, Alibaba)

Service & Outreach

Workshop Co-chair, The 17th ACM Conference on Recommender Systems (RecSys'23), Singapore, 18th-22nd September 2023.
Youth Editorial Board Member, Frontiers of Computer Science.
Publicity Chair, UMAP, 2018.
Publicity Chair, ACM RecSys, 2013.
PC member/reviewer of TPAMI, TKDE, NeurIPS, ICML, ICLR, ICCV, CVPR, WWW, IJCAI, AAAI, AsiaCCS, etc.