Mi Zhang's Home Page

张谧

教授，博导
复旦大学
计算机科学技术学院
系统软件与安全实验室
白泽智能团队负责人
Email: mi_zhang at fudan.edu.cn
Google Scholar| DBLP| Research Gate

简介奖项荣誉论文发表专利团队成员社会服务 English Version

简介

研究领域为对话大模型/多模态大模型/智能体安全，智能系统安全（包括图像、文本、时间序列、推荐、社交网络、知识图谱、自动驾驶系统、分布式系统、移动智能终端等应用）
研发 JADE 大模型安全合规测试与治理平台，JADE-DB 数据集为行业提供 Benchmark 支持
深度参与信安标委《生成式人工智能服务安全基本要求》、《人工智能生成合成内容标识办法》等多项国家/行业标准起草/建议工作
主持包括科技部重点研发计划课题、国家自然科学基金面上项目、上海市自然科学基金面上项目、企业项目在内等课题，并作为主要成员完成阿里、华为、百度、奇安信等多项大型企业横向项目
团队每年持续在网络安全与AI领域顶会顶刊发表学术成果，包括S&P、USENIX Security、CCS、TDSC、TIFS、TPAMI、ICML、NeurIPS、AAAI、CVPR、ICDE等
硕博论文成果卓越，工作去向包括IT龙头企业、各大高校等

奖项荣誉

CCS最佳论文提名奖（每年仅4篇, 2020）
世界人工智能大会WAIC青年优秀论文提名奖 (2022)
“华为杯”第二届中国研究生网络安全创新大赛——大模型隐私安全赛道一等奖 (2023, 指导教师)
第六届中国软件开源创新大赛——ModelScope挑战赛一等奖 (2023, 指导教师)
DEFCON无人驾驶安全攻防赛冠军 (2022&2021, 指导教师)
CVND国家最具价值漏洞 (2021)
长三角科学道德和学风建设论坛征文特等奖 (2021)
复旦大学研究生教学成果奖特等奖 (2021)
CCF科学技术奖自然科学二等奖 (2020)
华为优秀技术成果奖 (2020)
上海市青年五四奖章集体 (2020)
复旦大学十佳“三好”研究生导学团队 (2019)
IEEE/ACM WI/IAT最佳论文奖 (2008)

论文发表

2025

Detect-and-Guide: Self-regulation of Diffusion Models for Safe Text-to-Image Generation via Guideline Token Optimization

Feifei Li, Mi Zhang✉, Yiming Sun, Min Yang. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition 2025 (CVPR, accepted), 2025. [PDF]

Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink

Yining Wang, Mi Zhang✉, Junjie Sun, Chenyue Wang, Min Yang, Hui Xue, Jialing Tao, Ranjie Duan, Jiexi Liu. The 32nd USENIX Security Symposium (USENIX Security, accepted), 2025. [PDF]

Revisiting Backdoor Attacks on Time Series Classification in the Frequency Domain

Yuanmin Huang, Mi Zhang✉, Zhaoxiang Wang, Wenxuan Li, Min Yang. The 2025 ACM Web Conference (WWW, accepted), 2025. [PDF]

2024

Neural Dehydration: Effective Erasure of Black-box Watermarks from DNNs with Limited Data

Yifan Lu, Wenxuan Li, Mi Zhang✉, Xudong Pan, Min Yang. The 31th ACM Conference on Computer and Communications Security (CCS, accepted), 2024. [PDF]

Towards Detection-Recovery Strategy for Robust Decentralized Matrix Factorization

Yuanmin Huang, Mi Zhang✉, Daizong Ding, Erling Jiang, Qifan Xiao, Xiaoyu You, Yuan Tian, Min Yang. The 29th European Symposium on Research in Computer Security (ESORICS, accepted), 2024. [PDF]

Matryoshka: Exploiting the Over-Parametrization of Deep Learning Models for Covert Data Transmission

Xudong Pan, Mi Zhang✉, Yifan Yan, Shengyao Zhang, Min Yang. IEEE Transaction on Pattern Analysis and Machine Intelligence (TPAMI), Early Access, 2024. [PDF]

Towards Practical Backdoor Attacks on Federated Learning Systems

Chenghui Shi, Shouling Ji, Xudong Pan, Xuhong Zhang, Mi Zhang, Min Yang, Jun Zhou, Jianwei Yin, Ting Wang. IEEE Transactions on Dependable and Secure Computing (TDSC), Early Access, 2024. [PDF]

BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity Lifting

Huming Qiu, Junjie Sun, Mi Zhang✉, Xudong Pan, Min Yang. 2024 IEEE Symposium on Security and Privacy (S&P), P261-261, 2024. [PDF]

Navigate Beyond Shortcuts: Debiased Learning through the Lens of Neural Collapse

Yining Wang, Junjie Sun, Chenyue Wang, Mi Zhang✉, Min Yang. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition 2024 (CVPR), P12322-12331, 2024. [PDF]

CausalPC: Improving the Robustness of Point Cloud Classification by Causal Effect Identification

Yuanmin Huang, Mi Zhang✉, Daizong Ding, Erling Jiang, Zhaoxiang Wang, Min Yang. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition 2024 (CVPR), P19779-19789, 2024. [PDF]

GNNFingers: A Fingerprinting Framework for Verifying Ownerships of Graph Neural Networks

Xiaoyu You, Youhe Jiang, Jianwei Xu, Mi Zhang✉, Min Yang. The 2024 ACM Web Conference (WWW), P652-663, 2024. [PDF]

RRL: Recommendation Reverse Learning

Xiaoyu You, Jianwei Xu, Mi Zhang✉, Zechen Gao, Min Yang. The 38th AAAI Conference on Artificial Intelligence (AAAI), P9296-9304, 2024. [PDF]

2023

SlowBERT: Slow-down Attacks on Input-adaptive Multi-exit BERT

Shengyao Zhang, Xudong Pan, Mi Zhang✉, Min Yang. Findings of the Association for Computational Linguistics (ACL), P9992–10007, 2023. [PDF]

Cracking White-box DNN Watermarks via Invariant Neuron Transforms

Xudong Pan, Mi Zhang✉, Yifan Yan, Yining Wang, Min Yang. The 29th SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), P1783–1794 2023. [PDF]

Exorcising “Wraith”: Protecting LiDAR-based Object Detector in Automated Driving System from Appearing Attacks

Qifan Xiao*, Xudong Pan*, Yifan Lu, Mi Zhang✉, Min Yang. The 32nd USENIX Security Symposium (USENIX Security), P2939-2956, 2023. [PDF]

Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation

Yifan Yan*, Xudong Pan*, Mi Zhang✉, Min Yang. The 32nd USENIX Security Symposium (USENIX Security), P2347-2364, 2023. [PDF]

MaSS: Model-agnostic, Semantic and Stealthy Data Poisoning Attack on Knowledge Graph Embedding

Xiaoyu You, Beina Sheng, Daizong Ding, Mi Zhang✉, Xudong Pan, Min Yang, Fuli Feng. The Web Conference (WWW), P2000-2010, 2023. [PDF]

Anti-FakeU: Defending Shilling Attacks on Graph Neural Network based Recommender Model

Xiaoyu You, Chi Lee, Daizong Ding, Mi Zhang✉, Fuli Feng, Xudong Pan, Min Yang. The Web Conference (WWW), P938-948, 2023. [PDF]

RØROS: Building a Responsive Online Recommender System via Meta-Gradients Updating

Xudong Pan, Mi Zhang✉, Duocai Wu. 2023 IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP) 2023. [PDF]

AutoGCF: Personalized Aggregation on Neural Graph Collaborative Filtering

Xiaoyu You, Chi Li, Jianwei Xu, Mi Zhang✉. 2023 IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP), 2023. [PDF]

CAP: Robust Point Cloud Classification via Semantic and Structural Modeling

Daizong Ding, Erling Jiang, Yuanmin Huang, Mi Zhang✉, Wenxuan Li, Min Yang. The IEEE/CVF Conference on Computer Vision and Pattern Recognition 2023 (CVPR), P12260-12270, 2023. [PDF]

Black-box Adversarial Attack on Time Series Classification

Daizong Ding, Mi Zhang✉, Yuanmin Huang, Erling Jiang, Min Yang. The 37th AAAI Conference on Artificial Intelligence (AAAI), P7358-7368, 2023. [PDF]

2022

House of Cans: Covert Transmission of Internal Datasets via Capacity-Aware Neuron Steganography

Xudong Pan, Shengyao Zhang, Mi Zhang✉, Yifan Yan, Min Yang. The 36th Annual Conference on Neural Information Processing Systems (NeurIPS) , 2022. [PDF]

Slowing Down the Aging of Learning-based Malware Detectors with API Knowledge

Xiaohan Zhang, Mi Zhang✉, Yuan Zhang, Ming Zhong, Xin Zhang, Yinzhi Cao, Min Yang. IEEE Transactions on Dependable and Secure Computing (TDSC) , Early Access, 2022. [PDF]

MetaV: A Meta-Verifier Approach to Task-Agnostic Model Fingerprinting

Xudong Pan, Yifan Yan, Mi Zhang✉, Min Yang. The 28th SIGKDD Conference on Knowledge Discovery and Data Mining (KDD) , P1327-1336, 2022. [PDF]

Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation

Xudong Pan, Mi Zhang✉, Beina Sheng, Jiaming Zhu, Min Yang. The 31st USENIX Security Symposium (USENIX Security) , P3611-3628, 2022. [PDF]

Towards Backdoor Attack on Deep Learning based Time Series Classification

Daizong Ding, Mi Zhang✉, Yuanmin Huang, Xudong Pan, Fuli Feng, Erling Jiang, Min Yang. The 38th IEEE International Conference on Data Engineering (ICDE), P1274-1287, 2022. [PDF]

Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis

Xudong Pan, Mi Zhang✉, Yifan Yan, Jiaming Zhu, Min Yang. The 31st USENIX Security Symposium (USENIX Security), , P3989-4006, 2022. [PDF]

2021

Understanding the Threats of Trojaned Quantized Neural Network in Model Supply Chains

Xudong Pan, Mi Zhang✉, Yifan Yan, Min Yang. The 38th Annual Computer Security Applications Conference (ACSAC), , P634–645, 2021. [PDF]

Enhancing Time Series Predictors with Generalized Extreme Value Loss

Mi Zhang✉, Daizong Ding, Xudong Pan, Min Yang. IEEE Transactions on Knowledge and Data Engineering (TKDE), 35(1), P1473-1487, 2021. [PDF]

A Deep Learning Framework for Self-evolving Hierarchical Community Detection

Daizong Ding, Mi Zhang✉, Hanrui Wang, Xudong Pan, Min Yang, Xiangnan He. The 30th ACM International Conference on Information and Knowledge Management (CIKM), , P372–381, 2021. [PDF]

Learning to Learn the Future: Modeling Concept Drift in Time Series Prediction

Xiaoyu You, Mi Zhang✉, Daizong Ding, Fuli Feng, Yuanmin Huang. The 30th ACM International Conference on Information and Knowledge Management (CIKM), , P2434–2443, 2021. [PDF]

TAFA: A Task-Agnostic Fingerprinting Algorithm for Neural Networks

Xudong Pan, Mi Zhang✉, Yifan Lu, Min Yang. The 26th European Symposium on Research in Computer Security (ESORICS), P542-562, 2021. [PDF]

2020

A Geometrical Perspective on Image Style Transfer with Adversarial Learning

Xudong Pan, Mi Zhang✉, Daizong Ding, Min Yang. IEEE Transaction on Pattern Analysis and Machine Intelligence (TPAMI), 44(1), P63-75, 2020. [PDF]

Modeling Personalized Out-of-Town Distances in Location Recommendation

Daizong Ding, Mi Zhang✉, Xudong Pan, Xiangnan He, Min Yang. The 20th IEEE International Conference on Data Mining (ICDM), P112-121, 2020. [PDF]

Improving the Robustness of Wasserstein Embedding by Adversarial PAC-Bayesian Learning

Daizong Ding, Mi Zhang✉, Xudong Pan, Xiangnan He, Min Yang. The 34th AAAI Conference on Artificial Intelligence (AAAI), , P3791-3800, 2020. [PDF]

Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware

Xiaohan Zhang, Yuan Zhang, Ming Zhong, Daizong Ding, Yinzhi Cao, Yukun Zhang, Mi Zhang✉, Min Yang. ACM Conference on Computer and Communications Security (CCS) , P757-770, 2020. 最佳论文提名奖 [PDF]

Justinian's GAAvernor: Robust Distributed Learning with Gradient Aggregation Agent

Xudong Pan, Mi Zhang✉, Duocai Wu, Qifan Xiao, Shouling Ji, Min Yang. The 29th USENIX Security Symposium (USENIX Security) , P1641-1658, 2020. [PDF]

Privacy Risks of General-Purpose Language Models

Xudong Pan, Mi Zhang✉, Shouling Ji, Min Yang. 2020 IEEE Symposium on Security and Privacy (S&P) , P1471-1488, 2020. 世界人工智能大会WAIC青年优秀论文提名奖 [PDF]

2019

Modeling Extreme Events in Time Series Prediction

Daizong Ding, Mi Zhang✉, Xudong Pan, Xiangnan He, Min Yan The 25th SIGKDD Conference on Knowledge Discovery and Data Mining (KDD) , P1114-1122, 2019. [PDF]

2018

Theoretical Analysis of Image-to-Image Translation with Adversarial Learning

Xudong Pan, Mi Zhang✉, Daizong Ding The 35th International Conference on Machine Learning (ICML) , P4006-4015, 2018. [PDF]

Geographical Feature Extraction for Entities in Location-based Social Networks

Daizong Ding, Mi Zhang✉, Xudong Pan, Duocai Wu, Pearl Pu The 2018 World Wide Web Conference (WWW) , P833-842, 2018. [PDF]

2017 and Before

BayDNN: Friend Recommendation with Bayesian Personalized Ranking Deep Neural Network

Daizong Ding, Mi Zhang✉, Shao-Yuan Li, Jie Tang, Xiaotie Chen, Zhi-Hua Zhou The 2017 ACM Conference on Information and Knowledge Management (CIKM), P1479-1488, 2017. [PDF]

Cold Start in Recommender Systems: A Semi-Supervised Co-Training Algorithm

Mi Zhang✉, Jie Tang, Xuchen Zhang, Xiangyang Xue The 37th Annual ACM SIGIR Conference (SIGIR), 2014.

A Double-Ranking Strategy for Long-Tail Product Recommendation

Mi Zhang, Neil Hurley, Wei Li, Xiangyang Xue The 2012 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), 2012.

Novelty and Diversity in Top-N Recommendation-Analysis and Evaluation

Neil Hurley and Mi Zhang✉ ACM transaction of internet technology (TOIT), 10(4), 14, 2011.

Niche Product Retrieval in Top-N Recommendation

Mi Zhang and Neil Hurley the 2010 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), P74-81, 2010. 最佳论文奖

Statistical Attack Detection

Neil Hurley, Zunping Cheng, Mi Zhang 2009 ACM International Conference on Recommender Systems (ACM Recsys), P149-156, 2009.

Evaluating the Diversity of Top-N Recommendations

Mi Zhang and Neil Hurley 21th IEEE International Conference on Tools with Artificial Intelligence (ICTAI), P457–460, 2009.

Enhancing Diversity in Top-N Recommendation

Mi Zhang and Neil Hurley The 2009 ACM International Conference on Recommender Systems (ACM Recsys), P397-400, 2009.

Top-N Novel Recommendation by User Profile Partitioning

Mi Zhang and Neil Hurley The 2009 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), P508-515, 2009.

Statistical Modeling of Diversity in Top-N Recommender Systems

Mi Zhang and Neil Hurley The 2009 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), P490-497, 2009.

Spam User Detection: Problem Definition and Strategy Analysis

Mi Zhang and Neil Hurley The 19th Irish Conference on Artificial Intelligence and Cognitive Science (AICS), 2008.

Avoiding Monotony: Improving the Diversity of Recommendation Lists

Mi Zhang and Neil Hurley 2008 ACM International Conference on Recommender Systems (ACM Recsys), P123-130, 2008.

Analysis of Methods for Novel Case Selection

Neil Hurley and Mi Zhang 20th IEEE International Conference on Tools with Artificial Intelligence (ICTAI), P217-224, 2008.

Using A Depth Tree Framework to Evaluate Change Impacts of Modifications to IT Infrastructure

Min Yang, Mi Zhang, et al., International Joint Conference on e-Business and Telecommunications, In Conjunction with ACM SIGMIS, 2006.

A Security Model Design in Web Service Environment

Mi Zhang, et al., The 5th International Conference on Computer and Information Technology (CIT 2005), 2005.

A Web Service-based Framework for Supply Chain Management

Mi Zhang, et al., The 8th IEEE International Symposium on Object-Oriented Real Time Distributed Computing (ISORC 2005), 2005.

专利

一种提升时间序列预测系统预测时间序列效果的方法，国家发明专利, 2022.
一种基于独占神经元的训练数据逆向重建方法，国家发明专利, 2022.
一种下游任务解耦的神经网络指纹检测方法，国家发明专利, 2022.
一种提升社交网络层次化社区检测划分效果的方法，国家发明专利, 2022.
一种基于自适应指纹的元学习神经网络指纹检测方法，国家发明专利, 2022.
一种基于API关系图谱的恶意软件检测模型抗老化增强方法，国家发明专利, 2021.
适配智能芯片分级架构的基于深度学习的恶意软件检测方法，国家发明专利, 2021.
一种基于代码文档的安卓API语义关系图谱构建方法，国家发明专利, 2021.
基于动态行为序列和深度学习的恶意行为实时检测系统，国家发明专利, 2021.
一种提升分布式学习系统拜占庭鲁棒性的防御代理方法，国家发明专利, 2020.

学生

博士:
- 在读: 肖起凡 (2020-), 陆逸凡 (2021-), 黄元敏 (2021-), 汪亦凝 (2022-), 李文轩 (2022-), 李菲菲 (2023-), 邱虎鸣 (2023-), 陈家桂 (2024-), 孙翊铭 (2024-), 李熙 (2024-), 陈晨 (2024-)
- 毕业: 丁岱宗 (2017-2023, 华为), 潘旭东 (2018-2023, 复旦), 游小钰 (2017-2024, 华东理工)
硕士:
- 在读: 孙俊杰 (2022-), 吕洋昊 (2022-), 高泽晨 (2022-), 陈心诺 (2023-), 汪兆祥 (2023-), 王晨悦 (2023-), 张振飞 (2024-), 浦良辰 (2024-), 王宇全 (2024-), 顾佳豪 (2024-), 王润杰 (2024-), 朱子轩 (2024-), 毛垚 (2024-)
- 毕业: 张栩晨 (2013-2016, 字节跳动), 徐日 (华为), 马骁炀 (腾讯), 王立 (蚂蚁), 朱成纯 (字节跳动), 黄若孜 (2017-2020, 腾讯), 武多才 (2018-2021, 蚂蚁), 王寒蕊 (2018-2021, 网易), 朱家明 (2019-2021, 蚂蚁), 颜一帆 (2020-2022, 阿里), 李驰 (2020-2022, 阿里), 盛钡娜 (2020-2023, 字节跳动), 姜尔玲 (2021-2023, 阿里), 姜又荷 (2021-2023, 阿里), 徐建伟 (2021-2023, 辽宁选调), 张圣尧 (2021-2024, 阿里)

社会服务

Workshop Co-chair, The 17th ACM Conference on Recommender Systems (RecSys'23), Singapore, 18th-22nd September 2023.
Youth Editorial Board Member, Frontiers of Computer Science.
Publicity Chair, UMAP, 2018.
Publicity Chair, ACM RecSys, 2013.
PC member/reviewer of TPAMI, TKDE, NeurIPS, ICML, ICLR, ICCV, CVPR, WWW, IJCAI, AAAI, AsiaCCS, etc.