Mi Zhang Professor Head of Whitzard AI Team System Software and Security Lab School of Computer Science and Technology Fudan University Shanghai, China Email: mi_zhang at fudan.edu.cn Google Scholar| DBLP| Research Gate

Bio

• Research Interests: Large Language Models/Multimodal Large Language Models Security, Agent Security, Intelligent System Security, Machine Learning/Deep Learning Security, AI for Security.
• Developed the JADE large model security evaluation and governance platform, open-sourced evaluation benchmark datasets and governance methods, providing extensive support for the industry.
• Participated in the development of multiple national and industry standards, including the "Basic Security Requirements for Generative Artificial Intelligence Service" and the "Labeling Method for Content Generated by Artificial Intelligence" by the National Information Security Standardization Technical Committee (TC260).
• Hosted a number of projects funded by National Key Research and Development Program, National Natural Science Foundation of China, National Natural Science Foundation of Shanghai and industry leaders (including Alibaba, Huawei, Baidu, Qianxin).
• Consistently publishing research in top-tier security and AI conferences/journals, including S&P, USENIX Security, CCS, TDSC, TIFS, TPAMI, ICML, NeurIPS, AAAI, CVPR, and ICDE.
• Outstanding PhD and master's publication achievements, with graduates advancing to leading IT enterprises and top universities.

Talks

• [2025/09/12] I was interviewed by Nandu Big Data Research Institute, where I discussed the governance of AI-generated misinformation and shared how Fudan Whitzard AI team provides effective solutions [Link]
• [2025/09/12] I was invited to the Inclusion Bund Summit 2025 and its forum "Regulating AI Content and Building a Clear and Bright Ecosystem" forum, where I delivered a report titled "Large Model Safety Governance - JADE Assists in Responsible AI." [Link]
• [2025/08/07] I was invited by the National Academy of Education Administration to record a course for the Cybersecurity Workshop, with the topic "The Past and Present of Large Model Security: From ChatGPT to Grok4."
• [2025/07/27] I was invited to attend the World Artificial Intelligence Conference (WAIC) 2025 forum "Innovative Development of Artificial Intelligence: Ethical Leadership, Governance Empowerment," where I shared a report titled "Large Model Security Risks and Governance: Fudan Whitzard AI team Assists Responsible AI."
• [2025/07/18] I was invited to a live forum at the Huawei Application Security Technology Laboratory, where I gave a lecture on the past and present of large model security, introduced the JADE series of research, and answered various security questions on-site.
• [2025/06/18] I was invited to a Huawei-Fudan workshop, where I gave a presentation on the security risks of multimodal large models.
• [2025/06/12] I was invited to a joint forum by the Shanghai Computer Society and Huawei, where I gave a presentation on the security governance of general large models.
• [2025/04/10] I was interviewed by Nandu Big Data Research Institute, where I shared insights on the security evaluation and governance of large models, pointing out that large models need to learn the essence of safety just like humans. [Link]
• [2024/09/19] I was invited to attend the APSARA Conference, where I shared my thoughts in a panel discussion on the responsibility and future of AI technology: ethics, security, and collaborative governance. [Replay]
• [2024/01/10] I was a guest on "The AI Chasers" (Episode 34), where I guided listeners through the front lines of large model security, ethical risks, and governance. [Link]
• [2023/12/27] I was invited to attend the "AI Development and Governance Innovation Seminar" and gave a presentation on "General Artificial Intelligence Risks and Governance: Starting from OpenAI Q*." Media reports: [Xinhuanet][Huanqiu.com][GMW.cn][Phoenix News]

Students

• PhD Students:
  • Current: Qifan Xiao (2020-), Yifan Lu (2021-), Yuanmin Huang (2021-), Yining Wang (2022-), Wenxuan Li (2022-), Feifei Li (2023-), Huming Qiu (2023-), Jiagui Chen (2024-), Yiming Sun (2024-), Xi Li (2024-), Chen Chen (2024-)
  • Graduated: Daizong Ding (2017-2023, Huawei), Xudong Pan (2018-2023, Fudan), Xiaoyu You (2017-2024, ECUST)
  
  

• Master Students:
  • Current: Yanghao Lv (2022-), Xinnuo Chen (2023-), Zhaoxiang Wang (2023-), Chenyue Wang (2023-), Zhenfei Zhang (2024-), Liangchen Pu (2024-), Yuquan Wang (2024-), Jiahao Gu (2024-), Runjie Wang (2024-), Zixuan Zhu (2024-), Yao Mao (2024-)
  • Graduated: Xuchen Zhang (2013-2016, ByteDance), Ri Xu (Huawei), Xiaoyang Ma (Tencent), Li Wang (Ant Group), Chengchun Zhu (ByteDance), Ruozhi Huang (2017-2020, Tencent), Duocai Wu (2018-2021, Ant Group), Hanrui Wang (2018-2021, NetEase), Jiaming Zhu (2019-2021, Ant Group), Yifan Yan (2020-2022, Alibaba), Chi Li (2020-2022, Alibaba), Beina Sheng (2020-2023, ByteDance), Erling Jiang (2021-2023, Alibaba), Youhe Jiang (2021-2023, Alibaba), Jianwei Xu (2021-2023, Selected Cadre of Liaoning Province), Shengyao Zhang (2021-2024, Alibaba), Junjie Sun (2022-2025, Alibaba), Zechen Gao (2022-2025, Fudan)
  
  

Selected Awards and Honors

• Distinguished Paper Award Nomination, ACM CCS (2020)
  

• Youth Outstanding Paper Nomination, World Artificial Intelligence Conference (WAIC, 2022)
  

• The 1st Prize, "Huawei Cup" 2nd China Graduate Cybersecurity Innovation Competition - Large Language Model Privacy Track (2023, Mentor)
  

• The 1st Prize, 6th China Open Source Software Innovation Competition - ModelScope Challenge (2023, Mentor)
  

• The 1st Place, DEFCON Autodriving CTF (2022&2021, Mentor)
  

• The Most Valuable Vulnerability Award, China National Vulnerability Database (CNVD), 2021
  

• CCF Science and Technology Award (2nd Prize in Natural Science), 2020
  

• Huawei Excellent Technical Achievement Award, 2020
  

• Shanghai Youth May Fourth Medal (Collective), 2020
  

• Best Paper Award, IEEE/ACM WI/IAT, 2008.
  

Publications

2025

InfoCons: Identifying Interpretable Critical Concepts in Point Clouds via Information Theory
Feifei Li, Mi Zhang✉, Zhaoxiang Wang, Min Yang. The 42nd International Conference on Machine Learning (ICML, accepted), 2025. [PDF]

Detect-and-Guide: Self-regulation of Diffusion Models for Safe Text-to-Image Generation via Guideline Token Optimization
Feifei Li, Mi Zhang✉, Yiming Sun, Min Yang. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition 2025 (CVPR, accepted), 2025. [PDF]

Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink
Yining Wang, Mi Zhang✉, Junjie Sun, Chenyue Wang, Min Yang, Hui Xue, Jialing Tao, Ranjie Duan, Jiexi Liu. The 32nd USENIX Security Symposium (USENIX Security, accepted), 2025. [PDF]

Revisiting Backdoor Attacks on Time Series Classification in the Frequency Domain
Yuanmin Huang, Mi Zhang✉, Zhaoxiang Wang, Wenxuan Li, Min Yang. The 2025 ACM Web Conference (WWW, accepted), 2025. [PDF]

2024

Neural Dehydration: Effective Erasure of Black-box Watermarks from DNNs with Limited Data
Yifan Lu, Wenxuan Li, Mi Zhang✉, Xudong Pan, Min Yang. The 31th ACM Conference on Computer and Communications Security (CCS, accepted), 2024. [PDF]

Towards Detection-Recovery Strategy for Robust Decentralized Matrix Factorization
Yuanmin Huang, Mi Zhang✉, Daizong Ding, Erling Jiang, Qifan Xiao, Xiaoyu You, Yuan Tian, Min Yang. The 29th European Symposium on Research in Computer Security (ESORICS, accepted), 2024. [PDF]

Matryoshka: Exploiting the Over-Parametrization of Deep Learning Models for Covert Data Transmission
Xudong Pan, Mi Zhang✉, Yifan Yan, Shengyao Zhang, Min Yang. IEEE Transaction on Pattern Analysis and Machine Intelligence (TPAMI), Early Access, 2024. [PDF]

Towards Practical Backdoor Attacks on Federated Learning Systems
Chenghui Shi, Shouling Ji, Xudong Pan, Xuhong Zhang, Mi Zhang, Min Yang, Jun Zhou, Jianwei Yin, Ting Wang. IEEE Transactions on Dependable and Secure Computing (TDSC), Early Access, 2024. [PDF]

BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity Lifting
Huming Qiu, Junjie Sun, Mi Zhang✉, Xudong Pan, Min Yang. 2024 IEEE Symposium on Security and Privacy (S&P), P261-261, 2024. [PDF]

Navigate Beyond Shortcuts: Debiased Learning through the Lens of Neural Collapse
Yining Wang, Junjie Sun, Chenyue Wang, Mi Zhang✉, Min Yang. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition 2024 (CVPR, Highlight), P12322-12331, 2024. [PDF]

CausalPC: Improving the Robustness of Point Cloud Classification by Causal Effect Identification
Yuanmin Huang, Mi Zhang✉, Daizong Ding, Erling Jiang, Zhaoxiang Wang, Min Yang. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition 2024 (CVPR), P19779-19789, 2024. [PDF]

GNNFingers: A Fingerprinting Framework for Verifying Ownerships of Graph Neural Networks
Xiaoyu You, Youhe Jiang, Jianwei Xu, Mi Zhang✉, Min Yang. The 2024 ACM Web Conference (WWW), P652-663, 2024. [PDF]

RRL: Recommendation Reverse Learning
Xiaoyu You, Jianwei Xu, Mi Zhang✉, Zechen Gao, Min Yang. The 38th AAAI Conference on Artificial Intelligence (AAAI), P9296-9304, 2024. [PDF]

2023

SlowBERT: Slow-down Attacks on Input-adaptive Multi-exit BERT
Shengyao Zhang, Xudong Pan, Mi Zhang✉, Min Yang. Findings of the Association for Computational Linguistics (ACL), P9992–10007, 2023. [PDF]

Cracking White-box DNN Watermarks via Invariant Neuron Transforms
Xudong Pan, Mi Zhang✉, Yifan Yan, Yining Wang, Min Yang. The 29th SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), P1783–1794 2023. [PDF]

Exorcising “Wraith”: Protecting LiDAR-based Object Detector in Automated Driving System from Appearing Attacks
Qifan Xiao*, Xudong Pan*, Yifan Lu, Mi Zhang✉, Min Yang. The 32nd USENIX Security Symposium (USENIX Security), P2939-2956, 2023. [PDF]

Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation
Yifan Yan*, Xudong Pan*, Mi Zhang✉, Min Yang. The 32nd USENIX Security Symposium (USENIX Security), P2347-2364, 2023. [PDF]

MaSS: Model-agnostic, Semantic and Stealthy Data Poisoning Attack on Knowledge Graph Embedding
Xiaoyu You, Beina Sheng, Daizong Ding, Mi Zhang✉, Xudong Pan, Min Yang, Fuli Feng. The Web Conference (WWW), P2000-2010, 2023. [PDF]

Anti-FakeU: Defending Shilling Attacks on Graph Neural Network based Recommender Model
Xiaoyu You, Chi Lee, Daizong Ding, Mi Zhang✉, Fuli Feng, Xudong Pan, Min Yang. The Web Conference (WWW), P938-948, 2023. [PDF]

RØROS: Building a Responsive Online Recommender System via Meta-Gradients Updating
Xudong Pan, Mi Zhang✉, Duocai Wu. 2023 IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP) 2023. [PDF]

AutoGCF: Personalized Aggregation on Neural Graph Collaborative Filtering
Xiaoyu You, Chi Li, Jianwei Xu, Mi Zhang✉. 2023 IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP), 2023. [PDF]

CAP: Robust Point Cloud Classification via Semantic and Structural Modeling
Daizong Ding, Erling Jiang, Yuanmin Huang, Mi Zhang✉, Wenxuan Li, Min Yang. The IEEE/CVF Conference on Computer Vision and Pattern Recognition 2023 (CVPR), P12260-12270, 2023. [PDF]

Black-box Adversarial Attack on Time Series Classification
Daizong Ding, Mi Zhang✉, Yuanmin Huang, Erling Jiang, Min Yang. The 37th AAAI Conference on Artificial Intelligence (AAAI), P7358-7368, 2023. [PDF]

2022

House of Cans: Covert Transmission of Internal Datasets via Capacity-Aware Neuron Steganography
Xudong Pan, Shengyao Zhang, Mi Zhang✉, Yifan Yan, Min Yang. The 36th Annual Conference on Neural Information Processing Systems (NeurIPS) , 2022. [PDF]

Slowing Down the Aging of Learning-based Malware Detectors with API Knowledge
Xiaohan Zhang, Mi Zhang✉, Yuan Zhang, Ming Zhong, Xin Zhang, Yinzhi Cao, Min Yang. IEEE Transactions on Dependable and Secure Computing (TDSC) , Early Access, 2022. [PDF]

MetaV: A Meta-Verifier Approach to Task-Agnostic Model Fingerprinting
Xudong Pan, Yifan Yan, Mi Zhang✉, Min Yang. The 28th SIGKDD Conference on Knowledge Discovery and Data Mining (KDD) , P1327-1336, 2022. [PDF]

Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation
Xudong Pan, Mi Zhang✉, Beina Sheng, Jiaming Zhu, Min Yang. The 31st USENIX Security Symposium (USENIX Security) , P3611-3628, 2022. [PDF]

Towards Backdoor Attack on Deep Learning based Time Series Classification
Daizong Ding, Mi Zhang✉, Yuanmin Huang, Xudong Pan, Fuli Feng, Erling Jiang, Min Yang. The 38th IEEE International Conference on Data Engineering (ICDE), P1274-1287, 2022. [PDF]

Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis
Xudong Pan, Mi Zhang✉, Yifan Yan, Jiaming Zhu, Min Yang. The 31st USENIX Security Symposium (USENIX Security), , P3989-4006, 2022. [PDF]

2021

Understanding the Threats of Trojaned Quantized Neural Network in Model Supply Chains
Xudong Pan, Mi Zhang✉, Yifan Yan, Min Yang. The 38th Annual Computer Security Applications Conference (ACSAC), , P634–645, 2021. [PDF]

Enhancing Time Series Predictors with Generalized Extreme Value Loss
Mi Zhang✉, Daizong Ding, Xudong Pan, Min Yang. IEEE Transactions on Knowledge and Data Engineering (TKDE), 35(1), P1473-1487, 2021. [PDF]

A Deep Learning Framework for Self-evolving Hierarchical Community Detection
Daizong Ding, Mi Zhang✉, Hanrui Wang, Xudong Pan, Min Yang, Xiangnan He. The 30th ACM International Conference on Information and Knowledge Management (CIKM), , P372–381, 2021. [PDF]

Learning to Learn the Future: Modeling Concept Drift in Time Series Prediction
Xiaoyu You, Mi Zhang✉, Daizong Ding, Fuli Feng, Yuanmin Huang. The 30th ACM International Conference on Information and Knowledge Management (CIKM), , P2434–2443, 2021. [PDF]

TAFA: A Task-Agnostic Fingerprinting Algorithm for Neural Networks
Xudong Pan, Mi Zhang✉, Yifan Lu, Min Yang. The 26th European Symposium on Research in Computer Security (ESORICS), P542-562, 2021. [PDF]

2020

A Geometrical Perspective on Image Style Transfer with Adversarial Learning
Xudong Pan, Mi Zhang✉, Daizong Ding, Min Yang. IEEE Transaction on Pattern Analysis and Machine Intelligence (TPAMI), 44(1), P63-75, 2020. [PDF]

Modeling Personalized Out-of-Town Distances in Location Recommendation
Daizong Ding, Mi Zhang✉, Xudong Pan, Xiangnan He, Min Yang. The 20th IEEE International Conference on Data Mining (ICDM), P112-121, 2020. [PDF]

Improving the Robustness of Wasserstein Embedding by Adversarial PAC-Bayesian Learning
Daizong Ding, Mi Zhang✉, Xudong Pan, Xiangnan He, Min Yang. The 34th AAAI Conference on Artificial Intelligence (AAAI), , P3791-3800, 2020. [PDF]

Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware
Xiaohan Zhang, Yuan Zhang, Ming Zhong, Daizong Ding, Yinzhi Cao, Yukun Zhang, Mi Zhang✉, Min Yang. ACM Conference on Computer and Communications Security (CCS) , P757-770, 2020. Distinguished Paper Nomination [PDF]

Justinian's GAAvernor: Robust Distributed Learning with Gradient Aggregation Agent
Xudong Pan, Mi Zhang✉, Duocai Wu, Qifan Xiao, Shouling Ji, Min Yang. The 29th USENIX Security Symposium (USENIX Security) , P1641-1658, 2020. [PDF]

Privacy Risks of General-Purpose Language Models
Xudong Pan, Mi Zhang✉, Shouling Ji, Min Yang. 2020 IEEE Symposium on Security and Privacy (S&P) , P1471-1488, 2020. WAIC Youth Distinguished Paper Nomination [PDF]

2019

Modeling Extreme Events in Time Series Prediction
Daizong Ding, Mi Zhang✉, Xudong Pan, Xiangnan He, Min Yan The 25th SIGKDD Conference on Knowledge Discovery and Data Mining (KDD) , P1114-1122, 2019. [PDF]

2018

Theoretical Analysis of Image-to-Image Translation with Adversarial Learning
Xudong Pan, Mi Zhang✉, Daizong Ding The 35th International Conference on Machine Learning (ICML) , P4006-4015, 2018. [PDF]

Geographical Feature Extraction for Entities in Location-based Social Networks
Daizong Ding, Mi Zhang✉, Xudong Pan, Duocai Wu, Pearl Pu The 2018 World Wide Web Conference (WWW) , P833-842, 2018. [PDF]

2017 and Before

BayDNN: Friend Recommendation with Bayesian Personalized Ranking Deep Neural Network
Daizong Ding, Mi Zhang✉, Shao-Yuan Li, Jie Tang, Xiaotie Chen, Zhi-Hua Zhou The 2017 ACM Conference on Information and Knowledge Management (CIKM), P1479-1488, 2017. [PDF]

Cold Start in Recommender Systems: A Semi-Supervised Co-Training Algorithm
Mi Zhang✉, Jie Tang, Xuchen Zhang, Xiangyang Xue The 37th Annual ACM SIGIR Conference (SIGIR), 2014.

A Double-Ranking Strategy for Long-Tail Product Recommendation
Mi Zhang, Neil Hurley, Wei Li, Xiangyang Xue The 2012 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), 2012.

Novelty and Diversity in Top-N Recommendation-Analysis and Evaluation
Neil Hurley and Mi Zhang✉ ACM transaction of internet technology (TOIT), 10(4), 14, 2011.

Niche Product Retrieval in Top-N Recommendation
Mi Zhang and Neil Hurley the 2010 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), P74-81, 2010. Best Paper Award

Statistical Attack Detection
Neil Hurley, Zunping Cheng, Mi Zhang 2009 ACM International Conference on Recommender Systems (ACM Recsys), P149-156, 2009.

Evaluating the Diversity of Top-N Recommendations
Mi Zhang and Neil Hurley 21th IEEE International Conference on Tools with Artificial Intelligence (ICTAI), P457–460, 2009.

Enhancing Diversity in Top-N Recommendation
Mi Zhang and Neil Hurley The 2009 ACM International Conference on Recommender Systems (ACM Recsys), P397-400, 2009.

Top-N Novel Recommendation by User Profile Partitioning
Mi Zhang and Neil Hurley The 2009 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), P508-515, 2009.

Statistical Modeling of Diversity in Top-N Recommender Systems
Mi Zhang and Neil Hurley The 2009 IEEE/WIC/ACM International Conferences on Web Intelligence (WI/IAT), P490-497, 2009.

Spam User Detection: Problem Definition and Strategy Analysis
Mi Zhang and Neil Hurley The 19th Irish Conference on Artificial Intelligence and Cognitive Science (AICS), 2008.

Avoiding Monotony: Improving the Diversity of Recommendation Lists
Mi Zhang and Neil Hurley 2008 ACM International Conference on Recommender Systems (ACM Recsys), P123-130, 2008.

Analysis of Methods for Novel Case Selection
Neil Hurley and Mi Zhang 20th IEEE International Conference on Tools with Artificial Intelligence (ICTAI), P217-224, 2008.

Using A Depth Tree Framework to Evaluate Change Impacts of Modifications to IT Infrastructure
Min Yang, Mi Zhang, et al., International Joint Conference on e-Business and Telecommunications, In Conjunction with ACM SIGMIS, 2006.

A Security Model Design in Web Service Environment
Mi Zhang, et al., The 5th International Conference on Computer and Information Technology (CIT 2005), 2005.

A Web Service-based Framework for Supply Chain Management
Mi Zhang, et al., The 8th IEEE International Symposium on Object-Oriented Real Time Distributed Computing (ISORC 2005), 2005.

Patents

A Method to Improve the Prediction Performance of Time Series Forecasting System. Invention Patent, China, 2022.


A Method of Training Data Reconstruction based on Exclusive Neurons. Invention Patent, China, 2022.


A Neural Network Fingerprint Detection Method Decoupled with Downstream Tasks. Invention Patent, China, 2022.


A Method to Improve the Effectiveness of Social Network Hierarchical Community Detection and Division. Invention Patent, China, 2022.


A Neural Network Fingerprint Detection Method based on Adaptive Fingerprint and Meta-Learning. Invention Patent, China, 2022.


An Anti-aging Enhancement Method of Malware Detection Model based on API Relationship Graph. Invention Patent, China, 2021.


Deep Learning-based Malware Detection Method adapted to Smart Chip Hierarchical Architecture. Invention Patent, China, 2021.


A Method for Constructing Android API Semantic Graph based on Code Documents. Invention Patent, China, 2021.


Real-time Detection System for Malicious Behaviors based on Dynamic Behavior Sequence and Deep Learning. Invention Patent, China, 2021.


A Defense Agent for Enhancing the Robustness of Distributed Learning Systems. Invention Patent, China, 2020.