I have published more than 80 peer-reviewed papers so far. My publication list can also be found at DBLP and Google Scholar, however, they may not be up to date. Note that in the domain of information security, the most prestigious conferences are IEEE S&P, CCS, USENIX Security, and NDSS. Also, the author list of most of my papers before 2018 follows alphabetical order.

2024

Prompt Stealing Attacks Against Text-to-Image Generation Models

Xinyue Shen, Yiting Qu, Michael Backes, Yang Zhang; USENIX Security 2024

pdf arxiv code

SecurityNet: Assessing Machine Learning Vulnerabilities on Public Models

Boyang Zhang, Zheng Li, Ziqing Yang, Xinlei He, Michael Backes, Mario Fritz, Yang Zhang; USENIX Security 2024

pdf arxiv code

Quantifying Privacy Risks of Prompts in Visual Prompt Learning

Yixin Wu, Rui Wen, Michael Backes, Pascal Berrang, Mathias Humbert, Yun Shen, Yang Zhang; USENIX Security 2024

pdf arxiv code

Composite Backdoor Attacks Against Large Language Models

Hai Huang, Zhengyu Zhao, Michael Backes, Yun Shen, Yang Zhang; NAACL Findings 2024

pdf arxiv code

Games and Beyond: Analyzing the Bullet Chats of Esports Livestreaming

Yukun Jiang, Xinyue Shen, Rui Wen, Zeyang Sha, Junjie Chu, Yugeng Liu, Michael Backes, Yang Zhang; ICWSM 2024

pdf arxiv code

FAKEPCD: Fake Point Cloud Detection via Source Attribution

Yiting Qu, Zhikun Zhang, Yun Shen, Michael Backes, Yang Zhang; ASIACCS 2024

pdf arxiv code

You Only Prompt Once: On the Capabilities of Prompt Learning on Large Language Models to Tackle Toxic Content

Xinlei He, Savvas Zannettou, Yun Shen, Yang Zhang; S&P 2024

pdf arxiv code

Test-Time Poisoning Attacks Against Test-Time Adaptation Models

Tianshuo Cong, Xinlei He, Yun Shen, Yang Zhang; S&P 2024

pdf arxiv code

Generated Distributions Are All You Need for Membership Inference Attacks Against Generative Models

Minxing Zhang, Ning Yu, Rui Wen, Michael Backes, Yang Zhang; WACV 2024

pdf arxiv code

VGMShield: Mitigating Misuse of Video Generative Models

Yan Pang, Yang Zhang, Tianhao Wang

arxiv

Prompt Stealing Attacks Against Large Language Models

Zeyang Sha, Yang Zhang

arxiv

Rapid Adoption, Hidden Risks: The Dual Impact of Large Language Model Customization

Rui Zhang, Hongwei Li, Rui Wen, Wenbo Jiang, Yuan Zhang, Michael Backes, Yun Shen, Yang Zhang

arxiv

Comprehensive Assessment of Jailbreak Attacks Against LLMs

Junjie Chu, Yugeng Liu, Ziqing Yang, Xinyue Shen, Michael Backes, Yang Zhang

arxiv

Conversation Reconstruction Attack Against GPT Models

Junjie Chu, Zeyang Sha, Michael Backes, Yang Zhang

arxiv

2023

DE-FAKE: Detection and Attribution of Fake Images Generated by Text-to-Image Generation Models

Zeyang Sha, Zheng Li, Ning Yu, Yang Zhang; CCS 2023

pdf arxiv code

Unsafe Diffusion: On the Generation of Unsafe Images and Hateful Memes From Text-To-Image Models

Yiting Qu, Xinyue Shen, Xinlei He, Michael Backes, Savvas Zannettou, Yang Zhang; CCS 2023

pdf arxiv code

Differentially Private Resource Allocation

Joann Qiongna Chen, Tianhao Wang, Zhikun Zhang, Yang Zhang, Somesh Jha, Zhou Li; ACSAC 2023

pdf

A Plot is Worth a Thousand Words: Model Information Stealing Attacks via Scientific Plots

Boyang Zhang, Xinlei He, Yun Shen, Tianhao Wang, Yang Zhang; USENIX Security 2023

pdf arxiv code

Two-in-One: A Model Hijacking Attack Against Text Generation Models

Wai Man Si, Michael Backes, Yang Zhang, Ahmed Salem; USENIX Security 2023

pdf arxiv

UnGANable: Defending Against GAN-based Face Manipulation

Zheng Li, Ning Yu, Ahmed Salem, Michael Backes, Mario Fritz, Yang Zhang; USENIX Security 2023

pdf arxiv code Media Coverage: Mimikama, it-sicherheit.de, SOLARIFY, elektroniknet.de, Digitale Schweiz, innovations report

FACE-AUDITOR: Data Auditing in Facial Recognition Systems

Min Chen, Zhikun Zhang, Michael Backes, Tianhao Wang, Yang Zhang; USENIX Security 2023

pdf arxiv

PrivTrace: Differentially Private Trajectory Synthesis by Adaptive Markov Model

Haiming Wang, Zhikun Zhang, Tianhao Wang, Shibo He, Michael Backes, Jiming Chen, Yang Zhang; USENIX Security 2023

pdf arxiv

Generated Graph Detection

Yihan Ma, Zhikun Zhang, Ning Yu, Xinlei He, Michael Backes, Yun Shen, Yang Zhang; ICML 2023

pdf arxiv code

Data Poisoning Attacks Against Multimodal Encoders

Ziqing Yang, Xinlei He, Zheng Li, Michael Backes, Mathias Humbert, Pascal Berrang, Yang Zhang; ICML 2023

pdf arxiv code

NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models

Kai Mei, Zheng Li, Zhenting Wang, Yang Zhang, Shiqing Ma; ACL 2023

pdf arxiv code

Can't Steal? Cont-Steal! Contrastive Stealing Attacks Against Image Encoders

Zeyang Sha, Xinlei He, Ning Yu, Michael Backes, Yang Zhang; CVPR 2023

pdf arxiv code

On the Evolution of (Hateful) Memes by Means of Multimodal Contrastive Learning

Yiting Qu, Xinlei He, Shannon Pierson, Michael Backes, Yang Zhang, Savvas Zannettou; S&P 2023

pdf arxiv code

Is Adversarial Training Really a Silver Bullet for Mitigating Data Poisoning?

Rui Wen, Zhengyu Zhao, Zhuoran Liu, Michael Backes, Tianhao Wang, Yang Zhang; ICLR 2023 (spotlight)

pdf code

Backdoor Attacks Against Dataset Distillation

Yugeng Liu, Zheng Li, Michael Backes, Yun Shen, Yang Zhang; NDSS 2023

pdf arxiv code

Pseudo Label-Guided Model Inversion Attack via Conditional Generative Adversarial Network

Xiaojian Yuan, Kejiang Chen, Jie Zhang, Weiming Zhang, Nenghai Yu, Yang Zhang; AAAI 2023

pdf arxiv code

VERITRAIN: Validating MLaaS Training Efforts via Anomaly Detection

Xiaokuan Zhang, Yang Zhang, Yinqian Zhang; IEEE Transactions on Dependable and Secure Computing

pdf

Comprehensive Assessment of Toxicity in ChatGPT

Boyang Zhang, Xinyue Shen, Wai Man Si, Zeyang Sha, Zeyuan Chen, Ahmed Salem, Yun Shen, Michael Backes, Yang Zhang

arxiv

On the Proactive Generation of Unsafe Images From Text-To-Image Models Using Benign Prompts

Yixin Wu, Ning Yu, Michael Backes, Yun Shen, Yang Zhang

arxiv

Last One Standing: A Comparative Analysis of Security and Privacy of Soft Prompt Tuning, LoRA, and In-Context Learning

Rui Wen, Tianhao Wang, Michael Backes, Yang Zhang, Ahmed Salem

arxiv

A Comprehensive Study of Privacy Risks in Curriculum Learning

Joann Qiongna Chen, Xinlei He, Zheng Li, Yang Zhang, Zhou Li

arxiv

Composite Backdoor Attacks Against Large Language Models

Hai Huang, Zhengyu Zhao, Michael Backes, Yun Shen, Yang Zhang

arxiv

Prompt Backdoors in Visual Prompt Learning

Hai Huang, Zhengyu Zhao, Michael Backes, Yun Shen, Yang Zhang

arxiv

Robustness Over Time: Understanding Adversarial Examples' Effectiveness on Longitudinal Versions of Large Language Models

Yugeng Liu, Tianshuo Cong, Zhengyu Zhao, Michael Backes, Yun Shen, Yang Zhang

arxiv

White-box Membership Inference Attacks against Diffusion Models

Yan Pang, Tianhao Wang, Xuhui Kang, Mengdi Huai, Yang Zhang

arxiv

"Do Anything Now": Characterizing and Evaluating In-The-Wild Jailbreak Prompts on Large Language Models

Xinyue Shen, Zeyuan Chen, Michael Backes, Yun Shen, Yang Zhang

arxiv Media Coverage: New Scientist, Deutschlandfunk Nova

Mondrian: Prompt Abstraction Attack Against Large Language Models for Cheaper API Pricing

Wai Man Si, Michael Backes, Yang Zhang

arxiv

Watermarking Diffusion Model

Yugeng Liu, Zheng Li, Michael Backes, Yun Shen, Yang Zhang

arxiv

In ChatGPT We Trust? Measuring and Characterizing the Reliability of ChatGPT

Xinyue Shen, Zeyuan Chen, Michael Backes, Yang Zhang

arxiv

MGTBench: Benchmarking Machine-Generated Text Detection

Xinlei He, Xinyue Shen, Zeyuan Chen, Michael Backes, Yang Zhang

arxiv code

Generative Watermarking Against Unauthorized Subject-Driven Image Synthesis

Yihan Ma, Zhengyu Zhao, Xinlei He, Zheng Li, Michael Backes, Yang Zhang

arxiv

2022

Amplifying Membership Exposure via Data Poisoning

Yufei Chen, Chao Shen, Yun Shen, Cong Wang, Yang Zhang; NeurIPS 2022

pdf arxiv code

Why So Toxic?: Measuring and Triggering Toxic Behavior in Open-Domain Chatbots

Wai Man Si, Michael Backes, Jeremy Blackburn, Emiliano De Cristofaro, Gianluca Stringhini, Savvas Zannettou, Yang Zhang; CCS 2022

pdf arxiv Media Coverage: Fast Company
Best Paper Award Honorable Mention

On the Privacy Risks of Cell-Based NAS Architectures

Hai Huang, Zhikun Zhang, Yun Shen, Michael Backes, Qi Li, Yang Zhang; CCS 2022

pdf arxiv code

Membership Inference Attacks by Exploiting Loss Trajectory

Yiyong Liu, Zhengyu Zhao, Michael Backes, Yang Zhang; CCS 2022

pdf arxiv code

Auditing Membership Leakages of Multi-Exit Networks

Zheng Li, Yiyong Liu, Xinlei He, Ning Yu, Michael Backes, Yang Zhang; CCS 2022

pdf arxiv code

Graph Unlearning

Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Mathias Humbert, Yang Zhang; CCS 2022

pdf arxiv

SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders

Tianshuo Cong, Xinlei He, Yang Zhang; CCS 2022

pdf arxiv code

Finding MNEMON: Reviving Memories of Node Embeddings

Yun Shen, Yufei Han, Zhikun Zhang, Min Chen, Ting Yu, Michael Backes, Yang Zhang, Gianluca Stringhini; CCS 2022

pdf arxiv

Semi-Leak: Membership Inference Attacks Against Semi-supervised Learning

Xinlei He, Hongbin Liu, Neil Zhenqiang Gong, Yang Zhang; ECCV 2022

pdf arxiv code

Teacher Model Fingerprinting Attacks Against Transfer Learning

Yufei Chen, Chao Shen, Cong Wang, Yang Zhang; USENIX Security 2022

pdf arxiv code

ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models

Yugeng Liu, Rui Wen, Xinlei He, Ahmed Salem, Zhikun Zhang, Michael Backes, Emiliano De Cristofaro, Mario Fritz, Yang Zhang; USENIX Security 2022

pdf arxiv code

Inference Attacks Against Graph Neural Networks

Zhikun Zhang, Min Chen, Michael Backes, Yun Shen, Yang Zhang; USENIX Security 2022

pdf arxiv

On Xing Tian and the Perseverance of Anti-China Sentiment Online

Xinyue Shen, Xinlei He, Michael Backes, Jeremy Blackburn, Savvas Zannettou, Yang Zhang; ICWSM 2022

pdf arxiv

Model Stealing Attacks Against Inductive Graph Neural Networks

Yun Shen, Xinlei He, Yufei Han, Yang Zhang; S&P 2022

pdf arxiv code

Get a Model! Model Hijacking Attack Against Machine Learning Models

Ahmed Salem, Michael Backes, Yang Zhang; NDSS 2022

pdf arxiv code

Property Inference Attacks Against GANs

Junhao Zhou, Yufei Chen, Chao Shen, Yang Zhang; NDSS 2022

pdf arxiv code

Dynamic Backdoor Attacks Against Machine Learning Models

Ahmed Salem, Rui Wen, Michael Backes, Shiqing Ma, Yang Zhang; EuroS&P 2022

pdf arxiv code

FairSR: Fairness-aware Sequential Recommendation through Multi-Task Learning with Preference Graph Embeddings

Cheng-Te Li, Cheng Hsu, Yang Zhang; ACM Transactions on Intelligent Systems and Technology

pdf arxiv

Fine-Tuning Is All You Need to Mitigate Backdoor Attacks

Zeyang Sha, Xinlei He, Pascal Berrang, Mathias Humbert, Yang Zhang

arxiv

Membership Inference Attacks Against Text-to-image Generation Models

Yixin Wu, Ning Yu, Zheng Li, Michael Backes, Yang Zhang

arxiv

Backdoor Attacks in the Supply Chain of Masked Image Modeling

Xinyue Shen, Xinlei He, Zheng Li, Yun Shen, Michael Backes, Yang Zhang

arxiv

Membership-Doctor: Comprehensive Assessment of Membership Inference Against Machine Learning Models

Xinlei He, Zheng Li, Weilin Xu, Cory Cornelius, Yang Zhang

arxiv

2021

Quantifying and Mitigating Privacy Risks of Contrastive Learning

Xinlei He, Yang Zhang; CCS 2021

pdf arxiv code

When Machine Unlearning Jeopardizes Privacy

Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Mathias Humbert, Yang Zhang; CCS 2021

pdf arxiv

Membership Inference Attacks Against Recommender Systems

Minxing Zhang, Zhaochun Ren, Zihan Wang, Pengjie Ren, Zhumin Chen, Pengfei Hu, Yang Zhang; CCS 2021

pdf arxiv code

Membership Leakage in Label-Only Exposures

Zheng Li, Yang Zhang; CCS 2021

pdf arxiv code

BadNL: Backdoor Attacks Against NLP Models with Semantic-preserving Improvements

Xiaoyi Chen, Ahmed Salem, Michael Backes, Shiqing Ma, Qingni Shen, Zhonghai Wu, Yang Zhang; ACSAC 2021

pdf arxiv

Xinlei He, Jinyuan Jia, Michael Backes, Neil Zhenqiang Gong, Yang Zhang; USENIX Security 2021

pdf arxiv code

PrivSyn: Differentially Private Data Synthesis

Zhikun Zhang, Tianhao Wang, Jean Honorio, Ninghui Li, Michael Backes, Shibo He, Jiming Chen, Yang Zhang; USENIX Security 2021

pdf arxiv

“Go eat a bat, Chang!”: On the Emergence of Sinophobic Behavior on Web Communities in the Face of COVID-19

Fatemeh Tahmasbi, Leonard Schild, Chen Ling, Jeremy Blackburn, Gianluca Stringhini, Yang Zhang, Savvas Zannettou; WWW 2021

pdf arxiv Media Coverage: The Washington Post

DatingSec: Detecting Malicious Accounts in Dating Apps Using a Content-Based Attention Network

Xinlei He, Qingyuan Gong, Yang Chen, Yang Zhang, Xin Wang, Xiaoming Fu; IEEE Transactions on Dependable and Secure Computing

pdf

Node-Level Membership Inference Attacks Against Graph Neural Networks

Xinlei He, Rui Wen, Yixin Wu, Michael Backes, Yun Shen, Yang Zhang

arxiv

2020

LEAF: A Faster Secure Search Algorithm via Localization, Extraction, and Reconstruction

Rui Wen, Yu Yu, Xiang Xie, Yang Zhang; CCS 2020

pdf

GAN-Leaks: A Taxonomy of Membership Inference Attacks against Generative Models

Dingfan Chen, Ning Yu, Yang Zhang, Mario Fritz; CCS 2020

pdf arxiv code

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning

Ahmed Salem, Apratim Bhattacharya, Michael Backes, Mario Fritz, Yang Zhang; USENIX Security 2020

pdf arxiv code

Membership Inference Against DNA Methylation Databases

Inken Hagestedt, Mathias Humbert, Pascal Berrang, Irina Lehmann, Roland Eils, Michael Backes, Yang Zhang; EuroS&P 2020

pdf

Towards Plausible Graph Anonymization

Yang Zhang, Mathias Humbert, Bartlomiej Surma, Praveen Manoharan, Jilles Vreeken, Michael Backes; NDSS 2020

pdf arxiv

Don't Trigger Me! A Triggerless Backdoor Attack Against Deep Neural Networks

Ahmed Salem, Michael Backes, Yang Zhang

arxiv

BAAAN: Backdoor Attacks Against Autoencoder and GAN-Based Machine Learning Models

Ahmed Salem, Yannick Sautter, Michael Backes, Mathias Humbert, Yang Zhang

arxiv

Privacy Analysis of Deep Learning in the Wild: Membership Inference Attacks against Transfer Learning

Yang Zou, Zhikun Zhang, Michael Backes, Yang Zhang

arxiv

2019

MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples

Jinyuan Jia, Ahmed Salem, Michael Backes, Yang Zhang, Neil Zhenqiang Gong; CCS 2019

pdf arxiv code

How to Prove Your Model Belongs to You: A Blind-Watermark based Framework to Protect Intellectual Property of DNN

Zheng Li, Chengyu Hu, Yang Zhang, Shanqing Guo; ACSAC 2019

pdf

A Graph-Based Approach to Explore Relationship Between Hashtags and Images

Zhiqiang Zhong, Yang Zhang, Jun Pang; WISE 2019

pdf

Fairwalk: Towards Fair Graph Embedding

Tahleen Rahman, Bartlomiej Surma, Michael Backes, Yang Zhang; IJCAI 2019

pdf code

Language in Our Time: An Empirical Analysis of Hashtags

Yang Zhang; WWW 2019

pdf arxiv

ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models

Ahmed Salem, Yang Zhang, Mathias Humbert, Pascal Berrang, Mario Fritz, Michael Backes; NDSS 2019

pdf arxiv code

MBeacon: Privacy-Preserving Beacons for DNA Methylation Data

Inken Hagestedt, Yang Zhang, Mathias Humbert, Pascal Berrang, Haixu Tang, XiaoFeng Wang, Michael Backes; NDSS 2019

pdf
Distinguished Paper Award

2018

You Are Where You APP: An Assessment on Location Privacy of Social APPs

Fanghua Zhao, Linan Gao, Yang Zhang, Zeyu Wang, Bo Wang, Shanqing Guo; ISSRE 2018

pdf

Tagvisor: A Privacy Advisor for Sharing Hashtags

Yang Zhang, Mathias Humbert, Tahleen Rahman, Cheng-Te Li, Jun Pang, Michael Backes; WWW 2018

pdf arxiv

Dissecting Privacy Risks in Biomedical Data

Pascal Berrang, Mathias Humbert, Yang Zhang, Irina Lehmann, Roland Eils, Michael Backes; EuroS&P 2018

pdf

An Active Learning-based Approach for Location-aware Acquaintance Inference

Bo-Heng Chen, Cheng-Te Li, Kun-Ta Chuang, Jun Pang, Yang Zhang; Knowledge and Information Systems

pdf

2017

Michael Backes, Mathias Humbert, Jun Pang, Yang Zhang; CCS 2017

pdf arxiv code

Semantic Annotation for Places in LBSN Using Graph Embedding

Yan Wang, Zongxu Qin, Jun Pang, Yang Zhang, Xin Jin; CIKM 2017

pdf

Does #like4like Indeed Provoke More Likes?

Yang Zhang, Minyue Ni, Weili Han, Jun Pang; WI 2017

pdf

Quantifying Location Sociality

Jun Pang, Yang Zhang; HT 2017

pdf arxiv

DeepCity: A Feature Learning Framework for Mining Location Check-ins

Jun Pang, Yang Zhang; ICWSM 2017

pdf arxiv

2016

On Impact of Weather on Human Mobility in Cities

Jun Pang, Polina Zablotskaia, Yang Zhang; WISE 2016

pdf

An Empirical Study on User Access Control in Online Social Networks

Minyue Ni, Yang Zhang, Weili Han, Jun Pang; SACMAT 2016

pdf

2015

Location Prediction: Communities Speak Louder than Friends

Jun Pang, Yang Zhang; COSN 2015

pdf arxiv

Yang Zhang, Jun Pang; APWeb 2015

pdf

Event Prediction with Community Leaders

Jun Pang, Yang Zhang; ARES 2015

pdf

A Logical Approach for Blocking Access in Social Networks

Marcos Cramer, Jun Pang, Yang Zhang; SACMAT 2015

pdf

Cryptographic Protocols for Enforcing Topology-based Access Control Policies

Jun Pang, Yang Zhang; COMPSAC 2015

pdf

A New Access Control Scheme for Facebook-style Social Networks

Jun Pang, Yang Zhang; Computers & Security

pdf arxiv

Exploring Communities for Effective Location Predication

Jun Pang, Yang Zhang; WWW 2015 (Poster)

pdf

Community-driven Social Influence Analysis and Applications

Yang Zhang, Jun Pang; ICWE 2015 (PhD symposium)

pdf

2014

A New Access Control Scheme for Facebook-style Social Networks

Jun Pang, Yang Zhang; ARES 2014

pdf
Best Paper Award