I have published more than 50 peer-reviewed papers so far. My publication list can also be found at DBLP and Google Scholar, however, they may not be up to date. Note that in the domain of information security, the most prestigious conferences are IEEE S&P, CCS, USENIX Security, and NDSS. Also, the author list of most of my papers before 2018 follows alphabetical order.
2023
A Plot is Worth a Thousand Words: Model Information Stealing Attacks via Scientific Plots
Boyang Zhang, Xinlei He, Yun Shen, Tianhao Wang, Yang Zhang; USENIX Security 2023UnGANable: Defending Against GAN-based Face Manipulation
Zheng Li, Ning Yu, Ahmed Salem, Michael Backes, Mario Fritz, Yang Zhang; USENIX Security 2023PrivTrace: Differentially Private Trajectory Synthesis by Adaptive Markov Model
Haiming Wang, Zhikun Zhang, Tianhao Wang, Shibo He, Michael Backes, Jiming Chen, Yang Zhang; USENIX Security 2023Can't Steal? Cont-Steal! Contrastive Stealing Attacks Against Image Encoders
Zeyang Sha, Xinlei He, Ning Yu, Michael Backes, Yang Zhang; CVPR 2023On the Evolution of (Hateful) Memes by Means of Multimodal Contrastive Learning
Yiting Qu, Xinlei He, Shannon Pierson, Michael Backes, Yang Zhang, Savvas Zannettou; S&P 2023Is Adversarial Training Really a Silver Bullet for Mitigating Data Poisoning?
Rui Wen, Zhengyu Zhao, Zhuoran Liu, Michael Backes, Tianhao Wang, Yang Zhang; ICLR 2023 (spotlight)Backdoor Attacks Against Dataset Distillation
Yugeng Liu, Zheng Li, Michael Backes, Yun Shen, Yang Zhang; NDSS 2023Pseudo Label-Guided Model Inversion Attack via Conditional Generative Adversarial Network
Xiaojian Yuan, Kejiang Chen, Jie Zhang, Weiming Zhang, Nenghai Yu, Yang Zhang; AAAI 2023Prompt Stealing Attacks Against Text-to-Image Generation Models
Xinyue Shen, Yiting Qu, Michael Backes, Yang Zhang2022
Amplifying Membership Exposure via Data Poisoning
Yufei Chen, Chao Shen, Yun Shen, Cong Wang, Yang Zhang; NeurIPS 2022Why So Toxic? Measuring and Triggering Toxic Behavior in Open-Domain Chatbots
Wai Man Si, Michael Backes, Jeremy Blackburn, Emiliano De Cristofaro, Gianluca Stringhini, Savvas Zannettou, Yang Zhang; CCS 2022pdf arxiv Media Coverage: Fast Company
Best Paper Award Honorable Mention
On the Privacy Risks of Cell-Based NAS Architectures
Hai Huang, Zhikun Zhang, Yun Shen, Michael Backes, Qi Li, Yang Zhang; CCS 2022Membership Inference Attacks by Exploiting Loss Trajectory
Yiyong Liu, Zhengyu Zhao, Michael Backes, Yang Zhang; CCS 2022Auditing Membership Leakages of Multi-Exit Networks
Zheng Li, Yiyong Liu, Xinlei He, Ning Yu, Michael Backes, Yang Zhang; CCS 2022Graph Unlearning
Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Mathias Humbert, Yang Zhang; CCS 2022SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders
Tianshuo Cong, Xinlei He, Yang Zhang; CCS 2022Finding MNEMON: Reviving Memories of Node Embeddings
Yun Shen, Yufei Han, Zhikun Zhang, Min Chen, Ting Yu, Michael Backes, Yang Zhang, Gianluca Stringhini; CCS 2022Semi-Leak: Membership Inference Attacks Against Semi-supervised Learning
Xinlei He, Hongbin Liu, Neil Zhenqiang Gong, Yang Zhang; ECCV 2022Teacher Model Fingerprinting Attacks Against Transfer Learning
Yufei Chen, Chao Shen, Cong Wang, Yang Zhang; USENIX Security 2022ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models
Yugeng Liu, Rui Wen, Xinlei He, Ahmed Salem, Zhikun Zhang, Michael Backes, Emiliano De Cristofaro, Mario Fritz, Yang Zhang; USENIX Security 2022Inference Attacks Against Graph Neural Networks
Zhikun Zhang, Min Chen, Michael Backes, Yun Shen, Yang Zhang; USENIX Security 2022On Xing Tian and the Perseverance of Anti-China Sentiment Online
Xinyue Shen, Xinlei He, Michael Backes, Jeremy Blackburn, Savvas Zannettou, Yang Zhang; ICWSM 2022Model Stealing Attacks Against Inductive Graph Neural Networks
Yun Shen, Xinlei He, Yufei Han, Yang Zhang; S&P 2022Get a Model! Model Hijacking Attack Against Machine Learning Models
Ahmed Salem, Michael Backes, Yang Zhang; NDSS 2022Property Inference Attacks Against GANs
Junhao Zhou, Yufei Chen, Chao Shen, Yang Zhang; NDSS 2022Dynamic Backdoor Attacks Against Machine Learning Models
Ahmed Salem, Rui Wen, Michael Backes, Shiqing Ma, Yang Zhang; EuroS&P 2022FairSR: Fairness-aware Sequential Recommendation through Multi-Task Learning with Preference Graph Embeddings
Cheng-Te Li, Cheng Hsu, Yang Zhang; ACM Transactions on Intelligent Systems and TechnologyFine-Tuning Is All You Need to Mitigate Backdoor Attacks
Zeyang Sha, Xinlei He, Pascal Berrang, Mathias Humbert, Yang ZhangDE-FAKE: Detection and Attribution of Fake Images Generated by Text-to-Image Generation Models
Zeyang Sha, Zheng Li, Ning Yu, Yang ZhangMembership Inference Attacks Against Text-to-image Generation Models
Yixin Wu, Ning Yu, Zheng Li, Michael Backes, Yang ZhangBackdoor Attacks in the Supply Chain of Masked Image Modeling
Xinyue Shen, Xinlei He, Zheng Li, Yun Shen, Michael Backes, Yang ZhangData Poisoning Attacks Against Multimodal Encoders
Ziqing Yang, Xinlei He, Zheng Li, Michael Backes, Mathias Humbert, Pascal Berrang, Yang ZhangMembership-Doctor: Comprehensive Assessment of Membership Inference Against Machine Learning Models
Xinlei He, Zheng Li, Weilin Xu, Cory Cornelius, Yang Zhang2021
Quantifying and Mitigating Privacy Risks of Contrastive Learning
Xinlei He, Yang Zhang; CCS 2021When Machine Unlearning Jeopardizes Privacy
Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Mathias Humbert, Yang Zhang; CCS 2021Membership Inference Attacks Against Recommender Systems
Minxing Zhang, Zhaochun Ren, Zihan Wang, Pengjie Ren, Zhumin Chen, Pengfei Hu, Yang Zhang; CCS 2021Membership Leakage in Label-Only Exposures
Zheng Li, Yang Zhang; CCS 2021BadNL: Backdoor Attacks Against NLP Models with Semantic-preserving Improvements
Xiaoyi Chen, Ahmed Salem, Michael Backes, Shiqing Ma, Qingni Shen, Zhonghai Wu, Yang Zhang; ACSAC 2021Stealing Links from Graph Neural Networks
Xinlei He, Jinyuan Jia, Michael Backes, Neil Zhenqiang Gong, Yang Zhang; USENIX Security 2021PrivSyn: Differentially Private Data Synthesis
Zhikun Zhang, Tianhao Wang, Jean Honorio, Ninghui Li, Michael Backes, Shibo He, Jiming Chen, Yang Zhang; USENIX Security 2021“Go eat a bat, Chang!”: On the Emergence of Sinophobic Behavior on Web Communities in the Face of COVID-19
Fatemeh Tahmasbi, Leonard Schild, Chen Ling, Jeremy Blackburn, Gianluca Stringhini, Yang Zhang, Savvas Zannettou; WWW 2021pdf arxiv Media Coverage: The Washington Post