Welcome to my homepage


I am currently a third year Ph.D. candidate from the Tsinghua-Berkeley Shenzhen Institute (TBSI), Tsinghua Shenzhen International Graduate School (SIGS) at Tsinghua University, China. Before that, I received my B.S. degree in Mathematics and Applied Mathematics from Ningbo University, China, in 2018. My research mainly focus on the AI security, including

  • Model Security of the Training Process (mainly on the Backdoor Learning)
  • Model Security of the Inference Process (mainly on the Adversarial Learning and Robust Machine Learning)
  • Data Privacy

Github Repo about Backdoor Learning Resources

The ATT&CK Matrix of AI Security (in Chinese) (It is the first technical report comprehensively covering different kinds of security threats in the full cycle of an AI system.)


  • 06/2021: One paper is accepted by ICML Workshop 2021. Its codes will be released on Github when we publish its extension.
  • 06/2021: I will work as a research intern at the Ant Security Lab, Alibaba Group, start from June 2021.
  • 05/2021: So glad to pass my Ph.D. qualifying exam. I am officially a Ph.D. candidate now.
  • 04/2021: Posters, slides, and videos of our ICASSP’21 papers are uploaded. Looking forward to seeing you all in June.
  • 03/2021: Two papers are accepted by ICLR Workshop 2021. Their codes will be released on Github when we publish their extensions.



* indicates equal contribution; ^ indicates corresponding author

Model Security of the Training Process

  • Tongqing Zhai*, Yiming Li*^, Ziqi Zhang, Baoyuan Wu, Yong Jiang, Shu-Tao Xia. Backdoor Attack against Speaker Verification. ICASSP, 2021.[arXiv][Code][Poster][Slides][Video]

  • Yiming Li, Tongqing Zhai, Yong Jiang, Zhifeng Li, Shu-Tao Xia. Backdoor Attack in the Physical World. ICLR Workshop, 2021. [arXiv][Poster][Extension]

  • Yiming Li*, Yanjie Li*, Yalei Lv, Yong Jiang, Shu-Tao Xia. Hidden Backdoor Attack against Semantic Segmentation Models. ICLR Workshop, 2021. [arXiv][Poster][Slides][Video]

  • Jiawang Bai, Baoyuan Wu, Yong Zhang, Yiming Li, Zhifeng Li, Shu-Tao Xia. Targeted Attack against Deep Neural Networks via Flipping Limited Weight Bits. ICLR, 2021. [arXiv][Code][Poster][Video]

  • Yiming Li, Baoyuan Wu, Yong Jiang, Zhifeng Li, Shu-Tao Xia. Backdoor Learning: A Survey. Under Review, 2020. [arXiv][Github Resources]
  • Yuezun Li, Yiming Li, Baoyuan Wu, Longkang Li, Ran He, Siwei Lyu. Backdoor Attack with Sample-Specific Triggers. Under Review, 2020. [arXiv]

Model Security of the Inference Process

  • Jiawang Bai*, Bin Chen*, Yiming Li*, Dongxian Wu, Weiwei Guo, Shu-Tao Xia, Enhui Yang. Targeted Attack for Deep Hashing based Retrieval. ECCV (oral, TOP 2%), 2020. [arXiv][Code][Slides]

  • Yiming Li*, Yang Zhang*, Qingtao Tang, Weipeng Huang, Yong Jiang, Shu-Tao Xia. t-k-means: A Robust and Stable k-means Variant. ICASSP, 2021. [arXiv][Code][Poster][Slides][Video]

  • Jia Xu*, Yiming Li*, Yong Jiang, Shu-Tao Xia. Adversarial Defense via Local Flatness Regularization. ICIP, 2020. [arXiv][Code][Slides]

  • Yiming Li, Baoyuan Wu, Yan Feng, Yanbo Fan, Yong Jiang, Zhifeng Li, Shu-Tao Xia. Semi-supervised Robust Training with Generalized Perturbed Neighborhood. Under Review, 2020. (Best Student Research Award of TBSI-WODS 2019, TOP-1) [Preprint][Code]

Data Privacy

  • Yiming Li*, Peidong Liu*, Yong Jiang, Shu-Tao Xia. Visual Privacy Protection via Mapping Distortion. ICASSP, 2021. [arXiv][Code][Poster][Slides][Video]

  • Linghui Zhu*, Yiming Li*^, Xiaojun Jia, Yong Jiang, Shu-Tao Xia, Xiaochun Cao. Defending against Model Stealing Attacks via Verifying Embedded External Features. ICML Workshop (oral, TOP 10%), 2021.[Link]

  • Yiming Li, Ziqi Zhang, Jiawang Bai, Baoyuan Wu, Yong Jiang, Shu-Tao Xia. Open-sourced Dataset Protection via Backdoor Watermarking. NeurIPS Workshop, 2020. [arXiv][Code][Poster]

  • Yiming Li*, Jiawang Bai*, Jiawei Li, Chun Li, Yong Jiang, Xue Yang, Shu-Tao Xia. Multinomial Random Forest: Toward Consistency and Privacy-Preservation. Under Review, 2020. [arXiv][Code]

Other Topics

  • Yiming Li, Lifeng Xi. Manhattan Property of Geodesic Paths on Self-affine Carpets. Archiv der Mathematik, 2018. [Link]

  • Jiawei Li, Yiming Li, Xingchun Xiang, Shu-Tao Xia, Siyi Dong, Yun Cai. TNT: An Interpretable Tree-Network-Tree Learning Framework using Knowledge Distillation. Entropy, 2020. [Link][Code]

  • Yiming Li*, Jiawang Bai*, Jiawei Li, Xue Yang, Yong Jiang, Shu-Tao Xia. Rectified Decision Trees: Exploring the Landscape of Interpretable and Effective Machine Learning. Under Review, 2020. [arXiv]

Technical Reports and Invited Talks

  • Tencent AI Lab (Baoyuan Wu, Yanbo Fan, Yong Zhang, Yiming Li, Zhifeng Li, Wei Liu), Tencent Zhuque Lab (viking, jifengzhu, allenszch, ucasjh, dylan, xunsu). The ATT&CK Matrix of AI Security (in Chinese), 2020/09/18. [Download] [Media1] [Media2] [Media3] [Media4] [Media5] [Media6]

  • A Brief Introduction of Backdoor Learning, Southwest Jiaotong University, 2021/04/12. [Slides]

  • Backdoor Attack: A New Security Threat towards the Training of DNNs, AI Drive (online), 2021/01/20. [Slides][Video]

  • A Brief Introduction of Backdoor Learning, The Chinese University of Hong Kong, Shenzhen (CUHK-SZ), 2020/12/05. [Slides]

  • How to Improve Model Robustness via Adopting Unlabeled Data, CCF Young Computer Scientists & Engineers Forum, Shenzhen (CCF-YOCSEF-SZ), 2020/08/22. [Slides]

Work Experiences

  • Research Intern (Talent Program), Ant Security Lab, Alibaba Group, June 2021 - Present
    • Working on AI Security
  • Visiting Ph.D. Student (online), The Chinese University of Hong Kong, Shenzhen (CUHK-SZ), Dec 2020 - Apr 2021
    • Working on Backdoor Learning
    • Supervisor: Dr. Baoyuan Wu, Associate Professor
  • Research Intern, Tencent AI Lab, Jul 2019 - Oct 2020
    • Supported by the Tencent Rhino-bird Elite Training Program, working on AI Security
    • Mentor: Dr. Baoyuan Wu, Principle Research Scientist
    • Partly involved in the Tencent technical report, The ATT&CK Matrix of AI Security (in Chinese) [Link] [News]. Mainly responsible for backdoor-related sections and report editing.
  • Intern, Department of Vision Technology, OPPO, May 2019 - Jun 2019
    • Supported by the TBSI Capstone Project, working on human instance segmentation
    • Mentor: Haidong Huang, Senior Algorithm Engineer
  • Intern, Department of Quantitative Investment, Wukong Investment Management Company, July 2018 - Sept 2018
    • Working on ML-based algorithms development in high-frequency trading
    • Mentor: Dr. Xinji Liu, Deputy Manager of Quantitative Investment Department


  • Spring, 2021. TA in Optimization Theory and Machine Learning, instructed by Prof. Somayeh Sojoudi.

Awards and Honors

  • Best Student Research Award of TBSI Workshop on Data Science (TOP-1), 2019.
  • Outstanding Undergraduate Thesis Award in Ningbo University (TOP 5%), 2018.
  • First Prize of Chinese Mathematics Competition (TOP 3%), 2016.
  • First Prize of China Undergraduate Mathematical Contest in Modeling (TOP 1%), 2015.
  • Tsinghua ‘Future Scholar’ Ph.D. Scholarship (TOP-2 in TBSI), 2020.
  • Tencent Rhino-bird Elite Training Program (TOP 10%), 2020.
  • Undergraduate National Scholarship (TOP 1%), 2017.
  • Outstanding Graduate of Zhejiang Province (TOP 1%), 2018.


  • 李一鸣, 吴保元, 张勇, 樊艳波, 李志锋, 刘威, 冯岩, 江勇, 夏树涛. 一种图像识别模型的训练方法、图像识别的方法及装置. (发明专利, 申请号: CN2020101821805, HKS202989-CN)

  • 李一鸣, 吴保元, 江勇, 李志锋, 夏树涛, 刘威. 图像分类模型后门攻击的防御方法、装置、设备及介质. (发明专利, 申请号: CN2020111221249)


  • Reviewer, IEEE Transactions on Industrial Informatics (TII), IEEE Transactions on Circuits and Systems for Video Technology (TCSVT), Neurocomputing
  • Program Committee Member, NeurIPS, ICML, CVPR, AISTATS, AAAI, IJCAI, ICONIP, ISPA
  • Executive Chairman Committee Member, TBSI Workshop on Data Science (TBSI-WODS), 2019
  • Lecturer and Consultant (paper writing and submission track), Academic Servicing Center of Tsinghua University, 2021
  • Secretary of Masters Thesis Committee, Tsinghua-Berkeley Shenzhen Institute, 2021.