Greetings and welcome to my homepage


I am currently a fourth-year Ph.D. candidate in Computer Science and Technology from Tsinghua-Berkeley Shenzhen Institute (TBSI), Tsinghua Shenzhen International Graduate School (SIGS), Tsinghua University, advised by Professor Yong Jiang and Professor Shu-Tao Xia. Before that, I received my B.S. degree with honor in Mathematics and Applied Mathematics from Ningbo University (Yangming Innovation Class) in 2018, advised by Professor Lifeng Xi. Currently, my research mainly focuses on AI security, especially backdoor learning, adversarial learning, data privacy, and copyright protection in deep learning. My research is supported by the Tsinghua ‘Future Scholar’ Ph.D. Fellowship.

I was a research intern at Ant Security Lab (2021, 2022), working with Dr. Haiqin Weng and Dr. Tao Wei; a research intern at Tencent AI Lab (2019, 2020), working with Dr. Baoyuan Wu and Dr. Zhifeng Li (supported by the Tencent Rhino-bird Elite Training Program); an intern at Wukong Investment (2018), working with Dr. Xinji Liu on ML-based high-frequency trading.

I will graduate in June 2023 (expected). Currently, I am looking for both academic and industrial job opportunities (especially post-doc positions regarding AI security) starting from Summer 2023. Feel free to connect if there are suitable opportunities!


  • 06/2022: Our survey about backdoor attacks and defenses is accepted by the IEEE TNNLS.
  • 06/2022: The attack part of our open-sourced Python toolbox BackdoorBox has been developed (10+ attacks). The defense part and the benchmark are coming soon. Feel free to check and play with it~
  • 04/2022: One patent is granted.
  • 01/2022: Two papers are accepted by the ICLR 2022. Their codes, posters, slides, and videos have been released.
  • 12/2021: I will visit the Secure Learning Lab at UIUC, working with Professor Bo Li (start from 2022).

Useful Resources

BackdoorBox: A Python Toolbox for Backdoor Attacks and Defenses

Github Repo about Backdoor Learning Resources

Technical Report about the ATT&CK Matrix of AI Security