Selected Publications and Preprints
Please refer to the Google Scholar for my full paper list.
Selected Preprints
Towards Stealthy Backdoor Attacks against Speech Recognition via Elements of Sound
Hanbo Cai, Pengcheng Zhang, Hai Dong, Yan Xiao, Stefanos Koffas, Yiming Li.
Under Review by IEEE Transactions on Information Forensics and Security (TIFS), 2023.
[Code]Backdoor Attack with Sparse and Invisible Trigger
Yinghua Gao, Yiming Li (co-first author, corresponding author), Xueluan Gong, Shu-Tao Xia, Qian Wang.
Under Review by IEEE Transactions on Information Forensics and Security (TIFS), 2023.
[Code]MOVE: Effective and Harmless Ownership Verification via Embedded External Features
Yiming Li, Linghui Zhu, Xiaojun Jia, Yang Bai, Yong Jiang, Shu-Tao Xia, Xiaochun Cao.
Under Review by IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2022. (The journal extension of our AAAI’22 conference paper)
[Code]BaDExpert: Extracting Backdoor Functionality for Accurate Backdoor Input Detection
Tinghao Xie, Xiangyu Qi, Ping He, Yiming Li, Jiachen T. Wang, Prateek Mittal.
arXiv, 2023.
Selected Conference Papers (5 ICLR, 3 NeurIPS, 3 ICCV, 1 ECCV, 2 AAAI)
Domain Watermark: Effective and Harmless Dataset Copyright Protection is Closed at Hand
Junfeng Guo, Yiming Li (co-first author, corresponding author), Lixu Wang, Shu-Tao Xia, Heng Huang, Cong Liu, Bo Li.
Annual Conference on Neural Information Processing Systems (NeurIPS), 2023. (To Appear)Setting the Trap: Capturing and Defeating Backdoor Threats in PLMs through Honeypots
Ruixiang Tang, Jiayi Yuan, Yiming Li (corresponding author), Zirui Liu, Rui Chen, Xia Hu.
Annual Conference on Neural Information Processing Systems (NeurIPS), 2023. (To Appear)One-bit Flip is All You Need: When Bit-flip Attack Meets Model Training
Jianshuo Dong, Han Qiu, Yiming Li (corresponding author), Tianwei Zhang, Yuanjie Li, Zeqi Lai, Chao Zhang, Shu-Tao Xia.
International Conference on Computer Vision (ICCV), 2023.
[Code]Towards Robust Model Watermark via Reducing Parametric Vulnerability
Guanhao Gan, Yiming Li, Dongxian Wu, Shu-Tao Xia.
International Conference on Computer Vision (ICCV), 2023.
[Code]BackdoorBox: A Python Toolbox for Backdoor Learning
Yiming Li, Mengxi Ya, Yang Bai, Yong Jiang, Shu-Tao Xia.
ICLR BANDS Workshop, 2023.
[Code] [Slides] [Video]SCALE-UP: An Efficient Black-box Input-level Backdoor Detection via Analyzing Scaled Prediction Consistency
Junfeng Guo, Yiming Li (co-first author), Xun Chen, Hanqing Guo, Lichao Sun, Cong Liu.
International Conference on Learning Representations (ICLR), 2023.
[Code]Revisiting the Assumption of Latent Separability for Backdoor Defenses
Xiangyu Qi, Tinghao Xie, Yiming Li (co-corresponding author), Saeed Mahloujifar, Prateek Mittal.
International Conference on Learning Representations (ICLR), 2023.
[Code]Defending Against Backdoor Attacks by Layer-wise Feature Analysis
Najeeb Moharram Jebreel, Josep Domingo-Ferrer, Yiming Li.
The Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD), 2023. (Best Paper Award)
[Code]Generating Transferable 3D Adversarial Point Cloud via Random Perturbation Factorization
Bangyan He, Jian Liu, Yiming Li, Siyuan Liang, Jingzhi Li, Xiaojun Jia, Xiaochun Cao.
AAAI Conference on Artificial Intelligence (AAAI), 2023.
[Code]Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection
Yiming Li, Yang Bai, Yong Jiang, Yong Yang, Shu-Tao Xia, Bo Li.
Annual Conference on Neural Information Processing Systems (NeurIPS), 2022. (Oral, TOP 2%)
[Code] [Poster] [Slides] [Video] [News]Few-Shot Backdoor Attacks on Visual Object Tracking
Yiming Li, Haoxiang Zhong, Xingjun Ma, Yong Jiang, Shu-Tao Xia.
International Conference on Learning Representations (ICLR), 2022.
[Code] [Poster] [Slides] [Video] [News]Backdoor Defense via Decoupling the Training Process
Kunzhe Huang, Yiming Li (co-first author), Baoyuan Wu, Zhan Qin, Kui Ren.
International Conference on Learning Representations (ICLR), 2022.
[Code] [Poster] [Slides] [Video]Defending against Model Stealing via Verifying Embedded External Features
Yiming Li, Linghui Zhu, Xiaojun Jia, Yong Jiang, Shu-Tao Xia, Xiaochun Cao.
AAAI Conference on Artificial Intelligence (AAAI), 2022. (Best Paper of Adversarial for Good Award, ICML’21 AdvML Workshop)
[Code] [Poster] [Slides] [Video] [Workshop Version]Backdoor Attack against Speaker Verification
Tongqing Zhai, Yiming Li (co-first author, co-corresponding author), Ziqi Zhang, Baoyuan Wu, Yong Jiang, Shu-Tao Xia.
International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2021.
[Code] [Poster] [Slides] [Video]Backdoor Attack in the Physical World
Yiming Li, Tongqing Zhai, Yong Jiang, Zhifeng Li, Shu-Tao Xia.
ICLR RobustML Workshop, 2021.
[Code]Invisible Backdoor Attack with Sample-Specific Triggers
Yuezun Li, Yiming Li (first student author), Baoyuan Wu, Longkang Li, Ran He, Siwei Lyu.
International Conference on Computer Vision (ICCV), 2021.
[Code]Targeted Attack against Deep Neural Networks via Flipping Limited Weight Bits
Jiawang Bai, Baoyuan Wu, Yong Zhang, Yiming Li, Zhifeng Li, Shu-Tao Xia.
International Conference on Learning Representations (ICLR), 2021.
[Code] [Poster] [Video]Targeted Attack for Deep Hashing based Retrieval
Jiawang Bai, Bin Chen, Yiming Li (co-first author), Dongxian Wu, Weiwei Guo, Shu-Tao Xia, Enhui Yang.
European Conference on Computer Vision (ECCV), 2020. (Oral, TOP 2%)
[Code] [Slides]
Selected Journal Articles (1 TIFS, 3 PR, 1 TNNLS, 1 IoTJ)
Black-box Dataset Ownership Verification via Backdoor Watermarking
Yiming Li, Mingyan Zhu, Xue Yang, Yong Jiang, Tao Wei, Shu-Tao Xia.
IEEE Transactions on Information Forensics and Security (TIFS), 2023.
[Code] [Workshop Version] [Media Cover (IEEE Spectrum)] [News]Not All Samples Are Born Equal: Towards Effective Clean-Label Backdoor Attacks
Yinghua Gao, Yiming Li (co-first author, corresponding author), Linghui Zhu, Dongxian Wu, Yong Jiang, Shu-Tao Xia.
Pattern Recognition, 2023.Backdoor Learning: A Survey
Yiming Li, Yong Jiang, Zhifeng Li, Shu-Tao Xia.
IEEE Transactions on Neural Networks and Learning Systems (TNNLS), 2022.
[Github Resources]Semi-supervised Robust Training with Generalized Perturbed Neighborhood
Yiming Li, Baoyuan Wu, Yan Feng, Yanbo Fan, Yong Jiang, Zhifeng Li, Shu-Tao Xia.
Pattern Recognition, 2022. (Best Student Research Award, TBSI-WODS’19)
[Code]Multinomial Random Forest
Jiawang Bai, Yiming Li (co-first author), Jiawei Li, Xue Yang, Yong Jiang, Shu-Tao Xia.
Pattern Recognition, 2022.
[Code]A Fine-grained Differentially Private Federated Learning against Leakage from Gradients
Linghui Zhu, Xinyi Liu, Yiming Li, Xue Yang, Shu-Tao Xia, Rongxing Lu.
IEEE Internet of Things Journal (IoT Journal), 2022.
[Code]
Books and Others
Poisoning-based Backdoor Attacks in Computer Vision
Yiming Li.
Ph.D. Dissertation, 2023.
[Slides]Chapter 4: The Robust and Harmless Model Watermarking
Yiming Li, Linghui Zhu, Yang Bai, Yong Jiang, Shu-Tao Xia.
Digital Watermarking for Machine Learning Model: Techniques, Protocols and Applications. Springer, 2023.Poisoning-based Backdoor Attacks in Computer Vision
Yiming Li.
AAAI Conference on Artificial Intelligence (AAAI), 2023. (Doctoral Consortium)
[Slides]Tencent AI Lab (Baoyuan Wu, Yanbo Fan, Yong Zhang, Yiming Li (first and only student author), Zhifeng Li, Wei Liu), Tencent Zhuque Lab (viking, jifengzhu, allenszch, ucasjh, dylan, xunsu). The ATT&CK Matrix of AI Security, 2020/09/18. [Download] [Website][Media1] [Media2] [Media3] [Media4] [Media5] [Media6]…
Patents
- 李一鸣, 刘焱, 翁海琴, 江勇, 夏树涛. 一种模型的所有权验证方法、装置、存储介质及电子设备. (发明专利,已进入实质审查,CN202211146432.4)
- 李一鸣, 刘焱, 钟昊翔, 翁海琴, 江勇, 夏树涛. 一种模型所有权验证方法、装置、存储介质及设备. (发明专利,已进入实质审查,CN202211145984.3)
- 李一鸣, 刘焱, 朱玲慧, 翁海琴, 江勇, 夏树涛. 一种模型的所有权验证方法、装置、存储介质及设备. (发明专利,已进入实质审查,CN202211146420.1)
- 李一鸣, 白杨, 杨勇, 江勇, 夏树涛. 一种数据处理方法、装置、设备及可读取存储介质. (发明专利,已受理,CN202211102363.7)
- 李一鸣, 白杨, 杨勇, 江勇, 夏树涛. 分类模型的训练方法、数据分类方法、装置、设备及介质. (发明专利,已受理,CN202211138734.7)
- 李一鸣, 邱伟峰, 薛峰, 江勇, 夏树涛. 针对模型解释工具的评测方法和装置. (发明专利, 已授权, CN202111600136.2)
- 李一鸣, 朱玲慧, 邱伟峰, 江勇, 夏树涛. 基于外源特征进行模型所有权验证的方法和装置. (发明专利, 已进入实质审查, CN202111417245.0)
- 李一鸣, 张子琪, 邱伟峰, 江勇, 夏树涛. 用于数据集的所有权验证方法和装置. (发明专利, 已进入实质审查, CN202111407783.1)
- 李一鸣, 刘沛东, 邱伟峰, 江勇, 夏树涛. 用于保护图像样本集的隐私信息的方法和装置. (发明专利, 已进入实质审查, CN202111415199.0)
- 李一鸣, 吴保元, 张勇, 樊艳波, 李志锋, 刘威, 冯岩, 江勇, 夏树涛. 一种图像识别模型的训练方法、图像识别的方法及装置. (发明专利, 已授权, CN202010182180.5, HKS202989-CN)
- 李一鸣, 吴保元, 江勇, 李志锋, 夏树涛, 刘威. 图像分类模型后门攻击的防御方法、装置、设备及介质. (发明专利, 已进入实质审查, CN202011122124.9)
- 林佳滢, 李一鸣, 翁海琴. 用于图像保护的主动防御方法和装置. (发明专利, 已进入实质审查, CN202111583667.5)