Publications

'*' indicates equal contribution
TH-CPL: list of recommended conferences and journals in computer science at Tsinghua University

Training Security of ML Models: Backdoor Learning & Robust Machine Learning

• Few-Shot Backdoor Attacks on Visual Object Tracking
  Yiming Li*, Haoxiang Zhong*, Xingjun Ma, Yong Jiang, Shu-Tao Xia
  International Conference on Learning Representations (ICLR), 2022
  [TH-CPL: A]
  [Code] [Poster] [Slides] [Video]

• Backdoor Defense via Decoupling the Training Process
  Kunzhe Huang*, Yiming Li*, Baoyuan Wu, Zhan Qin, Kui Ren
  International Conference on Learning Representations (ICLR), 2022
  [TH-CPL: A]
  [Code] [Poster] [Slides] [Video]

• t-k-means: A Robust and Stable k-means Variant
  Yiming Li*, Yang Zhang*, Qingtao Tang, Weipeng Huang, Yong Jiang, Shu-Tao Xia
  International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2021
  [TH-CPL: B]
  [Code] [Poster] [Slides] [Video]

• Backdoor Attack against Speaker Verification
  Tongqing Zhai*, Yiming Li* (corresponding author), Ziqi Zhang, Baoyuan Wu, Yong Jiang, Shu-Tao Xia
  International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2021
  [TH-CPL: B], top-tier conference in Speech Recognition
  [Code] [Poster] [Slides] [Video]

• Invisible Backdoor Attack with Sample-Specific Triggers
  Yuezun Li, Yiming Li, Baoyuan Wu, Longkang Li, Ran He, Siwei Lyu
  International Conference on Computer Vision (ICCV), 2021
  [TH-CPL: A]
  [Code]

• Targeted Attack against Deep Neural Networks via Flipping Limited Weight Bits
  Jiawang Bai, Baoyuan Wu, Yong Zhang, Yiming Li, Zhifeng Li, Shu-Tao Xia
  International Conference on Learning Representations (ICLR), 2021
  [TH-CPL: A]
  [Code] [Poster] [Video]

• Rethinking the Trigger of Backdoor Attacks: Towards Physical Backdoor Threats
  Yiming Li, Mengxi Ya, Feng Xue, Tongqing Zhai, Yong Jiang, Tao Wei, Shu-Tao Xia
  Under review by IEEE Transactions on Dependable and Secure Computing (TDSC), 2022
  The journal version of our workshop paper

• Backdoor Learning: A Survey
  Yiming Li, Yong Jiang, Zhifeng Li, Shu-Tao Xia
  [Github Resources]

• Backdoor Attack in the Physical World
  Yiming Li, Tongqing Zhai, Yong Jiang, Zhifeng Li, Shu-Tao Xia
  International Conference on Learning Representations (ICLR) Workshop, 2021
  [Poster]

• Hidden Backdoor Attack against Semantic Segmentation Models
  Yiming Li*, Yanjie Li*, Yalei Lv, Yong Jiang, Shu-Tao Xia
  International Conference on Learning Representations (ICLR) Workshop, 2021
  [Poster] [Slides] [Video]

• BackdoorBox: A Python Toolbox for Backdoor Learning
  Yiming Li*, Mengxi Ya*, Yang Bai, Yong Jiang, Shu-Tao Xia
  [Code]

Inference Security of ML Models: Adversarial Learning

• Semi-supervised Robust Training with Generalized Perturbed Neighborhood
  Yiming Li, Baoyuan Wu, Yan Feng, Yanbo Fan, Yong Jiang, Zhifeng Li, Shu-Tao Xia
  Pattern Recognition, 2021 (Best Student Research Award of TBSI-WODS, 2019)
  [JCR-1]
  [Code]

• Targeted Attack for Deep Hashing based Retrieval
  Jiawang Bai*, Bin Chen*, Yiming Li*, Dongxian Wu, Weiwei Guo, Shu-Tao Xia, Enhui Yang
  European Conference on Computer Vision (ECCV) (oral, TOP 2%), 2020
  [TH-CPL: A]
  [Code] [Slides]

• Adversarial Defense via Local Flatness Regularization
  Jia Xu*, Yiming Li*, Yong Jiang, Shu-Tao Xia
  International Conference on Image Processing (ICIP), 2020
  [TH-CPL: B]
  [Code] [Slides]

• Regional Adversarial Training for Better Robust Generalization
  Chuanbiao Song, Yanbo Fan, Yichen Yang, Baoyuan Wu, Yiming Li, Zhifeng Li, Kun He
  arXiv preprint 2109.00678

Data Security & Privacy

• Multinomial Random Forest
  Jiawang Bai*, Yiming Li*, Jiawei Li, Xue Yang, Yong Jiang, Shu-Tao Xia
  Pattern Recognition, 2021
  [JCR-1]
  [Code]

• A Fine-grained Differentially Private Federated Learning against Leakage from Gradients
  Linghui Zhu, Xinyi Liu, Yiming Li, Xue Yang, Shu-Tao Xia, Rongxing Lu
  IEEE Internet of Things Journal (IoT Journal), 2021
  [JCR-1]

• Defending against Model Stealing via Verifying Embedded External Features
  Yiming Li*, Linghui Zhu*, Xiaojun Jia, Yong Jiang, Shu-Tao Xia, Xiaochun Cao
  AAAI Conference on Artificial Intelligence (AAAI), 2022 (Best Paper of Adversarial for Good Award, ICML’21 AdvML Workshop)
  [TH-CPL: A]
  [Code] [Poster] [Slides] [Video] [Workshop Version]

• Visual Privacy Protection via Mapping Distortion
  Yiming Li*, Peidong Liu*, Yong Jiang, Shu-Tao Xia
  International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2021
  [TH-CPL: B]
  [Code] [Poster] [Slides] [Video]

• MOVE: Effective and Harmless Model Ownership Verification via Embedded External Features
  Yiming Li, Linghui Zhu, Xiaojun Jia, Yong Jiang, Shu-Tao Xia, Xiaochun Cao
  Under review by IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2022
  The journal extension of our work in AAAI-2022

• Black-box Ownership Verification for Dataset Protection via Backdoor Watermarking
  Yiming Li, Mingyan Zhu, Xue Yang, Yong Jiang, Shu-Tao Xia, Rongxing Lu
  Under review by IEEE Transactions on Dependable and Secure Computing (TDSC), 2022
  The journal version of our workshop paper

• Open-sourced Dataset Protection via Backdoor Watermarking
  Yiming Li, Ziqi Zhang, Jiawang Bai, Baoyuan Wu, Yong Jiang, Shu-Tao Xia
  Neural Information Processing Systems (NeurIPS) Workshop, 2020
  [Code] [Poster]

Other Topics

• Manhattan Property of Geodesic Paths on Self-affine Carpets
  Yiming Li, Lifeng Xi
  Archiv der Mathematik, 2018

• TNT: An Interpretable Tree-Network-Tree Learning Framework using Knowledge Distillation
  Jiawei Li, Yiming Li, Xingchun Xiang, Shu-Tao Xia, Siyi Dong, Yun Cai
  Entropy, 2020

• Rectified Decision Trees: Exploring the Landscape of Interpretable and Effective Machine Learning
  Yiming Li*, Jiawang Bai*, Jiawei Li, Xue Yang, Yong Jiang, Shu-Tao Xia
  arXiv preprint 2008.09413

Technical Reports

• Tencent AI Lab (Baoyuan Wu, Yanbo Fan, Yong Zhang, Yiming Li, Zhifeng Li, Wei Liu), Tencent Zhuque Lab (viking, jifengzhu, allenszch, ucasjh, dylan, xunsu). The ATT&CK Matrix of AI Security, 2020/09/18. [Download] [Website][Media1] [Media2] [Media3] [Media4] [Media5] [Media6]…

Patents

• 李一鸣, 邱伟峰, 薛峰, 江勇, 夏树涛. 针对模型解释工具的评测方法和装置. (发明专利, 已授权, CN202111600136.2)
• 李一鸣, 朱玲慧, 邱伟峰, 江勇, 夏树涛. 基于外源特征进行模型所有权验证的方法和装置. (发明专利, 已进入实质审查, CN202111417245.0)
• 李一鸣, 张子琪, 邱伟峰, 江勇, 夏树涛. 用于数据集的所有权验证方法和装置. (发明专利, 已进入实质审查, CN202111407783.1)
• 李一鸣, 刘沛东, 邱伟峰, 江勇, 夏树涛. 用于保护图像样本集的隐私信息的方法和装置. (发明专利, 已进入实质审查, CN202111415199.0)
• 李一鸣, 吴保元, 张勇, 樊艳波, 李志锋, 刘威, 冯岩, 江勇, 夏树涛. 一种图像识别模型的训练方法、图像识别的方法及装置. (发明专利, 已进入实质审查, CN202010182180.5, HKS202989-CN)
• 李一鸣, 吴保元, 江勇, 李志锋, 夏树涛, 刘威. 图像分类模型后门攻击的防御方法、装置、设备及介质. (发明专利, 申请已公布, CN202011122124.9)
• 林佳滢, 李一鸣, 翁海琴. 用于图像保护的主动防御方法和装置. (发明专利, 已进入实质审查, CN202111583667.5)