Selected Publications and Preprints

Please refer to the Google Scholar for my full paper list.

Selected Preprints

• TAPI: Towards Target-Specific and Adversarial Prompt Injection against Code LLMs
  Yuchen Yang, Hongwei Yao, Bingrun Yang, Yiling He, Yiming Li (co-corresponding author), Tianwei Zhang, Zhan Qin, Kui Ren.
  arXiv, 2024.

• Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution
  Shuo Shao, Yiming Li (co-corresponding author), Hongwei Yao, Yiling He, Zhan Qin, Kui Ren.
  arXiv, 2024.

• Towards Sample-specific Backdoor Attack with Clean Labels via Attribute Trigger
  Yiming Li, Mingyan Zhu, Junfeng Guo, Tao Wei, Shu-Tao Xia, Zhan Qin.
  Under Review by IEEE Transactions on Dependable and Secure Computing (TDSC), 2023.
  

• MOVE: Effective and Harmless Ownership Verification via Embedded External Features
  Yiming Li, Linghui Zhu, Xiaojun Jia, Yang Bai, Yong Jiang, Shu-Tao Xia, Xiaochun Cao.
  Under Review by IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2022. (The journal extension of our AAAI’22 conference paper)
  [Code]

Selected Conference Papers

Stats: 8 ICLR, 3 NeurIPS, 2 ICML, 2 CVPR, 3 ICCV, 2 ECCV, 2 AAAI, 1 IJCAI

• Model-agnostic Origin Attribution of Generated Images with Few-shot Examples
  Fengyuan Liu, Haochen Luo, Yiming Li, Philip Torr, Jindong Gu.
  European Conference on Computer Vision (ECCV), 2024.

• IBD-PSC: Input-level Backdoor Detection via Parameter-oriented Scaling Consistency
  Linshan Hou, Ruili Feng, Zhongyun Hua, Wei Luo, Leo Yu Zhang, Yiming Li (co-corresponding author).
  International Conference on Machine Learning (ICML), 2024.
  [Code]

• Purifying Quantization-conditioned Backdoors via Layer-wise Activation Correction with Distribution Approximation
  Boheng Li, Yishuo Cai, Jisong Cai, Yiming Li (corresponding author), Han Qiu, Run Wang, Tianwei Zhang.
  International Conference on Machine Learning (ICML), 2024.
  [Code]

• Nearest Is Not Dearest: Towards Practical Defense against Quantization-conditioned Backdoor Attacks
  Boheng Li, Yishuo Cai, Haowei Li, Feng Xue, Zhifeng Li, Yiming Li (corresponding author).
  IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2024.
  [Code]

• Not All Prompts Are Secure: A Switchable Backdoor Attack against Pre-trained Models
  Sheng Yang, Jiawang Bai, Kuofeng Gao, Yong Yang, Yiming Li (co-corresponding author), Shu-Tao Xia.
  IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2024.
  [Code]

• Towards Reliable and Efficient Backdoor Trigger Inversion via Decoupling Benign Features
  Xiong Xu, Kunzhe Huang, Yiming Li (co-first author, co-corresponding author), Zhan Qin, Kui Ren.
  International Conference on Learning Representations (ICLR), 2024. (Spotlight, TOP 5%)
  [Code]

• Towards Faithful XAI Evaluation via Generalization-Limited Backdoor Watermark
  Mengxi Ya, Yiming Li (co-first author, corresponding author), Tao Dai, Bin Wang, Yong Jiang, Shu-Tao Xia.
  International Conference on Learning Representations (ICLR), 2024.
  [Code]

• BaDExpert: Extracting Backdoor Functionality for Accurate Backdoor Input Detection
  Tinghao Xie, Xiangyu Qi, Ping He, Yiming Li (co-corresponding author), Jiachen T. Wang, Prateek Mittal.
  International Conference on Learning Representations (ICLR), 2024.
  [Code]

• Domain Watermark: Effective and Harmless Dataset Copyright Protection is Closed at Hand
  Junfeng Guo, Yiming Li (co-first author, corresponding author), Lixu Wang, Shu-Tao Xia, Heng Huang, Cong Liu, Bo Li.
  Annual Conference on Neural Information Processing Systems (NeurIPS), 2023.
  [Code]

• Setting the Trap: Capturing and Defeating Backdoor Threats in PLMs through Honeypots
  Ruixiang Tang, Jiayi Yuan, Yiming Li (corresponding author), Zirui Liu, Rui Chen, Xia Hu.
  Annual Conference on Neural Information Processing Systems (NeurIPS), 2023.
  Ruixiang is currently busy for seeking faculty job (Contact him if you’re interested!). The codes will be released later.

• One-bit Flip is All You Need: When Bit-flip Attack Meets Model Training
  Jianshuo Dong, Han Qiu, Yiming Li (corresponding author), Tianwei Zhang, Yuanjie Li, Zeqi Lai, Chao Zhang, Shu-Tao Xia.
  International Conference on Computer Vision (ICCV), 2023.
  [Code]

• Towards Robust Model Watermark via Reducing Parametric Vulnerability
  Guanhao Gan, Yiming Li, Dongxian Wu, Shu-Tao Xia.
  International Conference on Computer Vision (ICCV), 2023.
  [Code]

• BackdoorBox: A Python Toolbox for Backdoor Learning
  Yiming Li, Mengxi Ya, Yang Bai, Yong Jiang, Shu-Tao Xia.
  ICLR BANDS Workshop, 2023.
  [Code] [Slides] [Video]

• SCALE-UP: An Efficient Black-box Input-level Backdoor Detection via Analyzing Scaled Prediction Consistency
  Junfeng Guo, Yiming Li (co-first author), Xun Chen, Hanqing Guo, Lichao Sun, Cong Liu.
  International Conference on Learning Representations (ICLR), 2023.
  [Code]

• Revisiting the Assumption of Latent Separability for Backdoor Defenses
  Xiangyu Qi, Tinghao Xie, Yiming Li (co-corresponding author), Saeed Mahloujifar, Prateek Mittal.
  International Conference on Learning Representations (ICLR), 2023.
  [Code]

• Defending Against Backdoor Attacks by Layer-wise Feature Analysis
  Najeeb Moharram Jebreel, Josep Domingo-Ferrer, Yiming Li.
  The Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD), 2023. (Best Paper Award)
  It is also invited to appear in IJCAI 2024 (Sisters Conference Track).
  [Code]

• Generating Transferable 3D Adversarial Point Cloud via Random Perturbation Factorization
  Bangyan He, Jian Liu, Yiming Li, Siyuan Liang, Jingzhi Li, Xiaojun Jia, Xiaochun Cao.
  AAAI Conference on Artificial Intelligence (AAAI), 2023.
  [Code]

• Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection
  Yiming Li, Yang Bai, Yong Jiang, Yong Yang, Shu-Tao Xia, Bo Li.
  Annual Conference on Neural Information Processing Systems (NeurIPS), 2022. (Oral, TOP 2%)
  [Code] [Poster] [Slides] [Video] [News]

• Few-Shot Backdoor Attacks on Visual Object Tracking
  Yiming Li, Haoxiang Zhong, Xingjun Ma, Yong Jiang, Shu-Tao Xia.
  International Conference on Learning Representations (ICLR), 2022.
  [Code] [Poster] [Slides] [Video] [News]

• Backdoor Defense via Decoupling the Training Process
  Kunzhe Huang, Yiming Li (co-first author), Baoyuan Wu, Zhan Qin, Kui Ren.
  International Conference on Learning Representations (ICLR), 2022.
  [Code] [Poster] [Slides] [Video]

• Defending against Model Stealing via Verifying Embedded External Features
  Yiming Li, Linghui Zhu, Xiaojun Jia, Yong Jiang, Shu-Tao Xia, Xiaochun Cao.
  AAAI Conference on Artificial Intelligence (AAAI), 2022. (Best Paper of Adversarial for Good Award, ICML’21 AdvML Workshop)
  [Code] [Poster] [Slides] [Video] [Workshop Version]

• Backdoor Attack against Speaker Verification
  Tongqing Zhai, Yiming Li (co-first author, co-corresponding author), Ziqi Zhang, Baoyuan Wu, Yong Jiang, Shu-Tao Xia.
  International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2021.
  [Code] [Poster] [Slides] [Video]

• Backdoor Attack in the Physical World
  Yiming Li, Tongqing Zhai, Yong Jiang, Zhifeng Li, Shu-Tao Xia.
  ICLR RobustML Workshop, 2021.
  [Code]

• Invisible Backdoor Attack with Sample-Specific Triggers
  Yuezun Li, Yiming Li (first student author), Baoyuan Wu, Longkang Li, Ran He, Siwei Lyu.
  International Conference on Computer Vision (ICCV), 2021.
  [Code]

• Targeted Attack against Deep Neural Networks via Flipping Limited Weight Bits
  Jiawang Bai, Baoyuan Wu, Yong Zhang, Yiming Li, Zhifeng Li, Shu-Tao Xia.
  International Conference on Learning Representations (ICLR), 2021.
  [Code] [Poster] [Video]

• Targeted Attack for Deep Hashing based Retrieval
  Jiawang Bai, Bin Chen, Yiming Li (co-first author), Dongxian Wu, Weiwei Guo, Shu-Tao Xia, Enhui Yang.
  European Conference on Computer Vision (ECCV), 2020. (Oral, TOP 2%)
  [Code] [Slides]

Selected Journal Articles

Stats: 3 TIFS, 1 IJCV, 3 PR, 1 TNNLS

• Backdoor Attack with Sparse and Invisible Trigger
  Yinghua Gao, Yiming Li (co-first author, corresponding author), Xueluan Gong, Zhifeng Li, Shu-Tao Xia, Qian Wang.
  IEEE Transactions on Information Forensics and Security (TIFS), 2024.
  [Code]

• Towards Stealthy Backdoor Attacks against Speech Recognition via Elements of Sound
  Hanbo Cai, Pengcheng Zhang, Hai Dong, Yan Xiao, Stefanos Koffas, Yiming Li.
  IEEE Transactions on Information Forensics and Security (TIFS), 2024.
  [Code]

• Regional Adversarial Training for Better Robust Generalization
  Chuanbiao Song, Yanbo Fan, Aoyang Zhou, Baoyuan Wu, Yiming Li, Zhifeng Li, Kun He.
  International Journal of Computer Vision (IJCV), 2024.

• Black-box Dataset Ownership Verification via Backdoor Watermarking
  Yiming Li, Mingyan Zhu, Xue Yang, Yong Jiang, Tao Wei, Shu-Tao Xia.
  IEEE Transactions on Information Forensics and Security (TIFS), 2023.
  [Code] [Workshop Version] [Media Cover (IEEE Spectrum)] [News]

• Not All Samples Are Born Equal: Towards Effective Clean-Label Backdoor Attacks
  Yinghua Gao, Yiming Li (co-first author, corresponding author), Linghui Zhu, Dongxian Wu, Yong Jiang, Shu-Tao Xia.
  Pattern Recognition, 2023.
  [Code]

• Backdoor Learning: A Survey
  Yiming Li, Yong Jiang, Zhifeng Li, Shu-Tao Xia.
  IEEE Transactions on Neural Networks and Learning Systems (TNNLS), 2022.
  [Github Resources]

• Semi-supervised Robust Training with Generalized Perturbed Neighborhood
  Yiming Li, Baoyuan Wu, Yan Feng, Yanbo Fan, Yong Jiang, Zhifeng Li, Shu-Tao Xia.
  Pattern Recognition, 2022. (Best Student Research Award, TBSI-WODS’19)
  [Code]

• Multinomial Random Forest
  Jiawang Bai, Yiming Li (co-first author), Jiawei Li, Xue Yang, Yong Jiang, Shu-Tao Xia.
  Pattern Recognition, 2022.
  [Code]

Books and Technical Reports

• Chapter 4: The Robust and Harmless Model Watermarking
  Yiming Li, Linghui Zhu, Yang Bai, Yong Jiang, Shu-Tao Xia.
  Digital Watermarking for Machine Learning Model: Techniques, Protocols and Applications. Springer, 2023.

• LLM Safety and Ethics (in Chinese)
  Technical Report, 2024/01.
  [Media1] [Media2] [Media3] [Media4]

• The ATT&CK Matrix of AI Security
  Technical Report, 2020/09.
  [Media1] [Media2] [Media3] [Media4] [Media5] [Media6]

Dissertation

• Poisoning-based Backdoor Attacks in Computer Vision
  Yiming Li.
  Ph.D. Dissertation, 2023. (Outstanding Doctoral Dissertation Award, SZCCF’24)
  [Slides]

• Poisoning-based Backdoor Attacks in Computer Vision
  Yiming Li.
  AAAI Conference on Artificial Intelligence (AAAI), 2023. (Doctoral Consortium)
  [Slides]

Patents

• 邵硕, 李一鸣, 秦湛, 任奎, 王宏韬, 马杏可, 冯振源. 一种基于非决策域方法的模型水印方法及装置. (发明专利, 已授权, CN202410553090.0)
• 李一鸣, 陈禹坤, 顾金东, 秦湛, 任奎. 一种生成内容来源判断方法、装置和存储介质. (发明专利，已进入实质审查，CN202410013254.0)
• 李一鸣, 刘焱, 翁海琴, 江勇, 夏树涛. 一种模型的所有权验证方法、装置、存储介质及电子设备. (发明专利，已进入实质审查，CN202211146432.4)
• 李一鸣, 刘焱, 钟昊翔, 翁海琴, 江勇, 夏树涛. 一种模型所有权验证方法、装置、存储介质及设备. (发明专利，已进入实质审查，CN202211145984.3)
• 李一鸣, 刘焱, 朱玲慧, 翁海琴, 江勇, 夏树涛. 一种模型的所有权验证方法、装置、存储介质及设备. (发明专利，已进入实质审查，CN202211146420.1)
• 李一鸣, 白杨, 杨勇, 江勇, 夏树涛. 一种数据处理方法、装置、设备及可读取存储介质. (发明专利，已进入实质审查，CN202211102363.7)
• 李一鸣, 白杨, 杨勇, 江勇, 夏树涛. 分类模型的训练方法、数据分类方法、装置、设备及介质. (发明专利，已进入实质审查，CN202211138734.7)
• 李一鸣, 邱伟峰, 薛峰, 江勇, 夏树涛. 针对模型解释工具的评测方法和装置. (发明专利, 已授权, CN202111600136.2)
• 李一鸣, 朱玲慧, 邱伟峰, 江勇, 夏树涛. 基于外源特征进行模型所有权验证的方法和装置. (发明专利, 已授权, CN202111417245.0)
• 李一鸣, 张子琪, 邱伟峰, 江勇, 夏树涛. 用于数据集的所有权验证方法和装置. (发明专利, 已进入实质审查, CN202111407783.1)
• 李一鸣, 刘沛东, 邱伟峰, 江勇, 夏树涛. 用于保护图像样本集的隐私信息的方法和装置. (发明专利, 已进入实质审查, CN202111415199.0)
• 李一鸣, 吴保元, 张勇, 樊艳波, 李志锋, 刘威, 冯岩, 江勇, 夏树涛. 一种图像识别模型的训练方法、图像识别的方法及装置. (发明专利, 已授权, CN202010182180.5, HKS202989-CN)
• 李一鸣, 吴保元, 江勇, 李志锋, 夏树涛, 刘威. 图像分类模型后门攻击的防御方法、装置、设备及介质. (发明专利, 已授权, CN202011122124.9)
• 林佳滢, 李一鸣, 翁海琴. 用于图像保护的主动防御方法和装置. (发明专利, 已进入实质审查, CN202111583667.5)