Publications

Please refer to the Google Scholar for my full paper list.

Representative Works

`*‘ indicates co-first author; `^’ indicates (co-)project leader/corresponding author

• Odysseus: Jailbreaking Commercial Multimodal LLM-integrated Systems via Dual Steganography
  Songze Li, Jiameng Cheng, Yiming Li^, Xiaojun Jia, Dacheng Tao.
  Network and Distributed System Security Symposium (NDSS), 2026.
  [Code]

• DREAM: Scalable Red Teaming for Text-to-Image Generative Systems via Distribution Modeling
  Boheng Li, Junjie Wang, Yiming Li^, Zhiyang Hu, Leyi Qi, Jianshuo Dong, Run Wang, Han Qiu, Zhan Qin, Tianwei Zhang.
  IEEE Symposium on Security and Privacy (S&P), 2026.
  [Code]

• Few-Shot Backdoor Attacks on Visual Object Tracking
  Yiming Li*, Haoxiang Zhong*, Xingjun Ma, Yong Jiang, Shu-Tao Xia.
  International Conference on Learning Representations (ICLR), 2022.
  [Code] [Poster] [Slides] [Video] [News]

• Black-box Dataset Ownership Verification via Backdoor Watermarking
  Yiming Li, Mingyan Zhu, Xue Yang, Yong Jiang, Tao Wei, Shu-Tao Xia.
  IEEE Transactions on Information Forensics and Security (TIFS), 2023. (TOP-25 Downloaded Paper in IEEE SPS)
  [Code] [Workshop Version] [Media Cover (IEEE Spectrum)] [News]

• MOVE: Effective and Harmless Ownership Verification via Embedded External Features
  Yiming Li, Linghui Zhu, Xiaojun Jia, Yang Bai, Yong Jiang, Shu-Tao Xia, Xiaochun Cao, Kui Ren.
  IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2025. (The journal extension of our AAAI’22 conference paper)
  [Code]

• Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection
  Yiming Li*, Yang Bai*, Yong Jiang, Yong Yang, Shu-Tao Xia, Bo Li.
  Annual Conference on Neural Information Processing Systems (NeurIPS), 2022. (Oral, TOP 2%)
  [Code] [Poster] [Slides] [Video] [News]

Books and Technical Reports

• AI Data Security (in Chinese)
  Kui Ren, Zhan Qin, Zhibo Wang, Zhongjie Ba, Yiming Li.
  Tsinghua University Press, 2025. (Outstanding Textbook Series, Ministry of Education of China)

• Chapter 4: The Robust and Harmless Model Watermarking
  Yiming Li, Linghui Zhu, Yang Bai, Yong Jiang, Shu-Tao Xia.
  Digital Watermarking for Machine Learning Model: Techniques, Protocols and Applications. Springer, 2023.

• LLM Safety and Ethics (in Chinese)
  Technical Report, 2024/01.
  [Media1] [Media2] [Media3] [Media4]

• The ATT&CK Matrix of AI Security
  Technical Report, 2020/09.
  [Media1] [Media2] [Media3] [Media4] [Media5] [Media6]

Dissertation

• Poisoning-based Backdoor Attacks in Computer Vision
  Yiming Li.
  Ph.D. Dissertation, 2023. (Outstanding Doctoral Dissertation Award, SZCCF’24; Outstanding Doctoral Dissertation Award (Nomination), ACM SIGSAC China’25)
  [Slides] [AAAI’23 Doctoral Consortium]