Zhiyuan Yu

Zhiyuan Yu

Assistant Professor in Computer Science and Engineering

Biography

I’m an Assistant Professor in the Department of Computer Science and Engineering (CSE) at Texas A&M University. My research lies at the intersection of security, AI, and cyber-physical systems, with a particular focus on securing AI-enabled systems that tightly couple sensing, decision-making, and actuation. I’m especially interested in understanding and defending the complex interactions between the cyber and physical components in embodied AI, spanning domains like autonomous vehicles, medical imaging, and GenAI applications. My work has been recognized with the Distinguished Paper Award at USENIX Security 2024 and the Distinguished Artifact Award at USENIX Security 2023. One of my recent projects also won the 2024 Federal Trade Commission Voice Cloning Challenge, and I was named a Machine Learning and Systems Rising Star in 2024.

🎓 I’m recruiting PhD students!
I am recruiting Ph.D. students to join my team! If you’re passionate about AI security, cyber-physical systems, or trustworthy machine learning, feel free to reach out to me at zhiyuanyu1997 [AT] gmail [DOT] com.

Download my Curriculum Vitae.

Interests

  • Cyber-Physical Security
  • Generative AI
  • Autonomous Systems

Education

  • Ph.D. in Computer Science & Engineering, 2019 - 2025

    Washington University in St. Louis

  • B.S. in Electrical Engineering, 2015 - 2019

    Huazhong University of Science and Technology

Personal

  • You can pronounce my first name like “Chi-yuen” or “Zhee-youwan”.
  • I love solving and creating CTF challenges.
  • In my free time, I enjoy tennis, mini golf, and kayaking - always happy to have partners!

News

Conference Papers

PhySense: Defending Physically Realizable Attacks for Autonomous Systems via Consistency Reasoning
(CCS 2024) I like this work in that it highlights the principle of holistic reasoning and leverages physical laws. Traditional object recognition and tracking tends to isolate objects and recognize them individually, however, this largely overlooks contextual information. We proposed to incorporate physical invariants, physics-bounded behavior modeling, and efficient rule-based interaction identification, which were used via a reasoning inference framework to produce resilient reocgnition results.
Zhiyuan Yu, Ao Li, Ruoyao Wen, Yijia Chen, Ning Zhang
Code Dataset Artifact Badges - Available, Functional, Results Reproduced Website PDF DOI
PhySense: Defending Physically Realizable Attacks for Autonomous Systems via Consistency Reasoning
Don't Listen To Me: Understanding and Exploring Jailbreak Prompts of Large Language Models
(USENIX Security 2024) This is a systematic study on jailbreak attacks against commercial large language model (LLM) systems. We analyzed existing jailbreak prompts, examined their contributing factors, and conducted user studies to explore human behavioral patterns during jailbreak attempts.
Zhiyuan Yu, Xiaogeng Liu, Shunning Liang, Zach Cameron, Chaowei Xiao, Ning Zhang
Code Dataset Distinguished Paper Award Artifact Badges - Available, Functional, Results Reproduced Press DOI Website PDF
Don't Listen To Me: Understanding and Exploring Jailbreak Prompts of Large Language Models
Please Tell Me More: Privacy Impact of Explainability through the Lens of Membership Inference Attack
(IEEE SP 2024) We proposed a perturbation-based membership inference attack against image classification models, leveraging importance of pixels as indicated by attribution maps from XAI techniques (e.g., GradCAM, LIME, SHAP).
Han Liu, Yuhao Wu, Zhiyuan Yu, Ning Zhang
DOI PDF
Please Tell Me More: Privacy Impact of Explainability through the Lens of Membership Inference Attack
AntiFake: Using Adversarial Audio to Prevent Unauthorized Speech Synthesis
(CCS 2023) We introduced the concept of proactive defense to combat unauthorized speech synthesis. Our defense works by adding perturbations to speech samples before releasing them into the public domain (e.g., social media and streaming platforms). While the processed sample still sounds like the victim to humans, when it is used for speech synthesis by the attacker, the resulting synthetic speech would resemble others’ voices rather than the victim’s.
Zhiyuan Yu, Shixuan Zhai, Ning Zhang
Code DOI National Public Radio Report Winner of the FTC Voice Cloning Challenge PDF
AntiFake: Using Adversarial Audio to Prevent Unauthorized Speech Synthesis
SMACK: Semantically Meaningful Adversarial Audio Attack
(USENIX Security 2023) We introduced a new type of adversarial audio perturbations that manipulate inherent speech attributes like prosody. Compared to traditional Lp-based perturbations, our proposed attack showed improved naturalness and resiliency even when transmitted over-the-air.
Zhiyuan Yu, Yuanhaur Chang, Ning Zhang, Chaowei Xiao
Code Artifact Badges - Available, Functional, Results Reproduced DOI PDF
SMACK: Semantically Meaningful Adversarial Audio Attack
XCheck: Verifying Integrity of 3D Printed Patient-Specific Devices via Computing Tomography
(USENIX Security 2023) We designed a defense-in-depth approach to verify the integrity of 3D printed medical pastient-specific devices (PSDs). We leveraged CT scans to obtain physical characteristics of the prints, designed computer graphic techniques to crosscheck geometry, and computed Hounsfield units (HU) value distribution to validate materials.
Zhiyuan Yu, Yuanhaur Chang, Shixuan Zhai, Nicholas Deily, Tao Ju, Xiaofeng Wang, Uday Jammalamadaka, Ning Zhang
Code Distinguished Artifact Award Artifact Badges - Available, Functional, Results Reproduced DOI Press PDF
XCheck: Verifying Integrity of 3D Printed Patient-Specific Devices via Computing Tomography
CodeIPPrompt: Intellectual Property Infringement Assessment of Code Language Models
(ICML 2023) This is an intersting and timely research investigating the potential IP violation of outputs from LLM-based code generation models (such as GitHub Copilot). We developed the first benchmark toolkit to quantify the extent of IP infringement of LLM models, which has been used by companies like Microsoft, and we also proposed several mitigation methods.
Zhiyuan Yu, Yuhao Wu, Ning Zhang, Chenguang Wang, Yevgeniy Vorobeychik, Chaowei Xiao
Code Dataset Website DOI Press PDF
CodeIPPrompt: Intellectual Property Infringement Assessment of Code Language Models
SlowLiDAR: Increasing the Latency of LiDAR-Based Detection Using Adversarial Examples
(CVPR 2023) Unlike traditional adversarial attacks that mislead predictions, we developed adversarial perturbations to cause significant delays in the LiDAR perception module by maximizing the number of bounding box proposals.
Han Liu, Zhiyuan Yu, Yevgeniy Vorobeychik, Ning Zhang
Code DOI
SlowLiDAR: Increasing the Latency of LiDAR-Based Detection Using Adversarial Examples
PowerTouch: A Security Objective-Guided Automation Framework for Generating Wired Ghost Touch Attacks on Touchscreens
(ICCAD 2022) We developed an automated attack framework with a software-hardware co-design approach, injecting common-mode noise through power cables to spoof touches on touchscreens.
Huifeng Zhu, Zhiyuan Yu, Weidong Cao, Ning Zhang, Xuan Zhang
Code DOI
PowerTouch: A Security Objective-Guided Automation Framework for Generating Wired Ghost Touch Attacks on Touchscreens
PolyRhythm: Adaptive Tuning of a Multi-Channel Attack Template for Timing Interference
(RTSS 2022) We proposed an AI-driven attack, exploiting resource contention over hardware (memory, cache, TLB) and OS (network, I/O queues) channels to maximize time delays of a victim process in real-time systems.
Ao Li, Marion Sudvarg, Han Liu, Zhiyuan Yu, Chris Gill, Ning Zhang
Code DOI
PolyRhythm: Adaptive Tuning of a Multi-Channel Attack Template for Timing Interference
HeatDeCam: Detecting Hidden Spy Cameras via Thermal Emissions
(CCS 2022) We developed an AI-driven detection framework for hidden surveillance cameras, leveraging their thermal emissions and unique heat patterns.
Zhiyuan Yu, Zhuohang Li, Yuanhaur Chang, Skylar Fong, Jian Liu, Ning Zhang
Code Dataset DOI Website
HeatDeCam: Detecting Hidden Spy Cameras via Thermal Emissions
When Evil Calls: Targeted Adversarial Voice over IP Network
(CCS 2022) We proposed an adversarial voice attacks delivered over VoIP and telephony networks.
Han Liu, Zhiyuan Yu, Mingming Zha, Xiaofeng Wang, Walliam Yeoh, Yevgeniy Vorobeychik, Ning Zhang
Code DOI
When Evil Calls: Targeted Adversarial Voice over IP Network
Towards Automated Computational Auditing of mHealth Security and Privacy Regulations
(CCS 2021) An interesting research investigating the potential of integrating computation and law auditing. We developed a security analysis framework based on the 2018 FDA draft guidance document and applied it on 182 FDA/CE-approved mHealth apps.
Brian Tung, Zhiyuan Yu, Ning Zhang
DOI
Towards Automated Computational Auditing of mHealth Security and Privacy Regulations
Bit2RNG: Leveraging Bad-page Initialized Table with Bit-error Insertion for True Random Number Generation in Commodity Flash Memory
(HOST 2020) We proposed a true random number generator (TRNG) rooted in physical characteristics of memory devices, leveraging bad pages and bit errors in NAND flash as the entropy source.
Wei Yan, Huifeng Zhu, Zhiyuan Yu, Fatemeh Tehranipoor, John Chandy, Ning Zhang, Xuan Zhang
DOI
Bit2RNG: Leveraging Bad-page Initialized Table with Bit-error Insertion for True Random Number Generation in Commodity Flash Memory

Journal Papers

Security and Privacy in the Emerging Cyber-Physical World: A Survey
(COMST) My first first-authored paper that influenced my PhD journey. We surveyed hundreds of papers and systemized the emerging threats originated from cyber-physical interactions.
Zhiyuan Yu, Zack Kaplan, Qiben Yan, Ning Zhang
DOI
Security and Privacy in the Emerging Cyber-Physical World: A Survey
Day-ahead Coordinated Scheduling of Hydro and Wind Power Generation System Considering Uncertainties
This is a research I participated during my undegraduate. It was about coordinated scheduling on wind and hydro power generation considering uncertainties.
Yuanzheng Li, Tianyang Zhao, Chang Liu, Yong Zhao, Zhiyuan Yu, Kaicheng Li, Lei Wu
DOI
Day-ahead Coordinated Scheduling of Hydro and Wind Power Generation System Considering Uncertainties

Teaching

 
 
 
 
 
CSE 569S - Recent Advances in Computer Security and Privacy
Washington University in St. Louis, Department of Computer Science & Engineering
Mar 2024 – Present Undergraduate and Graduate
Guest Lecturer, Lecture Topic: “Security and Safety in Generative AI”
 
 
 
 
 
CSE 569S - Recent Advances in Computer Security and Privacy
Washington University in St. Louis, Department of Computer Science & Engineering
Jan 2022 – May 2022 Undergraduate and Graduate
Overall : 6.54 (Department Average: 5.44), Inclusive : 6.74 (Department Average: 6.02)

Contact