1

(CCS 2024) I like this work in that it highlights the principle of holistic reasoning and leverages physical laws. Traditional object recognition and tracking tends to isolate objects and recognize them individually, however, this largely overlooks contextual information. We proposed to incorporate physical invariants, physics-bounded behavior modeling, and efficient rule-based interaction identification, which were used via a reasoning inference framework to produce resilient reocgnition results.

(USENIX Security 2024) This is a systematic study on jailbreak attacks against commercial large language model (LLM) systems. We analyzed existing jailbreak prompts, examined their contributing factors, and conducted user studies to explore human behavioral patterns during jailbreak attempts.

(IEEE SP 2024) We proposed a perturbation-based membership inference attack against image classification models, leveraging importance of pixels as indicated by attribution maps from XAI techniques (e.g., GradCAM, LIME, SHAP).

(CCS 2023) We introduced the concept of proactive defense to combat unauthorized speech synthesis. Our defense works by adding perturbations to speech samples before releasing them into the public domain (e.g., social media and streaming platforms). While the processed sample still sounds like the victim to humans, when it is used for speech synthesis by the attacker, the resulting synthetic speech would resemble others’ voices rather than the victim’s.

(USENIX Security 2023) We introduced a new type of adversarial audio perturbations that manipulate inherent speech attributes like prosody. Compared to traditional Lp-based perturbations, our proposed attack showed improved naturalness and resiliency even when transmitted over-the-air.

(USENIX Security 2023) We designed a defense-in-depth approach to verify the integrity of 3D printed medical pastient-specific devices (PSDs). We leveraged CT scans to obtain physical characteristics of the prints, designed computer graphic techniques to crosscheck geometry, and computed Hounsfield units (HU) value distribution to validate materials.

(ICML 2023) This is an intersting and timely research investigating the potential IP violation of outputs from LLM-based code generation models (such as GitHub Copilot). We developed the first benchmark toolkit to quantify the extent of IP infringement of LLM models, which has been used by companies like Microsoft, and we also proposed several mitigation methods.

(CVPR 2023) Unlike traditional adversarial attacks that mislead predictions, we developed adversarial perturbations to cause significant delays in the LiDAR perception module by maximizing the number of bounding box proposals.

(ICCAD 2022) We developed an automated attack framework with a software-hardware co-design approach, injecting common-mode noise through power cables to spoof touches on touchscreens.

(RTSS 2022) We proposed an AI-driven attack, exploiting resource contention over hardware (memory, cache, TLB) and OS (network, I/O queues) channels to maximize time delays of a victim process in real-time systems.