Bio

I am an Assistant Professor in the College of Computer Science and Technology at Zhejiang University. Prior to that, I was a Visiting Assistant Professor at Stanford University and Research Group Leader at CISPA Helmholtz Center for Information Security, Germany. I obtained my Ph.D. degree from Zhejiang University on Sept. 2019, and continue my PostDoc research at CISPA for two years. From Oct. 2017 to May 2019, I was a Visiting Scholar at Purdue University.

I am looking for self-motivated Ph.D., master, and undergraduate students who are interested in trustworthy artificial intelligence and data privacy. Well-performing students have the opportunity to visit/study at top research institutions in the world, such as Stanford University, Carnegie Mellon University, UC Berkley, Yale University, Purdue University, University of Virginia, Vrije Universiteit Amsterdam, CISPA, etc. If you are interested, please feel free to drop me an email with your CV.

Research Areas and Selected Publications

• Trustworthy AI

  • Unlearning
    • [CCS’22b] Graph unlearning
    • [CCS’21c] Membership inference against unlearning
  • Dataset Ownership Verification
    • [Oakland’25] SoK: Dataset copyright auditing
    • [WWW’25] Data auditing for text to image models
    • [NDSS’24a] Data auditing for reinforcement learning models
    • [Security’23c] Data auditing for facial recognition systems
  • Large Language Models
    • [CCS’24a] Using fine-tuning to amplify privacy risks
    • [NDSS’24b, Distinguished Paper Award] Defense against task-agnostic backdoors
    • [ICML’24] TrustLLM: Survey on trustworthy large language models
  • Graph Neural Networks
    • [ICML’23] Detection of generated graphs
    • [Security’22b] Inference attacks against graph-level GNNs
    • [CCS’22a] Reconstruction attacks against node-level GNNs

• Differential Privacy

  • Differentially Private Machine Learning
    • [ICLR’25, Spotlight] Enhanced label DP
    • [CCS’23b] DPMLBench: Benchmark of DP-SGD algorithms
    • [Security’22a] Improving DPML through noise tolerance pre-training
  • Synthetic Data Generation
    • [ICDE’24] Streaming trajectory data synthesis under LDP
    • [Security’23b] Graph data synthesis under DP
    • [Security’23a] Trajectory data synthesis under DP
    • [VLDB’23] Trajectory data synthesis under LDP
    • [Security’21] Tabular data synthesis under DP
    • [JPC’21] Experiences in the NIST DP data synthesis challenges
  • Local Differential Privacy
    • [CCS’21b] Streaming data analysis
    • [CCS’21a] Range query
    • [CCS’18] Marginal release

News

• [January 2025] One paper titled “Enhancing Learning with Label Differential Privacy by Vector Approximation” got accepted in ICLR 2025 and was selected as spotlight paper!
• [January 2025] One paper titled “Artist-Auditor: Auditing Artist Style Pirate in Text-to-image Generation Models” got accepted in WWW 2025!
• [September 2024] One paper titled “SoK: Dataset Copyright Auditing in Machine Learning Systems” got accepted in IEEE S&P 2025!
• [August 2024] I will join the TPC of WWW 2025!
• [August 2024] One paper titled “S2NeRF: Privacy-preserving Training Framework for NeRF” got accepted in ACM CCS 2024!
• [July 2024] I will join the TPC of KDD 2025!
• [July 2024] I will join the TPC of ICDE 2025!
• [July 2024] One paper titled “The Janus Interface: How Fine-Tuning in Large Language Models Amplifies the Privacy Risks” got accepted in ACM CCS 2024!
• [June 2024] I joined Zhejiang University as an Assistant Professor!