Bio

I am an Assistant Professor in the College of Computer Science and Technology at Zhejiang University. Prior to that, I was a Visiting Assistant Professor at Stanford University and Research Group Leader at CISPA Helmholtz Center for Information Security, Germany. I obtained my Ph.D. degree from Zhejiang University on Sept. 2019, and continue my PostDoc research at CISPA for two years. From Oct. 2017 to May 2019, I was a Visiting Scholar at Purdue University.

I am looking for self-motivated Ph.D., master, intern, and undergraduate students who are interested in trustworthy artificial intelligence and data privacy. Well-performing students have the opportunity to visit/study at top research institutions in the world, such as Stanford University, Carnegie Mellon University, UC Berkley, Yale University, Purdue University, University of Virginia, Vrije Universiteit Amsterdam, CISPA, etc. If you are interested, please feel free to drop me an email with your CV.

Research Areas and Selected Publications

• Trustworthy AI

  • Unlearning
    • [CCS’22b] Graph unlearning
    • [CCS’21c] Membership inference against unlearning
  • Dataset Ownership Verification
    • [Oakland’25] SoK: Dataset copyright auditing
    • [WWW’25] Data auditing for text to image models
    • [NDSS’24a] Data auditing for reinforcement learning models
    • [Security’23c] Data auditing for facial recognition systems
  • Large Language Models
    • [CCS’24a] Using fine-tuning to amplify privacy risks
    • [NDSS’24b, Distinguished Paper Award] Defense against task-agnostic backdoors
    • [ICML’24] TrustLLM: Survey on trustworthy large language models
  • Graph Neural Networks
    • [ICML’23] Detection of generated graphs
    • [Security’22b] Inference attacks against graph-level GNNs
    • [CCS’22a] Reconstruction attacks against node-level GNNs
  • Membership Inference
    • [Oakland’25b] Poisoning pretrained models to amplify membership inference
    • [CCS’22c] Membership inference against neural architecture search

• Differential Privacy

  • Differentially Private Machine Learning
    • [ICLR’25, Spotlight] Enhanced label DP
    • [CCS’23b] DPMLBench: Benchmark of DP-SGD algorithms
    • [Security’22a] Improving DPML through noise tolerance pre-training
  • Synthetic Data Generation
    • [ICDE’24] Streaming trajectory data synthesis under LDP
    • [Security’23b] Graph data synthesis under DP
    • [Security’23a] Trajectory data synthesis under DP
    • [VLDB’23] Trajectory data synthesis under LDP
    • [Security’21] Tabular data synthesis under DP
    • [JPC’21] Experiences in the NIST DP data synthesis challenges
  • Local Differential Privacy
    • [ICDE’25] Triangle counting in directed graphs
    • [Oakland’25c] Defense against manipulation attacks
    • [CCS’21b] Streaming data analysis
    • [CCS’21a] Range query
    • [CCS’18] Marginal release

News

• [March 2025] One paper titled “Privacy-preserving Triangle Counting in Directed Graphs” got accepted in IEEE ICDE 2025!
• [March 2025] One paper titled “An Attack-Agnostic Defense Framework Against Manipulation Attacks under Local Differential Privacy” got accepted in IEEE S&P 2025!
• [March 2025] One paper titled “Rigging the Foundation: Manipulating Pre-training for Advanced Membership Inference Attacks” got accepted in IEEE S&P 2025!
• [Feburary 2025] One paper titled “InferDPT: Privacy-preserving Inference for Black-box Large Language Models” got accepted in IEEE TDSC 2025!
• [January 2025] One paper titled “Enhancing Learning with Label Differential Privacy by Vector Approximation” got accepted in ICLR 2025 and was selected as spotlight paper!
• [January 2025] One paper titled “Artist-Auditor: Auditing Artist Style Pirate in Text-to-image Generation Models” got accepted in WWW 2025!
• [September 2024] One paper titled “SoK: Dataset Copyright Auditing in Machine Learning Systems” got accepted in IEEE S&P 2025!
• [August 2024] I will join the TPC of WWW 2025!
• [August 2024] One paper titled “S2NeRF: Privacy-preserving Training Framework for NeRF” got accepted in ACM CCS 2024!
• [July 2024] I will join the TPC of ACM KDD 2025!
• [July 2024] I will join the TPC of IEEE ICDE 2025!
• [July 2024] One paper titled “The Janus Interface: How Fine-Tuning in Large Language Models Amplifies the Privacy Risks” got accepted in ACM CCS 2024!
• [June 2024] I joined Zhejiang University as an Assistant Professor!