Publications

Publications

*: Equal contributions; ✉: Corresponding author(s).

Accepted Papers

  • Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution

    Shuo Shao*, Yiming Li*, Hongwei Yao, Yiling He, Zhan Qin, Kui Ren.
    Network and Distributed System Security Symposium (NDSS). 2025. CCF A Security BIG4
    [Paper] [Code] [Sildes] [Poster]

  • FedTracker: Furnishing Ownership Verification and Traceability for Federated Learning Model

    Shuo Shao*, Wenyuan Yang*, Hanlin Gu, Zhan Qin, Lixin Fan, Qiang Yang, Kui Ren.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 2024. CCF A SCI Q2
    [Paper] [Code]

  • REFINE: Inversion-Free Backdoor Defense via Model Reprogramming

    Yukun Chen*, Shuo Shao*, Enhao Huang, Yiming Li, Pin-Yu Chen, Zhan Qin, Kui Ren.
    International Conference on Learning Representations (ICLR). 2025. TH-CPL A ML TOP3
    [Paper] [Code]

  • Poison-only and Targeted Backdoor Attack against Visual Object Tracking

    Wei Gu, Shuo Shao, Lingtao Zhou, Zhan Qin, Kui Ren.
    ZTE Communications. 2025. CCF T2
    [Paper is coming soon.]

  • Watermarking in Secure Federated Learning: A Verification Framework Based on Client-Side Backdooring

    Wenyuan Yang, Shuo Shao, Yue Yang, Xiyao Liu, Ximeng Liu, Zhihua Xia, Gerald Schaefer, Hui Fang.
    ACM Transactions on Intelligent Systems and Technology (TIST). 2023. SCI Q3
    [Paper] [Code]

  • Secure Federated Learning Model Verification: A Client-side Backdoor Triggered Watermarking Scheme

    Xiyao Liu, Shuo Shao, Yue Yang, Kangming Wu, Wenyuan Yang, Hui Fang.
    IEEE International Conference on Systems, Man, and Cybernetics (SMC). 2021. CCF-C
    [Paper]

  • PointNCBW: Towards Dataset Ownership Verification for Point Clouds via Negative Clean-label Backdoor Watermark

    Cheng Wei, Yang Wang, Kuofeng Gao, Shuo Shao, Yiming Li, Zhibo Wang, Zhan Qin.
    IEEE Transactions on Information Forensics and Security (TIFS). 2024. CCF A SCI Q1
    [Paper] [Code]

Preprint

  • DATABench: Evaluating Dataset Auditing in Deep Learning from an Adversarial Perspective

    Shuo Shao, Yiming Li, Mengren Zheng, Zhiyang Hu, Yukun Chen, Boheng Li, Junfeng Guo, Tianwei Zhang, Dacheng Tao, Zhan Qin.
    Preprint. 2025.
    [Paper] [Code]

  • FIT-Print: Towards False-claim-resistant Model Ownership Verification via Targeted Fingerprint

    Shuo Shao, Haozhe Zhu, Yiming Li, Hongwei Yao, Tianwei Zhang, Zhan Qin.
    Preprint. 2025.
    [Paper]

  • Rethinking Data Protection in the (Generative) Artificial Intelligence Era

    Yiming Li*, Shuo Shao*, Yu He, Junfeng Guo, Tianwei Zhang, Zhan Qin, Pin-Yu Chen, Michael Backes, Philip Torr, Dacheng Tao, Kui Ren.
    Preprint. 2025.
    [Paper]

  • MAJIC: Markovian Adaptive Jailbreaking via Iterative Composition of Diverse Innovative Strategies

    Weiwei Qi, Shuo Shao, Wei Gu, Tianhang Zheng, Puning Zhao, Zhan Qin, Kui Ren.
    Preprint. 2025.
    [Paper]

  • Shadow in the Cache: Unveiling and Mitigating Privacy Risks of KV-cache in LLM Inference

    Zhifan Luo, Shuo Shao, Su Zhang, Lijing Zhou, Yuke Hu, Zhihao Liu, Zhan Qin.
    Preprint. 2025.
    [Paper]

  • SmartGuard: Leveraging Large Language Models for Network Attack Detection through Audit Log Analysis and Summarization

    Hao Zhang, Shuo Shao, Song Li, Zhenyu Zhong, Yan Liu, Zhan Qin, Kui Ren.
    Preprint. 2025.
    [Paper]

  • Quantifying Conversation Drift in MCP via Latent Polytope

    Haoran Shi, Hongwei Yao, Shuo Shao, Shaopeng Jiao, Ziqi Peng, Zhan Qin, Cong Wang.
    Preprint. 2025.
    [Paper]

  • CBW: Towards Dataset Ownership Verification for Speaker Verification via Clustering-based Backdoor Watermarking

    Yiming Li, Kaiying Yan, Shuo Shao, Tongqing Zhai, Shu-Tao Xia, Zhan Qin, Dacheng Tao.
    Preprint. 2025.
    [Paper] [Code]

  • SoK: On the Role and Future of AIGC Watermarking in the Era of Gen-AI

    Kui Ren, Ziqi Yang, Li Lu, Jian Liu, Yiming Li, Jie Wan, Xiaodi Zhao, Xianheng Feng, Shuo Shao.
    Preprint. 2024.
    [Paper]

Patent

  • 邵硕, 李一鸣, 秦湛, 任奎, 王宏韬, 马杏可, 冯振源. 一种基于非决策域方法的模型水印方法及装置. (发明专利, 已授权, CN202410553090.0, 授权日期: 2024/07/30)
  • 乔一帆, 邵硕, 秦湛, 王志波, 任奎. 一种基于模型分割的大模型隐私保护推理方法. (发明专利, 已授权, CN202311418709.9, 授权日期: 2024/04/05)
  • 邵硕, 李一鸣, 秦湛, 任奎, 王宏韬, 马杏可, 冯振源. 一种基于非决策域方法的模型指纹方法及装置. (发明专利, 已进入实质审查, CN202410664418.6)
  • 邵硕, 秦湛. 一种神经网络模型的水印处理方法和装置. (发明专利, 已进入实质审查, CN202310117212.7)
  • 李一鸣, 邵硕, 秦湛, 任奎, 王宏韬, 马杏可, 冯振源. 一种基于非决策域方法的数据集版权认证方法及装置. (发明专利, 已进入实质审查, CN202410664413.3)
  • 张昊, 邵硕, 李松, 秦湛, 任奎, 仲震宇, 刘焱. 一种数据处理方法、装置及设备. (发明专利, 已进入实质审查, CN202411997927.7)