Publications

Publications

*: Equal contributions; ✉: Corresponding author(s).

Accepted Papers

  • Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution

    Shuo Shao*, Yiming Li*, Hongwei Yao, Yiling He, Zhan Qin, Kui Ren.
    Network and Distributed System Security Symposium (NDSS). 2025. CCF A Security BIG4
    [Paper] [Code] [Sildes] [Poster]

  • FedTracker: Furnishing Ownership Verification and Traceability for Federated Learning Model

    Shuo Shao*, Wenyuan Yang*, Hanlin Gu, Zhan Qin, Lixin Fan, Qiang Yang, Kui Ren.
    IEEE Transactions on Dependable and Secure Computing (TDSC). 2024. (🔥ESI Highly Cited Paper) CCF A SCI Q2
    [Paper] [Code]

  • REFINE: Inversion-Free Backdoor Defense via Model Reprogramming

    Yukun Chen*, Shuo Shao*, Enhao Huang, Yiming Li, Pin-Yu Chen, Zhan Qin, Kui Ren.
    International Conference on Learning Representations (ICLR). 2025. TH-CPL A ML TOP3
    [Paper] [Code]

  • Shadow in the Cache: Unveiling and Mitigating Privacy Risks of KV-cache in LLM Inference

    Zhifan Luo, Shuo Shao, Su Zhang, Lijing Zhou, Yuke Hu, Zhihao Liu, Zhan Qin.
    Network and Distributed System Security Symposium (NDSS). 2026. CCF A Security BIG4
    [Paper]

  • MAJIC: Markovian Adaptive Jailbreaking via Iterative Composition of Diverse Innovative Strategies

    Weiwei Qi, Shuo Shao, Wei Gu, Tianhang Zheng, Puning Zhao, Zhan Qin, Kui Ren.
    AAAI Conference on Artificial Intelligence (AAAI). 2026. CCF A
    [Paper]

  • PointNCBW: Towards Dataset Ownership Verification for Point Clouds via Negative Clean-label Backdoor Watermark

    Cheng Wei, Yang Wang, Kuofeng Gao, Shuo Shao, Yiming Li, Zhibo Wang, Zhan Qin.
    IEEE Transactions on Information Forensics and Security (TIFS). 2024. CCF A SCI Q1
    [Paper] [Code]

  • AnonymTracker: Anonymously Traceable Copyright Protection for Federated Learning Model

    Wenyuan Yang, Lexuan Chen, Zhun Zhang, Shuo Shao, Xiaochun Cao.
    IEEE Transactions on Circuits and Systems for Video Technology (TCSVT). 2026. CCF B SCI Q1
    [Paper Coming Soon]

  • Watermarking in Secure Federated Learning: A Verification Framework Based on Client-Side Backdooring

    Wenyuan Yang, Shuo Shao, Yue Yang, Xiyao Liu, Ximeng Liu, Zhihua Xia, Gerald Schaefer, Hui Fang.
    ACM Transactions on Intelligent Systems and Technology (TIST). 2023. SCI Q3
    [Paper] [Code]

  • Secure Federated Learning Model Verification: A Client-side Backdoor Triggered Watermarking Scheme

    Xiyao Liu, Shuo Shao, Yue Yang, Kangming Wu, Wenyuan Yang, Hui Fang.
    IEEE International Conference on Systems, Man, and Cybernetics (SMC). 2021. CCF C
    [Paper]

Selected Preprint

  • SoK: Large Language Model Copyright Auditing via Fingerprinting

    Shuo Shao, Yiming Li, Yu He, Hongwei Yao, Wenyuan Yang, Dacheng Tao, Zhan Qin.
    Preprint. 2025.
    [Paper] [Code] [Awesome-LLM-Fingerprinting]

  • DATABench: Evaluating Dataset Auditing in Deep Learning from an Adversarial Perspective

    Shuo Shao, Yiming Li, Mengren Zheng, Zhiyang Hu, Yukun Chen, Boheng Li, Yu He, Junfeng Guo, Dacheng Tao, Zhan Qin.
    Preprint. 2025.
    [Paper] [Code]

  • Reading Between the Lines: Towards Reliable Black-box LLM Fingerprinting via Zeroth-order Gradient Estimation

    Shuo Shao, Yiming Li, Hongwei Yao, Yifei Chen, Yuchen Yang, Zhan Qin.
    Preprint. 2025.
    [Paper]

  • FIT-Print: Towards False-claim-resistant Model Ownership Verification via Targeted Fingerprint

    Shuo Shao, Haozhe Zhu, Yiming Li, Hongwei Yao, Tianwei Zhang, Zhan Qin.
    Preprint. 2025.
    [Paper]

  • Rethinking Data Protection in the (Generative) Artificial Intelligence Era

    Yiming Li*, Shuo Shao*, Yu He, Junfeng Guo, Tianwei Zhang, Zhan Qin, Pin-Yu Chen, Michael Backes, Philip Torr, Dacheng Tao, Kui Ren.
    Preprint. 2025.
    [Paper]

  • CBW: Towards Dataset Ownership Verification for Speaker Verification via Clustering-based Backdoor Watermarking

    Yiming Li, Kaiying Yan, Shuo Shao, Tongqing Zhai, Shu-Tao Xia, Zhan Qin, Dacheng Tao.
    Preprint. 2025.
    [Paper] [Code]

  • External Data Extraction Attacks against Retrieval-Augmented Large Language Models

    Yu He, Yifei Chen, Yiming Li, Shuo Shao, Leyi Qi, Boheng Li, Dacheng Tao, Zhan Qin.
    Preprint. 2025.
    [Paper]

Patent

  • 邵硕, 李一鸣, 秦湛, 任奎, 王宏韬, 马杏可, 冯振源. 一种基于非决策域方法的模型水印方法及装置. (发明专利, 已授权, CN202410553090.0, 授权日期: 2024/07/30)
  • 乔一帆, 邵硕, 秦湛, 王志波, 任奎. 一种基于模型分割的大模型隐私保护推理方法. (发明专利, 已授权, CN202311418709.9, 授权日期: 2024/04/05)
  • 邵硕, 李一鸣, 秦湛, 任奎, 王宏韬, 马杏可, 冯振源. 一种基于非决策域方法的模型指纹方法及装置. (发明专利, 已进入实质审查, CN202410664418.6)
  • 邵硕, 秦湛. 一种神经网络模型的水印处理方法和装置. (发明专利, 已进入实质审查, CN202310117212.7)
  • 李一鸣, 邵硕, 秦湛, 任奎, 王宏韬, 马杏可, 冯振源. 一种基于非决策域方法的数据集版权认证方法及装置. (发明专利, 已进入实质审查, CN202410664413.3)
  • 张昊, 邵硕, 李松, 秦湛, 任奎, 仲震宇, 刘焱. 一种数据处理方法、装置及设备. (发明专利, 已进入实质审查, CN202411997927.7)