publications

2025

1. AIA

   AIA: Autoregression-based Injection Attacks against Text2SQL Models

   Deyin Li, Xiang Ling, Changjiang Li, and 2 more authors

   AAAI Conference on Artificial Intelligence (AAAI) , 2025
2. Diff2

   Watch the Watcher! Backdoor Attacks on Security-Enhancing Diffusion Models

   Changjiang Li, Ren Pang, Bochuan Cao, and 4 more authors

   In The 34nd USENIX Security Symposium (Security ’25), 2025

   Bib

   @inproceedings{li2025watch,
     title = {Watch the Watcher! Backdoor Attacks on Security-Enhancing Diffusion Models},
     author = {Li, Changjiang and Pang, Ren and Cao, Bochuan and Chen, Jinghui and Ma, Fenglong and Ji, Shouling and Wang, Ting},
     booktitle = {The 34nd USENIX Security Symposium (Security '25)},
     year = {2025},
     dimensions = {true}
   }

3. RAPID

   RAPID: Retrieval Augmented Training of Differentially Private Diffusion Models

   Tanqiu Jiang, Changjiang Li, Fenglong Ma, and 1 more author

   In The 13th International Conference on Learning Representations (ICLR ’25), 2025
4. RobustKV

   RobustKV: Defending Large Language Models against Jailbreak Attacks via KV Eviction

   Tanqiu Jiang, Zian Wang, Jiacheng Liang, and 3 more authors

   In The 13th International Conference on Learning Representations (ICLR ’25), 2025

2024

1. Difficulty

   On the Difficulty of Defending Contrastive Learning against Backdoor Attacks

   Changjiang Li, Ren Pang, Zhaohan Cao, and 3 more authors

   In The 33nd USENIX Security Symposium (Security ’24), 2024

   Bib

   @inproceedings{li2024on,
     title = {On the Difficulty of Defending Contrastive Learning against Backdoor Attacks},
     author = {Li, Changjiang and Pang, Ren and Cao, Bochuan Xi, Zhaohan and Chen, Jinghui and Ji, Shouling and Wang, Ting},
     booktitle = {The 33nd USENIX Security Symposium (Security '24)},
     year = {2024},
     dimensions = {true}
   }

2. DynamicAttention

   Improving the Robustness of Transformer-based Large Language Models with Dynamic Attention

   Lujia Shen, Yuwen Pu, Shouling Ji, and 4 more authors

   In The Network and Distributed System Security Symposium (NDSS’ 24), 2024

   Bib

   @inproceedings{shen2023improving,
     title = {Improving the Robustness of Transformer-based Large Language Models with Dynamic Attention},
     author = {Shen, Lujia and Pu, Yuwen and Ji, Shouling and Li, Changjiang and Zhang, Xuhong and Ge, Chunpeng and Wang, Ting},
     booktitle = {The Network and Distributed System Security Symposium (NDSS' 24)},
     year = {2024},
     dimensions = {true}
   }

3. VFL

   Hijack Vertical Federated Learning Models As One Party

   Pengyu Qiu, Xuhong Zhang, Shouling Ji, and 4 more authors

   IEEE Transactions on Dependable and Secure Computing (TDSC 24), 2024
4. When Large Language Models Confront Repository-Level Automatic Program Repair: How Well They Done?

   Yuxiao Chen, Jingzheng Wu, Xiang Ling, and 4 more authors

   ICSE Industry Challenge Track, 2024
5. Model Extraction Attacks Revisited

   Jiacheng Liang, Ren Pang, Changjiang Li, and 1 more author

   ACM ASIACCS, 2024
6. Towards Query-Efficient Decision-Based Adversarial Attacks Through Frequency Domain

   Jianhao Fu, Xiang Ling, Yaguan Qian, and 3 more authors

   IEEE Conference on Multimedia Expo 2024, 2024

2023

1. IMPRESS

   IMPRESS: Evaluating the Resilience of Imperceptible Perturbations Against Unauthorized Data Usage in Diffusion-Based Generative AI

   Bochuan Cao, Changjiang Li, Ting Wang, and 3 more authors

   In Thirty-seventh Conference on Neural Information Processing Systems (NeurIPS’ 23), 2023

   Bib

   @inproceedings{cao2023imperceptible,
     title = {IMPRESS: Evaluating the Resilience of Imperceptible Perturbations Against Unauthorized Data Usage in Diffusion-Based Generative AI},
     author = {Cao, Bochuan and Li, Changjiang and Wang, Ting and Jia, Jinyuan and Li, Bo and Chen, Jinghui},
     booktitle = {Thirty-seventh Conference on Neural Information Processing Systems (NeurIPS' 23)},
     year = {2023},
     dimensions = {true}
   }

2. FEW-SHOT

   Defending Pre-trained Language Models as Few-shot Learners against Backdoor Attacks

   Zhaohan Xi, Tianyu Du, Changjiang Li, and 5 more authors

   In Thirty-seventh Conference on Neural Information Processing Systems (NeurIPS’ 23), 2023

   Bib

   @inproceedings{xi2023defending,
     title = {Defending Pre-trained Language Models as Few-shot Learners against Backdoor Attacks},
     author = {Xi, Zhaohan and Du, Tianyu and Li, Changjiang and Pang, Ren and Ji, Shouling and Chen, Jinghui and Ma, Fenglong and Wang, Ting},
     booktitle = {Thirty-seventh Conference on Neural Information Processing Systems (NeurIPS' 23)},
     year = {2023},
     dimensions = {true}
   }

3. CTRL

   An Embarrassingly Simple Backdoor Attack against Self-supervised Learning

   Changjiang Li, Ren Pang, Zhaohan Xi, and 4 more authors

   In The 2023 International Conference on Computer Vision (ICCV ’23), 2023

   Bib

   @inproceedings{Li2023simple,
     title = {An Embarrassingly Simple Backdoor Attack against Self-supervised Learning},
     author = {Li, Changjiang and Pang, Ren and Xi, Zhaohan and Du, Tianyu and Ji, Shouling and Yao, Yuan and Wang, Ting},
     booktitle = {The 2023 International Conference on Computer Vision (ICCV '23)},
     year = {2023},
     dimensions = {true},
   }

4. On the Security Risks of Knowledge Graph Reasoning

   Zhaohan Xi, Tianyu Du, Changjiang Li, and 6 more authors

   In The 32nd USENIX Security Symposium (Security ’23), 2023

   Bib PDF

   @inproceedings{xi2023security,
     title = {On the Security Risks of Knowledge Graph Reasoning},
     author = {Xi, Zhaohan and Du, Tianyu and Li, Changjiang and Pang, Ren and Ji, Shouling and Luo, Xiapu and Xiao, Xusheng and Ma, Fenglong and Wang, Ting},
     booktitle = {The 32nd USENIX Security Symposium (Security '23)},
     year = {2023},
     dimensions = {true},
   }

2022

1. AutoML

   The Dark Side of AutoML: Towards Architectural Backdoor Search

   Ren Pang, Changjiang Li, Zhaohan Xi, and 2 more authors

   In The 11th International Conference on Learning Representations (ICLR ’23), 2022

   PDF
2. LiveBugger

   Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era

   Changjiang Li, Li Wang, Shouling Ji, and 4 more authors

   In The 31st USENIX Security Symposium (Security ’22), 2022

   PDF

2021

1. Amoeba

   Towards certifying the asymmetric robustness for neural networks: quantification and applications

   Changjiang Li, Shouling Ji, Haiqin Weng, and 6 more authors

   IEEE Transactions on Dependable and Secure Computing (TDSC 21), 2021

   PDF