I am now an assistant professor at the School of Software Technology at Zhejiang University. Before that, I was a postdoctoral scholar at the Penn State University working under Prof. Ting Wang.

I obtained my Ph.D. degree in the College of Computer Science and Technology at Zhejiang University in 2022, supervised by Prof. Shouling Ji. During Ph.D., I have spent wonderful times in collaborating with academics at the university (e.g., Prof. Bo Li at UIUC, and Prof. Ting Wang at PSU), and researchers in the industrial community (e.g., Dr. Tao Wei at Baidu USA (now Ant Financial), Dr. Jie Shi at Huawei Singapore Research Center). Before that, I obtained my B.E. degree in the Communication Engineering at the College of Information Science and Techonology, Xiamen University.

My research focuses on trustworthy machine learning, emphasizing robustness, privacy, and their interconnections. I have published 20+ papers at the top international conferences and journals such as USENIX Security, CCS, NDSS, ICLR, NeurIPS, ACL, ICCV, etc.

Openings: I am looking for motivated Master/intern students to join my research group (no position for PhD/Master students at the College of Computer Science and Technology). Please drop me an email if you are interested in working with me!

🔥 News

• 2024.09:   🎉 One paper was accepted by EMNLP 2024.
• 2024.07:   🎉 One paper was accepted by NDSS 2025.
• 2024.07:   🎉 Two papers were accepted by MM 2024.
• 2024.07:   🎉 One paper was accepted by CCS 2024.
• 2024.05:   🎉 Two papers were accepted by ACL 2024.
• 2024.01:   🎉 One paper was accepted by ICLR 2024.
• 2023.09:   🎉 Three papers were accepted by NeurIPS 2023.
• 2023.07:   🎉 One paper was accepted by ICCV 2023.
• 2023.06:   I will join the School of Software Technology at Zhejiang University as an Assistant Professor in Aug 2023!
• 2023.06:   I was invited to serve as a reviewer for EMNLP 2023.
• 2023.05:   🎉 One paper was accepted by USENIX Security 2023.
• 2023.04:   I was invited to serve as a reviewer for Cybersecurity.
• 2023.01:   I was invited to serve as a PC member for ACL 2023.
• 2022.08:   Join College of Information Sciences and Technology, Penn State University as a postdoctoral scholar.

📝 Conference Publications

CCS 2021

Cert-RNN: Towards Certifying the Robustness of Recurrent Neural Networks

Tianyu Du, Shouling Ji, Lujia Shen, Yao Zhang, Jinfeng Li, Jie Shi, Chengfang Fang, Jianwei Yin, Raheem Beyah, Ting Wang

• This work proposes Cert-RNN, a general framework for certifying the robustness of RNNs.

USENIX Security 2021

TextShield: Robust Text Classification Based on Multimodal Embedding and Neural Machine Translation

Jinfeng Li*, Tianyu Du*, Shouling Ji, Rong Zhang, Quan Lu, Min Yang, and Ting Wang (*Co-first authors)

• This work proposes TextShield, a new adversarial defense framework specifically designed for Chinese deep learning-based text classification models.

NDSS 2019

TextBugger: Generating Adversarial Text Against Real-world Applications Jinfeng Li, Shouling Ji, Tianyu Du, Bo Li, and Ting Wang

• This work proposes TextBugger, a general attack framework for generating adversarial texts.

• EMNLP 2024 SecCoder: Towards Generalizable and Robust Secure Code Generation, Boyu Zhang, Tianyu Du*, Junkai Tong, Xuhong Zhang, Kingsum Chow*, Sheng Cheng, Xun Wang, Jianwei Yin, EMNLP (Main) 2024. [TH-CPL A]
• NDSS 2025 CLIBE: Detecting Dynamic Backdoors in Transformer-based NLP Models, Rui Zeng, Xi Chen, Yuwen Pu, Xuhong Zhang, Tianyu Du, Shouling Ji, NDSS 2025. [CCF-A]
• MM 2024 TransLinkGuard: Safeguarding Transformer Models Against Model Stealing in Edge Deployment, Qinfeng Li, Zhiqiang Shen, Zhenghan Qin, Yangfan Xie, Xuhong Zhang, Tianyu Du, Sheng Cheng, Xun Wang, Jianwei Yin, MM 2024. [CCF-A]
• MM 2024 Cons2Plan: Vector Floorplan Generation from Various Conditions via a Learning Framework based on Conditional Diffusion Models, Shibo Hong, Xuhong Zhang, Tianyu Du*, Sheng Cheng, Xun Wang, Jianwei Yin, MM 2024. [CCF-A]
• CCS 2024 Unveiling the Vulnerability of Private Fine-Tuning in Split-Based Frameworks for Large Language Models: A Bidirectionally Enhanced Attack, Guanzhong Chen, Zhenghan Qin, Mingxin Yang, Yajie Zhou, Tao Fan, Tianyu Du*, Zenglin Xu*, CCS 2024. [CCF-A]
• ACL 2024 ERA-CoT: Improving Chain-of-Thought through Entity Relationship Analysis, Yanming Liu, Xinyue Peng, Tianyu Du*, Jianwei Yin, Weihao Liu, Xuhong Zhang, ACL 2024. [CCF-A]
• ACL 2024 RA-ISF: Learning to Answer and Understand from Retrieval Augmentation via Iterative Self-Feedback, Yanming Liu, Xinyue Peng, Xuhong Zhang, Weihao Liu, Jianwei Yin, Jiannan Cao, Tianyu Du*, ACL Findings 2024.
• ICLR 2024 ReMasker: Imputing Tabular Data with Masked Autoencoding, Tianyu Du, Luca Melis, Ting Wang, ICLR 2024. [TH-CPL A]
• NeurIPS 2023 Defending Pre-trained Language Models as Few-shot Learners against Backdoor Attacks, Zhaohan Xi*, Tianyu Du*, Changjiang Li, Ren Pang, Shouling Ji, Jinghui Chen, Fenglong Ma, Ting Wang, NeurIPS 2023. [CCF-A] (*Co-first authors)
• NeurIPS 2023 UniT: A Unified Look at Certified Robust Training against Text Adversarial Perturbation, Muchao Ye, Ziyi Yin, Tianrong Zhang, Tianyu Du, Jinghui Chen, Ting Wang, Fenglong Ma, NeurIPS 2023. [CCF-A]
• NeurIPS 2023 VLATTACK: Multimodal Adversarial Attacks on Vision-Language Tasks via Pre-trained Models, Ziyi Yin, Muchao Ye, Tianrong Zhang, Tianyu Du, Jinguo Zhu, Han Liu, Jinghui Chen, Ting Wang, Fenglong Ma, NeurIPS 2023. [CCF-A]
• ICCV 2023 An Embarrassingly Simple Self-supervised Trojan Attack, Changjiang Li, Ren Pang, Zhaohan Xi, Tianyu Du, Shouling Ji, Ting Wang, Yuan Yao, ICCV 2023. [CCF-A]
• USENIX Security 2023 On the Security Risks of Knowledge Graph Reasoning, Zhaohan Xi, Tianyu Du, Changjiang Li, Ren Pang, Shouling Ji, Xiapu Luo, Xusheng Xiao, Fenglong Ma, Ting Wang, USENIX Security 2023. [CCF-A]
• ICSE 2022 NeuronFair: Interpretable White-Box Fairness Testing through Biased Neuron Identification, Haibin Zheng, Zhiqing Chen, Tianyu Du, Xuhong Zhang, Yao Cheng, Shouling Ji, Jingyi Wang, Yue Yu, Jinyin Chen, ICSE 2022. [CCF-A]
• CCS 2021 Cert-RNN: Towards Certifying the Robustness of Recurrent Neural Networks, Tianyu Du, Shouling Ji, Lujia Shen, Yao Zhang, Jinfeng Li, Jie Shi, Chengfang Fang, Jianwei Yin, Raheem Beyah, Ting Wang, CCS 2021. [CCF-A]
• ICASSP 2021 Enhancing Model Robustness by Incorporating Adversarial Knowledge into Semantic Representation, Jinfeng Li, Tianyu Du, Xiangyu Liu, Rong Zhang, Hui Xue, Shouling Ji, ICASSP 2021. [CCF-B]
• AsiaCCS 2020 SirenAttack: Generating Adversarial Audio for End-to-End Acoustic Systems, Tianyu Du, Shouling Ji, Jinfeng Li, Qinchen Gu, Ting Wang and Raheem Beyah, AsiaCCS 2020. [CCF-C, Tier 2 in security domain]
• USENIX Security 2020 TextShield: Robust Text Classification Based on Multimodal Embedding and Neural Machine Translation, Jinfeng Li*, Tianyu Du*, Shouling Ji, Rong Zhang, Quan Lu, Min Yang, and Ting Wang, USENIX Security 2020, (*Co-first authors). [CCF-A]
• NDSS 2019 TextBugger: Generating Adversarial Text Against Real-world Applications, Jinfeng Li, Shouling Ji, Tianyu Du, Bo Li, and Ting Wang, NDSS 2019. [CCF-A]
• Inscrypt 2019 Invisible Poisoning: Highly Stealthy Targeted Poisoning Attack, Jinyin Chen, Haibin Zheng, Mengmeng Su, Tianyu Du, Changting Lin, and Shouling Ji, Inscrypt 2019. (Best Paper Award)
• Inscrypt 2019 Symmetric Frame Cracking: a Powerful Dynamic Textual CAPTCHA Cracking Policy, Yueyao Chen, Qianjun Liu, Tianyu Du, Yuan Chen, and Shouling Ji, Inscrypt 2019.
• ICPCSEE 2019 Neural Network Model for Classifying the Economic Recession and Construction of Financial Stress Index, Lujia Shen, Tianyu Du, and Shouling Ji, ICPCSEE 2019.
• INFOCOM 2018 Quantifying Graph Anonymity, Utility, and De-anonymity, Shouling Ji, Tianyu Du, Zhen Hong, Ting Wang, and Raheem Beyah, INFOCOM 2018. [CCF-A]
• ICDE 2018 Online E-Commerce Fraud: A Large-scale Detection and Analysis, Haiqin Weng, Zhao Li, Shouling Ji, Chen Chu, Haifeng Lu, Tianyu Du, and Qinming He, ICDE 2018. [CCF-A]
• SICBS 2018 You Are What You Search: Attribute Inference Attacks Through Web Search Queries, Tianyu Du, Tao Tao, Bijing Liu, Xueqi Jin, Jinfeng Li, and Shouling Ji, SICBS 2018.
• CSS 2017 Static taint analysis method for intent injection vulnerability in android applications, Bin Xiong, Guangli Xiang, Tianyu Du, Jing Selena He, and Shouling Ji, CSS 2017.
• COCOON 2017 Influence Spread in Social Networks with both Positive and Negative Influences, Jing Selena He, Ying Xie, Tianyu Du, Shouling Ji, and Zhao Li, COCOON 2017. [CCF-B]

📝 Journal Publications

• DetectSec: Evaluating the Robustness of Object Detection Models to Adversarial Attacks, Tianyu Du, Shouling Ji, Bo Wang, Sirui He, Jinfeng Li, Bo Li, Tao Wei, Yunhan Jia, Raheem Beyah, and Ting Wang, International Journal of Intelligent Systems, 2022. [IF=8.993]
• TDSC 2022 Your labels are selling you out: Relation leaks in vertical federated learning, Pengyu Qiu, Xuhong Zhang, Shouling Ji, Tianyu Du, Yuwen Pu, Jun Zhou, Ting Wang, IEEE Transactions on Dependable and Secure Computing, 2022. [CCF A]
• FineFool: A Novel DNN Object Contour Attack on Image Recognition Based on the Attention Perturbation Adversarial Technique, Jinyin Chen, Haibin Zheng, Hui Xiong, Ruoxi Chen, Tianyu Du, Zhen Hong, Shouling Ji, Computers & Security, 2021(9):102220. [CCF-B]
• Robustness Certification Research on Deep Learning Models: A Survey, Shouling Ji, Tianyu Du, Shuiguang Deng, Jie Shi, Min Yang, Bo Li, Chinese Journal of Computers, 2022, 45(1): 190-206.
• Security and Privacy of Machine Learning Models: A Survey, Shouling Ji, Tianyu Du, Jinfeng Li, Chao Shen, and Bo Li, Journal of Software, 2021, 32(1): 41-67.
• Survey on Techniques, Applications and Security of Machine Learning Interpretability, Shouling Ji, Jinfeng Li, Tianyu Du, and Bo Li, Journal of Computer Research and Development, 2019, 56(10): 2071.
• Spreading Social Influence with Both Positive and Negative Opinions in Online Networks, Jing Selena He, Meng Han, Shouling Ji, Tianyu Du, and Zhao Li, Big Data Mining and Analytics, 2019, 2(2): 100-117.

🧾 Poster

• SirenAttack: Generating Adversarial Audio for End-to-End Acoustic Systems, Tianyu Du, Shouling Ji, Jinfeng Li, Qinchen Gu, Ting Wang and Raheem Beyah, NDSS 2019 Poster Session.

📖 arXiv

• RNN-Guard: Certified Robustness Against Multi-frame Attacks for Recurrent Neural Networks, Yunruo Zhang, Tianyu Du, Shouling Ji, Peng Tang, Shanqing Guo.
• Reasoning over Multi-view Knowledge Graphs, Zhaohan Xi, Ren Pang, Changjiang Li, Tianyu Du, Shouling Ji, Fenglong Ma, Ting Wang.

📓 Patents

• CN, “A method and system for generating adversarial audio under white-box settings”

💻 Experience

• 2022.08 - 2023.08, Postdoctoral Scholar, Penn State University.
• 2017.03 - 2018.03, Research Scientist Intern, Alibaba, Hangzhou.

🎓 Education

• 2017.09 - 2022.06, Ph.D., Cyber Security, Zhejiang University, Hangzhou.
• 2013.09 - 2017.06, B.E., Communication Engineering, Xiamen University, Xiamen.

👩‍🏫 Service

• Conference Program Committee or Reviewer: EMNLP 2023, ACL 2023.
• Journal Reviewer: Cybersecurity.

💬 Invited Talks

• 2021.07, Adversarial attack and defense in the natural language procesing domain, G.O.S.S.I.P Summer School, Shanghai.

🎖 Honors and Awards

• 2019.12 Inscrypt 2019 Best Paper Award
• 2018.10 Guanglianda Second Prize Scholarship
• 2014.10 National Scholarship (Undergraduate) (Top 1%)