AI Security (UIUC)

Full Publications

Refereed Conferences

2024

Zhaorun Chen, Zhen Xiang, Chaowei Xiao, Dawn Song, Bo Li. AgentPoison: Red-teaming LLM Agents via Memory or Knowledge Base Backdoor Poisoning. (NeurIPS 2024) [BibTeX]

@article{chen2024agentpoison,
  title={AgentPoison: Red-teaming LLM Agents via Memory or Knowledge Base Backdoor Poisoning},
  author={Chen, Zhaorun and Xiang, Zhen and Xiao, Chaowei and Song, Dawn and Li, Bo},
  journal={NeurIPS},
  year={2024}
}

Chengquan Guo, Xun Liu, Chulin Xie, Andy Zhou, Yi Zeng, Zinan Lin, Dawn Song, Bo Li. RedCode: Multi-dimensional Safety Benchmark for Code Agents. (NeurIPS 2024) [BibTeX]

@article{Guo2024redcode,
  title={RedCode: Multi-dimensional Safety Benchmark for Code Agents},
  author={Guo, Chengquan and Liu, Xun and Xie, Chulin and Zhou, Andy and Zeng, Yi and Lin, Zinan and Song, Dawn and Li, Bo},
  journal={NeurIPS},
  year={2024}
}

Haohong Lin, Wenhao Ding, Jian Chen, Laixi Shi, Jiacheng Zhu, Bo Li, Ding Zhao. BECAUSE: Bilinear Causal Representation for Generalizable Offline Model-based Reinforcement Learning. (NeurIPS 2024) [BibTeX]

@article{lin2024because,
  title={BECAUSE: Bilinear Causal Representation for Generalizable Offline Model-based Reinforcement Learning},
  author={Lin, Haohong and Ding, Wenhao and Chen, Jian and Shi, Laixi and Zhu, Jiacheng and Li, Bo and Zhao, Ding},
  journal={NeurIPS},
  year={2024}
}

Yiquan Li, Zhongzhu Chen, Kun Jin, Jiongxiao Wang, Bo Li, Chaowei Xiao. Consistency Purification: Effective and Efficient Diffusion Purification towards Certified Robustness. (NeurIPS 2024) [BibTeX]

@article{li2024consistency,
  title={Consistency Purification: Effective and Efficient Diffusion Purification towards Certified Robustness},
  author={Li, Yiquan and Chen, Zhongzhu and Jin, Kun and Wang, Jiongxiao and Li, Bo and Xiao, Chaowei},
  journal={NeurIPS},
  year={2024}
}

Andy Zhou, Bo Li, Haohan Wang. Robust Prompt Optimization for Defending Language Models Against Jailbreaking Attacks. (NeurIPS 2024) [BibTeX]

@article{zhou2024robust,
  title={Robust Prompt Optimization for Defending Language Models Against Jailbreaking Attacks},
  author={Zhou, Andy and Li, Bo and Wang, Haohan},
  journal={NeurIPS},
  year={2024}
}

Bochuan Cao, Jinyuan Jia, Chuxuan Hu, Wenbo Guo, Zhen Xiang, Jinghui Chen, Bo Li, Dawn Song. DFBA: Data Free Backdoor Attacks. (NeurIPS 2024) [BibTeX]

@article{cao2024dfba,
  title={DFBA: Data Free Backdoor Attacks},
  author={Cao, Bochuan and Jia, Jinyuan and Hu, Chuxuan and Guo, Wenbo and Xiang, Zhen and Chen, Jinghui and Li, Bo and Song, Dawn},
  journal={NeurIPS},
  year={2024}
}

Jiongxiao Wang, Jiazhao Li, Yiquan Li, Xiangyu Qi, Junjie Hu, Yixuan Li, Patrick McDaniel, Muhao Chen, Bo Li, Chaowei Xiao. Mitigating Fine-tuning based Jailbreak Attack with Backdoor Enhanced Safety Alignment. (NeurIPS 2024) [BibTeX]

@article{wang2024mitigating,
  title={Mitigating Fine-tuning based Jailbreak Attack with Backdoor Enhanced Safety Alignment},
  author={Wang, Jiongxiao and Li, Jiazhao and Li, Yiquan and Qi, Xiangyu and Hu, Junjie and Li, Yixuan and McDaniel, Patrick and Chen, Muhao and Li, Bo and Xiao, Chaowei},
  journal={NeurIPS},
  year={2024}
}

Yixin Chen, Shuai Zhang, Boran Han, Tong He, Bo Li. CaMML: Context-Aware Multimodal Learner for Large Models. (ACL 2024) (Area Chair Award at ACL 2024) [BibTeX]

@article{chen2024camml,
  title={CaMML: Context-Aware Multimodal Learner for Large Models},
  author={Chen, Yixin and Zhang, Shuai and Han, Boran and He, Tong and Li, Bo},
  journal={ACL},
  year={2024}
}

Fengqing Jiang, Zhangchen Xu, Luyao Niu, Zhen Xiang, Bhaskar Ramasubramanian, Bo Li, Radha Poovendran. ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs. (ACL 2024) [BibTeX]

@article{jiang2024artprompt,
  title={ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs},
  author={Jiang, Fengqing and Xu, Zhangchen and Niu, Luyao and Xiang, Zhen and Ramasubramanian, Bhaskar and Li, Bo and Poovendran, Radha},
  journal={ACL},
  year={2024}
}

Zhangchen Xu, Fengqing Jiang, Luyao Niu, Jinyuan Jia, Bo Li, Radha Poovendran. ACE: A Model Poisoning Attack on Contribution Evaluation Methods in Federated Learning. (USENIX Security 2024) [BibTeX]

@article{xu2024ace,
  title={ACE: A Model Poisoning Attack on Contribution Evaluation Methods in Federated Learning},
  author={Xu, Zhangchen and Jiang, Fengqing and Niu, Luyao and Jia, Jinyuan and Li, Bo and Poovendran, Radha},
  journal={USENIX Security},
  year={2024}
}

Qinbin Li, Junyuan Hong, Chulin Xie, Jeffrey Tan, Rachel Xin, Junyi Hou, Xavier Yin, Zhun Wang, Dan Hendrycks, Zhangyang Wang, Bo Li, Bingsheng He, Dawn Song. LLM-PBE: Assessing Data Privacy in Large Language Models. (PVLDB 2024) (PVLDB Best Research Paper Award finalist) [BibTeX]

@article{li2024llmpbe,
  title={LLM-PBE: Assessing Data Privacy in Large Language Models},
  author={Li, Qinbin and Hong, Junyuan and Xie, Chulin and Tan, Jeffrey and Xin, Rachel and Hou, Junyi and Yin, Xavier and Wang, Zhun and Hendrycks, Dan and Wang, Zhangyang and Li, Bo and He, Bingsheng and Song, Dawn},
  journal={PVLDB},
  year={2024}
}

Yi Zeng, Weiyu Sun, Tran Ngoc Huynh, Dawn Song, Bo Li, Ruoxi Jia. BEEAR: Embedding-based Adversarial Removal of Safety Backdoors in Instruction-tuned Language Models. (EMNLP 2024) [BibTeX]

@article{zeng2024beear,
  title={BEEAR: Embedding-based Adversarial Removal of Safety Backdoors in Instruction-tuned Language Models},
  author={Zeng, Yi and Sun, Weiyu and Huynh, Tran Ngoc and Song, Dawn and Li, Bo and Jia, Ruoxi},
  journal={EMNLP},
  year={2024}
}

Andy Zhou, Xiaojun Xu, Ramesh Raghunathan, Alok Lal, Xinze Guan, Bin Yu, Bo Li. KnowledgeGraph: Knowledge-Enabled Anomaly Detection via Logical Reasoning on Graph Data. (CCS 2024) [BibTeX]

@article{zhou2024knowledgegraph,
  title={KnowledgeGraph: Knowledge-Enabled Anomaly Detection via Logical Reasoning on Graph Data},
  author={Zhou, Andy and Xu, Xiaojun and Raghunathan, Ramesh and Lal, Alok and Guan, Xinze and Yu, Bin and Li, Bo},
  journal={CCS},
  year={2024}
}

Zhangchen Xu, Fengqing Jiang, Luyao Niu, Jinyuan Jia, Bo Li, Radha Poovendran. ACE: A Model Poisoning Attack on Contribution Evaluation Methods in Federated Learning. (USENIX Security 2024) [BibTeX]

@article{xu2024ace,
  title={ACE: A Model Poisoning Attack on Contribution Evaluation Methods in Federated Learning},
  author={Xu, Zhangchen and Jiang, Fengqing and Niu, Luyao and Jia, Jinyuan and Li, Bo and Poovendran, Radha},
  journal={USENIX Security},
  year={2024}
}

Yefei He, Haoxiang Wang, Bo Li, Han Zhao. Gradual Domain Adaptation: Theory and Algorithms. (JMLR 2024) [BibTeX]

@article{he2024gradual,
  title={Gradual Domain Adaptation: Theory and Algorithms},
  author={He, Yefei and Wang, Haoxiang and Li, Bo and Zhao, Han},
  journal={JMLR},
  year={2024}
}

Mintong Kang, Nezihe Merve Gürel, Ning Yu, Dawn Song, Bo Li. C-RAG: Certified Generation Risks for Retrieval-Augmented Language Models. (ICML 2024) [BibTeX] [Code]

@article{kang2024crag,
  title={C-RAG: Certified Generation Risks for Retrieval-Augmented Language Models},
  author={Kang, Mintong and Gürel, Nezihe Merve and Yu, Ning and Song, Dawn and Li, Bo},
  journal={ICML},
  year={2024}
}

Zhuowen Yuan, Zidi Xiong, Yi Zeng, Ning Yu, Ruoxi Jia, Dawn Song, Bo Li. RigorLLM: Resilient Guardrails for Large Language Models against Undesired Content. (ICML 2024) [BibTeX]

@article{yuan2024rigor,
  title={RigorLLM: Resilient Guardrails for Large Language Models against Undesired Content},
  author={Yuan, Zhuowen and Xiong, Zidi and Zeng, Yi and Yu, Ning and Jia, Ruoxi and Song, Dawn and Li, Bo},
  journal={ICML},
  year={2024}
}

Mintong Kang, Zhen Lin, Jimeng Sun, Cao Xiao, Bo Li. Rob-FCP: Certifiably Byzantine-Robust Federated Conformal Prediction. (ICML 2024) [BibTeX]

@article{kang2024robfcp,
  title={Rob-FCP: Certifiably Byzantine-Robust Federated Conformal Prediction},
  author={Kang, Mintong and Lin, Zhen and Sun, Jimeng and Xiao, Cao and Li, Bo},
  journal={ICML},
  year={2024}
}

Junyuan Hong, Jinhao Duan, Chenhui Zhang, Zhangheng Li, Chulin Xie, Kelsey Lieberman, James Diffenderfer, Brian Bartoldson, Ajay Jaiswal, Kaidi Xu, Bhavya Kailkhura, Dan Hendrycks, Dawn Song, Zhangyang Wang, Bo Li. Decoding Compressed Trust: Scrutinizing the Trustworthiness of Efficient LLMs Under Compression. (ICML 2024) [BibTeX]

@article{hong2024dec,
  title={Decoding Compressed Trust: Scrutinizing the Trustworthiness of Efficient LLMs Under Compression},
  author={Hong, Junyuan and Duan, Jinhao and Zhang, Chenhui and Li, Zhangheng and Xie, Chulin and Lieberman, Kelsey and Diffenderfer, James and Bartoldson, Brian and Jaiswal, Ajay and Xu, Kaidi and Kailkhura, Bhavya and Hendrycks, Dan and Song, Dawn and Wang, Zhangyang and Li, Bo},
  journal={ICML},
  year={2024}
}

Youwei Shu, Xi Xiao, Derui Wang, Yuxin Cao, Siji Chen, Jason Xue, Linyi Li, Bo Li. Effects of Exponential Gaussian Distribution on (Double Sampling) Randomized Smoothing. (ICML 2024) [BibTeX]

@article{shu2024exponential,
  title={Effects of Exponential Gaussian Distribution on (Double Sampling) Randomized Smoothing},
  author={Shu, Youwei and Xiao, Xi and Wang, Derui and Cao, Yuxin and Chen, Siji and Xue, Jason and Li, Linyi and Li, Bo},
  journal={ICML},
  year={2024}
}

Weixin Chen, Dawn Song, Bo Li. GRATH: Gradual Self-Truthifying for Large Language Models. (ICML 2024) [BibTeX]

@article{chen2024grath,
  title={GRATH: Gradual Self-Truthifying for Large Language Models},
  author={Chen, Weixin and Song, Dawn and Li, Bo},
  journal={ICML},
  year={2024}
}

Mantas Mazeika, Long Phan, Xuwang Yin, Andy Zou, Zifan Wang, Norman Mu, Elham Sakhaee, Nathaniel Li, Steven Basart, Bo Li, David Forsyth, Dan Hendrycks. HarmBench: A Standardized Evaluation Framework for Automated Red Teaming and Robust Refusal. (ICML 2024) [BibTeX] [Code]

@article{mazeika2024harmbench,
  title={HarmBench: A Standardized Evaluation Framework for Automated Red Teaming and Robust Refusal},
  author={Mazeika, Mantas and Phan, Long and Yin, Xuwang and Zou, Andy and Wang, Zifan and Mu, Norman and Sakhaee, Elham and Li, Nathaniel and Basart, Steven and Li, Bo and Forsyth, David and Hendrycks, Dan},
  journal={ICML},
  year={2024}
}

Chulin Xie, Zinan Lin, Arturs Backurs, Sivakanth Gopi, Da Yu, Huseyin A Inan, Harsha Nori, Haotian Jiang, Huishuai Zhang, Yin Tat Lee, Bo Li, Sergey Yekhanin. Differentially Private Synthetic Data via Foundation Model APIs 2: Text. (ICML 2024) [BibTeX] [Code]

@article{xie2024differentially,
  title={Differentially Private Synthetic Data via Foundation Model APIs 2: Text},
  author={Xie, Chulin and Lin, Zinan and Backurs, Arturs and Gopi, Sivakanth and Yu, Da and Inan, Huseyin A and Nori, Harsha and Jiang, Haotian and Zhang, Huishuai and Lee, Yin Tat and Li, Bo and Yekhanin, Sergey},
  journal={ICML},
  year={2024}
}

Zhaorun Chen, Zhuokai Zhao, Hongyin Luo, Huaxiu Yao, Bo Li, Jiawei Zhou. HALC: Object Hallucination Reduction via Adaptive Focal-Contrast Decoding. (ICML 2024) [BibTeX] [Code]

@article{chen2024halc,
  title={HALC: Object Hallucination Reduction via Adaptive Focal-Contrast Decoding},
  author={Chen, Zhaorun and Zhao, Zhuokai and Luo, Hongyin and Yao, Huaxiu and Li, Bo and Zhou, Jiawei},
  journal={ICML},
  year={2024}
}

Zhuowen Yuan, Wenbo Guo, Jinyuan Jia, Bo Li, Dawn Song. SHINE: Shielding Backdoors in Deep Reinforcement Learning. (ICML 2024) [BibTeX]

@article{yuan2024shine,
  title={SHINE: Shielding Backdoors in Deep Reinforcement Learning},
  author={Yuan, Zhuowen and Guo, Wenbo and Jia, Jinyuan and Li, Bo and Song, Dawn},
  journal={ICML},
  year={2024}
}

Bhaskar Ray Chaudhury, Aniket Murhekar, Zhuowen Yuan, Bo Li, Ruta Mehta, Ariel D. Procaccia. Fair Federated Learning via the Proportional Veto Core. (ICML 2024) [BibTeX]

@article{chaudhury2024fair,
  title={Fair Federated Learning via the Proportional Veto Core},
  author={Chaudhury, Bhaskar Ray and Murhekar, Aniket and Yuan, Zhuowen and Li, Bo and Mehta, Ruta and Procaccia, Ariel D.},
  journal={ICML},
  year={2024}
}

Boxin Wang, Wei Ping, Lawrence McAfee, Peng Xu, Bo Li, Mohammad Shoeybi, Bryan Catanzaro. InstructRetro: Instruction Tuning post Retrieval-Augmented Pretraining. (ICML 2024) [BibTeX]

@article{wang2024instructretro,
  title={InstructRetro: Instruction Tuning post Retrieval-Augmented Pretraining},
  author={Wang, Boxin and Ping, Wei and McAfee, Lawrence and Xu, Peng and Li, Bo and Shoeybi, Mohammad and Catanzaro, Bryan},
  journal={ICML},
  year={2024}
}

Jiawei Zhang, Chejian Xu, Bo Li. ChatScene: Knowledge-Enabled Safety-Critical Scenario Generation for Autonomous Vehicles. (CVPR 2024) [BibTeX]

@article{zhang2024chatscene,
  title={ChatScene: Knowledge-Enabled Safety-Critical Scenario Generation for Autonomous Vehicles},
  author={Zhang, Jiawei and Xu, Chejian and Li, Bo},
  journal={CVPR},
  year={2024}
}

Chulin Xie, De-An Huang, Wenda Chu, Daguang Xu, Chaowei Xiao, Bo Li, Anima Anandkumar. PerAda: Parameter-Efficient Federated Learning Personalization with Generalization Guarantees. (CVPR 2024) [BibTeX]

@article{xie2024perada,
  title={PerAda: Parameter-Efficient Federated Learning Personalization with Generalization Guarantees},
  author={Xie, Chulin and Huang, De-An and Chu, Wenda and Xu, Daguang and Xiao, Chaowei and Li, Bo and Anandkumar, Anima},
  journal={CVPR},
  year={2024}
}

Jielin Qiu, Jiacheng Zhu, William Han, Aditesh Kumar, Karthik Mittal, Claire Jin, Zhengyuan Yang, Linjie Li, Jianfeng Wang, Ding Zhao, Bo Li, Lijuan Wang. MMSum: A Dataset for Multimodal Summarization and Thumbnail Generation of Videos. (CVPR 2024) [BibTeX] [Code]

@article{qiu2024mmsum,
  title={MMSum: A Dataset for Multimodal Summarization and Thumbnail Generation of Videos},
  author={Qiu, Jielin and Zhu, Jiacheng and Han, William and Kumar, Aditesh and Mittal, Karthik and Jin, Claire and Yang, Zhengyuan and Li, Linjie and Wang, Jianfeng and Zhao, Ding and Li, Bo and Wang, Lijuan},
  journal={CVPR},
  year={2024}
}

Mintong Kang, Nezihe Merve Gürel, Linyi Li, Bo Li. COLEP: Certifiably Robust Learning-Reasoning Conformal Prediction via Probabilistic Circuits. (ICLR 2024) [BibTeX]

@article{colepkang,
  title={COLEP: Certifiably Robust Learning-Reasoning Conformal Prediction via Probabilistic Circuits},
  author={Kang, Mintong and Gürel, Nezihe Merve and Li, Linyi and Li, Bo},
  journal={ICLR},
  year={2024}
}

Zhen Xiang, Fengqing Jiang, Zidi Xiong, Bhaskar Ramasubramanian, Radha Poovendran, Bo Li. BadChain: Backdoor Chain-of-Thought Prompting for Large Language Models. (ICLR 2024) [BibTeX]

@article{xiang2024badchain,
  title={BadChain: Backdoor Chain-of-Thought Prompting for Large Language Models},
  author={Xiang, Zhen and Jiang, Fengqing and Xiong, Zidi and Ramasubramanian, Bhaskar and Poovendran, Radha and Li, Bo},
  journal={ICLR},
  year={2024}
}

Qinbin Li, Chulin Xie, Xiaojun Xu, Xiaoyuan Liu, Ce Zhang, Bo Li, Bingsheng He, Dawn Song. Effective and Efficient Federated Tree Learning on Hybrid Data. (ICLR 2024) [BibTeX]

@article{li2023effective,
  title={Effective and Efficient Federated Tree Learning on Hybrid Data},
  author={Li, Qinbin and Xie, Chulin and Xu, Xiaojun and Liu, Xiaoyuan and Zhang, Ce and Li, Bo and He, Bingsheng and Song, Dawn},
  journal={ICLR},
  year={2024}
}

Junyuan Hong, Jiachen T. Wang, Chenhui Zhang, Zhangheng LI, Bo Li, Zhangyang Wang. DP-OPT: Make Large Language Model Your Differentially-Private Prompt Engineer. (ICLR 2024) [BibTeX] [Code]

@article{hong2023dp,
  title={DP-OPT: Make Large Language Model Your Privacy-Preserving Prompt Engineer},
  author={Hong, Junyuan and Wang, Jiachen T and Zhang, Chenhui and Li, Zhangheng and Li, Bo and Wang, Zhangyang},
  journal={ICLR},
  year={2024}
}

Yu-Lin Tsai, Chia-Yi Hsu, Chulin Xie, Chih-Hsun Lin, Jia You Chen, Bo Li, Pin-Yu Chen, Chia-Mu Yu, Chun-Ying Huang. Ring-A-Bell! How Reliable are Concept Removal Methods For Diffusion Models? (ICLR 2024) [BibTeX]

@article{tsai2023ring,
  title={Ring-A-Bell! How Reliable are Concept Removal Methods for Diffusion Models?},
  author={Tsai, Yu-Lin and Hsu, Chia-Yi and Xie, Chulin and Lin, Chih-Hsun and Chen, Jia-You and Li, Bo and Chen, Pin-Yu and Yu, Chia-Mu and Huang, Chun-Ying},
  journal={ICLR},
  year={2024}
}

Chulin Xie, Pin-Yu Chen, Qinbin Li, Arash Nourian, Ce Zhang, Bo Li. Improving Privacy-Preserving Vertical Federated Learning by Efficient Communication with ADMM. (SatML 2024) [BibTeX]

@article{xie2022improving,
  title={Improving privacy-preserving vertical federated learning by efficient communication with admm},
  author={Xie, Chulin and Chen, Pin-Yu and Zhang, Ce and Li, Bo},
  journal={SatML},
  year={2024}
}

Zhangheng Li, Junyuan Hong, Bo Li, Zhangyang Wang. Shake to Leak: Amplifying the Generative Privacy Risk through Fine-tuning. (SatML 2024) [BibTeX]

@article{li2024shake,
  title={Shake to Leak: Amplifying the Generative Privacy Risk through Fine-tuning},
  author={Li, Zhangheng and Hong, Junyuan and Li, Bo and Wang, Zhangyang},
  journal={SatML},
  year={2024}
}

Zhangheng Li, Tianlong Chen, Linyi Li, Bo Li, Zhangyang Wang. Can Pruning Improve Certified Robustness of Neural Networks? (TMLR 2024) [BibTeX] [Code]

@article{li2022can,
  title={Can pruning improve certified robustness of neural networks?},
  author={Li, Zhangheng and Chen, Tianlong and Li, Linyi and Li, Bo and Wang, Zhangyang},
  journal={TMLR},
  year={2024}
}

Hengzhi Pei, Jinyuan Jia, Wenbo Guo, Bo Li, Dawn Song. TextGuard: Provable Defense against Backdoor Attacks on Text Classification. (NDSS 2024) [BibTeX] [Code]

@article{pei2023textguard,
  title={TextGuard: Provable Defense against Backdoor Attacks on Text Classification},
  author={Pei, Hengzhi and Jia, Jinyuan and Guo, Wenbo and Li, Bo and Song, Dawn},
  journal={NDSS},
  year={2024}
}

2023

Chulin Xie, Yunhui Long, Pin-Yu Chen, Qinbin Li, Sanmi Koyejo, Bo Li. Unraveling the Connections between Privacy and Certified Robustness in Federated Learning Against Poisoning Attacks. (CCS 2023) [BibTeX] [Code]

@article{unraxie,
  title={Unraveling the Connections between Privacy and Certified Robustness in Federated Learning Against Poisoning Attacks},
  author={Xie, Chulin and Long, Yunhui and Chen, Pin-Yu and Li, Qinbin and Koyejo, Sanmi and Li, Bo},
  journal={CCS},
  year={2023}
}

Boxin Wang, Weixin Chen, Hengzhi Pei, Chulin Xie, Mintong Kang, Chenhui Zhang, Chejian Xu, Zidi Xiong, Ritik Dutta, Rylan Schaeffer, Sang T. Truong, Simran Arora, Mantas Mazeika, Dan Hendrycks, Zinan Lin, Yu Cheng, Sanmi Koyejo, Dawn Song, Bo Li. DecodingTrust: A Comprehensive Assessment of Trustworthiness in GPT Models. (NeurIPS 2023) (Oral Presentation) (Outstanding Paper Award) [Leaderboard] [BibTeX] [Code]

@article{decowang,
  title={DecodingTrust: A Comprehensive Assessment of Trustworthiness in GPT Models},
  author={Wang, Boxin and Chen, Weixin and Pei, Hengzhi and Xie, Chulin and Kang, Mintong and Zhang, Chenhui and Xu, Chejian and Xiong, Zidi and Dutta, Ritik and Schaeffer, Rylan and Truong, Sang and Arora, Simran and Mazeika, Mantas and Hendrycks, Dan and Liu, Zinan and Cheng, Yu and Keyejo, Sanmi and Song, Dawn and Li, Bo},
  journal={NeurIPS},
  year={2023}
}

Mintong Kang, Dawn Song, Bo Li. DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification. (NeurIPS 2023) [BibTeX] [Code]

@article{diffattakang,
  title={DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification},
  author={Kang, Mintong and Song, Dawn and Li, Bo},
  journal={NeurIPS},
  year={2023}
}

Zhen Xiang, Zidi Xiong, Bo Li. CBD: A Certified Backdoor Detector Based on Local Dominant Probability. (NeurIPS 2023) [BibTeX] [Code]

@article{cbdxiang,
  title={CBD: A Certified Backdoor Detector Based on Local Dominant Probability},
  author={Xiang, Zhen and Xiong, Zidi and Li, Bo},
  journal={NeurIPS},
  year={2023}
}

Junfeng Guo, Yiming Li, Lixu Wang, Shu-Tao Xia, Heng Huang, Cong Liu, Bo Li. Domain Watermark: Effective and Harmless Dataset Copyright Protection is Closed at Hand. (NeurIPS 2023) [BibTeX] [Code]

@article{domainguo,
  title={Domain Watermark: Effective and Harmless Dataset Copyright Protection is Closed at Hand},
  author={Guo, Junfeng and Li, Yiming and Wang, Lixu and Xia, Shu-Tao and Huang, Heng and Liu, Cong and Li, Bo},
  journal={NeurIPS},
  year={2023}
}

Maurice Weber, Carlo Siebenschuh, Rory Marshall Butler, Anton Alexandrov, Valdemar Ragnar Thanner, Georgios Tsolakis, Haris Jabbar, Ian Foster, Bo Li, Rick Stevens, Ce Zhang. WordScape: a Pipeline to extract multilingual, visually rich Documents with Layout Annotations from Web Crawl Data (NeurIPS 2023) [BibTeX] [Code]

@article{wordsweber,
  title={WordScape: a Pipeline to extract multilingual, visually rich Documents with Layout Annotations from Web Crawl Data},
  author={Weber, Maurice and Siebenschuh, Carlo and Butler, Rory and Alexandrov, Anton and Thanner, Valdemar and Tsolakis, Georgios and Jabbar, Haris and Foster, Ian and Li, Bo and Stevens, Rick and Zhang, Ce},
  journal={NeurIPS},
  year={2023}
}

Aniket Murhekar, Zhuowen Yuan, Bhaskar Ray Chaudhury, Bo Li, Ruta Mehta. Incentives in Federated Learning: Equilibria, Dynamics, and Mechanisms for Welfare Maximization. (NeurIPS 2023) [BibTeX] [Code]

@article{incenmur,
  title={Incentives in Federated Learning: Equilibria, Dynamics, and Mechanisms for Welfare Maximization},
  author={Murhekar, Aniket and Yuan, ZHuowen and Chaudhury, Bhaskar and Li, Bo and Mehta, Ruta},
  journal={NeurIPS},
  year={2023}
}

Jinyuan Jia, Zhuowen Yuan, Dinuka Sahabandu, Luyao Niu, Arezoo Rajabi, Bhaskar Ramasubramanian, Bo Li, Radha Poovendran. FedGame: A Game-Theoretic Defense against Backdoor Attacks in Federated Learning. (NeurIPS 2023) [BibTeX] [Code]

@article{fedgamejia,
  title={FedGame: A Game-Theoretic Defense against Backdoor Attacks in Federated Learning},
  author={Jia, Jinyuan and Yuan, Zhuowen and Sahabandu, Dinuka and Niu, Luyao and Rajabi, Arezoo and Ramasubramanian, Bhaskar and Li, Bo and Poovendran, Radha},
  journal={NeurIPS},
  year={2023}
}

Bochuan Cao, Changjiang Li, Ting Wang, Jinyuan Jia, Bo Li, Jinghui Chen. IMPRESS: Evaluating the Resilience of Imperceptible Perturbations Against Unauthorized Data Usage in Diffusion-Based Generative AI. (NeurIPS 2023) [BibTeX] [Code]

@article{impresscao,
  title={IMPRESS: Evaluating the Resilience of Imperceptible Perturbations Against Unauthorized Data Usage in Diffusion-Based Generative AI},
  author={Cao, Bochuan and Li, Changjiang and Wang, Ting and Jia, Jinyuan and Li, Bo and Chen, Jinghui},
  journal={NeurIPS},
  year={2023}
}

Jielin Qiu, William Han, Jiacheng Zhu, Mengdi Xu, Douglas J Weber, Bo Li, Ding Zhao. Can Brain Signals Reveal Inner Alignment with Human Languages? (EMNLP 2023) [BibTeX] [Code]

@article{canqiu,
  title={Can Brain Signals Reveal Inner Alignment with Human Languages?},
  author={Qiu, Jielin and Han, William and Zhu, Jiacheng and Xu, Mengdi and Weber, Douglas and Li, Bo and Zhao, Ding},
  journal={EMNLP},
  year={2023}
}

Boxin Wang, Wei Ping, Peng Xu, Lawrence McAfee, Zihan Liu, Mohammad Shoeybi, Yi Dong, Oleksii Kuchaiev, Bo Li, Chaowei Xiao, Anima Anandkumar, Bryan Catanzaro. Shall We Pretrain Autoregressive Language Models with Retrieval? A Comprehensive Study (EMNLP 2023) [BibTeX] [Code]

@article{shallwang,
  title={Shall We Pretrain Autoregressive Language Models with Retrieval? A Comprehensive Study},
  author={Wang, Boxin and Ping, Wei and Xu, Peng and McAfee, Lawrence and Liu, Zihan and Shoeybi, Mohammad and Dong, Yi and Kuchaiev, Oleksii and Li, Bo and Xiao, Chaowei and Anandkumar, Anima and Catanzaro, Bryan},
  journal={EMNLP},
  year={2023}
}

Zhuolin Yang, Wei Ping, Zihan Liu, Vijay Anand Korthikanti, Weili Nie, De-An Huang, Linxi Fan, Zhiding Yu, Shiyi Lan, Bo Li, Mohammad Shoeybi, Ming-Yu Liu, Yuke Zhu, Bryan Catanzaro. Re-ViLM: Retrieval-Augmented Visual Language Model for Zero and Few-Shot Image Captioning (EMNLP 2023) [BibTeX] [Code]

@article{revilmyang,
  title={Re-ViLM: Retrieval-Augmented Visual Language Model for Zero and Few-Shot Image Captioning},
  author={Yang, Zhuolin and Ping, Wei and Liu, Zihan and Korthikanti Vijay and Nie, Weili and Huang, De-An and Fan, Linxi and Yu, Zhiding and Lan, Shiyi and Li, Bo and Mohammad and Liu, Ming-Yu and Zhu, Yuke and Catanzaro, Bryan},
  journal={EMNLP},
  year={2023}
}

Linyi Li, Tao Xie, Bo Li. SoK: Certified Robustness for Deep Neural Networks. (IEEE Symposium on Security and Privacy (Oakland), 2023) [Leaderboard] [BibTeX] [Code]

@article{li2020sok,
  title={Sok: Certified robustness for deep neural networks},
  author={Li, Linyi and Xie, Tao and Li, Bo},
  journal={(IEEE Symposium on Security and Privacy (Oakland)},
  year={2023}
}

Maurice Weber, Xiaojun Xu, Bojan Karlas, Ce Zhang, Bo Li. RAB: Provable Robustness Against Backdoor Attacks. (IEEE Symposium on Security and Privacy (Oakland), 2023) [BibTeX] [Code]

@article{weber2020rab,
  title={Rab: Provable robustness against backdoor attacks},
  author={Weber, Maurice and Xu, Xiaojun and Karla{\v{s}}, Bojan and Zhang, Ce and Li, Bo},
  journal={(IEEE Symposium on Security and Privacy (Oakland)},
  year={2023}
}

Weixin Chen, Dawn Song, Bo Li. TrojDiff: Trojan Attacks on Diffusion Models with Diverse Targets. (CVPR, 2023) [BibTeX] [Code]

@article{weixintroj2023,
  title={TrojDiff: Trojan Attacks on Diffusion Models with Diverse Targets},
  author={Chen, Weixin and Song, Dawn and Li, Bo},
  journal={(CVPR},
  year={2023}
}

Zhen Xiang, Zidi Xiong, Bo Li. UMD: Unsupervised Model Detection for X2X Backdoor Attacks. (ICML, 2023) [BibTeX] [Code]

@article{zhenumd2023,
  title={UMD: Unsupervised Model Detection for X2X Backdoor Attacks},
  author={Xiang, Zhen and Xiong, Zidi and Li, Bo},
  journal={(ICML},
  year={2023}
}

Jiacheng Zhu, Jielin Qiu, Aritra Guha, Zhuolin Yang, XuanLong Nguyen, Bo Li, Ding Zhao. Interpolation for Robust Learning: Data Augmentation on Geodesics. (ICML, 2023) [BibTeX] [Code]

@article{jiachenginter2023,
  title={Interpolation for Robust Learning: Data Augmentation on Geodesics},
  author={Zhu, Jiacheng and Qiu, Jielin and Guha, Aritra and Yang, Zhuolin and Nguyen, XuanLong and Li, Bo and Zhao, Ding},
  journal={ICML},
  year={2023}
}

Yige Li, Xixiang Lyu, Xingjun Ma, Nodens Koren, Lingjuan Lyu, Bo Li, Yu-Gang Jiang. Reconstructive Neuron Pruning for Backdoor Defense. (ICML, 2023) [BibTeX] [Code]

@article{YiRecon2023,
  title={Reconstructive Neuron Pruning for Backdoor Defense},
  author={Li, Yige and Lyu, Xixiang and Ma, Xingjun and Koren, Nodens and Lyu, Lingjuan and Li, Bo and Jiang, Yu-Gang},
  journal={(ICML},
  year={2023}
}

Jielin Qiu, Jiacheng Zhu, Mengdi Xu, Franck Dernoncourt, Trung Bui, Zhaowen Wang, Bo Li, Ding Zhao, Hailin Jin. Semantics-Consistent Cross-domain Summarization via Optimal Transport Alignment. (ACL, 2023) [BibTeX] [Code]

@article{jielinsem2023,
  title={Semantics-Consistent Cross-domain Summarization via Optimal Transport Alignment},
  author={Qiu, Jielin and Zhu, Jiacheng and Xu, Mengdi and Dernoncourt, Franck and Bui, Trung and Wang, Zhaowen and Li, Bo and Zhao, Ding and Jin, Hailin},
  journal={(ACL},
  year={2023}
}

Jiawei Zhang, Zhongzhu Chen, Huan Zhang, Chaowei Xiao, Bo Li. DiffSmooth: Certifiably Robust Learning via Diffusion Models and Local Smoothing. (USENIX Security, 2023) [BibTeX] [Code]

@article{zhangdiffs2023,
  title={DiffSmooth: Certifiably Robust Learning via Diffusion Models and Local Smoothing},
  author={Zhang, Jiawei and Chen, Zhongzhu and Zhang, Huan and Xiao, Chaowei and Li, Bo},
  journal={(USENIX Security},
  year={2023}
}

Xiaojun Xu, Qingying Hao, Zhuolin Yang, Bo Li, David Liebovitz, Gang Wang, Carl Gunter. How to Cover up Anomalous Accesses to Electronic Health Records. (USENIX Security, 2023) [BibTeX] [Code]

@article{Xuhow2023,
  title={How to Cover up Anomalous Accesses to Electronic Health Records},
  author={Xu, Xiaojun and Hao, Qingying and Yang, Zhuolin and Li, Bo and Liebovitz, David and Wang, Gang and Gunter, Carl},
  journal={(USENIX Security},
  year={2023}
}

Chaowei Xiao, Zhongzhu Chen, Kun Jin, Jiongxiao Wang, Weili Nie, Mingyan Liu, Anima Anandkumar, Bo Li, Dawn Song. DensePure: Understanding Diffusion Models towards Adversarial Robustness. (ICLR 2023) [BibTeX]

@article{XiaoDense2023,
  title={DensePure: Understanding Diffusion Models towards Adversarial Robustness},
  author={Xiao, Chaowei and Chen, Zhongzhu and Jin, Kun and Wang, Jiongxiao and Nie, Weili and Liu, Mingyan and Anandkumar, Anima and Li, Bo and Song, Dawn},
  journal={ICLR},
  year={2023}
}

Zuxin Liu, Zijian Guo, Zhepeng Cen, Huan Zhang, Jie Tan, Bo Li, Ding Zhao. On the Robustness of Safe Reinforcement Learning under Observational Perturbations. (ICLR 2023) [BibTeX]

@article{LiuRob2023,
  title={On the Robustness of Safe Reinforcement Learning under Observational Perturbations},
  author={Liu, Zuxin and Guo, Zijian and Cen, Zhepeng and Zhang, Huan and Tan, Jie and  Li, Bo and Zhao, Ding},
  journal={ICLR},
  year={2023}
}

Mengdi Xu, Peide Huang, Yaru Niu, Visak Kumar, Jielin Qiu, Chao Fang, Kuan-Hui Lee, Xuewei Qi, Henry Lam, Bo Li, Ding Zhao. Group Distributionally Robust Reinforcement Learning with Hierarchical Latent Variables. (AISTATS 2023) [BibTeX]

@article{LiuRob2023,
  title={Group Distributionally Robust Reinforcement Learning with Hierarchical Latent Variables},
  author={Xu, Mengdi and Huang, Peide and Niu, Yaru and Kumar, Visak and Qiu, Jielin and Fang, Chao and Lee, Kuan-Hui and Qi, Xuewei and Lam, Henry and  Li, Bo and Zhao, Ding},
  journal={AISTATS},
  year={2023}
}

Mintong Kang, Linyi Li, Bo Li. FaShapley: Fast and Approximated Shapley Based Model Pruning Towards Certifiably Robust DNNs. (SaTML 2023) [BibTeX]

@article{KangFa2022,
  title={FaShapley: Fast and Approximated Shapley Based Model Pruning Towards Certifiably Robust DNNs},
  author={Kang, Mintong and Li, Linyi and Li, Bo},
  journal={SaTML},
  year={2022}
}

Xiaojun Xu, Hanzhang Wang, Alok Lal, Carl A. Gunter, Bo Li. EDoG: Adversarial Edge Detection For Graph Neural Networks. (SaTML 2023) [BibTeX]

@article{XuEdog2022,
  title={EDoG: Adversarial Edge Detection For Graph Neural Networks},
  author={Xu, Xiaojun and Wang, Hanzhang and Lal, Alok and Gunter, Carl and Li, Bo},
  journal={SaTML},
  year={2023}
}

Jiawei Zhang, Linyi Li, Ce Zhang, Bo Li. CARE: Certifiably Robust Learning with Reasoning via Variational Inference. (SaTML 2023) [BibTeX]

@article{ZhangCare2023,
  title={CARE: Certifiably Robust Learning with Reasoning via Variational Inference},
  author={Zhang, Jiawei and Li, Linyi and Zhang, Ce and Li, Bo},
  journal={SaTML},
  year={2023}
}

2022

Chejian Xu*, Wenhao Ding*, Weijie Lyu, Zuxin Liu, Shuai Wang, Yihan He, Hanjiang Hu, Ding Zhao, Bo Li. SafeBench: A Benchmarking Platform for Safety Evaluation of Autonomous Vehicles. (NeurIPS, 2022) [Leaderboard] [BibTeX] [Code]

@article{xu2022safebench,
  title={SafeBench: A Benchmarking Platform for Safety Evaluation of Autonomous Vehicles},
  author={Xu, Chejian and Ding, Wenhao and Lyu, Weijie and Liu, Zuxin and Wang, Shuai and He, Yihan and Hu, Hanjiang and Zhao, Ding and Li, Bo},
  journal={NeurIPS},
  year={2022}
}

Zhuolin Yang, Zhikuan Zhao, Boxin Wang, Jiawei Zhang, Linyi Li, Hengzhi Pei, Bojan Karlaš, Ji Liu, Heng Guo, Ce Zhang, Bo Li. Improving Certified Robustness via Statistical Learning with Logical Reasoning. (NeurIPS 2022) [BibTeX] [Code]

@article{YangImp2022,
  title={Improving Certified Robustness via Statistical Learning with Logical Reasoning},
  author={Yang, Zhuolin and Zhao, Zhikuan and Wang, Boxin and Zhang, Jiawei and Li, Linyi and Pei, Hengzhi and Karlaš, Bojan and Liu, Ji and Guo, Heng and Zhang, Ce and Li, Bo},
  journal={NeurIPS},
  year={2022}
}

Xiaojun Xu, Linyi Li, Bo Li. LOT: Layer-wise Orthogonal Training on Improving \(\ell_2\) Certified Robustness. (NeurIPS 2022) [BibTeX] [Code]

@article{XuLot2022,
  title={LOT: Layer-wise Orthogonal Training on Improving l2 Certified Robustness},
  author={Xu, Xiaojun and Li, Linyi and Li, Bo},
  journal={NeurIPS},
  year={2022}
}

Mintong Kang, Linyi Li, Maurice Weber, Yang Liu, Ce Zhang, Bo Li. Certifying Some Distributional Fairness with Subpopulation Decomposition. (NeurIPS 2022) [BibTeX] [Code]

@article{Kangcertify2022,
  title={Certifying Some Distributional Fairness with Subpopulation Decomposition},
  author={Kang, Mingtong and Li, Linyi and Weber, Maurice and Liu, Yang and Zhang, Ce and Li, Bo},
  journal={NeurIPS},
  year={2022}
}

Jing Liu, Chulin Xie, Oluwasanmi O Koyejo, Bo Li. CoPur: Certifiably Robust Collaborative Inference via Feature Purification. (NeurIPS 2022) [BibTeX] [Code]

@article{copur2022,
  title={CoPur: Certifiably Robust Collaborative Inference via Feature Purification},
  author={Liu, Jing and Xie, Chulin and Koyejo, Oluwasanmi and Li, Bo},
  journal={NeurIPS},
  year={2022}
}

Yiming Li, Yang Bai, Yong Jiang, Yong Yang, Shu-Tao Xia, Bo Li. Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection. (NeurIPS 2022) [BibTeX]

@article{untarget2022,
  title={Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection},
  author={Li, Yiming and Bai, Yang and Jiang, Yong and Xia, Shu-Tao and Li, Bo},
  journal={NeurIPS},
  year={2022}
}

Boxin Wang, Wei Ping, Chaowei Xiao, Peng Xu, Mostofa Patwary, Mohammad Shoeybi, Bo Li, Anima Anandkumar, Bryan Catanzaro. Exploring the Limits of Domain-Adaptive Training for Detoxifying Large-Scale Language Models. (NeurIPS 2022) [BibTeX] [Code]

@article{WangExp2022,
  title={Exploring the Limits of Domain-Adaptive Training for Detoxifying Large-Scale Language Models},
  author={Wang, Boxin and Ping, Wei and Xiao, Chaowei and Xu, Peng and Patwary, Mostofa and Shoeybi, Mohammad and and Li, Bo and Anandkumar, Anima and Catanzaro, Bryan},
  journal={NeurIPS},
  year={2022}
}

Bhaskar Ray Chaudhury, Linyi Li, Mintong Kang, Bo Li, Ruta Mehta. Fairness in Federated Learning via Core-Stability. (NeurIPS 2022) [BibTeX] [Code]

@article{XuLot2022,
  title={Fairness in Federated Learning via Core-Stability},
  author={Chaudhury, Bhaskar and Li, Linyi and Kang, Mingtong and Li, Bo and Mehta, Ruta},
  journal={NeurIPS},
  year={2022}
}

Huan Zhang, Shiqi Wang, Kaidi Xu, Linyi Li, Bo Li, Suman Jana, Cho-Jui Hsieh, J Zico Kolter. General Cutting Planes for Bound-Propagation-Based Neural Network Verification. (NeurIPS 2022) [BibTeX] [Code]

@article{ZhangGen2022,
  title={General Cutting Planes for Bound-Propagation-Based Neural Network Verification},
  author={Zhang, Huan and Wang, Shiqi and Xu, Kaidi and Li, Linyi and Li, Bo and Jana Suman and Hsieh, Cho-Jui and Kolter, Zico},
  journal={NeurIPS},
  year={2022}
}

Wenhao Ding, Haohong Lin, Bo Li, Ding Zhao. Generalizing Goal-Conditioned Reinforcement Learning with Variational Causal Reasoning. (NeurIPS 2022) [BibTeX]

@article{DingGen2022,
  title={Generalizing Goal-Conditioned Reinforcement Learning with Variational Causal Reasoning},
  author={Ding, Wenhao and Lin, Haohong and Li, Bo and Zhao, Ding},
  journal={NeurIPS},
  year={2022}
}

Jiawei Jiang, Lukas Burkhalter, Fangcheng Fu, Bolin Ding, Bo Du, Anwar Hithnawi, Bo Li, Ce Zhang. VF-PS: How to Select Important Participants in Vertical Federated Learning, Efficiently and Securely? (NeurIPS 2022) [BibTeX]

@article{JiangVF2022,
  title={VF-PS: How to Select Important Participants in Vertical Federated Learning, Efficiently and Securely?},
  author={Jiang, Jiawei and Burkhalter, Lukas and Fu, Fangcheng and Ding, Bolin and Du, Bo and Hithnawi, Anwar and Li, Bo and Zhang, Ce},
  journal={NeurIPS},
  year={2022}
}

Linyi Li, Jiawei Zhang, Tao Xie, Bo Li. Double Sampling Randomized Smoothing. (ICML 2022) [BibTeX] [Code]

@inproceedings{li2022dsrs,
  title={Double Sampling Randomized Smoothing},
  author={Li, Linyi and Zhang, Jiawei and Xie, Tao and Li, Bo},
  booktitle={International Conference on Machine Learning},
  year={2022}
}

Wenda Chu, Linyi Li, Bo Li. TPC: Transformation-Specific Smoothing for Point Cloud Models. (ICML 2022) [BibTeX] [Code]

@inproceedings{li2022tpc,
  title={TPC: Transformation-Specific Smoothing for Point Cloud Models},
  author={Chu, Wenda and Li, Linyi and Li, Bo},
  booktitle={International Conference on Machine Learning},
  year={2022}
}

Xiaojun Xu*, Jacky Zhang*, Evelyn Ma, Hyun Ho Son, Sanmi Koyejo, Bo Li. Adversarially Robust Models may not Transfer Better: Sufficient Conditions for Domain Transferability from the View of Regularization. (ICML 2022) [BibTeX] [Code]

@inproceedings{Xu2022adv,
  title={Adversarially Robust Models may not Transfer Better: Sufficient Conditions for Domain Transferability from the View of Regularization},
  author={Xu, Xiaojun and Zhang, Jacky and Ma Evelyn and Son, Hyun Ho and Koyejo, Sanmi and Li, Bo},
  booktitle={International Conference on Machine Learning},
  year={2022}
}

Maurice Weber, Linyi Li, Boxin Wang, Zhikuan Zhao, Bo Li, Ce Zhang. Certifying Out-of-Domain Generalization for Blackbox Functions. (ICML 2022) [BibTeX]

@inproceedings{weber2022certifying,
  title={Certifying out-of-domain generalization for blackbox functions},
  author={Weber, Maurice G and Li, Linyi and Wang, Boxin and Zhao, Zhikuan and Li, Bo and Zhang, Ce},
  booktitle={International Conference on Machine Learning},
  pages={23527--23548},
  year={2022},
  organization={PMLR}
}

Haoxiang Wang, Bo Li, Han Zhao. Understanding Gradual Domain Adaptation: Improved Analysis, Optimal Path and Beyond. (ICML 2022) [BibTeX]

@inproceedings{Wang2022Understanding,
  title={Understanding Gradual Domain Adaptation: Improved Analysis, Optimal Path and Beyond},
  author={Wang, Haoxiang and Li, Bo and Zhao, Han},
  booktitle={International Conference on Machine Learning},
  year={2022}
}

Haoxiang Wang, Haozhe Si, Bo Li, Han Zhao. Provable Domain Generalization via Invariant-Feature Subspace Recovery. (ICML 2022) [BibTeX]

@inproceedings{Wang2022Provable,
  title={Provable Domain Generalization via Invariant-Feature Subspace Recovery},
  author={Wang, Haoxiang and Si, Haozhe and Li, Bo and Zhao, Han},
  booktitle={International Conference on Machine Learning},
  year={2022}
}

Mantas Mazeika, Bo Li, David Forsyth. How to Steer Your Adversary: Targeted and Efficient Model Stealing Defenses with Gradient Redirection. (ICML 2022) [BibTeX]

@inproceedings{Mazeiko2022how,
  title={How to Steer Your Adversary: Targeted and Efficient Model Stealing Defenses with Gradient Redirection},
  author={Mazeika, Mantas and Li, Bo and Forsyth, David},
  booktitle={International Conference on Machine Learning},
  year={2022}
}

Zuxin Liu, Zhepeng Cen, Wei Liu, Vladislav Isenbaev, Steven Wu, Bo Li, Ding Zhao. Constrained Variational Policy Optimization for Safe Reinforcement Learning. (ICML 2022) [BibTeX]

@inproceedings{Liu2022constrained,
  title={Constrained Variational Policy Optimization for Safe Reinforcement Learning},
  author={Liu, Zuxin and Cen, Zhepeng and Liu, Wei and Isenbaev, Vladislav and Wu, Steven and Li, Bo and Zhao, Ding},
  booktitle={International Conference on Machine Learning},
  year={2022}
}

Micah Goldblum, Dimitris Tsipras, Chulin Xie, Xinyun Chen, Avi Schwarzschild, Dawn Song, Aleksander Madry, Bo Li, Tom Goldstein. Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses. (TPAMI 2022) [BibTeX]

@inproceedings{Gold2022dataset,
  title={Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses},
  author={Goldblum, Micah and Tsipras, Dimitris and Xie, Chulin and Chen, Xinyun and Schwarzschild, Avi and Song, Dawn and Madry, Aleksander and Li, Bo and Goldstein, Tom},
  booktitle={TRAMI},
  year={2022}
}

Zhuowen Yuan, Fan Wu, Yunhui Long, Chaowei Xiao, Bo Li. SecretGen: Privacy Recovery on Pre-trained Models via Distribution Discrimination. (ECCV 2022) [BibTeX] [Code]

@inproceedings{yuan2022sec,
  title={SecretGen: Privacy Recovery on Pre-trained Models via Distribution Discrimination},
  author={Yuan, Zhuowen and Wu, Fan and Long, Yunhui and Xiao, Chaowei and Li, Bo},
  booktitle={European Conference on Computer Vision 2022},
  year={2022}
}

Pratyush Maini, Xinyun Chen, Bo Li, Dawn Song. Perturbation Type Categorization for Multiple Adversarial Perturbation Robustness. (UAI 2022) [BibTeX]

@inproceedings{Maini2022perturbation,
  title={Perturbation Type Categorization for Multiple Adversarial Perturbation Robustness},
  author={Maini, Pratyush and Chen, Xinyun and Li, Bo and Song, Dawn},
  booktitle={Conference on Uncertainty in Artificial Intelligence (UAI)},
  year={2022}
}

Boxin Wang*, Chejian Xu*, Xiangyu Liu, Yu Cheng, Bo Li. SemAttack: Natural Textual Attacks via Different Semantic Spaces. (NAACL 2022 (Findings)) [BibTeX] [Code]

@inproceedings{wang2022semattack,
  author = {Wang, Boxin and Xu, Chejian and Liu, Xiangyu and Cheng, Yu and Li, Bo},
  title = {{S}em{A}ttack: Natural Textual Attacks via Different Semantic Spaces},
  year = {2022},
  bootitle={Proceedings of the 2022 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies}
}

Haoxiang Wang, Yite Wang, Ruoyu Sun, Bo Li. Global Convergence of MAML and Theory-Inspired Neural Architecture Search for Few-Shot Learning. (CVPR 2022) [BibTeX]

@inproceedings{wang2022global,
  title={Global Convergence of MAML and Theory-Inspired Neural Architecture Search for Few-Shot Learning},
  author={Wang, Haoxiang and Wang, Yite and Sun, Ruoyu and Li, Bo},
  booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  year={2022}
}

Dan Hendrycks, Andy Zou, Mantas Mazeika, Leonard Tang, Bo Li, Dawn Song, Jacob Steinhardt. PixMix: Dreamlike Pictures Comprehensively Improve Safety Measures. (CVPR 2022) [BibTeX]

@inproceedings{hendrycks2022pixmix,
  title={PixMix: Dreamlike Pictures Comprehensively Improve Safety Measures},
  author={Hendrycks, Dan and Zou, Andy and Mazeika, Mantas and Tang, Leonard and Li, Bo and Song, Dawn and Steinhardt, Jacob},
  booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  year={2022}
}

Jialuo Chen, Jingyi Wang, Tinglan Peng, Youcheng Sun, Peng Cheng, Shouling Ji, Xingjun Ma, Bo Li, Dawn Song. Copy, Right? A Testing Framework for Copyright Protection of Deep Learning Models. (IEEE Symposium on Security and Privacy (Oakland), 2022) [BibTeX]

@inproceedings{chen2022copy,
  title={Copy, Right? A Testing Framework for Copyright Protection of Deep Learning Models},
  author={Chen, Jialuo and Wang, Jingyi and Peng, Tinglan and Sun, Youcheng and Cheng, Peng and Ji, Shouling and Ma, Xingjun and Li, Bo and Song, Dawn},
  booktitle={2022 IEEE Symposium on Security and Privacy (SP)},
  year={2022}
}

Zhuolin Yang*, Linyi Li*, Xiaojun Xu, Bhavya Kailkhura, Tao Xie, Bo Li. On the Certified Robustness for Ensemble Models and Beyond. (ICLR 2022) [BibTeX] [Code]

@inproceedings{yang2022on,
  title={On the Certified Robustness for Ensemble Models and Beyond},
  author={Yang, Zhuolin and Li, Linyi and Xu, Xiaojun and Kailkhura, Bhavya and Xie, Tao and Li, Bo},
  booktitle={International Conference on Learning Representations},
  year={2022}
}

Fan Wu, Linyi Li, Zijian Huang, Yevgeniy Vorobeychik, Ding Zhao, Bo Li. CROP: Certifying Robust Policies for Reinforcement Learning through Functional Smoothing. (ICLR 2022) [Leaderboard] [BibTeX] [Code]

@inproceedings{wu2022crop,
  title={CROP: Certifying Robust Policies for Reinforcement Learning through Functional Smoothing},
  author={Wu, Fan and Li, Linyi and Huang, Zijian and Vorobeychik, Yevgeniy and Zhao, Ding and Li, Bo},
  booktitle={International Conference on Learning Representations},
  year={2022}
}

Fan Wu*, Linyi Li*, Chejian Xu, Huan Zhang, Bhavya Kailkhura, Krishnaram Kenthapadi, Ding Zhao, Bo Li. COPA: Certifying Robust Policies for Offline Reinforcement Learning against Poisoning Attacks. (ICLR 2022) [BibTeX] [Code]

@inproceedings{wu2022copa,
  title={COPA: Certifying Robust Policies for Offline Reinforcement Learning against Poisoning Attacks},
  author={Wu, Fan and Li, Linyi and Xu, Chejian and Zhang, Huan and Kailkhura, Bhavya and Kenthapadi, Krishnaram and Zhao, Ding and Li, Bo},
  booktitle={International Conference on Learning Representations},
  year={2022}
}

Fan Wu, Yunhui Long, Ce Zhang, Bo Li. LinkTeller: Recovering Private Edges from Graph Neural Networks via Influence Analysis. (IEEE Symposium on Security and Privacy (Oakland), 2022) [BibTeX]

@inproceedings{wu2022linkteller,
  title={LinkTeller: Recovering Private Edges from Graph Neural Networks via Influence Analysis},
  author={Wu, Fan and Long, Yunhui and Zhang, Ce and Li, Bo},
  booktitle={2022 IEEE Symposium on Security and Privacy (SP)},
  year={2022}
}

Xinlei Pan, Chaowei Xiao, Warren He, Jian Peng, Mingjie Sun, Jinfeng Yi, Bo Li, Dawn Song. Characterizing Attacks on Deep Reinforcement Learning. (AAMAS 2022, Oral Presentation) [BibTeX]

@inproceedings{pan2022characterizing,
  title={Characterizing Attacks on Deep Reinforcement Learning},
  author={Pan, Xinlei and Xiao, Chaowei and He, Warren and Peng, Jian and Sun, Mingjie and Yi, Jinfeng and Li, Bo and Song, Dawn},
  booktitle={International Conference on Autonomous Agents and Multiagent Systems},
  year={2022}
}

2021

Boxin Wang*, Chejian Xu*, Shuohang Wang, Zhe Gan, Yu Cheng, Jianfeng Gao, Ahmed Hassan Awadallah, Bo Li. Adversarial GLUE: A Multi-Task Benchmark for Robustness Evaluation of Language Models. (NeurIPS 2021, Oral presentation, 3.3% accepted rate) [Leaderboard] [BibTeX]

@inproceedings{wang2021adversarial,
title={Adversarial GLUE: A Multi-Task Benchmark for Robustness Evaluation of Language Models},
author={Wang, Boxin and Xu, Chejian and Wang, Shuohang and Gan, Zhe and Cheng, Yu and Gao, Jianfeng and Awadallah, Ahmed Hassan and Li, Bo},
booktitle={Advances in Neural Information Processing Systems},
year={2021}
}

Dan Hendrycks, Mantas Mazeika, Andy Zou, Sahil Patel, Christine Zhu, Jesus Navarro, Dawn Song, Bo Li, Jacob Steinhardt. What Would Jiminy Cricket Do? Towards Agents That Behave Morally (NeurIPS 2021) [BibTeX]

@inproceedings{hendrycks2021what,
title={What Would Jiminy Cricket Do? Towards Agents That Behave Morally},
author={Hendrycks, Dan and Mazeika, Mantas and Zou, Andy and Patel, Sahil and Zhu, Christine and Navarro, Jesus and Song, Dawn and Li, Bo and Steinhardt, Jacob},
booktitle={Advances in Neural Information Processing Systems},
year={2021}
}

Yunhui Long*, Boxin Wang*, Zhuolin Yang, Bhavya Kailkhura, Aston Zhang, Carl A. Gunter, Bo Li. G-PATE: Scalable Differentially Private Data Generator via Private Aggregation of Teacher Discriminators. (NeurIPS 2021) [BibTeX]

@inproceedings{long2021g,
title={G-PATE: Scalable Differentially Private Data Generator via Private Aggregation of Teacher Discriminators},
author={Long, Yunhui and Wang, Boxin and Yang, Zhuolin and Kailkhura, Bhavya and Zhang, Aston and Gunter, Carl A and Li, Bo},
booktitle={Advances in Neural Information Processing Systems},
year={2021}
}

Zhuolin Yang*, Linyi Li*, Xiaojun Xu*, Shiliang Zuo, Qian Chen, Pan Zhou, Benjamin I. P. Rubinstein, Ce Zhang, Bo Li. TRS: Transferability Reduced Ensemble via Promoting Gradient Diversity and Model Smoothness. (NeurIPS 2021) [BibTeX] [Code]

@inproceedings{yang2021trs,
title={TRS: Transferability Reduced Ensemble via Promoting Gradient Diversity and Model Smoothness},
author={Yang, Zhuolin and Li, Linyi and Xu, Xiaojun and Zuo, Shiliang and Chen, Qian and Zhou, Pan and Rubinstein, Benjamin I P and Zhang, Ce and Li, Bo},
booktitle={Advances in Neural Information Processing Systems},
year={2021}
}

Jingkang Wang, Tianyun Zhang, Sijia Liu, Pin-Yu Chen, Jiacen Xu, Makan Fardad, Bo Li. Adversarial Attack Generation Empowered by Min-Max Optimization. (NeurIPS 2021) [BibTeX]

@inproceedings{wang2021adversarial,
title={Adversarial Attack Generation Empowered by Min-Max Optimization},
author={Wang, Jingkang and Zhang, Tianyun and Liu, Sijia and Chen, Pin-Yu and Xu, Jiacen and Fardad, Makan and Li, Bo},
booktitle={Advances in Neural Information Processing Systems},
year={2021}
}

Yige Li, Xixiang Lyu, Nodens Koren, Lingjuan Lyu, Bo Li, Xingjun Ma. Anti-Backdoor Learning: Training Clean Models on Poisoned Data. (NeurIPS 2021) [BibTeX]

@inproceedings{li2021anti,
title={Anti-Backdoor Learning: Training Clean Models on Poisoned Data},
author={Li, Yige and Lyu, Xixiang and Koren, Nodens and Lyu, Lingjuan and Li, Bo and Ma, Xingjun},
booktitle={Advances in Neural Information Processing Systems},
year={2021}
}

Hengtong Zhang, Tianhang Zheng, Yaliang Li, Jing Gao, Lu Su, Bo Li. Profanity-Avoiding Training Framework for Seq2seq Models with Certified Robustness. (EMNLP 2021) [BibTeX]

@inproceedings{zhang2021profanity,
title={Profanity-Avoiding Training Framework for Seq2seq Models with Certified Robustness},
author={Zhang, Hengtong and Zheng, Tianhang and Li, Yaliang and Gao, Jing and Su, Lu and Li, Bo},
booktitle={Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing (EMNLP)},
year={2021}
}

Mingjie Sun, Zichao Li, Chaowei Xiao, Haonan Qiu, Bhavya Kailkhura, MingyanLiu, Bo Li. Can Shape Structure Features Improve Model Robustness? (ICCV 2021) [BibTeX]

@inproceedings{sun2021can,
title={Can Shape Structure Features Improve Model Robustness?},
author={Sun, Mingjie and Li, Zichao and Xiao, Chaowei and Qiu, Haonan and Kailkhura, Bhavya and MingyanLiu, and Li, Bo},
booktitle={Proceedings of the IEEE/CVF International Conference on Computer Vision},
year={2021}
}

Nezihe Merve Grel*, Xiangyu Qi*, Luka Rimanic, Ce Zhang, Bo Li. Knowledge-Enhanced Machine Learning Pipeline against Diverse Adversarial Attacks. (ICML 2021) [BibTeX]

@inproceedings{grel2021knowledge,
title={Knowledge-Enhanced Machine Learning Pipeline against Diverse Adversarial Attacks},
author={Grel, Nezihe Merve and Qi, Xiangyu and Rimanic, Luka and Zhang, Ce and Li, Bo},
booktitle={International Conference on Machine Learning},
year={2021}
}

Haoxiang Wang, Han Zhao, Bo Li. Bridging Multi-Task Learning and Meta-Learning: Towards Efficient Training and Effective Adaptation. (ICML 2021) [BibTeX]

@inproceedings{wang2021bridging,
title={Bridging Multi-Task Learning and Meta-Learning: Towards Efficient Training and Effective Adaptation},
author={Wang, Haoxiang and Zhao, Han and Li, Bo},
booktitle={International Conference on Machine Learning},
year={2021}
}

Chulin Xie, Minghao Chen, Pin-Yu Chen, Bo Li. CRFL: Certifiably Robust Federated Learning against Backdoor Attacks. (ICML 2021) [BibTeX]

@inproceedings{xie2021crfl,
title={CRFL: Certifiably Robust Federated Learning against Backdoor Attacks},
author={Xie, Chulin and Chen, Minghao and Chen, Pin-Yu and Li, Bo},
booktitle={International Conference on Machine Learning},
year={2021}
}

Jiawei Zhang*, Linyi Li*, Huichen Li, Xiaolu Zhang, Shuang Yang, Bo Li. Progressive-Scale Boundary Blackbox Attack via Projective Gradient Estimation. (ICML 2021) [BibTeX] [Code]

@inproceedings{zhang2021progressive,
title={Progressive-Scale Boundary Blackbox Attack via Projective Gradient Estimation},
author={Zhang, Jiawei and Li, Linyi and Li, Huichen and Zhang, Xiaolu and Yang, Shuang and Li, Bo},
booktitle={International Conference on Machine Learning},
year={2021}
}

Kaizhao Liang*, Jacky Zhang*, Boxin Wang, Zhuolin Yang, Sanmi Koyejo, Bo Li. Uncovering the Connections Between Adversarial Transferability and Knowledge Transferability. (ICML 2021) [BibTeX]

@inproceedings{liang2021uncovering,
title={Uncovering the Connections Between Adversarial Transferability and Knowledge Transferability},
author={Liang, Kaizhao and Zhang, Jacky and Wang, Boxin and Yang, Zhuolin and Koyejo, Sanmi and Li, Bo},
booktitle={International Conference on Machine Learning},
year={2021}
}

Boxin Wang*, Fan Wu*, Yunhui Long*, Luka Rimanic, Ce Zhang, Bo Li. DataLens: Scalable Privacy Preserving Training via Gradient Compression and Aggregation. (CCS 2021) [BibTeX]

@inproceedings{wang2021datalens,
title={DataLens: Scalable Privacy Preserving Training via Gradient Compression and Aggregation},
author={Wang, Boxin and Wu, Fan and Long, Yunhui and Rimanic, Luka and Zhang, Ce and Li, Bo},
booktitle={Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security},
year={2021}
}

Linyi Li*, Maurice Weber*, Xiaojun Xu, Luka Rimanic, Bhavya Kailkhura, Tao Xie, Ce Zhang, Bo Li. TSS: Transformation-Specific Smoothing for Robustness Certification. (CCS 2021) [BibTeX] [Code]

@inproceedings{li2021tss,
title={TSS: Transformation-Specific Smoothing for Robustness Certification},
author={Li, Linyi and Weber, Maurice and Xu, Xiaojun and Rimanic, Luka and Kailkhura, Bhavya and Xie, Tao and Zhang, Ce and Li, Bo},
booktitle={Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security},
year={2021}
}

Yulong Cao, Ningfei Wang, Chaowei Xiao, Dawei Yang, Jin Fang, RuigangYang, Qi Alfred Chen, Mingyan Liu, Bo Li. Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World Attacks. (IEEE Symposium on Security and Privacy (Oakland), 2021) [BibTeX]

@INPROCEEDINGS{cao2021invisible,
author = {Y. Cao and N. Wang and C. Xiao and D. Yang and J. Fang and R. Yang and Q. Chen and M. Liu and B. Li},
booktitle = {2021 IEEE Symposium on Security and Privacy (SP)},
title = {Invisible for both Camera and LiDAR:  Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World Attacks},
year = {2021},
volume = {},
issn = {2375-1207},
pages = {1302-1320},
keywords = {},
doi = {10.1109/SP40001.2021.00076},
url = {https://doi.ieeecomputersociety.org/10.1109/SP40001.2021.00076},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
month = {may}
}

Aria Rezaei, Chaowei Xiao, Jie Gao, Bo Li, Sirajum Munir. Application-Driven Privacy-Preserving Data Publishing with Correlated Attributes. (Embedded Wireless Systems and Networks (EWSN 2021)) (Best Paper Award)[BibTeX]

@inproceedings{rezaei2021application,
  title={Application-driven Privacy-preserving Data Publishing with Correlated Attributes},
  author={Rezaei, Aria and Xiao, Chaowei and Gao, Jie and Li, Bo and Munir, Sirajum},
  booktitle={Proceedings of the 2021 International Conference on Embedded Wireless Systems and Networks},
  pages={91--102},
  year={2021}
}

Ruoxi Jia, Fan Wu, Xuehui Sun, Jiacen Xu, David Dao, Bhavya Kailkhura, Ce Zhang, Bo Li, Dawn Song. Scalability vs. Utility: Do We Have to Sacrifice One for the Other in Data Importance Quantification? (CVPR 2021) [BibTeX]

@inproceedings{jia2021scalability,
title={Scalability vs. Utility: Do We Have to Sacrifice One for the Other in Data Importance Quantification?},
author={Jia, Ruoxi and Wu, Fan and Sun, Xuehui and Xu, Jiacen and Dao, David and Kailkhura, Bhavya and Zhang, Ce and Li, Bo and Song, Dawn},
booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
year={2021}
}

Maurice Weber, Nana Liu, Bo Li, Ce Zhang, Zhikuan Zhao. Optimal Provable Robustness of Quantum Classification via Quantum Hypothesis Testing. (npj Quantum Information 2021) [BibTeX]

@article{weber2021optimal,
  title={Optimal provable robustness of quantum classification via quantum hypothesis testing},
  author={Weber, Maurice and Liu, Nana and Li, Bo and Zhang, Ce and Zhao, Zhikuan},
  journal={npj Quantum Information},
  volume={7},
  number={1},
  pages={1--12},
  year={2021},
  publisher={Nature Publishing Group}
}

Wenhao Ding, Baiming Chen, Bo Li, Ji Eun Kim, Ding Zhao. Multimodal Safety-Critical Scenarios Generation for Decision-Making Algorithms Evaluation. (ICRA 2021) [BibTeX]

@inproceedings{ding2021multimodal,
title={Multimodal Safety-Critical Scenarios Generation for Decision-Making Algorithms Evaluation},
author={Ding, Wenhao and Chen, Baiming and Li, Bo and Kim, Ji Eun and Zhao, Ding},
booktitle={IEEE Robotics and Automation Letters},
year={2021}
}

Xinyun Chen, Wenxiao Wang, Chris Bender, Yiming Ding, Ruoxi Jia, Bo Li, Dawn Song. REFIT: a Unified Watermark Removal Framework for DeepLearning Systems with Limited Data. (AsiaCCS 2021) [BibTeX]

@article{chen2019refit,
  title={Refit: a unified watermark removal framework for deep learning systems with limited data},
  author={Chen, Xinyun and Wang, Wenxiao and Bender, Chris and Ding, Yiming and Jia, Ruoxi and Li, Bo and Song, Dawn},
  journal={arXiv preprint arXiv:1911.07205},
  year={2019}
}

Huichen Li*, Linyi Li*, Xiaojun Xu, Xiaolu Zhang, Shuang Yang, Bo Li. Nonlinear Projection Based Gradient Estimation for Query Efficient Blackbox Attacks. (AISTATS 2021) [BibTeX]

@article{li2021nonlinear,
  title={Nonlinear Projection Based Gradient Estimation for Query Efficient Blackbox Attacks},
  author={Li, Huichen and Li, Linyi and Xu, Xiaojun and Zhang, Xiaolu and Yang, Shuang and Li, Bo},
  journal={arXiv preprint arXiv:2102.13184},
  year={2021}
}

Zhuolin Yang, Zhaoxi Chen, Tiffany Cai, Xinyun Chen, Bo Li, Yuandong Tian. Understanding Robustness in Teacher-Student Setting: A New Perspective. (AISTATS 2021) [BibTeX]

@article{yang2021understanding,
  title={Understanding Robustness in Teacher-Student Setting: A New Perspective},
  author={Yang, Zhuolin and Chen, Zhaoxi and Cai, Tiffany and Chen, Xinyun and Li, Bo and Tian, Yuandong},
  journal={arXiv preprint arXiv:2102.13170},
  year={2021}
}

Boxin Wang, Shuohang Wang, Yu Cheng, Zhe Gan, Ruoxi Jia, Bo Li, Jingjing Liu. InfoBERT: Improving Robustness of Language Models from An Information Theoretic Perspective. (ICLR 2021) [BibTeX]

@inproceedings{wang2021infobert,
    title={InfoBERT: Improving Robustness of Language Models from An Information Theoretic Perspective},
    author={Wang, Boxin and Wang, Shuohang and Cheng, Yu and Gan, Zhe and Jia, Ruoxi and Li, Bo and Liu, Jingjing},
    booktitle={International Conference on Learning Representations},
    year={2021}
}

Yige Li, Xingjun Ma, Nodens Koren, Lingjuan Lyu, Xixiang Lyu, Bo Li. Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks. (ICLR 2021) [BibTeX]

@inproceedings{li2021neural,
  title={Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks},
  author={Li, Yige and Koren, Nodens and Lyu, Lingjuan and Lyu, Xixiang and Li, Bo and Ma, Xingjun},
  booktitle={International Conference on Learning Representations},
  year={2021}
}

2020

Luka Rimanic, Cedric Renggli, Bo Li, Ce Zhang. On Convergence of Nearest Neighbor Classifiers over Feature Transformations. (NeurIPS 2020) [BibTeX]

@inproceedings{rimanic2020convergence,
  title={On Convergence of Nearest Neighbor Classifiers over Feature Transformations},
  author={Rimanic, Luka and Renggli, Cedric and Li, Bo and Zhang, Ce},
  booktitle={Advances in Neural Information Processing Systems (NeurIPS)},
  year={2020}
}

Huan Zhang, Hongge Chen, Chaowei Xiao, Bo Li, Mingyan Liu, Duane Boning, Cho-Jui Hsieh. Robust Deep Reinforcement Learning against Adversarial Perturbations on State Observations. (NeurIPS 2020) [BibTeX]

@inproceedings{zhang2020robust,
  title={Robust deep reinforcement learning against adversarial perturbations on observations},
  author={Zhang, Huan and Chen, Hongge and Xiao, Chaowei and Li, Bo and Boning, Duane and Hsieh, Cho-Jui},
  booktitle={Advances in Neural Information Processing Systems (NeurIPS)},
  year={2020}
}

Boxin Wang, Hengzhi Pei, Boyuan Pan, Qian Chen, Shuohang Wang, Bo Li. T3: Tree-Autoencoder Regularized Adversarial Text Generation for Targeted Attack. (EMNLP 2020) [BibTeX]

@inproceedings{wang2020t3,
  title={T3: Tree-Autoencoder Regularized Adversarial Text Generation for Targeted Attack},
  author={Wang, Boxin and Pei, Hengzhi and Pan, Boyuan and Chen, Qian and Wang, Shuohang and Li, Bo},
  booktitle={Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing (EMNLP)},
  pages={6134--6150},
  year={2020}
}

Xiaojun Xu, Qi Wang, Huichen Li, Nikita Borisov, Carl A. Gunter, Bo Li. Detecting AI Trojans Using Meta Neural Analysis. (IEEE Symposium on Security and Privacy (Oakland, 2020)) [BibTeX]

@article{xu2019detecting,
  title={Detecting ai trojans using meta neural analysis},
  author={Xu, Xiaojun and Wang, Qi and Li, Huichen and Borisov, Nikita and Gunter, Carl A and Li, Bo},
  journal={arXiv preprint arXiv:1910.03137},
  year={2019}
}

Dongqi Fu, Zhe Xu, Bo Li, Hanghang Tong, Jingrui He. A View-Adversarial Framework for Multi-View Network Embedding. (CIKM 2020) [BibTeX]

@inproceedings{fu2020view,
  title={A View-Adversarial Framework for Multi-View Network Embedding},
  author={Fu, Dongqi and Xu, Zhe and Li, Bo and Tong, Hanghang and He, Jingrui},
  booktitle={Proceedings of the 29th ACM International Conference on Information \& Knowledge Management},
  pages={2025--2028},
  year={2020}
}

Shawn Shan, Emily Wenger, Bolun Wang, Bo Li, Haitao Zheng, Ben Y. Zhao. Gotta Catch`Em All: Using Honeypots to Catch Adversarial Attacks on Neural Networks. (CCS 2020) [BibTeX]

@inproceedings{shan2020gotta,
  title={Gotta Catch'Em All: Using Honeypots to Catch Adversarial Attacks on Neural Networks},
  author={Shan, Shawn and Wenger, Emily and Wang, Bolun and Li, Bo and Zheng, Haitao and Zhao, Ben Y},
  booktitle={Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security},
  pages={67--83},
  year={2020}
}

Haonan Qiu, Chaowei Xiao, Lei Yang, Xinchen Yan, Honglak Lee, Bo Li. SemanticAdv: Generating Adversarial Examples via Attribute-conditioned Image Editing. (ECCV 2020) [BibTeX]

@inproceedings{qiu2020semanticadv,
  title={SemanticAdv: Generating Adversarial Examples via Attribute-conditioned Image Editing},
  author={Qiu, Haonan and Xiao, Chaowei and Yang, Lei and Yan, Xinchen and Lee, Honglak and Li, Bo},
  booktitle={European Conference on Computer Vision},
  pages={19--37},
  year={2020},
  organization={Springer}
}

Ankit Raj, Yoram Bresler, Bo Li. Improving Robustness of Deep-Learning-Based Image Reconstruction. (ICML 2020) [BibTeX]

@inproceedings{raj2020improving,
  title={Improving robustness of deep-learning-based image reconstruction},
  author={Raj, Ankit and Bresler, Yoram and Li, Bo},
  booktitle={International Conference on Machine Learning},
  pages={7932--7942},
  year={2020},
  organization={PMLR}
}

Boyuan Pan, Yazheng Yang, Kaizhao Liang, Bhavya Kailkhura, Zhongming Jin, Xian-Sheng Hua, Deng Cai, Bo Li. Adversarial Mutual Information for Text Generation. (ICML 2020) [BibTeX]

@inproceedings{pan2020adversarial,
  title={Adversarial Mutual Information for Text Generation},
  author={Pan, Boyuan and Yang, Yazheng and Liang, Kaizhao and Kailkhura, Bhavya and Jin, Zhongming and Hua, Xian-Sheng and Cai, Deng and Li, Bo},
  booktitle={International Conference on Machine Learning},
  pages={7476--7486},
  year={2020},
  organization={PMLR}
}

Gerald Friedland, Jingkang Wang, Ruoxi Jia, Bo Li. The Helmholtz Method: Using Perceptual Compression to Reduce Machine Learning Complexity. (IEEE on Multimedia Information Processing and Retrieval 2020) [BibTeX]

@article{friedland2018helmholtz,
  title={The helmholtz method: Using perceptual compression to reduce machine learning complexity},
  author={Friedland, Gerald and Wang, Jingkang and Jia, Ruoxi and Li, Bo},
  journal={arXiv preprint arXiv:1807.10569},
  year={2018}
}

Zhenkai Zhang*, Zihao Zhan*, Daniel Balasubramanian, Bo Li, Peter Volgyesi, Xenofon Koutsoukos. Leveraging EM Side-Channel Information to Detect Rowhammer Attacks. (IEEE Symposium on Security and Privacy (Oakland, 2020)) [BibTeX]

@inproceedings{zhang2020leveraging,
  title={Leveraging em side-channel information to detect rowhammer attacks},
  author={Zhang, Zhenkai and Zhan, Zihao and Balasubramanian, Daniel and Li, Bo and Volgyesi, Peter and Koutsoukos, Xenofon},
  booktitle={2020 IEEE Symposium on Security and Privacy (SP)},
  pages={729--746},
  year={2020},
  organization={IEEE}
}

Huichen Li, Xiaojun Xu, Xiaolu Zhang, Shuang Yang, Bo Li. QEBA: Query-Efficient Boundary-Based Blackbox Attack. (CVPR 2020) [BibTeX]

@inproceedings{li2020qeba,
  title={QEBA: Query-Efficient Boundary-Based Blackbox Attack},
  author={Li, Huichen and Xu, Xiaojun and Zhang, Xiaolu and Yang, Shuang and Li, Bo},
  booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages={1221--1230},
  year={2020}
}

Yuheng Zhang, Ruoxi Jia, Hengzhi Pei, Wenxiao Wang, Bo Li, Dawn Song, Secret Revealer: Generative Model-Inversion Attacks Against Deep Neural Networks. (CVPR 2020) [oral] [BibTeX]

@inproceedings{zhang2020secret,
  title={The secret revealer: Generative model-inversion attacks against deep neural networks},
  author={Zhang, Yuheng and Jia, Ruoxi and Pei, Hengzhi and Wang, Wenxiao and Li, Bo and Song, Dawn},
  booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages={253--261},
  year={2020}
}

Lei Huang, Li Liu, Fan Zhu, Diwen Wan, Zehuan Yuan, Bo Li, Ling Shao, Controllable Orthogonalization in Training DNNs. (CVPR 2020) [BibTeX]

@inproceedings{huang2020controllable,
  title={Controllable orthogonalization in training dnns},
  author={Huang, Lei and Liu, Li and Zhu, Fan and Wan, Diwen and Yuan, Zehuan and Li, Bo and Shao, Ling},
  booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages={6429--6438},
  year={2020}
}

Chao Yan, Haifeng Xu, Yevgeniy Vorobeychik, Bo Li, Daniel Fabbri, Bradley Malin, To Warn or Not to Warn: Online Signaling in Audit Games. (ICDE 2020) [BibTeX]

@inproceedings{yan2020warn,
  title={To warn or not to warn: Online signaling in audit games},
  author={Yan, Chao and Xu, Haifeng and Vorobeychik, Yevgeniy and Li, Bo and Fabbri, Daniel and Malin, Bradley A},
  booktitle={2020 IEEE 36th International Conference on Data Engineering (ICDE)},
  pages={481--492},
  year={2020},
  organization={IEEE}
}

Huan Zhang, Hongge Chen, Chaowei Xiao, Sven Gowal, Robert Stanforth, Bo Li, Duane Boning, Cho-Jui Hsieh, Towards Stable and Efficient Training of Verifiably Robust Neural Networks. (ICLR 2020). [BibTeX]

@inproceedings{zhang2019towards,
  title={Towards stable and efficient training of verifiably robust neural networks},
  author={Zhang, Huan and Chen, Hongge and Xiao, Chaowei and Gowal, Sven and Stanforth, Robert and Li, Bo and Boning, Duane and Hsieh, Cho-Jui},
  booktitle={International Conference on Learning Representations},
  year={2020}
}

Anand Bhattad, Min Jin Chong, Kaizhao Liang, Bo Li, David Forsyth, Unrestricted Adversarial Examples via Semantic Manipulation. (ICLR 2020). [BibTeX]

@inproceedings{bhattad2019unrestricted,
  title={Unrestricted adversarial examples via semantic manipulation},
  author={Bhattad, Anand and Chong, Min Jin and Liang, Kaizhao and Li, Bo and Forsyth, David A},
  booktitle={International Conference on Learning Representations},
  year={2020}
}

Chulin Xie, Keli Huang, Pin-Yu Chen, Bo Li, DBA: Distributed Backdoor Attacks against Federated Learning. (ICLR 2020). [BibTeX] [Code]

@inproceedings{xie2019dba,
  title={Dba: Distributed backdoor attacks against federated learning},
  author={Xie, Chulin and Huang, Keli and Chen, Pin-Yu and Li, Bo},
  booktitle={International Conference on Learning Representations},
  year={2020}
}

Yuyu Zhang, Xinshi Chen, Yuan Yang, Arun Ramamurthy, Bo Li, Yuan Qi, Le Song, Efficient Probabilistic Logic Reasoning with Graph Neural Networks. (ICLR 2020). [BibTeX]

@inproceedings{zhang2020efficient,
  title={Efficient probabilistic logic reasoning with graph neural networks},
  author={Zhang, Yuyu and Chen, Xinshi and Yang, Yuan and Ramamurthy, Arun and Li, Bo and Qi, Yuan and Song, Le},
  booktitle={International Conference on Learning Representations},
  year={2020}
}

Yunan Ye, Hengzhi Pei, Boxin Wang, Pin-Yu Chen, Yada Zhu, Bo Li, Reinforcement-Learning based Portfolio Management with Augmented Asset Movement Prediction States. (AAAI 2020). [BibTeX]

@inproceedings{ye2020reinforcement,
  title={Reinforcement-learning based portfolio management with augmented asset movement prediction states},
  author={Ye, Yunan and Pei, Hengzhi and Wang, Boxin and Chen, Pin-Yu and Zhu, Yada and Xiao, Ju and Li, Bo},
  booktitle={Proceedings of the AAAI Conference on Artificial Intelligence},
  volume={34},
  number={01},
  pages={1112--1119},
  year={2020}
}

Jingkang Wang, Yang Liu, Bo Li, Reinforcement Learning with Perturbed Rewards. (AAAI 2020). [BibTeX]

@inproceedings{wang2020reinforcement,
  title={Reinforcement learning with perturbed rewards},
  author={Wang, Jingkang and Liu, Yang and Li, Bo},
  booktitle={Proceedings of the AAAI Conference on Artificial Intelligence},
  volume={34},
  number={04},
  pages={6202--6209},
  year={2020}
}

2019

Ruoxi Jia, David Dao, Boxin Wang, Frances Ann Hubis, Nezihe Merve Gurel, Bo Li, Ce Zhang, Costas Spanos, Dawn Song, "Efficient Task-Specific Data Valuation for Nearest Neighbor Algorithms". (VLDB 2019)[BibTeX]

@article{jia12efficient,
  title={Efficient Task-Specific Data Valuation for Nearest Neighbor Algorithms},
  author={Jia, Ruoxi and Dao, David and Wang, Boxin and Hubis, Frances Ann and Gurel, Nezihe Merve and Li, Bo and Zhang, Ce and Spanos, Costas J and Song, Dawn},
  journal={Proceedings of the VLDB Endowment},
  volume={12},
  number={11}
}

Chaowei Xiao, Ruizhi Deng, Bo Li, Taesung Lee, Benjamin Edwards, Jinfeng Yi, Dawn Song, Mingyan Liu, Ian Molloy, "AdvIT: Adversarial Frames Identifier Based on Temporal Consistency In Videos". (ICCV 2019)[BibTeX]

@inproceedings{xiao2019advit,
  title={Advit: Adversarial frames identifier based on temporal consistency in videos},
  author={Xiao, Chaowei and Deng, Ruizhi and Li, Bo and Lee, Taesung and Edwards, Benjamin and Yi, Jinfeng and Song, Dawn and Liu, Mingyan and Molloy, Ian},
  booktitle={Proceedings of the IEEE/CVF International Conference on Computer Vision},
  pages={3968--3977},
  year={2019}
}

Kin Sum Liu, Chaowei Xiao, Bo Li, and Jie Gao, "Performing Co-Membership Attacks Against Deep Generative Models ". (ICDM 2019)[BibTeX]

@inproceedings{liu2019performing,
  title={Performing Co-membership Attacks Against Deep Generative Models},
  author={Liu, Kin Sum and Xiao, Chaowei and Li, Bo and Gao, Jie},
  booktitle={Proceedings of the 19th IEEE International Conference on Data Mining (ICDM'19)},
  year={2019}
}

Xiaofei Xie, Lei Ma, Felix Juefei-Xu, Minhui Xue, Hongxu Chen, Yang Liu, Jianjun Zhao, Bo Li, Jianxiong Yin, Simon See, "DeepHunter: a coverage-guided fuzz testing framework for deep neural networks". (In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis.)[BibTeX]

@inproceedings{xie2019deephunter,
  title={DeepHunter: a coverage-guided fuzz testing framework for deep neural networks},
  author={Xie, Xiaofei and Ma, Lei and Juefei-Xu, Felix and Xue, Minhui and Chen, Hongxu and Liu, Yang and Zhao, Jianjun and Li, Bo and Yin, Jianxiong and See, Simon},
  booktitle={Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis},
  pages={146--157},
  year={2019}
}

Liang Tong, Bo Li, Chen Hajaj, Chaowei Xiao, Ning Zhang, Yevgeniy Vorobeychik, "Improving Robustness of ML Classifiers against Realizable Evasion Attacks Using Conserved Features". (USENIX Security, 2019)[BibTeX]

@inproceedings{tong2019improving,
  title={Improving robustness of $\{$ML$\}$ classifiers against realizable evasion attacks using conserved features},
  author={Tong, Liang and Li, Bo and Hajaj, Chen and Xiao, Chaowei and Zhang, Ning and Vorobeychik, Yevgeniy},
  booktitle={28th $\{$USENIX$\}$ Security Symposium ($\{$USENIX$\}$ Security 19)},
  pages={285--302},
  year={2019}
}

Linyi Li, Zexuan Zhong, Tao Xie, Bo Li. "Robustra: Training Provable Robust Neural Networks over Reference Adversarial Space". (IJCAI 2019)[BibTeX] [Code]

@inproceedings{li2019robustra,
  title={Robustra: Training Provable Robust Neural Networks over Reference Adversarial Space.},
  author={Li, Linyi and Zhong, Zexuan and Li, Bo and Xie, Tao},
  booktitle={IJCAI},
  pages={4711--4717},
  year={2019}
}

Kimin Lee, Sukmin Yun, Kibok Lee, Honglak Lee, Bo Li, Jinwoo Shin. "Robust Inference via Generative Classifiers for Handling Noisy Labels". (ICML 2019)[BibTeX]

@inproceedings{lee2019robust,
  title={Robust inference via generative classifiers for handling noisy labels},
  author={Lee, Kimin and Yun, Sukmin and Lee, Kibok and Lee, Honglak and Li, Bo and Shin, Jinwoo},
  booktitle={International Conference on Machine Learning},
  pages={3763--3772},
  year={2019},
  organization={PMLR}
}

Chaowei Xiao, Dawei Yang, Bo Li, Jia Deng, Mingyan Liu. "Realistic Adversarial Examples in 3D Meshes". (CVPR 2019) [Oral][BibTeX]

@inproceedings{xiao2019meshadv,
  title={Meshadv: Adversarial meshes for visual recognition},
  author={Xiao, Chaowei and Yang, Dawei and Li, Bo and Deng, Jia and Liu, Mingyan},
  booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages={6898--6907},
  year={2019}
}

Chong Xiang, Charles R. Qi, Bo Li. "Generating 3D Adversarial Point Clouds". (CVPR 2019)[BibTeX]

@inproceedings{xiang2019generating,
  title={Generating 3d adversarial point clouds},
  author={Xiang, Chong and Qi, Charles R and Li, Bo},
  booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages={9136--9144},
  year={2019}
}

Xinlei Pan, Weiyao Wang, Xiaoshuai Zhang, Bo Li, Jinfeng Yi, Dawn Song. "How You Act Tells a Lot: Privacy-Leakage Attack on Deep Reinforcement Learning". (AAMAS 2019) [Oral] [BibTeX]

Ruoxi Jia, David Dao, Boxin Wang, Frances Ann Hubis, Nick Hynes, Bo Li, Ce Zhang, Dawn Song, Costas Spanos. "Towards Efficient Data Valuation Based on the Shapley Value". (AISTATS 2019)[BibTeX]

@article{jia2019towards,
  title={Towards Efficient Data Valuation Based on the Shapley Value},
  author={Jia, Ruoxi and Dao, David and Wang, Boxin and Hubis, Frances A and G{\"u}rel, Nezihe M and Hynes, Nick and Li, Bo and Zhang, Ce and Song, Dawn and Spanos, Costas J},
  journal={Proceedings of AISTATS 2019},
  year={2019}
}

Zhuolin Yang, Bo Li, Pin-Yu Chen, Dawn Song. "Characterizing Audio Adversarial Examples Using Temporal Dependency". (ICLR 2019) [BibTeX]

@inproceedings{yang2018characterizing,
  title={Characterizing Audio Adversarial Examples Using Temporal Dependency},
  author={Yang, Zhuolin and Li, Bo and Chen, Pin-Yu and Song, Dawn},
  booktitle={International Conference on Learning Representations},
  year={2019}
}

Press: Nature

Jinfeng Li, Shouling Ji, Tianyu Du, Bo Li, Ting Wang. "TextBugger: Generating Adversarial Text Against Real-world Applications". (NDSS 2019) [BibTeX]

@inproceedings{li2019textbugger,
  title={TextBugger: Generating Adversarial Text Against Real-world Applications},
  author={Li, Jinfeng and Ji, Shouling and Du, Tianyu and Li, Bo and Wang, Ting},
  booktitle={26th Annual Network and Distributed System Security Symposium},
  year={2019}
}

Xiang Ling, Shouling Ji, Jiaxu Zou, Jiannan Wang, Chunming Wu, Bo Li, Ting Wang. "DeepSec: A Uniform Platform for Security Analysis of Deep Learning Models". (Oakland, 2019) [BibTeX]

@inproceedings{ling2019deepsec,
  title={Deepsec: A uniform platform for security analysis of deep learning model},
  author={Ling, Xiang and Ji, Shouling and Zou, Jiaxu and Wang, Jiannan and Wu, Chunming and Li, Bo and Wang, Ting},
  booktitle={2019 IEEE Symposium on Security and Privacy (SP)},
  pages={673--690},
  year={2019},
  organization={IEEE}
}

2018

Ruoxi Jia, Ioannis Konstantakopoulos, Bo Li, Dawn Song, Costas J. Spanos. "Poisoning Attacks on Data-Driven Utility Learning in Games". (ACC, 2018) [BibTeX]

@inproceedings{jia2018poisoning,
  title={Poisoning attacks on data-driven utility learning in games},
  author={Jia, Ruoxi and Konstantakopoulos, Ioannis C and Li, Bo and Spanos, Costas},
  booktitle={2018 Annual American Control Conference (ACC)},
  pages={5774--5780},
  year={2018},
  organization={IEEE}
}

Arjun Nitin Bhagoji, Warren He, Bo Li, Dawn Song. "Practical black-box attacks on deep neural networks using efficient query mechanisms". (ECCV, 2018) [BibTeX]

@inproceedings{bhagoji2018practical,
  title={Practical black-box attacks on deep neural networks using efficient query mechanisms},
  author={Bhagoji, Arjun Nitin and He, Warren and Li, Bo and Song, Dawn},
  booktitle={Proceedings of the European Conference on Computer Vision (ECCV)},
  pages={154--169},
  year={2018}
}

Chaowei Xiao, Duizhi Deng, Bo Li, Fisher Yu, Jinfeng Yi, Mingyan Liu and Dawn Song. "Characterizing Adversarial Examples Based on Spatial Consistency Information for Semantic Segmentation". (ECCV, 2018) [BibTeX]

@inproceedings{xiao2018characterizing,
  title={Characterizing adversarial examples based on spatial consistency information for semantic segmentation},
  author={Xiao, Chaowei and Deng, Ruizhi and Li, Bo and Yu, Fisher and Liu, Mingyan and Song, Dawn},
  booktitle={Proceedings of the European Conference on Computer Vision (ECCV)},
  pages={217--234},
  year={2018}
}

Lei Ma, Felix Juefei-Xu, Fuyuan Zhang, Jiyuan Sun, Minhui Xue, Bo Li, Chunyang Chen, Ting Su, Li Li, Yang Liu, Jianjun Zhao, and Yadong Wang. "DeepGauge: Multi-Granularity Testing Criteria for Deep Learning Systems". (ASE, 2018) [Distinguished Paper Award] [BibTeX]

@inproceedings{ma2018deepgauge,
  title={Deepgauge: Multi-granularity testing criteria for deep learning systems},
  author={Ma, Lei and Juefei-Xu, Felix and Zhang, Fuyuan and Sun, Jiyuan and Xue, Minhui and Li, Bo and Chen, Chunyang and Su, Ting and Li, Li and Liu, Yang and others},
  booktitle={Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering},
  pages={120--131},
  year={2018}
}

Chaowei Xiao, Armin Sarabi, Yang Liu, Bo Li, Mingyan Liu, Tudor Dumitras. " From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild". (USENIX Security, 2018) [BibTeX]

@inproceedings{xiao2018patching,
  title={From patching delays to infection symptoms: Using risk profiles for an early discovery of vulnerabilities exploited in the wild},
  author={Xiao, Chaowei and Sarabi, Armin and Liu, Yang and Li, Bo and Liu, Mingyan and Dumitras, Tudor},
  booktitle={27th $\{$USENIX$\}$ Security Symposium ($\{$USENIX$\}$ Security 18)},
  pages={903--918},
  year={2018}
}

Chaowei Xiao, Bo Li, Jun-Yan Zhu, Warren He, Mingyan Liu, Dawn Song. " Generating Adversarial Examples with Adversarial Networks". (IJCAI, 2018) [BibTeX]

@article{xiao2018generating,
  title={Generating adversarial examples with adversarial networks},
  author={Xiao, Chaowei and Li, Bo and Zhu, Jun-Yan and He, Warren and Liu, Mingyan and Song, Dawn},
  journal={arXiv preprint arXiv:1801.02610},
  year={2018}
}

Matthew Jagielski, Alina Oprea, Battista Biggio, Chang Liu, Cristina Nita-Rotaru, Bo Li. "Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning". (Oakland, 2018) [BibTeX]

@inproceedings{jagielski2018manipulating,
  title={Manipulating machine learning: Poisoning attacks and countermeasures for regression learning},
  author={Jagielski, Matthew and Oprea, Alina and Biggio, Battista and Liu, Chang and Nita-Rotaru, Cristina and Li, Bo},
  booktitle={2018 IEEE Symposium on Security and Privacy (SP)},
  pages={19--35},
  year={2018},
  organization={IEEE}
}

Ivan Evtimov, Kevin Eykholt, Earlence Fernandes, Bo Li, Amir Rahmati, Chaowei Xiao, Atul Prakash, Tadayoshi Kohno, Dawn Song. "Robust Physical-World Attacks on Deep Learning Visual Classification". (CVPR, 2018) [BibTeX]
```
@inproceedings{eykholt2018robust,
  title={Robust physical-world attacks on deep learning visual classification},
  author={Eykholt, Kevin and Evtimov, Ivan and Fernandes, Earlence and Li, Bo and Rahmati, Amir and Xiao, Chaowei and Prakash, Atul and Kohno, Tadayoshi and Song, Dawn},
  booktitle={Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition},
  pages={1625--1634},
  year={2018}
}
```
Press: IEEE Spectrum, Yahoo News, Wired, Engagdet, Telegraph, Car and Driver, CNET, Digital Trends, SCMagazine, Schneier on Security, Ars Technica, Fortune

Xingjun Ma, Bo Li, Yisen Wang, Sarah M. Erfani, Sudanthi Wijewickrema, Grant Schoenebeck , Dawn Song, Michael E. Houle, and James Bailey. "Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality". (ICLR, 2018) [Oral].[BibTeX]

@inproceedings{ma2018characterizing,
    title={Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality},
    author={Ma, Xingjun and Li, Bo and Wang, Yisen and Erfani, Sarah M and Wijewickrema, Sudanthi and Schoenebeck, Grant and Song, Dawn and Houle, Michael E and Bailey, James},
    booktitle={International Conference on Learning Representations},
    year={2018},
    url={https://openreview.net/forum?id=B1gJ1L2aW},
}

Chaowei Xiao, Jun-Yan Zhu, Bo Li, Warren He, Mingyan Liu, and Dawn Song. "Spatially Transformed Adversarial Examples". (ICLR, 2018) [BibTeX]

@inproceedings{xiao2018spatially,
  title={Spatially transformed adversarial examples},
  author={Xiao, Chaowei and Zhu, Jun Yan and Li, Bo and He, Warren and Liu, Mingyan and Song, Dawn},
  booktitle={6th International Conference on Learning Representations, ICLR 2018},
  year={2018}
}

Warren He, Bo Li and Dawn Song. "Decision Boundary Analysis of Adversarial Examples". (ICLR, 2018) [BibTeX]

@inproceedings{he2018decision,
  title={Decision boundary analysis of adversarial examples},
  author={He, Warren and Li, Bo and Song, Dawn},
  booktitle={International Conference on Learning Representations},
  year={2018}
}

Xiaojie Wang, Jianzhong Qi, Ramamohanarao Kotagiri, Yu Sun, Bo Li, and Rui Zhang. "A Joint Optimization Approach for Personalized Recommendation Diversification". (PAKDD, 2018) [BibTeX]

@inproceedings{wang2018joint,
  title={A joint optimization approach for personalized recommendation diversification},
  author={Wang, Xiaojie and Qi, Jianzhong and Ramamohanarao, Kotagiri and Sun, Yu and Li, Bo and Zhang, Rui},
  booktitle={Pacific-Asia Conference on Knowledge Discovery and Data Mining},
  pages={597--609},
  year={2018},
  organization={Springer}
}

Chao Yan, Bo Li, Yevgeniy Vorobeychik, Aron Laszka, Daniel Fabbri, Bradley Malin. " Get Your Workload in Order: Game Theoretic Prioritization of Database Auditing". (ICDE, 2018) [BibTeX]

@inproceedings{yan2018get,
  title={Get your workload in order: Game theoretic prioritization of database auditing},
  author={Yan, Chao and Li, Bo and Vorobeychik, Yevgeniy and Laszka, Aron and Fabbri, Daniel and Malin, Bradley},
  booktitle={2018 IEEE 34th International Conference on Data Engineering (ICDE)},
  pages={1304--1307},
  year={2018},
  organization={IEEE}
}

2017

Qingrong Chen, Minhui Xue, Chong Xiang, Bo Li, Haizhong Zheng, and Haojin Zhu. "Do We Need Original Data for Training? Toward Designing Privacy-Preserving Machine Learning". (DLSRF, 2017, Research Forum Award)). [BibTeX]

@inproceedings{qingrong2017do,
  title={Do We Need Original Data for Training? Toward Designing Privacy-Preserving Machine Learning},
  author={Chen, Qingrong and Xue, Minhui and Xiang, Chong and Li, Bo and Zheng, Haizhong and Zhu, Haojin}
   booktitle={DLSRF},
    year={2017}
}

Lei Huang, Xianglong Liu, Bo Lang, Adams Wei Yu, Bo Li. "Orthogonal Weight Normalization: Solution to Optimization over Multiple Dependent Stiefel Manifolds in Deep Neural Networks". (AAAI, 2017) [BibTeX]

@inproceedings{huang2018orthogonal,
  title={Orthogonal weight normalization: Solution to optimization over multiple dependent stiefel manifolds in deep neural networks},
  author={Huang, Lei and Liu, Xianglong and Lang, Bo and Yu, Adams and Wang, Yongliang and Li, Bo},
  booktitle={Proceedings of the AAAI Conference on Artificial Intelligence},
  volume={32},
  number={1},
  year={2018}
}

Chang Liu, Bo Li, Yevgeniy Vorobeychik, and Alina Oprea. "Robust Linear Regression Against Training Data Poisoning". (AISec, 2017, Best paper award) [BibTeX]

@inproceedings{liu2017robust,
  title={Robust linear regression against training data poisoning},
  author={Liu, Chang and Li, Bo and Vorobeychik, Yevgeniy and Oprea, Alina},
  booktitle={Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security},
  pages={91--102},
  year={2017}
}

B. Li, K. Roundy, C. Gates and Y. Vorobeychik. “Large-scale identification of malicious singleton files”. In ACM Conference on Data and Application Security and Privacy (CODASPY). Arizona, USA, 2017. [BibTeX]

@inproceedings{li2017large,
  title={Large-scale identification of malicious singleton files},
  author={Li, Bo and Roundy, Kevin and Gates, Chris and Vorobeychik, Yevgeniy},
  booktitle={Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy},
  pages={227--238},
  year={2017}
}

J. Gao, B. Li, G. Schoenebeck and F. Yu. "Engineering Agreement: The Naming Game with Asymmetric and Heterogeneous Agents," In Proceedings of the 30th International Conference on Artificial Intelligence (AAAI). San Francisco, USA, 2017.[BibTeX]

@inproceedings{gao2017engineering,
  title={Engineering agreement: the naming game with asymmetric and heterogeneous agents},
  author={Gao, Jie and Li, Bo and Schoenebeck, Grant and Yu, Fang-Yi},
  booktitle={Proceedings of the AAAI Conference on Artificial Intelligence},
  volume={31},
  number={1},
  year={2017}
}

Before 2016

B. Li, Y. Wang, A. Singh, Y. Vorobeychik, "Data poisoning attacks on factorization-based collaborative filtering," In Proc. of the Neural Information Processing Systems (NIPS). Barcelona, Spain, 2016. [BibTeX]

@inproceedings{NIPS2016_83fa5a43,
 author = {Li, Bo and Wang, Yining and Singh, Aarti and Vorobeychik, Yevgeniy},
 booktitle = {Advances in Neural Information Processing Systems},
 editor = {D. Lee and M. Sugiyama and U. Luxburg and I. Guyon and R. Garnett},
 pages = {},
 publisher = {Curran Associates, Inc.},
 title = {Data Poisoning Attacks on Factorization-Based Collaborative Filtering},
 url = {https://proceedings.neurips.cc/paper/2016/file/83fa5a432ae55c253d0e60dbfa716723-Paper.pdf},
 volume = {29},
 year = {2016}
}

C. Yan, B. Li, Y. Chen, D. Liebovitz, and B. Malin, "Learning clinical workflows to identify subgroups of heart failure patients", In Proc. Of the American Medical Informatics Association Annual Fall Symposium (AMIA), Chicago, USA, 2016. [BibTeX]

@inproceedings{yan2016learning,
  title={Learning clinical workflows to identify subgroups of heart failure patients},
  author={Yan, Chao and Chen, You and Li, Bo and Liebovitz, David and Malin, Bradley},
  booktitle={AMIA Annual Symposium Proceedings},
  volume={2016},
  pages={1248},
  year={2016},
  organization={American Medical Informatics Association}
}

B. Li, Y. Vorobeychik, M. Li, and B. Malin, "Iterative classification for sanitizing large-scale datasets," In Proc. of the IEEE International Conference on Data Mining (ICDM). Atlantic City, NJ, USA, 2015. [BibTeX]

@inproceedings{li2015iterative,
  title={Iterative classification for sanitizing large-scale datasets},
  author={Li, Bo and Vorobeychik, Yevgeniy and Li, Muqun and Malin, Bradley},
  booktitle={2015 IEEE International Conference on Data Mining},
  pages={841--846},
  year={2015},
  organization={IEEE}
}

B. Li, "Secure learning and mining in adversarial environments," In Proc. of the IEEE International Conference on Data Mining (ICDM) Phd forum. Atlantic City, NJ, USA, 2015. [BibTeX]

@inproceedings{li2015secure,
  title={Secure learning and mining in adversarial environments},
  author={Li, Bo},
  booktitle={2015 IEEE International Conference on Data Mining Workshop (ICDMW)},
  pages={1538--1539},
  year={2015},
  organization={IEEE}
}

L. Ke, B. Li , Y. Vorobeychik, "Behavioral Experiments in Email Filter Evasion" In Proc. of the 30th International Conference on Artificial Intelligence (AAAI). Phoenix, AZ, USA, 2016. [BibTeX]

@inproceedings{ke2016behavioral,
  title={Behavioral experiments in email filter evasion},
  author={Ke, Liyiming and Li, Bo and Vorobeychik, Yevgeniy},
  booktitle={Proceedings of the AAAI Conference on Artificial Intelligence},
  volume={30},
  number={1},
  year={2016}
}

B. Li and Y. Vorobeychik, "Scalable Optimization of Randomized Operational Decisions in Adversarial Classification Settings," in Proc. of the 18th International Conference on Artificial Intelligence and Statistics (AISTATS). San Diego, CA, USA, 2015. [BibTeX]

@inproceedings{li2015scalable,
  title={Scalable optimization of randomized operational decisions in adversarial classification settings},
  author={Li, Bo and Vorobeychik, Yevgeniy},
  booktitle={Artificial Intelligence and Statistics},
  pages={599--607},
  year={2015},
  organization={PMLR}
}

B. Li and Y. Vorobeychik, "Feature corss-substitution in adversarial classification," In Proc. of the Neural Information Processing Systems (NIPS). Quebec, Canada, 2014. [BibTeX]

@inproceedings{li2014feature,
  title={Feature cross-substitution in adversarial classification},
  author={Li, Bo and Vorobeychik, Yevgeniy},
  booktitle={Advances in neural information processing systems},
  pages={2087--2095},
  year={2014}
}

Y. Vorobeychik and B. Li, "Optimal randomized classification in adversarial settings," In Proc. of the International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS). Paris, France, 2014. [BibTeX]

@inproceedings{vorobeychik2014optimal,
  title={Optimal randomized classification in adversarial settings.},
  author={Vorobeychik, Yevgeniy and Li, Bo},
  booktitle={International Foundation for Autonomous Agents and Multiagent Systems},
  pages={485--492},
  year={2014}
}

Y. H. Wang, J. S. Lee, B. Li, "A Hybrid Illumination Refinement Technique based on Double Niblack Thresholds", In Proc. of the International Conference on Communication and Information Systems (ICCIS). Roma, Italy, 2015. [BibTeX]

@article{wang2015hybrid,
  title={A Hybrid Illumination Refinement Technique Based on Double Niblack Thresholds},
  author={Wang, Yi-Hua and Lee, Jung-San and Li, Bo},
  journal={International Journal of Future Computer and Communication},
  volume={4},
  number={6},
  pages={426},
  year={2015},
  publisher={IACSIT Press}
}

J. S. Lee, K. J. Wei, B. R. Huang, and B. Li, "Note on an anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics," In Proc. of the Cryptography and Information Security Conference (CISC), Kaohsiung, Taiwan, 2015. [BibTeX]

@inproceedings{j2015note,
    title={Note on an anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics,},
    author={J. S. Lee, K. J. Wei, B. R. Huang, and B. Li},
    booktitle={In Proc. of the Cryptography and Information Security Conference (CISC)},
    year={2015}
}

M. E. Koran, B. Li, N. Jahanshad, T. A. Thornton-Wells, D. C. Glahn, P. M. Thompson, J. Blangero, T. E. Nichols, P. Kochunov, and B. A. Landman. "The impact of family structure and common environment on heritability estimation for neuroimaging genetics studies using SOLAR", In Proc. of the International Imaging Genetics Conference (GC). Irvine, CA, USA, 2014. [BibTeX]

@inproceedings{m2014familystruct,
    title={The impact of family structure and common environment on heritability estimation for neuroimaging genetics studies using SOLAR},
    author={M. E. Koran, B. Li, N. Jahanshad, T. A. Thornton-Wells, D. C. Glahn, P. M. Thompson, J. Blangero, T. E. Nichols, P. Kochunov, and B. A. Landman},
    booktitle={In Proc. of the International Imaging Genetics Conference (GC)},
    year={2014}
}

M. E. Koran, B. Li, N. Jahanshad, T. A. Thornton-Wells, D. C. Glahn, P. M. Thompson, J. Blangero, T. E. Nichols, P. Kochunov, and B. A. Landman. "Neuroimaging Genetics Study Design: A Comparison of the OpenMX and SOLAR Software Packages for Estimating Heritability of Neuroimaging Traits". In Proc. of the International Imaging Genetics Conference (GC). Irvine, CA, USA, 2014. [BibTeX]

@inproceedings{m2014neuroimaging,
    title={Neuroimaging Genetics Study Design: A Comparison of the OpenMX and SOLAR Software Packages for Estimating Heritability of Neuroimaging Traits},
    author={M. E. Koran, B. Li, N. Jahanshad, T. A. Thornton-Wells, D. C. Glahn, P. M. Thompson, J. Blangero, T. E. Nichols, P. Kochunov, and B. A. Landman},
    booktitle={In Proc. of the International Imaging Genetics Conference (GC)},
    year={2014}
}

M. E. Koran, B. Li, N. Jahanshad, T. A. Thornton-Wells, D. C. Glahn, P. M. Thompson, J. Blangero, T. E. Nichols, P. Kochunov, and B. A. Landman. "On study design in neuroimaging heritability analyses." In Proc. of the SPIE Medical Imaging Conference. San Diego (SPIE), CA, USA, 2014.[BibTeX]

@inproceedings{koran2014study,
  title={On study design in neuroimaging heritability analyses},
  author={Koran, Mary Ellen and Li, Bo and Jahanshad, Neda and Thornton-Wells, Tricia A and Glahn, David C and Thompson, Paul M and Blangero, John and Nichols, Thomas E and Kochunov, Peter and Landman, Bennett A},
  booktitle={Medical Imaging 2014: Image Processing},
  volume={9034},
  pages={90342P},
  year={2014},
  organization={International Society for Optics and Photonics}
}

Z. Xu, B. Li, S. Panda, A. J. Asman, K. L. Merkle, P. L. Shanahan, R. G. Abramson, and B. A. Landman. "Shape-Constrained Multi-Atlas Segmentation of Spleen in CT." In Proc. of the SPIE Medical Imaging Conference. San Diego (SPIE), CA, USA, 2014.[BibTeX]

@inproceedings{xu2014shape,
  title={Shape-constrained multi-atlas segmentation of spleen in CT},
  author={Xu, Zhoubing and Li, Bo and Panda, Swetasudha and Asman, Andrew J and Merkle, Kristen L and Shanahan, Peter L and Abramson, Richard G and Landman, Bennett A},
  booktitle={Medical Imaging 2014: Image Processing},
  volume={9034},
  pages={903446},
  year={2014},
  organization={International Society for Optics and Photonics}
}

J. S. Lee, K. J. Wei, and B. Li, "On the security of two ECC-based authentication mechanisms for confirming authorization," In Proc. of the Cryptography- 20 years of Cryptography in Taiwan, McGraw-Hill International Enterprises, LLC., Taiwan, 2014. [BibTeX]

@inproceedings{j2014eccauthen,
    title={On the security of two ECC-based authentication mechanisms for confirming authorization},
    author={J. S. Lee, K. J. Wei, and B. Li},
    booktitle={ In Proc. of the Cryptography- 20 years of Cryptography in Taiwan, McGraw-Hill International Enterprises},
    year={2014}
}

Q. Lin, Z. Xu, B. Li, R. Baucom, B. Poulose, B. A. Landman, and R. E. Bodenheimer. "Immersive Virtual Reality for Visualization of Abdominal CT." In Proc. of the SPIE Medical Imaging Conference. Orlando (SPIE), FL, USA, 2013. [BibTeX]

@inproceedings{lin2013immersive,
  title={Immersive virtual reality for visualization of abdominal CT},
  author={Lin, Qiufeng and Xu, Zhoubing and Li, Bo and Baucom, Rebeccah and Poulose, Benjamin and Landman, Bennett A and Bodenheimer, Robert E},
  booktitle={Medical Imaging 2013: Image Perception, Observer Performance, and Technology Assessment},
  volume={8673},
  pages={867317},
  year={2013},
  organization={International Society for Optics and Photonics}
}

B. Li, S. Panda, Z. Xu, A. J. Asman, P. L. Shanahan, R. G. Abramson, and B. A. Landman. "Regression forest region recognition enhances multi-atlas spleen labeling". In Proc. of the Medical Image Computing and Computer Assisted Intervention (MICCAI). Nagoya, Japan, 2013. [BibTeX]

@inproceedings{li2013regression,
  title={Regression forest region recognition enhances multi-atlas spleen labeling},
  author={Li, Bo and Panda, Swetasudha and Xu, Zhoubing and Asman, Andrew J and Shanahan, Peter L and Abramson, Richard G and Landman, Bennett A},
  booktitle={MICCAI Challenge Workshop on Segmentation: Algorithms, Theory and Applications (SATA)},
  pages={82--92},
  year={2013},
  organization={Citeseer}
}

B. Li, P. Volgyesi, and A. Ledeczi: "Rapid Prototyping of Image Processing Workflows on Massively Parallel Architectures", In Proc. of Intelligent Solutions in Embedded Systems (WISES), Carinthia, Austria, 2012. [BibTeX]

@inproceedings{li2012rapid,
  title={Rapid prototyping of image processing workflows on massively parallel architectures},
  author={Li, Bo and Sallai, J{\'a}nos and V{\"o}lgyesi, P{\'e}ter and L{\'e}deczi, {\'A}kos},
  booktitle={Proceedings of the 10th International Workshop on Intelligent Solutions in Embedded Systems},
  pages={15--20},
  year={2012},
  organization={IEEE}
}

J. S. Lee, B. Li , and H. Y. Tsai. "An Effective Preprocessor for Enhancing Edge Detection in Speckle Images," In Proc. of the 8th International Conference on Information Science and Digital Content Technology (ICIDT), Jeju, Korea, 2012. [BibTeX]

@inproceedings{lee2012effective,
  title={An effective preprocessor for enhancing edge detection in speckle images},
  author={Lee, Jung-San and Li, Bo and Tsai, Hsin-Yi},
  booktitle={2012 8th International Conference on Information Science and Digital Content Technology (ICIDT2012)},
  volume={3},
  pages={546--550},
  year={2012},
  organization={IEEE}
}

F. P. Lin, B. Li and J. S. Lee. "A neoteric progressive scheme for visual secret sharing," In the Proc. of the First National Conference on Web Intelligence and Applications (CWIA). Kaohsiung, Taiwan, 2011. [BibTeX]

@inproceedings{f2011neoteric,
    title={A neoteric progressive scheme for visual secret sharing},
    author={F. P. Lin, B. Li and J. S. Lee},
    booktitle={In the Proc. of the First National Conference on Web Intelligence and Applications (CWIA)},
    year={2011}
}

B. Li, and J. S. Lee. "A wally watermarking scheme with blind extraction based on structured encoding system," In Proc. of International Conference on 2nd World Congress on Computer Science and Information Engineering (CSIE), Changchun, China, 2011. [BibTeX]

@inproceedings{b2011wallywatermarking,
    title={A wally watermarking scheme with blind extraction based on structured encoding system},
    author={B. Li, and J. S. Lee},
    booktitle={International Conference on 2nd World Congress on Computer Science and Information Engineering (CSIE)},
    year={2011}
}

B. Li, J. S. Lee, and C. C. Chang. "Providing Anonymous Channels and Mutual Authentication in GSM," In Proc. of International Conference on the Fourth International Conference on Genetic and Evolutionary Computing (WCECS), Shenzhen, China, 2010. [BibTeX]

@inproceedings{li2010providing,
  title={Providing Anonymous Channels and Mutual Authentication for Mobile Communications},
  author={Li, Bo and Chang, Chin-Chen and Lee, Jung-San},
  booktitle={2010 Fourth International Conference on Genetic and Evolutionary Computing},
  pages={618--621},
  year={2010},
  organization={IEEE}
}

J. S. Lee, B. Li and Y. C. Chou. "A Brand-new Mobile Value-added Service: M-Check," In Proc. of International Conference on Networked Computing, Advanced Information Management and Digital Content and Multimedia Technologies (AICIT), Seoul, Korea, 2009.[BibTeX]

@inproceedings{lee2009brand,
  title={A Brand-New Mobile Value-Added Service: M-Check},
  author={Lee, Jung-San and Li, Bo and Chou, Yung-Chen},
  booktitle={2009 Fifth International Joint Conference on INC, IMS and IDC},
  pages={2050--2055},
  year={2009},
  organization={IEEE}
}

Refereed Journals

Saikiran Bulusu, Bhavya Kailkhura,Bo Li, Pramod K. Varshney, Dawn Song, "Anomalous Example Detection in Deep Learning: A Survey.", IEEE Access 2020. [BibTeX]

@article{bulusu2020anomalous,
  title={Anomalous example detection in deep learning: A survey},
  author={Bulusu, Saikiran and Kailkhura, Bhavya and Li, Bo and Varshney, Pramod K and Song, Dawn},
  journal={IEEE Access},
  volume={8},
  pages={132330--132347},
  year={2020},
  publisher={IEEE}
}

Chao Yan, Bo Li, Yevgeniy Vorobeychik, Aron Laszka, Daniel Fabbri, Bradley Malin, "Database Audit Workload Prioritization via Game Theory", ACM Transactions on Privacy and Security (TOPS), 2018. [BibTeX]

@article{yan2019database,
  title={Database audit workload prioritization via game theory},
  author={Yan, Chao and Li, Bo and Vorobeychik, Yevgeniy and Laszka, Aron and Fabbri, Daniel and Malin, Bradley},
  journal={ACM Transactions on Privacy and Security (TOPS)},
  volume={22},
  number={3},
  pages={1--21},
  year={2019},
  publisher={ACM New York, NY, USA}
}

B. Li, Y. Vorobeychik, "Evasion-Robust Classification on Binary Domains," ACM Transactions on Knowledge Discovery from Data (TKDD), February. 2018. [BibTeX]

@article{li2018evasion,
  title={Evasion-robust classification on binary domains},
  author={Li, Bo and Vorobeychik, Yevgeniy},
  journal={ACM Transactions on Knowledge Discovery from Data (TKDD)},
  volume={12},
  number={4},
  pages={1--32},
  year={2018},
  publisher={ACM New York, NY, USA}
}

B. Li, Y. Vorobeychik, M. Li, B. Malin, "Scalable Iterative Classification for Sanitizing Large-Scale Datasets," IEEE Transactions on Knowledge and Data Engineering (TKDE), Oct. 2016. [BibTeX]

@article{li2016scalable,
  title={Scalable iterative classification for sanitizing large-scale datasets},
  author={Li, Bo and Vorobeychik, Yevgeniy and Li, Muqun and Malin, Bradley},
  journal={IEEE transactions on knowledge and data engineering},
  volume={29},
  number={3},
  pages={698--711},
  year={2016},
  publisher={IEEE}
}

J. S. Lee, B. Li, and B. R. Huang, "Oblivious Transfer System for Information Concealing and Recovery in Cloud Computing," Journal of Internet Technology, vol. 20, pp. 132-145, March 2015. [BibTeX]

@article{san2017oblivious,
  title={Oblivious transfer system for information concealing and recovery in cloud computing},
  author={San Lee, Jung and Li, Bo and Huang, Bo Ruei},
  journal={Journal of Internet Technology},
  volume={18},
  number={1},
  pages={55--63},
  year={2017},
  publisher={Taiwan Academic Network Management Committee}
}

J. S. Lee, K. R. Wen, and B. Li, "Renovating Contaminative Image Archives based on Patch Propagation and Adaptive Confidence Collation" IEEE Transactions on Circuits and Systems for Video Technology, vol. 14, pp. 112-134, April 2015.[BibTeX]

@article{lee2015renovating,
  title={Renovating contaminative image archives based on patch propagation and adaptive confidence collation},
  author={Lee, Jung-San and Wen, Kai-Rui and Li, Bo},
  journal={IEEE Transactions on Circuits and Systems for Video Technology},
  volume={26},
  number={5},
  pages={1004--1011},
  year={2015},
  publisher={IEEE}
}

M. Li, D. Carrell, J. Aberdeen, L. Hirschman, B. Li, Y.Vorobeychik, and B.Malin, "Optimizing Annotation Resources for Natural Language De-identification via a Game Theoretic Framework," Journal of Biomedical Informatics, vol. 30, pp.142-179, October 2015 [BibTeX]

@article{li2016optimizing,
  title={Optimizing annotation resources for natural language de-identification via a game theoretic framework},
  author={Li, Muqun and Carrell, David and Aberdeen, John and Hirschman, Lynette and Kirby, Jacqueline and Li, Bo and Vorobeychik, Yevgeniy and Malin, Bradley A},
  journal={Journal of biomedical informatics},
  volume={61},
  pages={97--109},
  year={2016},
  publisher={Elsevier}
}

J. S. Lee, and B. Li, "Self-recognized Watermarking Technique with Resistance to Large Scale Cropping," IEEE Multimedia, vol. 21, pp. 60-73, March 2014. [BibTeX]

@article{j2014selfrecognized,
author = {Lee, Jung-San and Li, Bo},
year = {2014},
month = {01},
pages = {60-73},
title = {Self-Recognized Image Protection Technique that Resists Large-Scale Cropping},
volume = {21},
journal = {MultiMedia, IEEE},
doi = {10.1109/MMUL.2014.14}
}

J. S. Lee, W. C. Kao, and B. Li, "Aryabhata Remainder Theorem-Based Non-Iterative Electronic Lottery Mechanism with Robustness," IET Information Security, vol. 7, pp. 172-182, May 2013. [BibTeX]

@article{j2013aryabhata,
author = {Lee, Jung-San and Kao, Wei-Chiang and Li, Bo},
year = {2013},
month = {09},
pages = {172-180},
title = {Aryabhata remainder theorem-based non-iterative electronic lottery mechanism with robustness},
volume = {7},
journal = {Information Security, IET},
doi = {10.1049/iet-ifs.2011.0327}
}

J. S. Lee, and B. Li, "Note on ‘Authentication protocol using an identifier in an ad hoc network environment’," Mathematical and Computer Modeling, vol. 57, pp. 1572-1575, July 2013. [BibTeX]

@article{j2013note,
author = {Lee, Jung-San and Li, Bo},
year = {2013},
month = {03},
pages = {1572–1575},
title = {Notes on “Authentication protocol using an identifier in an ad hoc network environment”},
volume = {57},
journal = {Mathematical and Computer Modelling},
doi = {10.1016/j.mcm.2012.11.018}
}

B. Li, F. Bryan, and B. A. Landman, "Next Generation of the JAVA Image Science Toolkit (JIST) Visualization and Validation". InSight Journal, vol. 12, pp. 23-34, February 2012. [BibTeX]

@article{li2012next,
  title={Next generation of the java image science toolkit (jist): visualization and validation},
  author={Li, Bo and Bryan, Frederick and Landman, Bennett A},
  journal={The insight journal},
  volume={2012},
  pages={1},
  year={2012},
  publisher={NIH Public Access}
}

C. C. Yang, K. J. Wei, B. Li and J. S. Lee, "HORME: Hierarchical-Object-Relational Medical management for Electronic record," Security and Communication Networks, vol. 17, pp. 53-65, November 2012. [BibTeX]

@article{yang2013horme,
  title={HORME: hierarchical--object--relational medical management for electronic record},
  author={Yang, Chien-Chang and Wei, Kuo-Jui and Li, Bo and Lee, Jung-San},
  journal={Security and Communication Networks},
  volume={6},
  number={10},
  pages={1261--1270},
  year={2013},
  publisher={Wiley Online Library}
}

C. C. Chang, B. Li and J. S. Lee, "Secret Sharing Using Visual Cryptography," Journal of Electronic Science and Technology, vol. 8, pp. 289-299, June 2010. [BibTeX]

@article{chang2010secret,
  title={Secret sharing using visual cryptography},
  author={Chang, Chin-Chen and Li, Bo and Lee, Jung-San},
  journal={Journal of Electronic Science and Technology},
  volume={8},
  number={4},
  pages={289--299},
  year={2010},
  publisher={Journal of Electronic Science and Technology}
}

B. Li and J. S. Lee, "A Cryptographic Alternative for Preserving PHI in Compliance with HIPAA Privacy/Security Regulations," Journal of Computers, vol. 21, pp. 27-36, March 2010. [BibTeX]

@article{li2010cryptographic,
  title={A Cryptographic Alternative for Preserving PHI in Compliance with HIPAA Privacy/Security Regulations},
  author={Li, Bo and Lee, Jung-San},
  journal={Journal of Computers},
  volume={21},
  number={3},
  pages={27--36},
  year={2010},
}

Publications

Show Selected / Show by Date / Show by Topic

Selected Publications

Selected Toolkits, Benchmarks, and Leaderboards