Han Xu 0002Michigan State University, USAhttps://sites.google.com/view/han-xu-123/homehttps://scholar.google.com/citations?user=mX2rL3IAAAAJhttps://orcid.org/0000-0002-4016-6748Han XuHan Xu 0001Wuhan University, Chinahttps://scholar.google.com/citations?user=ZsxOdRUAAAAJhttps://orcid.org/0000-0002-6291-2924Han Xu 0003Huazhong University of Science and Technology, Wuhan, Chinahttps://orcid.org/0000-0001-9861-4868https://ieeexplore.ieee.org/author/37089443321Han Xu 0004Peking University, Beijing, Chinahttps://orcid.org/0000-0002-2548-6866Han Xu 0005South China Agricultural University, Guangzhou, Chinahttps://orcid.org/0000-0002-0249-2956Han Xu 0006Tsinghua University, Beijing, Chinahttps://orcid.org/0000-0002-2469-1286Han Xu 0007Auckland Tongji Rehabilitation Medical Equipment Research Centre, Tongji Zhejiang College, Chinahttps://orcid.org/0000-0003-0661-8955https://www.wikidata.org/entity/Q92660502Han Xu 0008National University of Defense Technology, Changsha, ChinaHan Xu 0009Technische Universität München, Garching, GermanyHan Xu 0010University of New South Wales, Sydney, NSW, Australiahttps://orcid.org/0000-0002-2217-3709Han Xu 0011CSE, Hong Kong University of Science and TechnologyHan Xu 0012Nanjing University of Aeronautics and Astronautics, Nanjing, ChinaHan Xu 0013Nanyang Technological University, SingaporeShenglai ZengYaxin Li 0001Jie Ren 0019Yiding LiuHan Xu 0002Pengfei HeYue Xing 0002Shuaiqiang WangJiliang TangDawei YinExploring Memorization in Fine-tuned Language Models.3917-39482024ACL (1)https://doi.org/10.18653/v1/2024.acl-long.216https://aclanthology.org/2024.acl-long.216conf/acl/2024-1db/conf/acl/acl2024-1.html#ZengLRL0HXWTY24Shenglai ZengJiankun ZhangPengfei HeYiding LiuYue Xing 0002Han Xu 0002Jie Ren 0019Yi Chang 0001Shuaiqiang WangDawei YinJiliang TangThe Good and The Bad: Exploring Privacy Issues in Retrieval-Augmented Generation (RAG).4505-45242024ACL (Findings)https://doi.org/10.18653/v1/2024.findings-acl.267https://aclanthology.org/2024.findings-acl.267conf/acl/2024fdb/conf/acl/acl2024f.html#ZengZHLX000WYT24Jie Ren 0019Yaxin Li 0001Shenglai ZengHan Xu 0002Lingjuan LyuYue Xing 0002Jiliang TangUnveiling and Mitigating Memorization in Text-to-Image Diffusion Models Through Cross Attention.340-3562024ECCV (77)https://doi.org/10.1007/978-3-031-72980-5_20conf/eccv/2024-77db/conf/eccv/eccv2024-77.html#RenLZXLXT24streams/conf/eccvYuping LinPengfei HeHan Xu 0002Yue Xing 0002Makoto YamadaHui Liu 0031Jiliang TangTowards Understanding Jailbreak Attacks in LLMs: A Representation Space Analysis.7067-70852024EMNLPhttps://aclanthology.org/2024.emnlp-main.401conf/emnlp/2024db/conf/emnlp/emnlp2024.html#LinH0XYLT24Han Xu 0002Jie Ren 0019Pengfei HeShenglai ZengYingqian CuiAmy LiuHui Liu 0031Jiliang TangOn the Generalization of Training-based ChatGPT Detection Methods.7223-72432024EMNLP (Findings)https://aclanthology.org/2024.findings-emnlp.424conf/emnlp/2024fdb/conf/emnlp/emnlp2024f.html#XuRHZCLLT24Pengfei HeHan Xu 0002Jie Ren 0019Yingqian CuiShenglai ZengHui Liu 0031Charu C. AggarwalJiliang TangSharpness-Aware Data Poisoning Attack.2024ICLRhttps://openreview.net/forum?id=bxITGFPVWhconf/iclr/2024db/conf/iclr/iclr2024.html#He0RCZ0AT24Jie Ren 0019Han Xu 0002Yiding LiuYingqian CuiShuaiqiang WangDawei YinJiliang TangA Robust Semantics-based Watermark for Large Language Model against Paraphrasing.613-6252024NAACL-HLT (Findings)https://doi.org/10.18653/v1/2024.findings-naacl.40conf/naacl/2024fdb/conf/naacl/naacl2024f.html#RenXLCWYT24streams/conf/naaclYaxin Li 0001Jie Ren 0019Han Xu 0002Hui Liu 0031Neural Style Protection: Counteracting Unauthorized Neural Style Transfer.3954-39632024WACVhttps://doi.org/10.1109/WACV57701.2024.00392conf/wacv/2024db/conf/wacv/wacv2024.html#LiRXL24Pengfei HeHan Xu 0002Yue Xing 0002Hui Liu 0031Makoto YamadaJiliang TangData Poisoning for In-context Learning.2024abs/2402.02160CoRRhttps://doi.org/10.48550/arXiv.2402.02160db/journals/corr/corr2402.html#abs-2402-02160Jie Ren 0019Han Xu 0002Pengfei HeYingqian CuiShenglai ZengJiankun ZhangHongzhi WenJiayuan DingHui Liu 0031Yi Chang 0001Jiliang TangCopyright Protection in Generative AI: A Technical Perspective.2024abs/2402.02333CoRRhttps://doi.org/10.48550/arXiv.2402.02333db/journals/corr/corr2402.html#abs-2402-02333Shenglai ZengJiankun ZhangPengfei HeYue Xing 0002Yiding LiuHan Xu 0002Jie Ren 0019Shuaiqiang WangDawei YinYi Chang 0001Jiliang TangThe Good and The Bad: Exploring Privacy Issues in Retrieval-Augmented Generation (RAG).2024abs/2402.16893CoRRhttps://doi.org/10.48550/arXiv.2402.16893db/journals/corr/corr2402.html#abs-2402-16893Jie Ren 0019Yaxin Li 0001Shenglai ZengHan Xu 0002Lingjuan LyuYue Xing 0002Jiliang TangUnveiling and Mitigating Memorization in Text-to-image Diffusion Models through Cross Attention.2024abs/2403.11052CoRRhttps://doi.org/10.48550/arXiv.2403.11052db/journals/corr/corr2403.html#abs-2403-11052Yuping LinPengfei HeHan Xu 0002Yue Xing 0002Makoto YamadaHui Liu 0031Jiliang TangTowards Understanding Jailbreak Attacks in LLMs: A Representation Space Analysis.2024abs/2406.10794CoRRhttps://doi.org/10.48550/arXiv.2406.10794db/journals/corr/corr2406.html#abs-2406-10794streams/journals/corrShenglai ZengJiankun ZhangPengfei HeJie Ren 0019Tianqi ZhengHanqing LuHan Xu 0002Hui Liu 0031Yue Xing 0002Jiliang TangMitigating the Privacy Issues in Retrieval-Augmented Generation (RAG) via Pure Synthetic Data.2024abs/2406.14773CoRRhttps://doi.org/10.48550/arXiv.2406.14773db/journals/corr/corr2406.html#abs-2406-14773Pengfei HeYingqian CuiHan Xu 0002Hui Liu 0031Makoto YamadaJiliang TangYue Xing 0002Towards the Effect of Examples on In-Context Learning: A Theoretical Case Study.2024abs/2410.09411CoRRhttps://doi.org/10.48550/arXiv.2410.09411db/journals/corr/corr2410.html#abs-2410-09411streams/journals/corrWenqi FanHan Xu 0002Wei Jin 0009Xiaorui LiuXianfeng TangSuhang WangQing Li 0001Jiliang TangJianping Wang 0001Charu C. AggarwalJointly Attacking Graph Neural Network and its Explanations.654-6672023ICDEhttps://doi.org/10.1109/ICDE55515.2023.00056conf/icde/2023db/conf/icde/icde2023.html#FanXJLTWLT0A23Jie Ren 0019Han Xu 0002Yuxuan WanXingjun MaLichao Sun 0001Jiliang TangTransferable Unlearnable Examples.2023ICLRhttps://openreview.net/forum?id=-htnolWDLvPconf/iclr/2023db/conf/iclr/iclr2023.html#Ren0WM0T23Han Xu 0002Pengfei HeJie Ren 0019Yuxuan WanZitao Liu 0001Hui Liu 0031Jiliang TangProbabilistic Categorical Adversarial Attack and Adversarial Training.38428-384422023ICMLhttps://proceedings.mlr.press/v202/xu23e.htmlconf/icml/2023db/conf/icml/icml2023.html#XuHRW0LT23Han Xu 0002Xiaorui LiuWentao Wang 0006Zitao Liu 0001Anil K. Jain 0001Jiliang TangHow does the Memorization of Neural Networks Impact Adversarial Robust Models?2801-28122023KDDhttps://doi.org/10.1145/3580305.3599381conf/kdd/2023db/conf/kdd/kdd2023.html#0002L000T23Pengfei HeHan Xu 0002Jie Ren 0019Yingqian CuiHui Liu 0031Charu C. AggarwalJiliang TangSharpness-Aware Data Poisoning Attack.2023abs/2305.14851CoRRhttps://doi.org/10.48550/arXiv.2305.14851db/journals/corr/corr2305.html#abs-2305-14851Yingqian CuiJie Ren 0019Han Xu 0002Pengfei HeHui Liu 0031Lichao Sun 0001Jiliang TangDiffusionShield: A Watermark for Copyright Protection against Generative Diffusion Models.2023abs/2306.04642CoRRhttps://doi.org/10.48550/arXiv.2306.04642db/journals/corr/corr2306.html#abs-2306-04642Han Xu 0002Jie Ren 0019Pengfei HeShenglai ZengYingqian CuiAmy LiuHui Liu 0031Jiliang TangOn the Generalization of Training-based ChatGPT Detection Methods.2023abs/2310.01307CoRRhttps://doi.org/10.48550/arXiv.2310.01307db/journals/corr/corr2310.html#abs-2310-01307Yingqian CuiJie Ren 0019Yuping LinHan Xu 0002Pengfei HeYue Xing 0002Wenqi FanHui Liu 0031Jiliang TangFT-Shield: A Watermark Against Unauthorized Fine-tuning in Text-to-Image Diffusion Models.2023abs/2310.02401CoRRhttps://doi.org/10.48550/arXiv.2310.02401db/journals/corr/corr2310.html#abs-2310-02401Pengfei HeHan Xu 0002Yue Xing 0002Jie Ren 0019Yingqian CuiShenglai ZengJiliang TangMakoto YamadaMohammad SabokrouConfidence-driven Sampling for Backdoor Attacks.2023abs/2310.05263CoRRhttps://doi.org/10.48550/arXiv.2310.05263db/journals/corr/corr2310.html#abs-2310-05263Shenglai ZengYaxin Li 0001Jie Ren 0019Yiding LiuHan Xu 0002Pengfei HeYue Xing 0002Shuaiqiang WangJiliang TangDawei YinExploring Memorization in Fine-tuned Language Models.2023abs/2310.06714CoRRhttps://doi.org/10.48550/arXiv.2310.06714db/journals/corr/corr2310.html#abs-2310-06714Jie Ren 0019Han Xu 0002Yiding LiuYingqian CuiShuaiqiang WangDawei YinJiliang TangA Robust Semantics-based Watermark for Large Language Model against Paraphrasing.2023abs/2311.08721CoRRhttps://doi.org/10.48550/arXiv.2311.08721db/journals/corr/corr2311.html#abs-2311-08721Wentao Wang 0006Han Xu 0002Xiaorui LiuYaxin Li 0001Bhavani ThuraisinghamJiliang TangImbalanced Adversarial Training with Reweighting.1209-12142022ICDMhttps://doi.org/10.1109/ICDM54844.2022.00156conf/icdm/2022db/conf/icdm/icdm2022.html#WangXL0TT22Wentao Wang 0006Han Xu 0002Yuxuan WanJie Ren 0019Jiliang TangTowards Adversarial Learning: From Evasion Attacks to Poisoning Attacks.4830-48312022KDDhttps://doi.org/10.1145/3534678.3542608conf/kdd/2022db/conf/kdd/kdd2022.html#0006XWRT22Han Xu 0002Doctoral Consortium of WSDM'22: Exploring the Bias of Adversarial Defenses.1559-15602022WSDMhttps://doi.org/10.1145/3488560.3502215conf/wsdm/2022db/conf/wsdm/wsdm2022.html#Xu22Yaxin Li 0001Xiaorui LiuHan Xu 0002Wentao Wang 0006Jiliang TangEnhancing Adversarial Training with Feature Separability.2022abs/2205.00637CoRRhttps://doi.org/10.48550/arXiv.2205.00637db/journals/corr/corr2205.html#abs-2205-00637Yuxuan WanHan Xu 0002Xiaorui LiuJie Ren 0019Wenqi FanJiliang TangDefense Against Gradient Leakage Attacks via Learning to Obscure Data.2022abs/2206.00769CoRRhttps://doi.org/10.48550/arXiv.2206.00769db/journals/corr/corr2206.html#abs-2206-00769Wenqi FanXiangyu Zhao 0001Xiao Chen 0016Jingran SuJingtong GaoLin Wang 0040Qidong LiuYiqi Wang 0001Han Xu 0002Lei Chen 0002Qing Li 0001A Comprehensive Survey on Trustworthy Recommender Systems.2022abs/2209.10117CoRRhttps://doi.org/10.48550/arXiv.2209.10117db/journals/corr/corr2209.html#abs-2209-10117Pengfei HeHan Xu 0002Jie Ren 0019Yuxuan WanZitao Liu 0001Jiliang TangProbabilistic Categorical Adversarial Attack & Adversarial Training.2022abs/2210.09364CoRRhttps://doi.org/10.48550/arXiv.2210.09364db/journals/corr/corr2210.html#abs-2210-09364Han Xu 0002Xiaorui LiuYuxuan WanJiliang TangTowards Fair Classification against Poisoning Attacks.2022abs/2210.09503CoRRhttps://doi.org/10.48550/arXiv.2210.09503db/journals/corr/corr2210.html#abs-2210-09503Jie Ren 0019Han Xu 0002Yuxuan WanXingjun MaLichao Sun 0001Jiliang TangTransferable Unlearnable Examples.2022abs/2210.10114CoRRhttps://doi.org/10.48550/arXiv.2210.10114db/journals/corr/corr2210.html#abs-2210-10114Yaxin Li 0001Wei Jin 0009Han Xu 0002Jiliang TangDeepRobust: a Platform for Adversarial Attacks and Defenses.16078-160802021AAAIhttps://doi.org/10.1609/aaai.v35i18.18017conf/aaai/2021db/conf/aaai/aaai2021.html#LiJXT21Han Xu 0002Xiaorui LiuYaxin Li 0001Anil K. Jain 0001Jiliang TangTo be Robust or to be Fair: Towards Fairness in Adversarial Training.11492-115012021ICMLhttp://proceedings.mlr.press/v139/xu21b.htmlconf/icml/2021db/conf/icml/icml2021.html#XuLLJT21Han Xu 0002Yaxin Li 0001Xiaorui LiuWentao Wang 0006Jiliang TangAdversarial Robustness in Deep Learning: From Practices to Theories.4086-40872021KDDhttps://doi.org/10.1145/3447548.3470812conf/kdd/2021db/conf/kdd/kdd2021.html#XuLLWT21Xiaorui LiuJiayuan DingWei Jin 0009Han Xu 0002Yao Ma 0001Zitao Liu 0001Jiliang TangGraph Neural Networks with Adaptive Residual.9720-97332021NeurIPShttps://proceedings.neurips.cc/paper/2021/hash/50abc3e730e36b387ca8e02c26dc0a22-Abstract.htmlconf/nips/2021db/conf/nips/neurips2021.html#LiuDJXMLT21Han Xu 0002Yaxin Li 0001Xiaorui LiuHui Liu 0031Jiliang TangYet Meta Learning Can Adapt Fast, it Can Also Break Easily.540-5482021SDMhttps://doi.org/10.1137/1.9781611976700.61conf/sdm/2021db/conf/sdm/sdm2021.html#XuLLLT21Han Xu 0002Xiaorui LiuWentao Wang 0006Wenbiao DingZhongqin WuZitao Liu 0001Anil K. Jain 0001Jiliang TangTowards the Memorization Effect of Neural Networks in Adversarial Training.2021abs/2106.04794CoRRhttps://arxiv.org/abs/2106.04794db/journals/corr/corr2106.html#abs-2106-04794Wentao Wang 0006Han Xu 0002Xiaorui LiuYaxin Li 0001Bhavani ThuraisinghamJiliang TangImbalanced Adversarial Training with Reweighting.2021abs/2107.13639CoRRhttps://arxiv.org/abs/2107.13639db/journals/corr/corr2107.html#abs-2107-13639Wenqi FanWei Jin 0009Xiaorui LiuHan Xu 0002Xianfeng TangSuhang WangQing Li 0001Jiliang TangJianping Wang 0001Charu C. AggarwalJointly Attacking Graph Neural Network and its Explanations.2021abs/2108.03388CoRRhttps://arxiv.org/abs/2108.03388db/journals/corr/corr2108.html#abs-2108-03388Han Xu 0002Yao Ma 0001Haochen LiuDebayan DebHui Liu 0031Jiliang TangAnil K. Jain 0001Adversarial Attacks and Defenses in Images, Graphs and Text: A Review.151-178202017Int. J. Autom. Comput.2https://doi.org/10.1007/s11633-019-1211-xdb/journals/ijautcomp/ijautcomp17.html#XuMLDLTJ20Wei Jin 0009Yaxin Li 0001Han Xu 0002Yiqi Wang 0001Shuiwang JiCharu Aggarwal 0001Jiliang TangAdversarial Attacks and Defenses on Graphs.19-34202022SIGKDD Explor.2https://doi.org/10.1145/3447556.3447566db/journals/sigkdd/sigkdd22.html#JinLXWJAT20Han Xu 0002Yaxin Li 0001Wei Jin 0009Jiliang TangAdversarial Attacks and Defenses: Frontiers, Advances and Practice.3541-35422020KDDhttps://doi.org/10.1145/3394486.3406467conf/kdd/2020db/conf/kdd/kdd2020.html#XuLJT20Wenqi FanYao Ma 0001Han Xu 0002Xiaorui LiuJianping Wang 0001Qing Li 0001Jiliang TangDeep Adversarial Canonical Correlation Analysis.352-3602020SDMhttps://doi.org/10.1137/1.9781611976236.40conf/sdm/2020db/conf/sdm/sdm2020.html#Fan0XLWLT20Wei Jin 0009Yaxin Li 0001Han Xu 0002Yiqi Wang 0001Jiliang TangAdversarial Attacks and Defenses on Graphs: A Review and Empirical Study.2020abs/2003.00653CoRRhttps://arxiv.org/abs/2003.00653db/journals/corr/corr2003.html#abs-2003-00653Yaxin Li 0001Wei Jin 0009Han Xu 0002Jiliang TangDeepRobust: A PyTorch Library for Adversarial Attacks and Defenses.2020abs/2005.06149CoRRhttps://arxiv.org/abs/2005.06149db/journals/corr/corr2005.html#abs-2005-06149Han Xu 0002Yaxin Li 0001Xiaorui LiuHui Liu 0031Jiliang TangYet Meta Learning Can Adapt Fast, It Can Also Break Easily.2020abs/2009.01672CoRRhttps://arxiv.org/abs/2009.01672db/journals/corr/corr2009.html#abs-2009-01672Han Xu 0002Xiaorui LiuYaxin Li 0001Jiliang TangTo be Robust or to be Fair: Towards Fairness in Adversarial Training.2020abs/2010.06121CoRRhttps://arxiv.org/abs/2010.06121db/journals/corr/corr2010.html#abs-2010-06121Han Xu 0002Yao Ma 0001Haochen LiuDebayan DebHui Liu 0031Jiliang TangAnil K. Jain 0001Adversarial Attacks and Defenses in Images, Graphs and Text: A Review.2019abs/1909.08072CoRRhttp://arxiv.org/abs/1909.08072db/journals/corr/corr1909.html#abs-1909-08072Charu C. AggarwalCharu Aggarwal 0001Yi Chang 0001Lei Chen 0002Xiao Chen 0016Yingqian CuiDebayan DebJiayuan DingWenbiao DingWenqi FanJingtong GaoPengfei HeAnil K. Jain 0001Shuiwang JiWei Jin 0009Qing Li 0001Yaxin Li 0001Yuping LinAmy LiuHaochen LiuHui Liu 0031Qidong LiuXiaorui LiuYiding LiuZitao Liu 0001Hanqing LuLingjuan LyuXingjun MaYao Ma 0001Jie Ren 0019Mohammad SabokrouJingran SuLichao Sun 0001Jiliang TangXianfeng TangBhavani ThuraisinghamYuxuan WanJianping Wang 0001Lin Wang 0040Shuaiqiang WangSuhang WangWentao Wang 0006Yiqi Wang 0001Hongzhi WenZhongqin WuYue Xing 0002Makoto YamadaDawei YinShenglai ZengJiankun ZhangXiangyu Zhao 0001Tianqi Zheng
