Siyuan's Homepage

Siyuan Cheng

cheng535 AT purdue.edu

West Lafayette, IN, USA

About

I am currently a fourth year Ph.D. student in the Department of Computer Science at Purdue University, advised by Prof. Xiangyu Zhang. Prior to that, I received my B.S. degree from the Department of Computer Science and Engineering of Shanghai Jiao Tong University (SJTU) in 2020. During my undergraduate, I was affiliated with the IEEE Honor Class program.

My research expertise lies in the realm of trustworthy machine learning, with a specific focus on adversarial/backdoor attacks and defenses, across various domains, including computer vision, natural language processing, self-supervised learning, and federated learning.

My current focus is on real-world applications, e.g., large language models (LLMs) and diffusion models. I am actively engaged in exploring and addressing the intricate security and privacy concerns in these sophisticated systems.

I participated in the TrojAI competition from September 2022 and worked as a core member in the team Perspecta-PurdueRutgers. We achieved top ranking on the leaderboard in Round 12, 13, 15, 18 and 19

Pre-prints( ^*denotes equal contribution)

Rapid Optimization for Jailbreaking LLMs via Subconscious Exploitation and Echopraxia
Guangyu Shen^*, Siyuan Cheng^*, Kaiyuan Zhang, Guanhong Tao, Shengwei An, Lu Yan, Zhuo Zhang, Shiqing Ma, Xiangyu Zhang
paper bibtex

Opening A Pandora's Box: Things You Should Know in the Era of Custom GPTs
Guanhong Tao^*, Siyuan Cheng^*, Zhuo Zhang, Junmin Zhu, Guangyu Shen, Xiangyu Zhang
paper bibtex

Deck: Model hardening for defending pervasive backdoors
Guanhong Tao, Yingqi Liu, Siyuan Cheng, Shengwei An, Zhuo Zhang, Qiuling Xu, Guangyu Shen, Xiangyu Zhang
paper bibtex

Publications( ^*denotes equal contribution)

BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target
Guangyu Shen^*, Siyuan Cheng^*, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Hanxi Guo, Lu Yan, Xiaolong Jin, Shengwei An, Shiqing Ma, Xiangyu Zhang
Proceedings of the 46th IEEE Symposiums on Security and Privacy (S&P 2025)
paper bibtex

CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian Sampling
Kaiyuan Zhang, Siyuan Cheng, Guangyu Shen, Bruno Ribeiro, Shengwei An, Pin-Yu Chen, Xiangyu Zhang, Ninghui Li
Proceedings of the 30th Network and Distributed System Security Symposium (NDSS 2025)
paper bibtex

ODSCAN: Backdoor Scanning for Object Detection Models
Siyuan Cheng^*, Guangyu Shen^*, Guanhong Tao, Kaiyuan Zhang, Zhuo Zhang, Shengwei An, Xiangzhe Xu, Yingqi Liu, Shiqing Ma, Xiangyu Zhang
Proceedings of the 45th IEEE Symposiums on Security and Privacy (S&P 2024)
paper bibtex code video slides

Exploring the Orthogonality and Linearity of Backdoor Attacks
Kaiyuan Zhang^*, Siyuan Cheng^*, Guangyu Shen, Guanhong Tao, Shengwei An, Anuran Makur, Shiqing Ma, Xiangyu Zhang
Proceedings of the 45th IEEE Symposiums on Security and Privacy (S&P 2024)
paper bibtex code slides website

On Large Language Models' Resilience to Coercive Interrogation
Zhuo Zhang, Guangyu Shen, Guanhong Tao, Siyuan Cheng, Xiangyu Zhang
Proceedings of the 45th IEEE Symposiums on Security and Privacy (S&P 2024)
paper bibtex code website

Rethinking the Invisible Protection against Unauthorized Image Usage in Stable Diffusion
Shengwei An^* , Lu Yan^*, Siyuan Cheng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Guanhong Tao, Xiangyu Zhang
Proceedings of the 33rd USENIX Security Symposium (USENIX Security 2024)
paper bibtex code

Backdoor Attacks without Poisoning
Guanhong Tao, Siyuan Cheng, Zhenting Wang, Shiqing Ma, Shengwei An, Yingqi Liu, Guangyu Shen, Zhuo Zhang, Yunshu Mao, Xiangyu Zhang
Annual Computer Security Applications Conference (ACSAC 2024)
paper bibtex

LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning
Siyuan Cheng, Guanhong Tao, Yingqi Liu, Guangyu Shen, Shengwei An, Shiwei Feng, Xiangzhe Xu, Kaiyuan Zhang, Shiqing Ma, Xiangyu Zhang
IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2024)
paper bibtex code video slides poster

UNIT: Backdoor Mitigation via Automated Neural Distribution Tightening
Siyuan Cheng^*, Guangyu Shen^*, Kaiyuan Zhang, Guanhong Tao, Shengwei An, Hanxi Guo, Shiqing Ma, Xiangyu Zhang
The 18th European Conference on Computer Vision (ECCV 2024)
paper bibtex code

Elijah: Eliminating Backdoors Injected in Diffusion Models via Distribution Shift
Shengwei An, Sheng-Yen Chou, Kaiyuan Zhang, Qiuling Xu, Guanhong Tao, Guangyu Shen, Siyuan Cheng, Shiqing Ma, Pin-Yu Chen, Tsung-Yi Ho, Xiangyu Zhang
Proceedings of the 38th AAAI Conference on Artificial Intelligence (AAAI 2024)
paper bibtex code

ROCAS: Root Cause Analysis of Autonomous Driving Accidents via Cyber-Physical Co-mutation
Shiwei Feng, Yapeng Ye, Qingkai Shi, Zhiyuan Cheng, Xiangzhe Xu, Siyuan Cheng, Hongjun Choi, Xiangyu Zhang
IEEE/ACM International Conference on Automated Software Engineering (ASE 2024)
paper bibtex

BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense
Siyuan Cheng, Guanhong Tao, Yingqi Liu, Shengwei An, Xiangzhe Xu, Shiwei Feng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Shiqing Ma, Xiangyu Zhang
Proceedings of the 30th Network and Distributed System Security Symposium (NDSS 2023)
paper bibtex code video slides

Django: Detecting Trojans in Object Detection Models via Gaussian Focus Calibration
Guangyu Shen^*, Siyuan Cheng^*, Guanhong Tao, Kaiyuan Zhang, Yingqi Liu, Shengwei An, Shiqing Ma, Xiangyu Zhang
Proceedings of Thirty-seventh Conference on Neural Information Processing Systems (NeurIPS 2023)
paper bibtex

Hard-label Black-box Universal Adversarial Patch Attack
Guanhong Tao, Shengwei An, Siyuan Cheng, Guangyu Shen, Xiangyu Zhang
Proceedings of the 32nd USENIX Security Symposium (USENIX Security 2023)
paper bibtex code

ImU: Physical Impersonating Attack for Face Recognition System with Natural Style Changes
Shengwei An, Yuan Yao, Qiuling Xu, Shiqing Ma, Guanhong Tao, Siyuan Cheng, Kaiyuan Zhang, Yingqi Liu, Guangyu Shen, Ian Kelk, Xiangyu Zhang
Proceedings of the 44rd IEEE Symposiums on Security and Privacy (S&P 2023)
paper bibtex code

FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning
Kaiyuan Zhang, Guanhong Tao, Qiuling Xu, Siyuan Cheng, Shengwei An, Yingqi Liu, Shiwei Feng, Guangyu Shen, Pin-Yu Chen, Shiqing Ma, Xiangyu Zhang
Proceedings of the Eleventh International Conference on Learning Representations (ICLR 2023)
ECCV 2022 Workshop on Adversarial Robustness in the Real World (AROW 2023) Best Paper Award
paper bibtex code

Detecting Backdoors in Pre-trained Encoders
Shiwei Feng, Guanhong Tao, Siyuan Cheng, Guangyu Shen, Xiangzhe Xu, Yingqi Liu, Kaiyuan Zhang, Shiqing Ma, Xiangyu Zhang
IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2023)
paper bibtex code

MEDIC: Remove Model Backdoors via Importance Driven Cloning
Qiuling Xu, Guanhong Tao, Jean Honorio, Yingqi Liu, Shengwei An, Guangyu Shen, Siyuan Cheng, Xiangyu Zhang
IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2023)
paper bibtex code

PEM: Representing Binary Program Semantics for Similarity Analysis via A Probabilistic Execution Model
Xiangzhe Xu^*, Zhou Xuan^*, Shiwei Feng, Siyuan Cheng, Yapeng Ye, Qingkai Shi, Guanhong Tao, Le Yu, Zhuo Zhang, Xiangyu Zhang
Proceedings of the 2023 ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2023)
paper bibtex code

Improving Binary Code Similarity Transformer Models by Semantics-driven Instruction Deemphasis
Xiangzhe Xu, Shiwei Feng, Yapeng Ye, Guangyu Shen, Zian Su, Siyuan Cheng, Guanhong Tao, Qingkai Shi, Zhuo Zhang, Xiangyu Zhang
Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023)
paper bibtex code

Deep Feature Space Trojan Attack of Neural Networks by Controlled Detoxification
Siyuan Cheng, Yingqi Liu, Shiqing Ma, Xiangyu Zhang
Proceedings of the 35th AAAI Conference on Artificial Intelligence (AAAI 2021)
paper bibtex code video poster

Towards Feature Space Adversarial Attack by Style Perturbation
Qiuling Xu, Guanhong Tao, Siyuan Cheng, Xiangyu Zhang
Proceedings of the 35th AAAI Conference on Artificial Intelligence (AAAI 2021)
paper bibtex code

Backdoor Scanning for Deep Neural Networks through K-Arm Optimization
Guangyu Shen^*, Yingqi Liu^*, Guanhong Tao, Shengwei An, Qiuling Xu, Siyuan Cheng, Shiqing Ma, Xiangyu Zhang
Proceedings of Thirty-eighth International Conference on Machine Learning (ICML 2021)
paper bibtex code

Rational Manager in Bitcoin Mining Pool: Dynamic Strategies to Gain Extra Rewards
Feifan Yu, Na Ruan, Siyuan Cheng
Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (AsiaCCS 2020)
paper bibtex

Experience

Research Intern, working with Dr. Lingjuan Lv and Dr. Vikash Sehwag at Sony AI, May. 2024 - Present
Research Assistant, working with Prof. Xiangyu Zhang at Purdue University, Aug. 2021 - Present
Research Intern, at Hitachi Shanghai Trading Co Ltd, Shanghai, China, Oct. 2020 - Apr. 2021
Research Intern, working with Prof. Xiangyu Zhang at Purdue University, Jul. 2019 - Sep. 2019

Teaching

Teaching Assistance at Purdue University, CS 59200 - AI and Security, Aug. 2024
Guest lecture at University of Massachusetts, Amherst, COMPSCI 360: Introduction to Computer and Network Security, invited by Prof. Shiqing Ma, Dec. 2023

Services

Conference Reviewer

International Conference on Learning Representations (ICLR): 2025
Annual AAAI Conference on Artificial Intelligence (AAAI): 2025
Annual Conference on Neural Information Processing Systems (NeurIPS): 2024
IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR): 2024
Annual Meeting of the Association for Computational Linguistics (ACL): 2024
Empirical Methods in Natural Language Processing (EMNLP): 2024

Sub-reviewer

ACM Conference on Computer and Communications Security (CCS): 2021, 2023, 2024
USENIX Security Symposium: 2022
International Conference on Software Engineering (ICSE): 2023
International Conference on Automated Software Engineering (ASE): 2023