Sitemap
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
Pages
Posts
portfolio
Portfolio item number 1
Short description of portfolio item number 1
Portfolio item number 2
Short description of portfolio item number 2
publications
Dynamic Slicing for Deep Neural Networks
Published in ESEC/FSE 2020, 2020
Introduces dynamic slicing for deep neural networks to support efficient and accurate model slicing.
Recommended citation: Ziqi Zhang, Yuanchun Li, Yao Guo, Xiangqun Chen, and Yunxin Liu. Dynamic Slicing for Deep Neural Networks. ESEC/FSE 2020. https://dl.acm.org/doi/10.1145/3368089.3409676
ModelDiff: Testing-based DNN Similarity Comparison for Model Reuse Detection
Published in ISSTA 2021, 2021
Proposes a testing-based approach for comparing DNN model similarity to detect model reuse.
Recommended citation: Yuanchun Li, Ziqi Zhang, Bingyan Liu, Ziyue Yang, and Yunxin Liu. ModelDiff: Testing-based DNN Similarity Comparison for Model Reuse Detection. ISSTA 2021. https://dl.acm.org/doi/10.1145/3460319.3464816
ReMoS: Reducing Defect Inheritance in Transfer Learning via Relevant Model Slicing
Published in ICSE 2022, 2022
Proposes relevant model slicing to reduce defect inheritance during transfer learning.
Recommended citation: Ziqi Zhang, Yuanchun Li, Jindong Wang, Bingyan Liu, Ding Li, Xiangqun Chen, Yao Guo, and Yunxin Liu. ReMoS: Reducing Defect Inheritance in Transfer Learning via Relevant Model Slicing. ICSE 2022. https://ieeexplore.ieee.org/document/9793881/
TEESlice: Slicing DNN Models for Secure and Efficient Deployment inside TEEs
Published in AISTA Workshop @ ISSTA 2022, 2022
Introduces TEESlice for slicing DNN models to enable secure and efficient deployment inside Trusted Execution Environments.
Recommended citation: Ziqi Zhang, Lucien K. L. Ng, Yifeng Cai, Yao Guo, Bingyan Liu, Ding Li, and Xiangqun Chen. TEESlice: Slicing DNN Models for Secure and Efficient Deployment inside TEEs. AISTA Workshop @ ISSTA 2022.
DistFL: Distribution-aware Federated Learning for Mobile Scenarios
Published in UbiComp 2022, 2022
Presents distribution-aware federated learning tailored for mobile and heterogeneous device scenarios.
Recommended citation: Bingyan Liu, Yifeng Cai, Ziqi Zhang, Yuanchun Li, Leye Wang, Ding Li, Yao Guo, and Xiangqun Chen. DistFL: Distribution-aware Federated Learning for Mobile Scenarios. UbiComp 2022. https://dl.acm.org/doi/10.1145/3550313
Beyond Fine-Tuning: Efficient and Effective Fed-Tuning for Mobile/Web Users
Published in WWW 2023, 2023
Proposes Fed-Tuning as a more efficient and effective alternative to fine-tuning for federated learning on mobile and web users.
Recommended citation: Bingyan Liu, Yifeng Cai, Hongzhe Bi, Ziqi Zhang, Ding Li, Yao Guo, and Xiangqun Chen. Beyond Fine-Tuning: Efficient and Effective Fed-Tuning for Mobile/Web Users. WWW 2023. https://dl.acm.org/doi/10.1145/3543507.3583579
FedSlice: Protecting Federated Learning Models from Malicious Participants with Model Slicing
Published in ICSE 2023, 2023
Presents model slicing as a defense against malicious participants in federated learning.
Recommended citation: Ziqi Zhang, Yuanchun Li, Bingyan Liu, Yifeng Cai, Ding Li, Yao Guo, and Xiangqun Chen. FedSlice: Protecting Federated Learning Models from Malicious Participants with Model Slicing. ICSE 2023. https://dl.acm.org/doi/abs/10.1109/ICSE48619.2023.00049
ReSPlay: Improving Cross-Platform Record-and-Replay with GUI Sequence Matching
Published in ISSRE 2023, 2023
Improves cross-platform record-and-replay of mobile apps using GUI sequence matching.
Recommended citation: Shaokun Zhang, Wu Linna, Yuanchun Li, Ziqi Zhang, Hanwei Lei, Ding Li, Yao Guo, and Xiangqun Chen. ReSPlay: Improving Cross-Platform Record-and-Replay with GUI Sequence Matching. ISSRE 2023. https://ieeexplore.ieee.org/document/10301234
SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution
Published in CCS 2023, 2023
Uses static symbolic execution to detect cross-boundary pointer vulnerabilities in SGX applications.
Recommended citation: Yuanpeng Wang, Ziqi Zhang, Ningyu He, Zhineng Zhong, Shengjian Guo, Qinkun Bao, Ding Li, Yao Guo, and Xiangqun Chen. SymGX: Detecting Cross-boundary Pointer Vulnerabilities of SGX Applications via Static Symbolic Execution. CCS 2023. https://dl.acm.org/doi/10.1145/3576915.3616639
Put Your Memory in Order: Efficient Domain-based Memory Isolation for WASM Applications
Published in CCS 2023, 2023
Presents efficient domain-based memory isolation techniques for WebAssembly applications.
Recommended citation: Hanwen Lei, Ziqi Zhang, Shaokun Zhang, Peng Jiang, Zhineng Zhong, Ningyu He, Ding Li, Yao Guo, and Xiangqun Chen. Put Your Memory in Order: Efficient Domain-based Memory Isolation for WASM Applications. CCS 2023. https://dl.acm.org/doi/10.1145/3576915.3623205
No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition Defenses
Published in IEEE S&P 2024, 2024
Analyzes the security limits of TEE-shielded DNN partition defenses for on-device ML.
Recommended citation: Ziqi Zhang, Chen Gong, Yuanyuan Yuan, Yifeng Cai, Bingyan Liu, Ding Li, Yao Guo, and Xiangqun Chen. No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition Defenses. IEEE S&P 2024. https://www.computer.org/csdl/proceedings-article/sp/2024/313000a052/1RjEarlPFew
FAMOS: Robust Privacy-Preserving Authentication on Payment Apps via Federated Multi-Modal Contrastive Learning
Published in USENIX Security 2024, 2024
Proposes robust privacy-preserving authentication for payment apps using federated multi-modal contrastive learning.
Recommended citation: Yifeng Cai, Ziqi Zhang, Jiaping Gui, Bingyan Liu, Xiaoke Zhao, Ruoyu Li, Zhe Li, and Ding Li. FAMOS: Robust Privacy-Preserving Authentication on Payment Apps via Federated Multi-Modal Contrastive Learning. USENIX Security 2024. https://www.usenix.org/conference/usenixsecurity24/presentation/cai-yifeng
Interference-free Operating System: A 6 Years’ Experience in Mitigating Cross-Core Interference in Linux
Published in RTSS 2024, 2024
Reports six years of experience mitigating cross-core interference in Linux for real-time systems.
Recommended citation: Zhaomeng Deng, Ziqi Zhang, Yao Guo, Yunfeng Ye, Yuxin Ren, Ning Jia, Xinwei Hu, and Ding Li. Interference-free Operating System: A 6 Years' Experience in Mitigating Cross-Core Interference in Linux. RTSS 2024. https://ieeexplore.ieee.org/document/10815640
TEESlice: Protecting Sensitive Neural Network Models in Trusted Execution Environments When Attackers have Pre-Trained Models
Published in ACM TOSEM 2025, 2025
Studies secure model protection in TEEs when adversaries also hold strong pre-trained models.
Recommended citation: Ding Li, Ziqi Zhang, Mengyu Yao, Yifeng Cai, Yao Guo, and Xiangqun Chen. TEESlice: Protecting Sensitive Neural Network Models in Trusted Execution Environments When Attackers have Pre-Trained Models. ACM TOSEM 2025. https://dl.acm.org/doi/10.1145/3707453
Query Provenance Analysis: Efficient and Robust Defense against Query-based Black-box Attacks
Published in IEEE S&P 2025, 2025
Proposes query provenance analysis as an efficient and robust defense against query-based black-box adversarial attacks.
Recommended citation: Shaofei Li, Ziqi Zhang, Haoming Jia, Yao Guo, Xiangqun Chen, and Ding Li. Query Provenance Analysis: Efficient and Robust Defense against Query-based Black-box Attacks. IEEE S&P 2025. https://ieeexplore.ieee.org/document/11021069
GroupCover: A Secure, Efficient and Scalable Inference Framework for On-device Model Protection based on TEEs
Published in ICML 2025, 2025
Presents a secure, efficient, and scalable inference framework for protecting on-device models using TEEs.
Recommended citation: Zheng Zhang, Na Wang, Ziqi Zhang, Tianyi Zhang, Jianwei Liu, Yao Zhang, and Ye Wu. GroupCover: A Secure, Efficient and Scalable Inference Framework for On-device Model Protection based on TEEs. ICML 2025.
Game of Arrows: On the (In-)Security of Weight Obfuscation for On-Device TEE-Shielded LLM Partition Algorithms
Published in USENIX Security 2025, 2025
Evaluates the security of weight-obfuscation-based protection in TEE-shielded LLM partition algorithms.
Recommended citation: Pengli Wang, Bingyou Dong, Yifeng Cai, Zheng Zhang, Junlin Liu, Huanran Xue, Ye Wu, Yao Zhang, and Ziqi Zhang. Game of Arrows: On the (In-)Security of Weight Obfuscation for On-Device TEE-Shielded LLM Partition Algorithms. USENIX Security 2025. https://ziqi-zhang.github.io/files/SEC25-GameOfArrows.pdf
I Can Tell Your Secrets: Inferring Privacy Attributes from Mini-app Interaction History in Super-apps
Published in USENIX Security 2025, 2025
Reveals how privacy attributes can be inferred from mini-app interaction histories in super-apps.
Recommended citation: Yifeng Cai, Ziqi Zhang, Mengyu Yao, Junlin Liu, Xiaoke Zhao, Xinyi Fu, Ruoyu Li, Zhe Li, Ding Li, Yao Guo, and Xiangqun Chen. I Can Tell Your Secrets: Inferring Privacy Attributes from Mini-app Interaction History in Super-apps. USENIX Security 2025.
MOSS: Proxy Model-based Full-Weight Aggregation in Federated Learning with Heterogeneous Models
Published in UbiComp 2025, 2025
Introduces a proxy model-based full-weight aggregation strategy for federated learning across heterogeneous models.
Recommended citation: Yifeng Cai, Ziqi Zhang, Ding Li, Yao Guo, and Xiangqun Chen. MOSS: Proxy Model-based Full-Weight Aggregation in Federated Learning with Heterogeneous Models. UbiComp 2025.
Membership and Memorization in LLM Knowledge Distillation
Published in EMNLP 2025, 2025
Investigates membership inference and memorization risks that arise during LLM knowledge distillation.
Recommended citation: Ziqi Zhang, Ali Shahin Shamsabadi, Hanxiao Lu, Yifeng Cai, and Hamed Haddadi. Membership and Memorization in LLM Knowledge Distillation. EMNLP 2025.
SEC-bench: Automated Benchmarking of LLM Agents on Real-World Software Security Tasks
Published in NeurIPS 2025, 2025
Introduces an automated benchmark for evaluating LLM agents on real-world software security tasks.
Recommended citation: Hwiwon Lee, Ziqi Zhang, Hanxiao Lu, and Lingming Zhang. SEC-bench: Automated Benchmarking of LLM Agents on Real-World Software Security Tasks. NeurIPS 2025.
AegisGuard: RL-Guided Adapter Tuning for TEE-Based Efficient Secure On-Device Inference
Published in NeurIPS 2025, 2025
Uses reinforcement learning-guided adapter tuning for efficient and secure on-device inference inside TEEs.
Recommended citation: Che Wang, Ziqi Zhang, Yinggui Wang, Tiantong Wang, Yurong Hao, Jianbo Gao, Tao Wei, Yang Cao, Zhong Chen, and Wei Yang Bryan Lim. AegisGuard: RL-Guided Adapter Tuning for TEE-Based Efficient Secure On-Device Inference. NeurIPS 2025.
PromoGuardian: Detecting Promotion Abuse Fraud with Multi-Relation Fused Graph Neural Networks
Published in IEEE S&P 2026, 2026
Detects promotion abuse fraud using a multi-relation fused graph neural network approach.
Recommended citation: Shaofei Li, Ziqi Zhang, Xiao Han, Zhenkai Liang, Yao Guo, Xiangqun Chen, Ding Li, Shuli Gao, and Minyao Hua. PromoGuardian: Detecting Promotion Abuse Fraud with Multi-Relation Fused Graph Neural Networks. IEEE S&P 2026.
talks
No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML
Published:
Invited seminar at NetSys, Imperial College London.
No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML
Published:
Invited industry talks on secure on-device ML with TEE-shielded DNN partitioning.
No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML
Published:
Seminar talk at UIUC CS591 Security Seminar.
AI Security on the Edge: TEE-Shielded Model Protection, Authentication, and User Privacy
Published:
Invited seminar on edge AI security and privacy.
On the (In-)Security of TEE-Shielded DNN Partition for On-Device ML
Published:
Invited workshop talk at Midwest Security Workshop.