publications

2025

1. GradShield: Alignment Preserving Finetuning

   Zhanhao Hu, Xiao Huang, Patrick Mendoza, Emad Alghamdi, Basel Alomair, Raluca Ada Popa, and David Wagner

   2025

   

2. arxiv

   Better Privilege Separation for Agents by Restricting Data Types

   Dennis Jacob, Emad Alghamdi*, Zhanhao Hu*, Basel Alomair, and David Wagner

   arXiv preprint arXiv:2509.25926, 2025

   Bib arXiv

   @article{jacob2025better,
     title = {Better Privilege Separation for Agents by Restricting Data Types},
     author = {Jacob, Dennis and Alghamdi*, Emad and Hu*, Zhanhao and Alomair, Basel and Wagner, David},
     journal = {arXiv preprint arXiv:2509.25926},
     year = {2025},
   }

   

3. arxiv

   JULI: Jailbreak Large Language Models by Self-Introspection

   Jesson Wang*, Zhanhao Hu*, and David Wagner

   arXiv preprint arXiv:2505.11790, 2025

   Bib arXiv

   @article{wang2025juli,
     title = {JULI: Jailbreak Large Language Models by Self-Introspection},
     author = {Wang*, Jesson and Hu*, Zhanhao and Wagner, David},
     journal = {arXiv preprint arXiv:2505.11790},
     year = {2025},
   }

   

4. Multimodal Physical Adversarial Clothing Evades Visible-Thermal Detectors with Non-Overlapping RGB-T Pattern

   Xiaopei Zhu, Guanning Zeng, Zhanhao Hu, Jun Zhu, and Xiaolin Hu

   2025

   

5. AISec

   Jailbreaksovertime: Detecting jailbreak attacks under distribution shift

   Julien Piet, Xiao Huang, Dennis Jacob, Annabella Chow, Maha Alrashed, Geng Zhao, Zhanhao Hu, Chawin Sitawarin, Basel Alomair, and David Wagner

   arXiv preprint arXiv:2504.19440, 2025

   Bib arXiv Code

   @article{piet2025jailbreaksovertime,
     title = {Jailbreaksovertime: Detecting jailbreak attacks under distribution shift},
     author = {Piet, Julien and Huang, Xiao and Jacob, Dennis and Chow, Annabella and Alrashed, Maha and Zhao, Geng and Hu, Zhanhao and Sitawarin, Chawin and Alomair, Basel and Wagner, David},
     journal = {arXiv preprint arXiv:2504.19440},
     year = {2025},
   }

   

6. CODASPY

   Promptshield: Deployable detection for prompt injection attacks

   Dennis Jacob, Hend Alzahrani, Zhanhao Hu, Basel Alomair, and David Wagner

   In Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy, 2025

   Bib arXiv Code

   @inproceedings{jacob2025promptshield,
     link = {https://doi.org/10.1145/3714393.3726501},
     title = {Promptshield: Deployable detection for prompt injection attacks},
     author = {Jacob, Dennis and Alzahrani, Hend and Hu, Zhanhao and Alomair, Basel and Wagner, David},
     booktitle = {Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy},
     pages = {341--352},
     year = {2025},
   }

   

7. TPAMI

   Physical Adversarial Examples for Person Detectors in Thermal Images Based on 3D Modeling

   Xiaopei Zhu, Siyuan Huang, Zhanhao Hu, Jianmin Li, Jun Zhu, and Xiaolin Hu

   IEEE Transactions on Pattern Analysis and Machine Intelligence, 2025

   Bib

   @article{zhu2025physical,
     title = {Physical Adversarial Examples for Person Detectors in Thermal Images Based on 3D Modeling},
     author = {Zhu, Xiaopei and Huang, Siyuan and Hu, Zhanhao and Li, Jianmin and Zhu, Jun and Hu, Xiaolin},
     journal = {IEEE Transactions on Pattern Analysis and Machine Intelligence},
     year = {2025},
     publisher = {IEEE},
     link = {https://ieeexplore.ieee.org/document/11048509},
   }

   

2024

1. Neurips

   Spotlight

   Toxicity Detection for Free

   Zhanhao Hu, Julien Piet, Geng Zhao, Jiantao Jiao, and David Wagner

   In The Thirty-Eighth Annual Conference on Neural Information Processing Systems (Neurips), 2024

   Bib arXiv Code

   @inproceedings{hu2024toxicity,
     emph = {Spotlight},
     title = {Toxicity Detection for Free},
     author = {Hu, Zhanhao and Piet, Julien and Zhao, Geng and Jiao, Jiantao and Wagner, David},
     booktitle = {The Thirty-Eighth Annual Conference on Neural Information Processing Systems (Neurips)},
     year = {2024},
   }

   

2. Neurips

   Full-Distance Evasion of Pedestrian Detectors in the Physical World

   Zhi Cheng, Zhanhao Hu, Yuqiu Liu, Jianmin Li, Hang Su, and Hu Xiaolin

   In The Thirty-Eighth Annual Conference on Neural Information Processing Systems (Neurips), 2024

   Bib arXiv Code

   @inproceedings{cheng2024FDA,
     title = {Full-Distance Evasion of Pedestrian Detectors in the Physical World},
     author = {Cheng, Zhi and Hu, Zhanhao and Liu, Yuqiu and Li, Jianmin and Su, Hang and Xiaolin, Hu},
     booktitle = {The Thirty-Eighth Annual Conference on Neural Information Processing Systems (Neurips)},
     year = {2024},
   }

   

3. CVPR

   Language-Driven Anchors for Zero-Shot Adversarial Robustness

   Xiao Li, Wei Zhang, Yining Liu, Zhanhao Hu, Bo Zhang, and Xiaolin Hu

   In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2024

   Bib arXiv Code

   @inproceedings{li2023anchor,
     title = {Language-Driven Anchors for Zero-Shot Adversarial Robustness},
     author = {Li, Xiao and Zhang, Wei and Liu, Yining and Hu, Zhanhao and Zhang, Bo and Hu, Xiaolin},
     booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
     year = {2024},
   }

   

4. CVPR

   Infrared Adversarial Car Stickers

   Xiaopei Zhu, Yuqiu Liu, Zhanhao Hu, Jianmin Li, and Xiaolin Hu

   In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2024

   Bib arXiv

   @inproceedings{zhu2023infrared,
     title = {Infrared Adversarial Car Stickers},
     author = {Zhu, Xiaopei and Liu, Yuqiu and Hu, Zhanhao and Li, Jianmin and Hu, Xiaolin},
     booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
     year = {2024},
   }

   

5. arxiv

   Perfect gradient inversion in federated learning: A new paradigm from the hidden subset sum problem

   Qiongxiu Li, Lixia Luo, Agnese Gini, Changlong Ji, Zhanhao Hu, Xiao Li, Chengfang Fang, Jie Shi, and Xiaolin Hu

   arXiv preprint arXiv:2409.14260, 2024

   arXiv
6. TIFS

   On the Privacy Effect of Data Enhancement via the Lens of Memorization

   Xiao Li, Qiongxiu Li, Zhanhao Hu, and Xiaolin Hu

   IEEE Transactions on Information Forensics and Security (IEEE TIFS), 2024

   Bib arXiv

   @article{li2022privacy,
     link = {https://ieeexplore.ieee.org/document/10478637},
     title = {On the Privacy Effect of Data Enhancement via the Lens of Memorization},
     author = {Li, Xiao and Li, Qiongxiu and Hu, Zhanhao and Hu, Xiaolin},
     journal = {IEEE Transactions on Information Forensics and Security (IEEE TIFS)},
     year = {2024},
     volume = {19},
     number = {},
     pages = {4686-4699},
   }

   

2023

1. CVPR

   Physically Realizable Natural-Looking Clothing Textures Evade Person Detectors via 3D Modeling

   Zhanhao Hu*, Wenda Chu*, Xiaopei Zhu, Hui Zhang, Bo Zhang, and Xiaolin Hu

   In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2023

   Bib arXiv Code Video

   @inproceedings{hu2023physically,
     title = {Physically Realizable Natural-Looking Clothing Textures Evade Person Detectors via 3D Modeling},
     author = {Hu*, Zhanhao and Chu*, Wenda and Zhu, Xiaopei and Zhang, Hui and Zhang, Bo and Hu, Xiaolin},
     booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
     year = {2023},
   }

   
2. Appli.

   Hiding from infrared detectors in real world with adversarial clothes

   Xiaopei Zhu, Zhanhao Hu, Siyuan Huang, Jianmin Li, Xiaolin Hu, and Zheyao Wang

   Applied Intelligence, 2023

   Bib

   @article{zhu2023hiding,
     link = {https://link.springer.com/article/10.1007/s10489-023-05102-5},
     title = {Hiding from infrared detectors in real world with adversarial clothes},
     author = {Zhu, Xiaopei and Hu, Zhanhao and Huang, Siyuan and Li, Jianmin and Hu, Xiaolin and Wang, Zheyao},
     journal = {Applied Intelligence},
     volume = {53},
     number = {23},
     pages = {29537--29555},
     year = {2023},
     publisher = {Springer},
   }

   

3. ISCC

   Driving into Danger: Adversarial Patch Attack on End-to-End Autonomous Driving Systems Using Deep Learning

   Tong Wang, Xiaohui Kuang, Hu Li, Qianjin Du, Zhanhao Hu, Huan Deng, and Gang Zhao

   In 2023 IEEE Symposium on Computers and Communications (ISCC), 2023

   Bib

   @inproceedings{wang2023driving,
     title = {Driving into Danger: Adversarial Patch Attack on End-to-End Autonomous Driving Systems Using Deep Learning},
     author = {Wang, Tong and Kuang, Xiaohui and Li, Hu and Du, Qianjin and Hu, Zhanhao and Deng, Huan and Zhao, Gang},
     booktitle = {2023 IEEE Symposium on Computers and Communications (ISCC)},
     pages = {995--1000},
     year = {2023},
     organization = {IEEE},
   }

   

2022

1. CVPR

   Oral

   Adversarial Texture for Fooling Person Detectors in the Physical World

   Zhanhao Hu, Siyuan Huang, Xiaopei Zhu, Fuchun Sun, Bo Zhang, and Xiaolin Hu

   In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2022

   Bib arXiv Code Video

   @inproceedings{hu2022adversarial,
     emph = {Oral},
     title = {Adversarial Texture for Fooling Person Detectors in the Physical World},
     author = {Hu, Zhanhao and Huang, Siyuan and Zhu, Xiaopei and Sun, Fuchun and Zhang, Bo and Hu, Xiaolin},
     booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
     pages = {13307--13316},
     year = {2022},
   }

   
2. CVPR

   Oral

   Infrared Invisible Clothing: Hiding from Infrared Detectors at Multiple Angles in Real World

   Xiaopei Zhu, Zhanhao Hu, Siyuan Huang, Jianmin Li, and Xiaolin Hu

   In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2022

   Bib arXiv Video_1 Video_2

   @inproceedings{zhu2022infrared,
     emph = {Oral},
     title = {Infrared Invisible Clothing: Hiding from Infrared Detectors at Multiple Angles in Real World},
     author = {Zhu, Xiaopei and Hu, Zhanhao and Huang, Siyuan and Li, Jianmin and Hu, Xiaolin},
     booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
     pages = {13317--13326},
     year = {2022},
   }

   
3. Neuro.

   Amplification Trojan Network: Attack Deep Neural Networks by Amplifying Their Inherent Weakness

   Zhanhao Hu, Jun Zhu, Bo Zhang, and Xiaolin Hu

   Neurocomputing, 2022

   Bib arXiv Code

   @article{hu2022amplification,
     link = {https://www.sciencedirect.com/science/article/abs/pii/S0925231222008773},
     title = {Amplification Trojan Network: Attack Deep Neural Networks by Amplifying Their Inherent Weakness},
     author = {Hu, Zhanhao and Zhu, Jun and Zhang, Bo and Hu, Xiaolin},
     journal = {Neurocomputing},
     volume = {505},
     pages = {142--153},
     year = {2022},
     publisher = {Elsevier},
   }

   

2017

1. ICONIP

   An STDP-based Supervised Learning Algorithm for Spiking Neural Networks

   Zhanhao Hu, Tao Wang, and Xiaolin Hu

   In International Conference on Neural Information Processing (ICONIP), 2017

   Bib arXiv Code

   @inproceedings{hu2017stdp,
     link = {https://link.springer.com/chapter/10.1007/978-3-319-70096-0_10},
     title = {An STDP-based Supervised Learning Algorithm for Spiking Neural Networks},
     author = {Hu, Zhanhao and Wang, Tao and Hu, Xiaolin},
     booktitle = {International Conference on Neural Information Processing (ICONIP)},
     pages = {92--100},
     year = {2017},
     organization = {Springer},
   }