Research interests include:
- Artificial Intelligence Security: Robust/Secure/Private AI systems, including training set poisoning; backdoor in the training set; adversarial examples; model theft; recovery of sensitive training data.
- Hardware Security: Hardware Trojan detection.
- Intellectual Properties Protection of Deep Learning Models.
I have been the PI of 17 research projects, and participated in 4 research projects.
I have published over 60 papers in security related journals and international conferences, including IEEE Transactions on Dependable and Secure Computing (CCF A), IEEE Transactions on Emerging Topics in Computing, IEEE Transactions on Artificial Intelligence， IEEE Transactions on Visualization and Computer Graphics（CCF A），IEEE Transactions on Neural Networks and Learning Systems， IEEE Transactions on Vehicular Technolgy，IEEE Transactions on Big Data，ACM Transactions on Multimedia Computing Communications and Applications， Information Sciences，Computers & Security (CCF B), Journal of Information Security and Applications (CCF C), Security and Communication Networks (CCF C), Applied Intelligence，Peer-to-Peer Networking and Applications (CCF C), IET Computers & Digital Techniques, Chinese Journal of Computers (CCF Chinese A), Acta Electronica Sinica (CCF Chinese A), and so on. In addition, over 10 papers are under review/arXiv.
Best Paper Award of ICCCS 2015.
IET High-Impact Paper.
IET CDT Editor's Choice Award.
I have also published 1 Book, 12 Patents, and
4 Software Copyrights.
Participated in two standards on artificial intelligence security.
1. One-to-N & N-to-One: Two Advanced Backdoor Attacks against Deep Learning Models. IEEE Transactions on Dependable and Secure Computing. 2020, SCI, CCF A, IF 7.329
2. AdvParams: An Active DNN Intellectual Property Protection Technique via Adversarial Perturbation Based Parameter Encryption . IEEE Transactions on Emerging Topics in Computing，2022，SCI，IF 7.691
3. Intellectual Property Protection for Deep Learning
Models: Taxonomy, Methods, Attacks, and
Evaluations. IEEE Transactions on Artificial Intelligence, 2021.
4. Use the Spear as a Shield: An Adversarial Example based Privacy-Preserving Technique against Membership Inference Attacks. IEEE Transactions on Emerging Topics in Computing，2022，SCI, IF 7.691
5. Adaptive 3D Mesh Steganography Based on Feature-Preserving Distortion. IEEE Transactions on Visualization and Computer Graphics . 2023， SCI，CCF A
6. Localization of Conventional Inpainting With Feature Enhancement Network. IEEE Transactions on Big Data, 2022, SCI
7. PS-Net: A Learning Strategy for Accurately Exposing the Professional Photoshop Inpainting. IEEE Transactions on Neural Networks and Learning Systems. 2023, SCI,
8. PRNU-based Image Forgery Localization With Deep Multi-Scale Fusion. ACM Transactions on Multimedia Computing Communications and Applications, 2022, SCI
9. Detection of Recolored Image by Texture Features in Chrominance Components. ACM Transactions on Multimedia Computing, Communications, and Applications. 2022, https://doi.org/10.1145/3571076，SCI
10. Detecting Backdoor in Deep Neural Networks via Intentional Adversarial Perturbations. Information Sciences . 中科院1区， SCI, 2023
11. LOPA: A Linear Offset Based Poisoning Attack Method Against Adaptive Fingerprint Authentication System. Computers & Security. 99, 2020, 102046, pp.1-13. SCI, CCF B, IF 4.438
12. PTB: Robust Physical Backdoor Attacks against Deep Neural Networks in Real World. Computers & Security, 2022. SCI, CCF B, IF 4.438
13. Dataset Authorization Control: Protect the Intellectual Property of Dataset via Reversible Feature Space Adversarial Examples. Applied Intelligence. 2022. SCI, IF 5.086.
14. Active Intellectual Property Protection for Deep Neural Networks through Stealthy Backdoor and Users' Identities Authentication. Applied Intelligence, 2022. SCI, IF 5.086
15. Compression-Resistant Backdoor Attack against Deep Neural Networks. Applied Intelligence, 2023. SCI, 中科院2区， IF 5.086.
16. NaturalAE: Natural and robust physical adversarial examples for object detectors. Journal of Information Security and Applications. 57 (2021) 102694, 1-12. SCI, CCF C, IF 3.872
17. Backdoors Hidden in Facial Features: A Novel Invisible Backdoor Attack against Face Recognition Systems. Peer-to-Peer Networking and Applications. 2021, 14:1458–1474. SCI, CCF C, IF 3.307
18. SocialGuard: An Adversarial Example Based Privacy-Preserving Technique for Social Images. Journal of Information Security and Applications. 2021. SCI, CCF C, IF 3.872
19. ActiveGuard: An active intellectual property protection technique for deep neural networks by leveraging adversarial examples as users' fingerprints. IET Computers & Digital Techniques, 2023, SCI
20. Ten years of hardware Trojans: a survey from the attacker's perspective. IET Computers & Digital Techniques. 2020, Vol. 14, Iss. 6, pp. 231-246. SCI
21. DPAEG: A Dependency Parse Based Adversarial Examples Generation Method for Intelligent Q&A Robots. Security and Communication Networks. 2020, Volume 2020, Article ID 5890820:1-15. SCI, CCF C
22. Machine Learning Security: Threats, Countermeasures, and Evaluations. IEEE Access, 2020, Vol 8, pp. 74720-74742. SCI
23. Active DNN IP Protection: A Novel User Fingerprint Management and DNN Authorization Control Technique. The 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom), 2020. EI, CCF C
24. DNN Intellectual Property Protection: Taxonomy, Attacks and Evaluations (Invited Paper). In Proceedings of the Great Lakes Symposium on VLSI 2021 (GLSVLSI '21), accepted. EI, CCF C, Session invited presentation and Invited Paper
25. Robust Backdoor Attacks against Deep Neural Networks in Real Physical World. The 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2021). EI, CCF C
26. Detect and Remove Watermark in Deep Neural Networks via Generative Adversarial Networks. 24th Information Security Conference (ISC) 2021. EI, CCF C, Accept rate 24%.
27. Sample-Specific Backdoor based Active Intellectual Property Protection for Deep Neural Networks. AICAS， 2022. EI， Special Session Invited talk and invited paper.
28. Embedding Backdoors as the Facial Features: Invisible Backdoor Attacks Against Face Recognition Systems. ACM TURC'20: Proceedings of the ACM Turing Celebration Conference - China. May 2020, Pages 231–235. EI, Selected for extension to journals.
29. Qing Tan, Shuren Qi, Yushu Zhang, Mingfu Xue. PRNU-based Image Forgery Localization With Convolutional Neural Network. IEEE 24th International Workshop on Multimedia Signal Processing. 2022, EI
30. ActiveGuard: Active Intellectual Property Protection for Deep Neural Networks via Adversarial Examples based User Fingerprinting. AAAI 2022 workshop, International Workshop on Practical Deep Learning in the Wild. EI
31. 傅志彬 ; 祁树仁 ; 张玉书 ; 薛明富. 基于稠密连接的深度修复定位网络 . 信息网络安全， 2022 年第 7 期， 84-93. CCF T3
32. 陈诺，祁树仁，张玉书，薛明富，花忠云. 基于通道间相关性的图像重着色检测. 网络与信息安全学报，2022，第8 卷第5 期，167-178. CCF中文C类
33.祁树仁，张玉书，薛明富，花忠云 . 面向多畸变稳健性的图像归因算法. 信息网络安全. 2023, 23(04), 30-38. CCF计算领域高质量科技期刊分级目录T3类
ArXiv (Preprint)/Under review, 2020-2022:
1. 3D Invisible Cloak. arXiv:2011.13705 (2020)
2. InFIP: An Explainable DNN Intellectual Property Protection Method based on Intrinsic Features.
3. Imperceptible and Multi-channel Backdoor Attack against Deep Neural Networks
4. Adaptive 3D Mesh Steganography Based on Feature-Preserving Distortion (2021)
and so on.
2019 and earlier:
Please refer to
Google Scholar, and so on.
- 2014/5 – now, College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Faculty
- 2011/7 - 2012/7, School of electrical and electronic engineering, Nanyang Technological University, Singapore, Research intern, Supvisor: Prof. Chang Chip-Hong, IEEE Fellow
- 2010/9 - 2014/4, Information and Communication Engineering (Information security), Southeast University, Ph.D, Supvisor: Prof. Hu Aiqun
- 2008/9 - 2010/7, Information and Communication Engineering (Information security), Southeast University, Master, Supvisor: Prof. Hu Aiqun
- 2004/9 - 2008/7, Electronic and Information Engineering, Southwest Jiaotong University, Bachelor
(Special Grade Scholarship for 4 times)
Principal Investigator of Projects/Fundings:
- National Natural Science Foundation of China（面上）;
- National Natural Science Foundation of China（青基）;
- CCF - NSFOCUS Kunpeng research plan funding (2021, Only 14 people won that award);
- CCF - VENUSTECH Hongyan research plan funding (2016, Only 16 people won that award);
- CCF - NSFOCUS Kunpeng research plan funding (2017, Only 11 people won that award);
- Natural Science Foundation of Jiangsu Province;
- Aeronautical science foundation；
- Chinese Postdoctoral Science Foundation;
- Jiangsu Province Postdoctoral Science Foundation;
- Project of Institute of Chinese Aerospace 503;
- Project of CETC 30;
- Project of
Sangfor Technologies Inc.;
- Open Project Foundation of Information Technology Research Base of Civil Aviation Administration of China;
- The Fundamental Research Funds for the Central Universities;
- Three Teaching Projects;
- National Natural Science Foundation of China Projects;
- National Natural Science Foundation of China Projects;
- One Teaching Project;
- Committee member of the Chinese Artificial Intelligence and Security Professional Committee;
- Executive Committee Member of ACM Nanjing branch;
- Committee Member of the Digital Media Forensics and Security Committee of the China Society of Image and Graphics;
- China Artificial Intelligence Society Youth Working Committee Member;
- Committee member of Computer network and distributed computing Specialized Committee of Jiangsu Province;
- Publishing Chair of ChinaMFS 2022;
- Program Chair of the 3rd Chinese Symposium on Hardware Security;
- Committee member of Intelligence and Security Committee of Jiangsu Artificial Intelligence Society;
- Committee member of Data Security Special Committee of Jiangsu Cyberspace Security Society;
- Special Committee Member on Artificial Intelligence Security of Jiangsu Cyberspace Security Society;
- IEEE Senior Member, CCF Senior Member, ACM member, CAAI member, CSIG member;
Technical Program Committee (TPC)
- 2015: ICCCS2015；CBD2015;
- 2016: CBD2016;
- 2017: IEEE GLOBECOM2017;
- 2018: IEEE GLOBECOM2018；CBD2018；IEEE COMNETSAT2018；全国硬件安全论坛;
- 2019: IEEE GLOBECOM2019；IEEE COMNETSAT2019；IEEE GCC2019；IEEE MENACOMM'19；SSCC-2019；3ICT'19；CFTC2019；ICCCN2019-BDMLS workshop；CBD 2019；SSCC-CIS-2019；
- 2020: ICCCN-BDMLS workshop2020；CCF CTC2020；CBD2020；ACM TURC 2020；3ICT2020；Globecom2020； ATS 2020
- 2021: ACM TURC 2021；AITS 2021；SIoTEC 2021；ATS 2021；Globecom2021 CISS；CBD2021
- 2022: Globecom2022 CISS TPC；AITS2022；ATS2022；CBD2022；
- 2023: ICCSI 2023; Globecom 2023 CISS TPC； ATS2023； AsianHOST2023；TRIDENTCOM2023；
- IEEE Transactions on Information Forensics & Security;
IEEE Transactions on Dependable and Secure Computing;
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems;
IEEE Transactions on Circuits and Systems I: Regular Papers.
IEEE Transactions on Circuits and Systems II: Express Briefs.
IEEE Transactions on Emerging Topics in Computing;
IEEE Transactions on Artificial Intelligence;
IEEE Transactions on Software Engineering;
IEEE Transactions on Image Processing;
IEEE Transactions on VLSI Systems;
IEEE Transactions on Sustainable Computing;
IEEE Transactions on Reliability;
IEEE Transactions on Big Data;
ACM Transactions on Design Automation of Electronic Systems;
IEEE Journal on Selected Areas in Communications(通信顶刊);
IEEE Signal Processing Letters；
IEEE Embedded Systems Letters;
ACM Journal on Emerging Technologies in Computing Systems;
IET Computers & Digital Techniques;
IET Cyber-Physical Systems: Theory & Applications;
Computers and Security;
Journal of Information Security and Applications;
Future Generation Computer Systems;
Knowledge and Information Systems;
Frontiers of Computer Science;
Integration, the VLSI Journal；
Peer-to-Peer Networking and Applications；
Image and Vision Computing；
Security and Communication Networks；
Expert Systems With Applications；
Computer Modeling in Engineering and Sciences；
Wireless Communications and Mobile Computing；
International Journal of Distributed Sensor Networks;
Journal of Intelligent & Fuzzy Systems;
Journal of Internet Technology;
Chinese Journal of Electronics;
Microprocessors and Microsystems;
EURASIP Journal on Wireless Communications and Networking；
Journal of Semiconductors;
Journal of King Saud University - Computer and Information Sciences；
Journal of Sensors；
IETE Journal of Research;
Information Security Journal: A Global Perspective；
International Journal of Automation and Computing；
Software: Practice and Experience；
Recent Patents on Computer Science;
Recent Patents on Engineering;
Recent Advances in Computer Science and Communications;
Journal of Current Science and Technology；
Review applications for the Estonian Research Council（评审爱沙尼亚研究委员会基金）
- 2013: IEEE WCNC;
- 2015: ICCCS2015, CBD2015;
- 2016: CHES2016, CBD2016;
- 2017: IEEE ISCAS2017, IEEE MWSCAS2017, IEEE ASAP2017, ISPACS2017, CBD2017,IEEE GLOBECOM2017;
- 2018: IEEE GLOBECOM2018, IEEE MWSCAS2018, CBD2018;
- 2019: IEEE ISCAS2019； ISVLSI 2019； IEEE MWSCAS 2019； CFTC2019； IEEE MENACOMM'19； ICCCN2019-BDMLS workshop； MLICOM 2019； IEEE Globecom2019； IEEE COMNETSAT 2019； CBD 2019； 3ICT'19；SSCC-2019；
- 2020: ISCAS2020； ICCCN-BDMLS workshop2020； ACM TURC 2020； CCF CTC2020； Globecom2020； CBD2020； AJCAI2020； 3ICT2020；ATS 2020；
- 2021: AITS 2021； SIoTEC 2021； ATS 2021； Globecom2021 CISS；CBD2021；
- 2022: ISCAS 2022；Globecom2022 CISS； CVPR 2022； ECCV 2022; ATS 2022； CBD2022； 3rd CSIG ChinaMFS 2022；
- 2023: CVPR 2023 ；ICCV2023；Globecom 2023； ICCSI 2023； ATS2023；AsianHOST2023；