🧐 About Me

Hi there! I am a first-year PhD student in Computer Science at the ETH Zurich, under the supervision of Prof. Florian Tramèr. I completed my master’s degree in Software Engineering at Zhejiang University in March 2023, advised by Prof. Chao Wu. Before that, I received my Bachelor’s degree at Hainan University in July 2020.

Research Interests:

🤔 For my PhD study, my primary focus is on examining the potential security and privacy risks in ML systems, both in their current state and as they evolve in the future. My research aims to uncover vulnerabilities and develop strategies to mitigate these risks, ultimately contributing to the development of more secure and privacy-preserving machine learning technologies.

🔥 News

2024.04: Please feel free to review my first PhD project, Evaluations of Machine Learning Privacy Defenses are Misleading. Blogpost
2024.01: Real-Fake is accepted by ICLR 2024.
2023.10: Please feel free to review the project I recently collaborated on, Real-Fake: Effective Training Data Synthesis Through Distribution Matching.
2023.07: Two papers are accepted by ICCV 2023 (one first-authored)!
2023.03: 🎉 I graduate from ZJU with First-Class Honours.
2023.02: One paper (co-first author) is accepted by CVPR 2023 (Highlight; 2.5% acceptance rate )!
2023.01: One first-authored paper is accepted by ICLR 2023!
2022.11: One first-authored paper is accepted by AAAI 2023 (Oral)!
2022.09: One first-authored paper is accepted by NeurIPS 2022!
2022.05: One first-authored paper is accepted by ICML 2022!
2022.03: One first-authored paper is accepted by CVPR 2022!

📝 Selected Publications

(^* indicates equal contribution; ^# indicates corresponding authorship. See full list of publications here. )

ICLR 2024

Real-Fake: Effective Training Data Synthesis Through Distribution Matching
Jianhao Yuan, Jie Zhang, Shuyang Sun, Philip Torr, Bo Zhao^#. (ICLR 2024) code

In this paper, through extensive experiments, we demonstrate the effectiveness of our synthetic data across diverse image classification tasks, both as a replacement for and augmentation to real datasets. Specifically, we achieve 70.9% top1 classification accuracy on ImageNet1K when training solely with synthetic data equivalent to 1 X the original real data size, which increases to 76.0% when scaling up to 10 X synthetic data.

CVPR 2022

Towards Efficient Data-Free Black-box Adversarial Attack
Jie Zhang^*, Bo Li^*, Jianghe Xu, Shuang Wu, Shouhong Ding, Chao Wu^#. (CVPR 2022) code

In this paper, by rethinking the collaborative relationship between the generator and the substitute model, we design a novel black-box attack framework. The proposed method can efficiently imitate the target model through a small number of queries and achieve high attack success rate.

ICML 2022

Federated Learning with Label Distribution Skew via Logits Calibration
Jie Zhang, Zhiqi Li, Bo Li, Jianghe Xu, Shuang Wu, Shouhong Ding, Chao Wu^#. (ICML 2022)

In this work, we investigate the label distribution skew from a statistical view. We demonstrate both theoretically and empirically that previous methods based on softmax crossentropy are not suitable, which can result in local models heavily overfitting to minority classes and missing classes. Then, we propose FedLC (Federated learning via Logits Calibration), which calibrates the logits before softmax cross-entropy according to the probability of occurrence of each class.

CVPR 2023, highlight

Accelerating Dataset Distillation via Model Augmentation
Jie Zhang^*, Lei Zhang^*, Bowen Lei, Subhabrata Mukherjee, Xiang Pan, Bo Zhao, Caiwen Ding, Yao Li, Dongkuan Xu^#. (CVPR 2023) code

In this paper, we assume that training the synthetic data with diverse models leads to better generalization performance. Thus we propose two model augmentation techniques, i.e., using early-stage models and weight perturbation to learn an informative synthetic set with significantly reduced training cost. Extensive experiments demonstrate that our method achieves up to 20× speedup and comparable performance on par with state-of-the-art baseline methods.

NeurIPS 2022

DENSE: Data-Free One-Shot Federated Learning
Jie Zhang^*, Chen Chen^*, Bo Li, Lingjuan Lyu, Shuang Wu, Shouhong Ding, Chunhua Shen, Chao Wu^#. (NeurIPS 2022) code

The paper focuses on one-shot federated learning, i.e., the server can learn a model with a single communication round. The proposed FedSyn method has two stages: first, training a generator from the ensemble of models from clients; second, distilling the knowledge of the ensemble into a global model with synthetic data. We validate the efficacy of FedSyn by conducting extensive experiments on 6 different datasets with various non-IID settings generated from Dirichlet distributions. Results can well support that the proposed method consistently outperforms all the baselines.

🎖 Honors and Awards

2021.05 We won the first prize on CVPR21 Workshop (Adversarial Machine Learning in Real-World Computer Vision Systems and Online Challenges, rank: 1 / 1558).
2022.10 China National Scholarship, Zhejiang University, 2022
Outstanding Student Scholarship, First Prize, Hainan University, 2018, 2019, 2020.

📖 Educations

^🎓 2020.09 - 2023.03, Master, Zhejiang University, China.
^🎓 2016.09 - 2020.06, Undergraduate, Hainan University, China.

💬 Services

Journal Reviewer:
- IEEE Transactions on Neural Networks and Learning Systems
- Neural Networks
- IEEE Transactions on Pattern Analysis and Machine Intelligence
Conference Reviewer: ICLR, AAAI, CVPR, ICML, ECCV, ICCV, NeurIPS.

💻 Internships

2021.11 - 2022.06, Sony AI, Research Intern, Tokyo.
2020.10 - 2021.10, Tencent, Youtu Lab, Research Intern, Shanghai.
2019.11 - 2020.4, Alibaba, AliExpress, Software Engineer, Hangzhou.

🎙 Miscellaneous

Travel

I enjoy the time traveling with my families and friends. I am always excited about visiting new places and knowing different cultures.

My cat

My girlfriend and I have three cats together, they are very adorable and have brought a lot of fun to our lives!

图片名称