About Me

I am a PhD student at the University of Queensland, working under the supervision of A/Prof. Guangdong Bai and Dr. Jason Xue. I’m currently serving as the HDR representative for the CSS discipline. My research is generously supported by the RTP Scholarship and CSIRO’s Data61 Top-up Scholarship. I am also honored with the Google PhD Fellowship, 2024.

Research Interests

My research interests are to tackle real-world security & privacy issues of machine learning systems in a formally verifiable manner. My works have been published in leading venues, including IEEE S&P, ACM CCS, USENIX Security, NeurIPS, WWW, WACV, and IEEE TCSS. I also work closely with my colleague Zhongkui Ma on NNV. Some of my recent projects include:

AI Model Usage Control
- Logit-level Model Modulation: AIM@WWW25
- Neuron-level Usage Control: CoreLocker@IEEE S&P24
ML Privacy Compliance
- Algorithmic Purpose Limitation: AlgoSpec@USENIX Security24
- Token-level Gradient Inversion: Grab@ACM CCS24
- Multi-modal Membership Inference: M⁴I@NeurIPS22

News

[Jan. 2025] Our paper on model modulation is accepted by WWW’25.
[Oct. 2024] I’m awarded the Google PhD Fellowship!
[Oct. 2024] I am invited to serve as a PC member for PAKDD’25.
[Aug. 2024] Our paper on GIA in language model is accepted by ACM CCS’24.
[Mar. 2024] Our paper on NN usage control is accepted by IEEE S&P’24.
[Feb. 2024] Our paper on purpose limitation is accepted by USENIX Security’24.
[Dec. 2023] Our paper on deep data hiding is accepted by IEEE TCSS.
[Oct. 2023] Our paper on knowledge distillation is accepted by WACV’24.
[Aug. 2023] Our paper on formalizing NN perturbation is accepted by ICFEM’23.
[Dec. 2022] Graduated with a B.CS (Adv.) from the University of Adelaide! [2020-22]
[Nov. 2022] Excited to have presented at my first conference @ NeurIPS in New Orleans!
[Sep. 2022] Our paper on multi-modal model MIA is accepted by NeurIPS’22.

Selected Publications

WWW'25

AI Model Modulation with Logits Redistribution

Zihan Wang, Zhongkui Ma, Xinguo Feng, Zhiyang Mei, Zhiyong Ma, Derui Wang, Minhui Xue, Guangdong Bai.

The Web Conference (WWW), Apr. 2025.

PDF

BibTeX

@inproceedings{wang2025aim,
  title={AI Model Modulation with Logits Redistribution},
  author={Wang, Zihan and Ma, Zhongkui and Feng, Xinguo and Mei, Zhiyang and Ma, Zhiyong and Wang, Derui and Wang, Hu and Xue, Minhui and Bai, Guangdong.},
  year = {2025},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {https://doi.org/10.1145/3696410.3714737},
  doi = {10.1145/3696410.3714737},
  booktitle = {Proceedings of the ACM Web Conference 2025},
  location = {Sydney, Australia},
  series = {WWW'25}
}

S&P'24

CoreLocker: Neuron-level Usage Control

Zihan Wang, Zhongkui Ma, Xinguo Feng, Ruoxi Sun, Hu Wang, Minhui Xue, Guangdong Bai.

IEEE Symposium on Security and Privacy (S&P), Mar. 2024.

PDF Website

BibTeX

@inproceedings{wang2024corelocker,
  title={CoreLocker: Neuron-level Usage Control},
  author={Wang, Zihan and Ma, Zhongkui and Feng, Xinguo and Sun, Ruoxi and Wang, Hu and Xue, Minhui and Bai, Guangdong.},
  booktitle={IEEE Symposium on Security and Privacy (S\&P)},
  doi = {10.1109/SP54263.2024.00182},
  url = {https://doi.ieeecomputersociety.org/10.1109/SP54263.2024.00182},
  pages = {222-222},
  year={2024}
}

USENIX'24

Being Transparent is Merely the Beginning: Enforcing Purpose Limitation with Polynomial Approximation

Shuofeng Liu, Zihan Wang, Minhui Xue, Long Wang, Yuanchao Zhang, Guangdong Bai.

USENIX Security, Feb. 2024.

PDF

BibTeX

@inproceedings{liu2024purpose,
  title={Being Transparent is Merely the Beginning: Enforcing Purpose Limitation with Polynomial Approximation},
  author={Liu, Shuofeng and Wang, Zihan and Xue, Minhui and Wang, Long and Zhang, Yuanchao and Bai, Guangdong.},
  journal={USENIX Security},
  year={2024}
}

CCS'24
Uncovering Gradient Inversion Risks in Practical Language Model Training

Xinguo Feng, Zhongkui Ma, Zihan Wang, Chegne Eu Joe, Mengyao Ma, Alsharif Abuadbba, Guangdong Bai.

ACM Computer and Communications Security Conference (CCS), Aug. 2024.
PDF
BibTeX

@inproceedings{ }

TCSS

Data Hiding With Deep Learning: A Survey Unifying Digital Watermarking and Steganography

Zihan Wang, Olivia Byrnes, Hu Wang, Ruoxi Sun, Congbo Ma, Huaming Chen, Qi Wu, Minhui Xue.

IEEE Transactions on Computational Social Systems (TCSS), Dec. 2023.

PDF

BibTeX

@article{wang2023data,
  title={Data hiding with deep learning: a survey unifying digital watermarking and steganography},
  author={Wang, Zihan and Byrnes, Olivia and Wang, Hu and Sun, Ruoxi and Ma, Congbo and Chen, Huaming and Wu, Qi and Xue, Minhui},
  journal={IEEE Transactions on Computational Social Systems},
  year={2023},
  publisher={IEEE}
}

NeurIPS'22

M⁴I: Multi-modal Models Membership Inference

Pingyi Hu, Zihan Wang*, Ruoxi Sun, Hu Wang, Minhui Xue.

Neural Information Processing Systems (NeurIPS), Sep. 2022.

PDF

BibTeX

@inproceedings{hu2022m,
  title={M $\^{} 4$ I: Multi-modal Models Membership Inference},
  author={Hu, Pingyi and Wang, Zihan and Sun, Ruoxi and Wang, Hu and Xue, Minhui},
  journal={Advances in Neural Information Processing Systems},
  volume={35},
  pages={1867--1882},
  year={2022}
}

WACV'24

BPKD: Boundary Privileged Knowledge Distillation For Semantic Segmentation

Liyang Liu, Zihan Wang, Minh Hieu Phan, Bowen Zhang, Jinchao Ge, Yifan Liu.

IEEE/CVF Winter Conference on Applications of Computer Vision (WACV), Oct. 2023.

PDF

BibTeX

@inproceedings{liu2024bpkd,
  title={BPKD: Boundary Privileged Knowledge Distillation For Semantic Segmentation},
  author={Liu, Liyang and Wang, Zihan and Phan, Minh Hieu and Zhang, Bowen and Ge, Jinchao and Liu, Yifan},
  booktitle={Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision},
  pages={1062--1072},
  year={2024}
}