Xiaoyu Liang

Note - Robust Yet Efficient Conformal Prediction Sets

2025-04-15T00:00:00+00:00

This repository contains a presentation I prepared for the paper “Robust Yet Efficient Conformal Prediction Sets” by Zargarbashi et al. (2024), presented at ICML 2024.

All core aspects—including the problem statement, methodology, intuition, results, and contributions—are clearly outlined in the accompanying slides. Please refer to the slides for the full details and visual breakdown.

Quick Overview

Problem Addressed: Enhancing conformal prediction (CP) to withstand adversarial attacks such as evasion and poisoning.
Approach: Deriving provably robust prediction sets by bounding worst-case changes in conformity scores.
Outcome: More efficient and reliable prediction sets that maintain theoretical coverage guarantees across both continuous and discrete data modalities.

📄 Download slides overviewing Robust CP

Reference

Zargarbashi, Soroush H., Mohammad Sadegh Akhondzadeh, and Aleksandar Bojchevski. “Robust Yet Efficient Conformal Prediction Sets.” In International Conference on Machine Learning, 2024.

Note - LAMD: Context-driven Android Malware Detection and Classification with LLMs

2025-04-04T00:00:00+00:00

This repository contains a brief presentation I prepared for the paper “LAMD: Context-driven Android Malware Detection and Classification with LLMs” by Qian et al. (2025).

All key elements—including the problem, main challenges, core intuitions, methodology, results, and contributions—are explained in the accompanying slides. Please refer to the slides for the complete breakdown.

📄 Download slides overviewing LAMD

Reference

Qian, Xingzhi, Xinran Zheng, Yiling He, Shuo Yang, and Lorenzo Cavallaro. “Lamd: Context-driven android malware detection and classification with llms.” In 2025 IEEE Security and Privacy Workshops (SPW), 2025.

Adversarial Defenses on Graph: Heuristic and Certified

2024-06-21T00:00:00+00:00

This blog post provides an overview of adversarial defense techniques on graph-structured data.

In the slides (linked below), I introduce both heuristic defenses and certified defenses for graphs. I particularly focus on randomized smoothing (RS)-based certified defense methods, which have become popular due to their generality and ease of implementation.

Additionally, I describe my own approach, CiDer, which is a black-box method for certifying node classification models. Compared with standard RS-based approaches, CiDer avoids retraining and finetuning of the model, and instead relies on black-box decision outputs and statistical testing to produce certified guarantees.

📄 Download slides overviewing graph adversarial defenses

📘 Read the full CiDer paper (INFOCOM 2025)

Reference

Liang, Xiaoyu, Haohua Du, Wen Ma, Ye Tian, and Xiaoya Xu. “CiDer: A Black-box Approach to Classify Node with Certified Robustness Guarantees.” In IEEE INFOCOM 2025-IEEE Conference on Computer Communications, 2025.

Overview of Adversarial Defenses on Image Classification

2023-08-15T00:00:00+00:00

This short post provides an overview of adversarial defense techniques in image classification. It is intended as a brief summary for readers interested in robustness against adversarial attacks.

The included PDF summarizes five major categories:

Adversarial Training: Incorporating adversarial examples during training to improve robustness.
Gradient Masking / Regularization: Obscuring gradient information to hinder attack generation.
Detection-based Defenses: Identifying adversarial inputs before classification.
Transformation-based Defenses: Applying input transformations (e.g., denoising, compression) to remove perturbations.
Certified Defenses: Providing provable robustness guarantees against bounded perturbations.

📄 Download slides overviewing adversarial defenses here.