Xiaofeng Chen

AAAI Conference 2026 Conference Paper

Stochastic Universal Adversarial Perturbations with Fixed Optimization Constraint and Ensured High-probability Transferability

• Yulin Jin
• Xiaoyu Zhang
• Haoyu Tong
• Jian Lou
• Kai Wu
• Haibo Hu
• Xiaofeng Chen

Adversarial perturbations (APs) have become a great concern in image classification tasks. The most challenging branch, universal adversarial perturbations (UAPs), are exploited to fool most of the unseen samples. Such one-to-all perturbations have the merit of transferability, which has strong practical significance. In this paper, we firstly define the transferability gap and the algorithm stability of the UAP algorithm, and prove the relationship between them. In analyzing the UAP algorithm stability, we prove that the convergence domain of existing UAP algorithms with dynamic constraints is excessively small, which degrades the capacity of UAPs. Thus, we further propose a new expected constraint and prove that UAPs in the expected constraint suit any sample in a high probability. Besides, we propose a Stochastic Universal Adversarial Perturbation (SUAP) that involves additive noise and the expected constraint. Finally, by treating the proposed algorithm as a stochastic differential equation, we prove an upper bound of the UAP algorithm stability of SUAP, which decreases exponentially at the beginning and then increases with a sublinear rate to at most a fixed constant. Experimental results show that SUAP is aligned with our analysis.

EAAI Journal 2024 Journal Article

Prioritizing Causation in Decision Trees: A Framework for Interpretable Modeling

• Songming Zhang
• Xiaofeng Chen
• Xuming Ran
• Zhongshan Li
• Wenming Cao

As a popular machine learning model, decision trees classify and generalize well, but face challenges in engineering applications: 1) Sensitivity to perturbations and lack of interpretability due to correlation reliance. 2) Manual setting of stopping criterion which is unrelated to correlation strength and easily leads to over-partitioning. To address these two challenges, we first theoretically analyze what leads to sub-optimal decision trees. By incorporating causal discovery, this limitation can be attributed to the fact that trees grown with spurious correlations often fall into sub-optimal that lead to overfitting and unfair behaviors. Neglecting causality motivates us to develop a ‘better’ tree with low Kolmogorov complexity and high generalization capability. Then we propose a causality decision tree framework, CausalDT, based on our theoretical expectation, where Hilbert-Schmidt independence criterion serves as a baseline. Unlike previous approaches that prioritize relevance, our framework determines branch nodes based on causation between features, with the significance level determining whether the tree should be expanded further. Experimental results demonstrate that our model maintains performance while reducing average tree depth by 35% on various datasets. Furthermore, our model enhances decision fairness and interpretability.

AAAI Conference 2024 Conference Paper

SAME: Sample Reconstruction against Model Extraction Attacks

• Yi Xie
• Jie Zhang
• Shiqian Zhao
• Tianwei Zhang
• Xiaofeng Chen

While deep learning models have shown significant performance across various domains, their deployment needs extensive resources and advanced computing infrastructure. As a solution, Machine Learning as a Service (MLaaS) has emerged, lowering the barriers for users to release or productize their deep learning models. However, previous studies have highlighted potential privacy and security concerns associated with MLaaS, and one primary threat is model extraction attacks. To address this, there are many defense solutions but they suffer from unrealistic assumptions and generalization issues, making them less practical for reliable protection. Driven by these limitations, we introduce a novel defense mechanism, SAME, based on the concept of sample reconstruction. This strategy imposes minimal prerequisites on the defender's capabilities, eliminating the need for auxiliary Out-of-Distribution (OOD) datasets, user query history, white-box model access, and additional intervention during model training. It is compatible with existing active defense methods. Our extensive experiments corroborate the superior efficacy of SAME over state-of-the-art solutions. Our code is available at https://github.com/xythink/SAME.

TIST Journal 2019 Journal Article

Secure Deduplication System with Active Key Update and Its Application in IoT

• Jin Li
• Tong Li
• Zheli Liu
• Xiaofeng Chen

The rich cloud services in the Internet of Things create certain needs for edge computing, in which devices should be able to handle storage tasks securely, reliably, and efficiently. When processing the storage requests from edge devices, each cloud server is supposed to eliminate duplicate copies of repeating data to reduce the amount of storage space and save on bandwidth. To protect data confidentiality while supporting deduplication, some convergent-encryption-based techniques have been proposed to encrypt the data before uploading. However, all these works cannot meet two requirements while preventing brute-force attacks: (i) power-constrained edge nodes should update encryption keys efficiently when an edge node is abandoned; and (ii) the access privacy of edge nodes should be guaranteed. In this article, we propose a novel encryption scheme for secure chunk-level deduplication. Based on this scheme, we present two constructions of the secure deduplication system that support an efficient key update protocol. The key update protocol does not involve any edge node in computational tasks, so that the deduplication system can adopt an active key update strategy. Moreover, one of our constructions, which is called advance construction, can provide access privacy assurances for edge nodes. The security analysis is given in terms of the proposed threat model. The experimental analysis demonstrates that the proposed deduplication system is practical.

TCS Journal 2015 Journal Article

Efficient algorithms for secure outsourcing of bilinear pairings

• Xiaofeng Chen
• Willy Susilo
• Jin Li
• Duncan S. Wong
• Jianfeng Ma
• Shaohua Tang
• Qiang Tang

The computation of bilinear pairings has been considered the most expensive operation in pairing-based cryptographic protocols. In this paper, we first propose an efficient and secure outsourcing algorithm for bilinear pairings in the two untrusted program model. Compared with the state-of-the-art algorithm, a distinguishing property of our proposed algorithm is that the (resource-constrained) outsourcer is not required to perform any expensive operations, such as point multiplications or exponentiations. Furthermore, we utilize this algorithm as a subroutine to achieve outsource-secure identity-based encryptions and signatures.

TCS Journal 2011 Journal Article

Identity-based trapdoor mercurial commitments and applications

• Xiaofeng Chen
• Willy Susilo
• Fangguo Zhang
• Haibo Tian
• Jin Li

In this paper, we first introduce the notion of identity-based trapdoor mercurial commitment which enjoys the advantages of both the identity-based trapdoor commitment and trapdoor mercurial commitment, while using the idea of “Customized Identity”. Inherently, an identity-based trapdoor mercurial commitment is an underlying building block for constructing identity-based (non-interactive) zero-knowledge sets. That is, a prover can commit to a set S in a way that reveals nothing about S and prove to a verifier, in zero-knowledge, statements of the form x ∈ S and x ∉ S. Besides, although the (non-interactive) proof is publicly verifiable, it is also bound to the identity of the prover in a way which is recognizable to any verifier.

IJCAI Conference 1989 Conference Paper

Towards Finding Optimal Solutions with Non-Admissible Heuristics: A New Technique

• Henry W. Davis
• Anna Bramanti-Gregor
• Xiaofeng Chen