Arrow Research search

Author name cluster

Yuan Tian

Possible papers associated with this exact author name in Arrow. This page groups case-insensitive exact name matches and is not a full identity disambiguation profile.

22 papers
2 author rows

Possible papers

22

AAAI Conference 2026 Conference Paper

GeoGen: A Two-stage Coarse-to-Fine Framework for Fine-grained Synthetic Location-based Social Network Trajectory Generation

  • Rongchao Xu
  • Kunlin Cai
  • Lin Jiang
  • Zhiqing Hong
  • Yuan Tian
  • Guang Wang

Location-Based Social Network (LBSN) check-in trajectory data are important for many practical applications like POI recommendation, advertising, and pandemic intervention. However, the high collection costs and ever-increasing privacy concerns prevent us from accessing large-scale LBSN trajectory data. The recent advances in synthetic data generation provide us with a new opportunity to achieve this, which utilizes generative AI to generate synthetic data that preserves the characteristics of real data while ensuring privacy protection. However, generating synthetic LBSN check-in trajectories remains challenging due to their spatially discrete, temporally irregular nature and the complex spatio-temporal patterns caused by sparse activities and uncertain human mobility. To address this challenge, we propose GeoGen, a two-stage coarse-to-fine framework for large-scale LBSN check-in trajectory generation. In the first stage, we reconstruct spatially continuous, temporally regular latent movement sequences from the original LBSN check-in trajectories and then design a Sparsity-aware Spatio-temporal Diffusion model (S^2TDiff) with an efficient denosing network to learn their underlying behavioral patterns. In the second stage, we design Coarse2FineNet, a Transformer-based Seq2Seq architecture equipped with a dynamic context fusion mechanism in the encoder and a multi-task hybrid-head decoder, which generates fine-grained LBSN trajectories based on coarse-grained latent movement sequences by modeling semantic relevance and behavioral uncertainty. Extensive experiments on four real-world datasets show that GeoGen excels state-of-the-art models for both fidelity and utility evaluation, e.g., it increases over 69% and 55% in distance and radius metrics on the FS-TKY dataset.

PDF Details DOI

AAAI Conference 2026 Conference Paper

Hyperbolic-Enhanced Mixture-of-Experts Mamba for Sequential Recommendation

  • Yuwen Liu
  • Lianyong Qi
  • Xingyuan Mao
  • Weiming Liu
  • Xuhui Fan
  • Qiang Ni
  • Xuyun Zhang
  • Yang Zhang

Sequential recommendation has emerged as a fundamental task in various domains, aiming to predict a user's next interaction based on historical behavior. Recent advances in deep sequence models, particularly Transformer-based architectures and the more recent Mamba, have substantially pushed the boundaries of sequential modeling performance. However, existing methods still face two critical challenges. First, many current approaches overlook the hierarchical structures and high-order dependencies among items, typically restricting representation learning to conventional Euclidean spaces, which limits their capacity to capture complex relational information. Second, although Mamba excels at long-range dependency modeling, its reliance on static Feed-Forward Networks (FFNs) hinders its ability to dynamically adapt to evolving user preferences across diverse contexts. To address these limitations, we propose a Hyperbolic-Enhanced Mixture-of-Experts Mamba recommender (HM2Rec) for sequential recommendation. HM2Rec first encodes user-item relationships through hyperbolic graph convolution to exploit hierarchical structure more effectively. Then, a Variational Graph Auto-Encoder (VGAE) is employed to reconstruct node embeddings, improving structural robustness. To further enhance sequential modeling, we integrate Rotary Positional Encoding (RoPE) into Mamba to better capture relative position dependencies, and replace the FFN with Mixture-of-Expert (MOE) module, enabling dynamic and personalized expert selection for each token. Our extensive experiments on four widely-used public datasets demonstrate that HM2Rec outperforms several advanced baseline models.

PDF Details DOI

AAAI Conference 2026 Conference Paper

MedOmni-45°: A Safety–Performance Benchmark for Reasoning-Oriented LLMs in Medicine

  • Kaiyuan Ji
  • Yijin Guo
  • Zicheng Zhang
  • Xiangyang Zhu
  • Yuan Tian
  • Ning Liu

With the rapid integration of large language models (LLMs) into medical decision-support aids, ensuring reliability in reasoning steps—not just final answers—is increasingly critical. Two key safety dimensions are Chain-of-Thought (CoT) faithfulness, which assesses alignment of the model’s reasoning process with both its response and medical facts, and sycophancy, an emergent misalignment where models follow misleading cues instead of factual correctness. Yet existing benchmarks tend to prioritize performance evaluation, frequently collapsing nuanced safety vulnerabilities into a single accuracy score. To fill this gap, we introduce MedOmni-45°, a benchmark and evaluation workflow explicitly designed to quantify the safety–performance trade-off in LLMs under manipulative hint conditions. The benchmark contains 1,804 reasoning-focused medical questions across six clinical specialties and three task types, including 500 publicly comparable items from MedMCQA. Each question is systematically augmented with seven manipulative hint types, each embedding two distinct misleading cue variants, along with a No-Hint baseline, resulting in approximately 27,000 unique inputs. These inputs are then evaluated across seven LLMs spanning open- and closed-source, general-purpose and medical-specific, and base versus reasoning-enhanced variants, amounting to over 189K total inference instances. Three orthogonal metrics (Accuracy, CoT-Faithfulness, Anti-Sycophancy) are combined into a composite score visualized via a 45° safety–performance plot. Results reveal a universal trade-off, with no model surpassing the ideal diagonal. Open-source QwQ-32B approaches closest at 43.81°, demonstrating notable safety while not surpassing others in performance. MedOmni-45° thus highlights critical vulnerabilities of LLMs in reasoning oriented medical tasks, offering a robust benchmark for future alignment research.

PDF Details DOI

AAAI Conference 2026 Conference Paper

SDEval: Safety Dynamic Evaluation for Multimodal Large Language Models

  • Hanqing Wang
  • Yuan Tian
  • Mingyu Liu
  • Zhenhao Zhang
  • Xiangyang Zhu

In the rapidly evolving landscape of Multimodal Large Language Models (MLLMs), the safety concerns of their outputs have earned significant attention. Although numerous datasets have been proposed, they may become outdated with MLLM advancements and are susceptible to data contamination issues. To address these problems, we propose SDEval, the first safety dynamic evaluation framework to controllably adjust the distribution and complexity of safety benchmarks. Specifically, SDEval mainly adopts three dynamic strategies: text, image, and text-image dynamics to generate new samples from original benchmarks. We first explore the individual effects of text and image dynamics on model safety. Then, we find that injecting text dynamics into images can further impact safety, and conversely, injecting image dynamics into text also leads to safety risks. SDEval is general enough to be applied to various existing safety and even capability benchmarks. Experiments across safety benchmarks, MLLMGuard and VLSBench, and capability benchmarks, MMBench and MMVet, show that SDEval significantly influences evaluation results, mitigates data contamination, and exposes safety limitations of MLLMs.

PDF Details DOI

NeurIPS Conference 2025 Conference Paper

4DGCPro: Efficient Hierarchical 4D Gaussian Compression for Progressive Volumetric Video Streaming

  • Zihan Zheng
  • Zhenlong Wu
  • Houqiang Zhong
  • Yuan Tian
  • Ning Cao
  • Lan Xu
  • Jiangchao Yao
  • Xiaoyun Zhang

Achieving seamless viewing of high-fidelity volumetric video, comparable to 2D video experiences, remains an open challenge. Existing volumetric video compression methods either lack the flexibility to adjust quality and bitrate within a single model for efficient streaming across diverse networks and devices, or struggle with real-time decoding and rendering on lightweight mobile platforms. To address these challenges, we introduce 4DGCPro, a novel hierarchical 4D Gaussian compression framework that facilitates real-time mobile decoding and high-quality rendering via progressive volumetric video streaming in a single bitstream. Specifically, we propose a perceptually-weighted and compression-friendly hierarchical 4D Gaussian representation with motion-aware adaptive grouping to reduce temporal redundancy, preserve coherence, and enable scalable multi-level detail streaming. Furthermore, we present an end-to-end entropy-optimized training scheme, which incorporates layer-wise rate-distortion (RD) supervision and attribute-specific entropy modeling for efficient bitstream generation. Extensive experiments show that 4DGCPro enables flexible quality and variable bitrate within a single model, achieving real-time decoding and rendering on mobile devices while outperforming existing methods in RD performance across multiple datasets.

PDF Details

ECAI Conference 2025 Conference Paper

DASNet: Disturbance-Aware Lesion Segmentation Network on Medical Images

  • Yuan Tian
  • Yiyang Zhang
  • Ruiguo Yu
  • Yujie Diao
  • Jialin Zhu
  • Jie Gao 0008
  • Xuewei Li 0001

Lesions in medical imaging exhibit considerable variability in location and size, while image quality is frequently compromised by noise and artifacts. These complex disturbance patterns undermine the stability of feature extraction and significantly complicate precise segmentation. To address these challenges, we propose the Disturbance-Aware Lesion Segmentation Network (DASNet), a segmentation framework based on probabilistic modeling, designed to achieve robust feature representation under diverse disturbing conditions. DASNet introduces a dual-encoder architecture to separately capture observable and latent disturbances: the spatial adaptive encoder is employed to extract visible deformation features of lesions (positional offset and area proportion), while the Gaussian distribution encoder models latent uncertainties in the feature space, regularized by posterior probability supervision to align learned distributions with true lesion feature distributions. The representations from both encoders are integrated during the decoding phase, guiding the generation of reliable features. Extensive experiments conducted on ultrasound, dermoscopy, and colonoscopy datasets demonstrate that DASNet consistently achieves superior segmentation accuracy and exhibits strong generalization across multiple imaging modalities.

Details

ICLR Conference 2025 Conference Paper

Eia: Environmental Injection Attack on Generalist Web Agents for Privacy Leakage

  • Zeyi Liao
  • Lingbo Mo
  • Chejian Xu
  • Mintong Kang
  • Jiawei Zhang 0013
  • Chaowei Xiao
  • Yuan Tian
  • Bo Li 0026

Recently, generalist web agents have demonstrated remarkable potential in autonomously completing a wide range of tasks on real websites, significantly boosting human productivity. However, web tasks, such as booking flights, usually involve users' personally identifiable information (PII), which may be exposed to potential privacy risks if web agents accidentally interact with compromised websites—a scenario that remains largely unexplored in the literature. In this work, we narrow this gap by conducting the first study on the privacy risks of generalist web agents in adversarial environments. First, we present a realistic threat model for attacks on the website, where we consider two adversarial targets: stealing users' specific PII or the entire user request. Then, we propose a novel attack method, termed Environmental Injection Attack (EIA). EIA injects malicious content designed to adapt well to environments where the agents operate and our work instantiates EIA specifically for privacy scenarios in web environments. We collect 177 action steps that involve diverse PII categories on realistic websites from the Mind2Web dataset, and conduct experiments using one of the most capable generalist web agent frameworks to date. The results demonstrate that EIA achieves up to 70\% attack success rate (ASR) in stealing users' specific PII and 16\% ASR in stealing a full user request at an action step. Additionally, by evaluating the detectability and testing defensive system prompts, we indicate that EIA is challenging to detect and mitigate. Notably, attacks that are not well adapted for a webpage can be detected through careful human inspection, leading to our discussion about the trade-off between security and autonomy. However, extra attackers' efforts can make EIA seamlessly adapted, rendering such human supervision ineffective. Thus, we further discuss the implications on defenses at the pre- and post-deployment stages of the websites without relying on human supervision and call for more advanced defense strategies.

Details

AAAI Conference 2025 Conference Paper

Medical Manifestation-Aware De-Identification

  • Yuan Tian
  • Shuo Wang
  • Guangtao Zhai

Face de-identification (DeID) has been widely studied for common scenes, but remains under-researched for medical scenes, mostly due to the lack of large-scale patient face datasets. In this paper, we release MeMa, consisting of over 40,000 photo-realistic patient faces. MeMa is re-generated from massive real patient photos. By carefully modulating the generation and data-filtering procedures, MeMa avoids breaching real patient privacy, while ensuring rich and plausible medical manifestations. We recruit expert clinicians to annotate MeMa with both coarse- and fine-grained labels, building the first medical-scene DeID benchmark. Additionally, we propose a baseline approach for this new medical-aware DeID task, by integrating data-driven medical semantic priors into the DeID procedure. Despite its conciseness and simplicity, our approach substantially outperforms previous ones.

PDF Details DOI

ICML Conference 2025 Conference Paper

Selective Prompt Anchoring for Code Generation

  • Yuan Tian
  • Tianyi Zhang 0001

Recent advances in large language models (LLMs) have transformed software development by automatically generating code from natural language. Yet challenges remain in generating fully correct code that aligns with user intent. Our study reveals that LLMs tend to pay less attention to user prompts as more code tokens are generated. We hypothesize that this attention dilution issue is an important reason for code generation errors. To mitigate this issue, we propose S *elective P rompt A* nchoring (SPA) to guide code LLMs to pay more attention to user intent when generating code. We evaluate SPA using six base LLMs across six benchmarks. Our results demonstrate that SPA enhances Pass@1 by up to 12. 9%, consistently outperforming SOTA code generation methods in all settings. Our code is available at https: //github. com/magic-YuanTian/Selective-Prompt-Anchoring.

Details

AAMAS Conference 2024 Conference Paper

Consensus of Nonlinear Multi-Agent Systems with Semi-Markov Switching Under DoS Attacks

  • Sheng Tian
  • Hong Shen
  • Yuan Tian
  • Hui Tian

Denial of Service (DoS) attacks will destroy the communication channels between agents. How to reduce the impact of DoS attacks on system consensus of nonlinear multi-agent systems (MASs) with semi-Markov switching (SMS) is an important problem that has appeared in many applications. Existing work on consensus of nonlinear MAS with switching under DoS attacks can be divided into two categories: Markov switching (MS) and Semi-Markov Switching (SMS). There are many studies on MS, but very few on SMS. This is because the dwell time of the SMS obeys a more general probability distribution, which will bring new challenges to analysis. This paper proposes a novel approach that adopts a dynamic event-triggered strategy to reduce the frequency of control signals to complete the consensus on nonlinear MASs with SMS under DoS attacks. We use multiple Lyapunov functions established by stochastic techniques, and obtain sufficient conditions for MAS mean square consensus under aperiodic DoS attacks. The effectiveness of our strategy is verified by simulation results.

PDF

NeurIPS Conference 2024 Conference Paper

GAIA: Rethinking Action Quality Assessment for AI-Generated Videos

  • Zijian Chen
  • Wei Sun
  • Yuan Tian
  • Jun Jia
  • Zicheng Zhang
  • Jiarui Wang
  • Ru Huang
  • Xiongkuo Min

Assessing action quality is both imperative and challenging due to its significant impact on the quality of AI-generated videos, further complicated by the inherently ambiguous nature of actions within AI-generated video (AIGV). Current action quality assessment (AQA) algorithms predominantly focus on actions from real specific scenarios and are pre-trained with normative action features, thus rendering them inapplicable in AIGVs. To address these problems, we construct GAIA, a Generic AI-generated Action dataset, by conducting a large-scale subjective evaluation from a novel causal reasoning-based perspective, resulting in 971, 244 ratings among 9, 180 video-action pairs. Based on GAIA, we evaluate a suite of popular text-to-video (T2V) models on their ability to generate visually rational actions, revealing their pros and cons on different categories of actions. We also extend GAIA as a testbed to benchmark the AQA capacity of existing automatic evaluation methods. Results show that traditional AQA methods, action-related metrics in recent T2V benchmarks, and mainstream video quality methods perform poorly with an average SRCC of 0. 454, 0. 191, and 0. 519, respectively, indicating a sizable gap between current models and human action perception patterns in AIGVs. Our findings underscore the significance of action quality as a unique perspective for studying AIGVs and can catalyze progress towards methods with enhanced capacities for AQA in AIGVs.

PDF Details DOI

NeurIPS Conference 2023 Conference Paper

What Distributions are Robust to Indiscriminate Poisoning Attacks for Linear Learners?

  • Fnu Suya
  • Xiao Zhang
  • Yuan Tian
  • David Evans

We study indiscriminate poisoning for linear learners where an adversary injects a few crafted examples into the training data with the goal of forcing the induced model to incur higher test error. Inspired by the observation that linear learners on some datasets are able to resist the best known attacks even without any defenses, we further investigate whether datasets can be inherently robust to indiscriminate poisoning attacks for linear learners. For theoretical Gaussian distributions, we rigorously characterize the behavior of an optimal poisoning attack, defined as the poisoning strategy that attains the maximum risk of the induced model at a given poisoning budget. Our results prove that linear learners can indeed be robust to indiscriminate poisoning if the class-wise data distributions are well-separated with low variance and the size of the constraint set containing all permissible poisoning points is also small. These findings largely explain the drastic variation in empirical attack performance of the state-of-the-art poisoning attacks on linear learners across benchmark datasets, making an important initial step towards understanding the underlying reasons some learning tasks are vulnerable to data poisoning attacks.

PDF Details

AAAI Conference 2021 Conference Paper

Curse or Redemption? How Data Heterogeneity Affects the Robustness of Federated Learning

  • Syed Zawad
  • Ahsan Ali
  • Pin-Yu Chen
  • Ali Anwar
  • Yi Zhou
  • Nathalie Baracaldo
  • Yuan Tian
  • Feng Yan

Data heterogeneity has been identified as one of the key features in federated learning but often overlooked in the lens of robustness to adversarial attacks. This paper focuses on characterizing and understanding its impact on backdooring attacks in federated learning through comprehensive experiments using synthetic and the LEAF benchmarks. The initial impression driven by our experimental results suggests that data heterogeneity is the dominant factor in the effectiveness of attacks and it may be a redemption for defending against backdooring as it makes the attack less efficient, more challenging to design effective attack strategies, and the attack result also becomes less predictable. However, with further investigations, we found data heterogeneity is more of a curse than a redemption as the attack effectiveness can be significantly boosted by simply adjusting the client-side backdooring timing. More importantly, data heterogeneity may result in overfitting at the local training of benign clients, which can be utilized by attackers to disguise themselves and fool skewed-feature based defenses. In addition, effective attack strategies can be made by adjusting attack data distribution. Finally, we discuss the potential directions of defending the curses brought by data heterogeneity. The results and lessons learned from our extensive experiments and analysis offer new insights for designing robust federated learning methods and systems.

PDF Details

AAAI Conference 2021 Conference Paper

DeHiB: Deep Hidden Backdoor Attack on Semi-supervised Learning via Adversarial Perturbation

  • Zhicong Yan
  • Gaolei Li
  • Yuan Tian
  • Jun Wu
  • Shenghong Li
  • Mingzhe Chen
  • H. Vincent Poor

The threat of data-poisoning backdoor attacks on learning algorithms typically comes from the labeled data used for learning. However, in deep semi-supervised learning (SSL), unknown threats mainly stem from unlabeled data. In this paper, we propose a novel deep hidden backdoor (DeHiB) attack for SSL-based systems. In contrast to the conventional attacking methods, the DeHiB can feed malicious unlabeled training data to the semi-supervised learner so as to enable the SSL model to output premeditated results. In particular, a robust adversarial perturbation generator regularized by a unified objective function is proposed to generate poisoned data. To alleviate the negative impact of trigger patterns on model accuracy and improve the attack success rate, a novel contrastive data poisoning strategy is designed. Using the proposed data poisoning scheme, one can implant the backdoor into the SSL model using the raw data without handcrafted labels. Extensive experiments based on CIFAR10 and CIFAR100 datasets demonstrates the effectiveness and crypticity of the proposed scheme.

PDF Details

ICRA Conference 2021 Conference Paper

Ultrasound Doppler Imaging and Navigation of Collective Magnetic Cell Microrobots in Blood

  • Qianqian Wang 0003
  • Yuan Tian
  • Xingzhou Du
  • Kai-Fung Chan
  • Li Zhang 0010

We propose ultrasound Doppler imaging and magnetic navigation of collective cell microrobots in whole blood. Cell microrobots are cultured using stem cells and iron microparticles, they have spheroidal structures and can be actuated under external magnetic fields. A collective of cell microrobots can be reversibly gathered and spread due to the tunable magnetic interaction, and are able to exhibit collective motion in whole blood under rotating magnetic fields. Simulation results indicate that the induced blood flow around the collective pattern affects the motion of red blood cells (RBCs), and experimental results show that Doppler signals are observed when emitting ultrasound waves to the microrobots. The induced Doppler signals are affected by the input field frequency and the ultrasound parameters (pulse repetition frequency). Due to the induced three-dimensional blood flow, Doppler signals can be observed when the imaging plane is above the collective microrobots, which enables indirect localization when performing navigation on an uneven surface. Our study investigates a strategy for pattern formation and navigation of collective microrobots under ultrasound Doppler imaging, demonstrating that the integration of collective control approach and medical imaging holds great potential for real-time active delivery tasks.

Details

AAAI Conference 2020 Conference Paper

Learning Signed Network Embedding via Graph Attention

  • Yu Li
  • Yuan Tian
  • Jiawei Zhang
  • Yi Chang

Learning the low-dimensional representations of graphs (i. e. , network embedding) plays a critical role in network analysis and facilitates many downstream tasks. Recently graph convolutional networks (GCNs) have revolutionized the field of network embedding, and led to state-of-the-art performance in network analysis tasks such as link prediction and node classification. Nevertheless, most of the existing GCN-based network embedding methods are proposed for unsigned networks. However, in the real world, some of the networks are signed, where the links are annotated with different polarities, e. g. , positive vs. negative. Since negative links may have different properties from the positive ones and can also significantly affect the quality of network embedding. Thus in this paper, we propose a novel network embedding framework SNEA to learn Signed Network Embedding via graph Attention. In particular, we propose a masked self-attentional layer, which leverages self-attention mechanism to estimate the importance coefficient for pair of nodes connected by different type of links during the embedding aggregation process. Then SNEA utilizes the masked self-attentional layers to aggregate more important information from neighboring nodes to generate the node embeddings based on balance theory. Experimental results demonstrate the effectiveness of the proposed framework through signed link prediction task on several real-world signed network datasets.

PDF Details

ICRA Conference 2020 Conference Paper

Toward Autonomous Robotic Micro-Suturing using Optical Coherence Tomography Calibration and Path Planning

  • Yuan Tian
  • Mark Draelos
  • Gao Tang
  • Ruobing Qian
  • Anthony N. Kuo
  • Joseph A. Izatt
  • Kris Hauser

Robotic automation has the potential to assist human surgeons in performing suturing tasks in microsurgery, and in order to do so a robot must be able to guide a needle with sub-millimeter precision through soft tissue. This paper presents a robotic suturing system that uses 3D optical coherence tomography (OCT) system for imaging feedback. Calibration of the robot-OCT and robot-needle transforms, wound detection, keypoint identification, and path planning are all performed automatically. The calibration method handles pose uncertainty when the needle is grasped using a variant of iterative closest points. The path planner uses the identified wound shape to calculate needle entry and exit points to yield an evenly-matched wound shape after closure. Experiments on tissue phantoms and animal tissue demonstrate that the system can pass a suture needle through wounds with 0. 200 mm overall accuracy in achieving the planned entry and exit points, and over 20× more precise than prior autonomous suturing robots.

Details

NeurIPS Conference 2020 Conference Paper

Trade-offs and Guarantees of Adversarial Representation Learning for Information Obfuscation

  • Han Zhao
  • Jianfeng Chi
  • Yuan Tian
  • Geoffrey J. Gordon

Crowdsourced data used in machine learning services might carry sensitive information about attributes that users do not want to share. Various methods have been proposed to minimize the potential information leakage of sensitive attributes while maximizing the task accuracy. However, little is known about the theory behind these methods. In light of this gap, we develop a novel theoretical framework for attribute obfuscation. Under our framework, we propose a minimax optimization formulation to protect the given attribute and analyze its inference guarantees against worst-case adversaries. Meanwhile, there is a tension between minimizing information leakage and maximizing task accuracy. To understand this, we prove an information-theoretic lower bound to precisely characterize the fundamental trade-off between accuracy and information leakage. We conduct experiments on two real-world datasets to corroborate the inference guarantees and validate the inherent trade-offs therein. Our results indicate that, among several alternatives, the adversarial learning approach achieves the best trade-off in terms of attribute obfuscation and accuracy maximization.

PDF Details