Chaoyu Zhang

Chaoyu Zhang

Ph.D. Candidate in CS at Virginia Tech.

Chaoyu Zhang

I am currently a Ph.D. student in Computer Science at Virginia Tech, under the supervision of Professor Wenjing Lou.

I focus on AI Security and Safety, with particular emphasis on LLMs and agentic AI systems, federated learning, and broader machine learning pipelines. My work addresses security and safety risks in deployed AI systems, including adversarial attacks (e.g., prompt injection and jailbreaks), malicious or anomalous behaviors, privacy leakage, and system-level attack vectors. I design evaluation, detection, and mitigation mechanisms, as well as post-training and task-specific customization strategies, to help align AI systems with essential security and safety requirements prior to production use.

News

  • [May 2026] Our paper ‘Hermes: Boosting the Performance of Machine-Learning-Based Intrusion Detection System through Geometric Feature Learning’ was accepted by the IEEE Transactions on Networking (IEEE ToN).
  • [May 2026] Our paper ‘Think Twice Before You Act: Protecting LLM Agents Against Tool Description Poisoning via Isolated Planning’ was accepted by the International Conference on Machine Learning (ICML 2026).
  • [May 2026] Our paper ‘MINIM: Privacy-Aware Minimal View for Agents via Trusted Local Sanitization’ was accepted by the International Conference on Machine Learning (ICML 2026).
  • [May 2026] Our paper ‘ARMOR 2025: A Military-Aligned Benchmark for Evaluating Large Language Model Safety Beyond Civilian Contexts’ was accepted by the International Conference on Military Communication and Information Systems (ICMCIS 2026).
  • [Feb. 2026] Our Wiley-IEEE Press book AI for Cybersecurity: Research and Practice is out. ‘Chapter 3: Machine Learning-based Intrusion Detection Systems: Capabilities, Methodologies, and Open Research Challenges’.
  • [Dec. 2025] Our paper ‘AnonyCall: Enabling Native Private Calling in Mobile Networks’, was accepted by the Network and Distributed System Security Symposium (NDSS 2026).
  • [Aug. 2025] Our paper ‘Enabling Trustworthy Federated Learning via Remote Attestation for Mitigating Byzantine Threats’, was accepted by the IEEE Military Communications Conference (MILCOM 2025).
  • [Feb. 2025] Our paper ‘MedLeak: Harvesting Multimodal Medical Data in Secure Federated Learning with Crafted Models’, was accepted by the IEEE/ACM Conference on Connected Health: Applications, Systems, and Engineering Technologies (CHASE 2025).
  • [Feb. 2025] Our paper ‘StarCast: A Secure and Spectrum-Efficient Group Communication Scheme for LEO Satellite Networks’, was accepted by the IEEE International Symposium on Dynamic Spectrum Access Networks (DySPAN 2025).
  • [Dec. 2024] Our paper ‘FLARE: Defending Federated Learning against Model Poisoning Attacks via Latent Space Representations’, was accepted by the IEEE Transactions on Dependable and Secure Computing (TDSC).
  • [Nov. 2024] Our paper ‘Scale-MIA: A Scalable Model Inversion Attack against Secure Federated Learning via Latent Space Reconstruction’, was accepted by the Network and Distributed System Security Symposium (NDSS 2025).
  • [Aug. 2024] Our paper ‘ProFLingo: A Fingerprinting-based Intellectual Property Protection Scheme for Large Language Models’, won best paper award at the IEEE Conference on Communications and Network Security 2024 (CNS 2024).
  • [Aug. 2024] Our paper ‘ProFLingo: A Fingerprinting-based Intellectual Property Protection Scheme for Large Language Models’, was accepted by the IEEE Conference on Communications and Network Security 2024 (CNS 2024).
  • [Aug. 2024] Our paper ‘Hermes: Boosting the Performance of Machine-Learning-Based Intrusion Detection System through Geometric Feature Learning’, was accepted by the 25th International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing (MobiHoc 2024).
  • [Aug. 2023] Our paper ‘MINDFL: Mitigating the Impact of Imbalanced and Noisy-labeled Data in Federated Learning with Quality and Fairness-Aware Client Selection’ was accepted by the IEEE Military Communications Conference (MILCOM 2023).
  • [Aug. 2023] Our paper ‘Bijack: Breaking Bitcoin Network with TCP Vulnerabilities’ was accepted by the 28th European Symposium on Research in Computer Security (ESORICS 2023).