* indicates co-first authors

2025

• MCP-Bench: Benchmarking Tool-Using LLM Agents with Complex Real-World Tasks via MCP Servers
  Zhenting Wang, Qi Chang, Hemani Patel, Shashank Biju, Cheng-En Wu, Quan Liu, Aolin Ding, Alireza Rezazadeh, Ankit Shah, Yujia Bao, Eugene Siow
  arXiv preprint - arXiv:2508.20453 (2025)

• SafeTy Reasoning Elicitation Alignment for Multi-Turn Dialogues
  Martin Kuo, Jianyi Zhang, Aolin Ding, Louis DiValentin, Amin Hass, Benjamin F Morris, Isaac Jacobson, Randolph Linderman, James Kiessling, Nicolas Ramos, Bhavna Gopal, Maziyar Baran Pouyan, Changwei Liu, Hai Li, Yiran Chen
  arXiv preprint - arXiv:2506.00668 (2025)

• FedProphet: Memory-Efficient Federated Adversarial Training via Theoretic-Robustness and Low-Inconsistency Cascade Learning
  Minxue Tang*, Yitu Wang*, Jingyang Zhang, Louis DiValentin, Aolin Ding, Amin Hass, Yiran Chen, Hai Li
  The 8th Annual Conference on Machine Learning and Systems (MLSys 2025)
  Santa Clara, CA, May 2025 (Acceptance Rate: 22.5%)

• Proactive Privacy Amnesia for Large Language Models: Safeguarding PII with Negligible Impact on Model Utility
  Martin Kuo, Jingyang Zhang, Jianyi Zhang, Minxue Tang, Louis DiValentin, Aolin Ding, Jingwei Sun, William Chen, Amin Hass, Tianlong Chen, Yiran Chen, Hai Li
  The 13th International Conference on Learning Representations (ICLR 2025)
  Singapore EXPO, Apr 2025 (Acceptance Rate: 31.7%)

• H-CoT: Hijacking the Chain-of-Thought Safety Reasoning Mechanism to Jailbreak Large Reasoning Models, Including OpenAI o1/o3, DeepSeek-R1, and Gemini 2.0 Flash Thinking
  Martin Kuo*, Jianyi Zhang*, Aolin Ding, Qinsi Wang, Louis DiValentin, Yujia Bao, Wei Wei, Da-Cheng Juan, Hai Li, Yiran Chen
  arXiv preprint - arXiv:2502.12893 (2025)

2024

• An Empirical DNN Pruning Approach against Membership Inference Attacks
  Matthew Chan*, Aolin Ding*, Amin Hass, Saman Zonouz
  The 7th International Conference on Attacks and Defenses for Internet-of-Things (ADIoT 2024)
  Hangzhou, China, Dec 2024 (Acceptance Rate: 24.4%)

• Leaking Through the Physics: Covert Cyber-Physical Data Exfiltration Through Unobserved Physics
  Matthew Chan, Luis Garcia, Nathaniel Snyder, Marcus Lucas, Aolin Ding, Amin Hass, Oleg Sokolsky, James Weimer, Paulo Tabuada, Saman Zonouz, Mani Srivastava
  The 2nd EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles (SmartSP 2024)
  New Orleans, LA, Nov 2024 (Acceptance Rate: N/A)

• ModelGuard: Information-Theoretic Defense Against Model Extraction Attacks
  Artifact Available, Functional, Reproduced
  Minxue Tang, Anna Dai, Louis DiValentin, Aolin Ding, Amin Hass, Yiran Chen, Neil Zhenqiang Gong, Hai “Helen” Li
  The 33rd USENIX Security Symposium (USENIX Security 2024)
  Philadelphia, PA, Aug 2024 (Acceptance Rate: 19.0%)

• Virtual Keymysteries Unveiled: Detecting Keystrokes in VR with External Side-Channels
  Hossein Khalili, Alexander Chen, Theodoros Papaiakovou, Timothy Jacques, Hao-Jen Chien, Changwei Liu, Aolin Ding, Amin Hass, Saman Zonouz, Nader Sehatbakhsh
  The 8th IEEE/ACM Workshop on the Internet of Safe Things (SafeThings 2024)
  San Francisco, CA, May 2024 (Acceptance Rate: 59.0%)

• Build a Computationally Efficient Strong Defense against Adversarial Example Attacks
  Changwei Liu, Louis DiValentin, Aolin Ding, Malek Ben Salem
  The 10th International Conference on Information Systems Security and Privacy (ICISSP 2024)
  Rome, Italy, Feb 2024 (Acceptance Rate: 36.0% - Short Paper)

2023

• Resource-aware DNN Partitioning for Privacy-sensitive Edge-Cloud Systems
  Aolin Ding, Amin Hass, Matthew Chan, Nader Sehatbakhsh, Saman Zonouz
  The 30th International Conference on Neural Information Processing (ICONIP 2023)
  Changsha, China, Nov 2023 (Acceptance Rate: 20.1% - Full Paper)

• Get Your Cyber-Physical Tests Done! Data-Driven Vulnerability Assessment of Robotic Aerial Vehicles
  Aolin Ding, Matthew Chan, Amin Hass, Nils Ole Tippenhauer, Shiqing Ma, Saman Zonouz
  The 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Network (DSN 2023)
  Porto, Portugal, Jun 2023 (Acceptance Rate: 20.0%)

• Evaluating Input Transformation Ensembles Against Adversarial Attacks
  Changwei Liu, Louis DiValentin, Aolin Ding, Malek Ben Salem
  Information Systems Security and Privacy. Communications in Computer and Information Science, vol 2459. Springer, Cham. 2023. (Selection Rate for Journal Publication: 5.3%)

2022

• Reverse Engineering and Retrofitting Robotic Aerial Vehicle Control Firmware using DisPatch
  Taegyu Kim, Aolin Ding, Sriharsha Etigowni, Pengfei Sun, Jizhou Chen, Luis Garcia, Saman Zonouz, Dongyan Xu, Dave (Jing) Tian
  The 20th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys 2022)
  Portland, OR, Jun 2022 (Acceptance Rate: 21.6%)

• FADE: Enabling Large-Scale Federated Adversarial Training on Resource-Constrained Edge Device
  Minxue Tang, Jianyi Zhang, Mingyuan Ma, Louis DiValentin, Aolin Ding, Amin Hass, Hai Li, Yiran Chen
  arXiv preprint - arXiv:2209.03839 (2022)

• Enhancement of Attack Detection Technology using AI with Synthetic-Log Generation
  Takumi Yamamoto, Tsunato Nakai, Ruri Otsuka, Ye Wang, Kyeong Jin Kim, Toshiaki Koike-Akino, Iván Sanz Gorrachategui, Aolin Ding, Mamoru Abe, Ayako Yoshimura, Kiyoto Kawauchi
  The 39th Symposium on Cryptography and Information Security (SCIS 2022)
  Osaka, Japan, Jan 2022 (Acceptance Rate: N/A)

2021

• Mini-me, You Complete Me! Data-driven Drone Security via DNN-based Approximate Computing
  Aolin Ding, Praveen Murthy, Luis Garcia, Pengfei Sun, Matthew Chan, Saman Zonouz
  The 24th ACM International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2021)
  San Sebastian, Spain, Oct 2021 (Acceptance Rate: 23.2%)

---

Patents

• Contextual Sanitization and Re-enrichment using Large Language Models
  Malek Ben Salem, Louis Divalentin, Aolin Ding
  U.S. Patent App. 18/811,540, 2024 (Pending)

• Systems and Methods for Defending an Artificial Intelligence Model Against Adversarial Input
  Louis Divalentin, Changwei Liu, Aolin Ding, Malek Ben Salem
  U.S. Patent App. 18/199,360, 2024 (Pending)

• Automated Cybersecurity Vulnerability Prioritization
  Aolin Ding, Hodaya Binyamini, Gal Engelberg, Louis William Divalentin, Benjamin Glen Mccarty, Dan Klein, Amin Hass
  U.S. Patent No. 12,476,994, 2024 (Granted)

• Privacy-preserving Machine Learning Training Based on Homomorphic Encryption using Executable File Packages in an Untrusted Environment
  Amin Hassanzadeh, Neil Hayden Liberman, Aolin Ding, Malek Ben Salem
  U.S. Patent No. 12,248,601, 2023 (Granted)

• System and Method for Explainable Anomaly Detection
  Kyeong Jin Kim, Aolin Ding, Ye Wang, Koike Akino Toshiaki, and Kieran Parsons
  U.S. Patent App. 18/068,537, 2022 (Pending)

• Privacy Preserving Cooperative Learning in Untrusted Environments
  Aolin Ding, Amin Hassanzadeh
  U.S. Patent No. 12,229,280, 2022 (Granted)

• Privacy-preserving Collaborative Machine Learning Training using Distributed Executable File Packages in an Untrusted Environment
  Amin Hassanzadeh, Neil Hayden Liberman, Aolin Ding, Malek Ben Salem
  U.S. Patent No. 12,387,215, 2022 (Granted)