Publications

Google Scholar

• Patcher: Post-Hoc Patching of Backdoored Large Language Models PDF Code

  Anjun Gao, Yueyang Quan, Yufei Xia, Zhuqing Liu, and Minghong Fang

  In Proc. USENIX Security Symposium, 2026

• Five Queries Are Enough: Query-Efficient and Surrogate-Free Membership Inference Attacks on RAG via Entailment PDF Code

  Nguyen Linh Bao Nguyen, Wanlun Ma, Viet Vo, Alsharif Abuadbba, Minghong Fang, Jun Zhang, and Yang Xiang

  In Proc. USENIX Security Symposium, 2026

• Who Taught the Lie? Responsibility Attribution for Poisoned Knowledge in Retrieval-Augmented Generation PDF Poster Code

  Baolei Zhang*, Haoran Xin*, Yuxi Chen, Zhuqing Liu, Biao Yi, Tong Li, Lihai Nie, Zheli Liu, and Minghong Fang

  In Proc. IEEE Symposium on Security and Privacy, 2026 (*co-primary authors, acceptance rate: 12.7%)

• Network Digital Untwinning: Towards Backward Optimization of Digital Twins PDF

  Zifan Zhang, Dianwei Chen, Anjun Gao, Manhua Wang, Mingzhe Chen, Minghong Fang, Xianfeng Yang, and Yuchen Liu

  In Proc. ICDCS, 2026 (acceptance rate: 18.59%)

• SecureSplit: Mitigating Backdoor Attacks in Split Learning PDF

  Zhihao Dou, Dongfei Cui, Weida Wang, Anjun Gao, Yueyang Quan, Mengyao Ma, Viet Vo, Guangdong Bai, Zhuqing Liu, and Minghong Fang

  In Proc. The Web Conference (WWW), 2026 (acceptance rate: 20.1%)

• When the Server Steps In: Calibrated Updates for Fair Federated Learning PDF

  Tianrun Yu*, Kaixiang Zhao*, Cheng Zhang, Anjun Gao, Yueyang Quan, Zhuqing Liu, and Minghong Fang

  In Proc. WiOpt, 2026 (*co-primary authors)

• SecureAFL: Secure Asynchronous Federated Learning PDF

  Anjun Gao*, Feng Wang*, Zhenglin Wan, Yueyang Quan, Zhuqing Liu, and Minghong Fang

  In Proc. ACM AsiaCCS, 2026 (*co-primary authors)

• ClieND: Client-Side Neuron-Level Detection against Poisoning Attacks on Cross-Silo Federated Learning PDF Code

  Mengyao Ma, Shuofeng Liu, Viet Vo, Minghong Fang, Surya Nepal, and Guangdong Bai

  In Proc. ACM AsiaCCS, 2026

• Practical Poisoning Attacks against Retrieval-Augmented Generation PDF

  Baolei Zhang, Yuxi Chen, Zhuqing Liu, Lihai Nie, Tong Li, Zheli Liu, and Minghong Fang

  In Proc. ACM SACMAT, 2026

• Practical Framework for Privacy-Preserving and Byzantine-robust Federated Learning PDF

  Baolei Zhang, Minghong Fang, Zhuqing Liu, Biao Yi, Peizhao Zhou, Yuan Wang, Tong Li, Zheli Liu

  In IEEE Transactions on Information Forensics and Security, 2026

• Tracing Back the Malicious Clients in Poisoning Attacks to Federated Learning PDF Code

  Yuqi Jia, Minghong Fang, Hongbin Liu, Jinghuai Zhang, and Neil Zhenqiang Gong

  In Proc. NeurIPS, 2025 (acceptance rate: 24.52%)

• Competitive Advantage Attacks to Decentralized Federated Learning PDF Code

  Yuqi Jia, Minghong Fang, and Neil Zhenqiang Gong

  In Proc. NeurIPS, 2025 (acceptance rate: 24.52%)

• Secure Retrieval-Augmented Generation against Poisoning Attacks PDF

  Zirui Cheng*, Jikai Sun*, Anjun Gao, Yueyang Quan, Zhuqing Liu, Xiaohua Hu, and Minghong Fang

  In Proc. IEEE BigData, 2025 (*co-primary authors)

• Fairness-Constrained Optimization Attack in Federated Learning PDF

  Harsh Kasyap, Minghong Fang, Zhuqing Liu, Carsten Maple, and Somanath Tripathy

  In Proc. IEEE TrustCom, 2025

• Benchmarking Poisoning Attacks against Retrieval-Augmented Generation PDF

  Baolei Zhang*, Haoran Xin*, Jiatong Li*, Dongzhe Zhang*, Minghong Fang, Zhuqing Liu, Lihai Nie, and Zheli Liu

  Preprint, 2025 (*co-primary authors)

• Enhancing Privacy in Decentralized Min-Max Optimization: A Differentially Private Approach PDF

  Yueyang Quan, Chang Wang, Shengjie Zhai, Minghong Fang, and Zhuqing Liu

  In Proc. ACM MobiHoc, 2025 (acceptance rate: 23%)

• On Transferring, Merging, and Splitting Task-Oriented Network Digital Twins PDF

  Zifan Zhang, Minghong Fang, Mingzhe Chen, and Yuchen Liu

  In Proc. ACM MobiWac, 2025 (acceptance rate: 24%)

• A Power Line Backbone-Assisted Wireless Transit Network PDF

  Wei Sun, Minghong Fang

  In Proc. IEEE ICNP, 2025 (acceptance rate: 25.2%)

• Periodic Recovery From Poisoning Attacks in Machine Learning PDF

  Yuepeng Hu, Minghong Fang, Yuqi Jia, Hongbin Liu, and Neil Zhenqiang Gong

  In IEEE Transactions on Dependable and Secure Computing, 2025

• Synergizing AI and Digital Twins for Next-Generation Network Optimization, Forecasting, and Security PDF

  Zifan Zhang, Minghong Fang, Dianwei Chen, Xianfeng Yang, and Yuchen Liu

  In IEEE Wireless Communications, 2025

• Find a Scapegoat: Poisoning Membership Inference Attack and Defense to Federated Learning PDF

  Wenjin Mo*, Zhiyuan Li*, Minghong Fang, and Mingwei Fang

  In Proc. ICCV, 2025 (*co-primary authors, acceptance rate: 24%)

• Toward Malicious Clients Detection in Federated Learning PDF

  Zhihao Dou*, Jiaqi Wang*, Wei Sun, Zhuqing Liu, and Minghong Fang

  In Proc. ACM AsiaCCS, 2025 (*co-primary authors, acceptance rate: 20.4%)

• Model Poisoning Attacks to Federated Learning via Multi-Round Consistency PDF Code

  Yueqi Xie, Minghong Fang, and Neil Zhenqiang Gong

  In Proc. CVPR, 2025 (acceptance rate: 22.1%)

• Do We Really Need to Design New Byzantine-robust Aggregation Rules? PDF

  Minghong Fang, Seyedsina Nabavirazavi, Zhuqing Liu, Wei Sun, Sundararaja Sitharama Iyengar, and Haibo Yang

  In Proc. NDSS, 2025 (acceptance rate: 16.1%)

• Traceback of Poisoning Attacks to Retrieval-Augmented Generation PDF Code

  Baolei Zhang*, Haoran Xin*, Minghong Fang, Zhuqing Liu, Biao Yi, Tong Li, and Zheli Liu

  In Proc. The Web Conference (WWW), 2025 (*co-primary authors, acceptance rate: 19.8%)

• Provably Robust Federated Reinforcement Learning PDF

  Minghong Fang*, Xilong Wang*, and Neil Zhenqiang Gong

  In Proc. The Web Conference (WWW), 2025 (*co-primary authors)

  Oral Presentation (acceptance rate: 7.5%)

• Byzantine-Robust Federated Learning over Ring-All-Reduce Distributed Computing PDF

  Minghong Fang, Zhuqing Liu, Xuecen Zhao, and Jia Liu

  In Proc. The Web Conference (WWW), 2025

• Poisoning Attacks and Defenses to Federated Unlearning PDF

  Wenbin Wang*, Qiwen Ma*, Zifan Zhang, Yuchen Liu, Zhuqing Liu, and Minghong Fang

  In Proc. The Web Conference (WWW), 2025 (*co-primary authors)

  🎙️ Media Coverage: Devdiscourse

• Byzantine-Robust Decentralized Federated Learning PDF

  Minghong Fang, Zifan Zhang, Hairi, Prashant Khanduri, Jia Liu, Songtao Lu, Yuchen Liu, and Neil Gong

  In Proc. ACM CCS, 2024 (acceptance rate: 16.9%)

• On the Hardness of Decentralized Multi-Agent Policy Evaluation under Byzantine Attacks PDF

  Hairi*, Minghong Fang*, Zifan Zhang, Alvaro Velasquez, and Jia Liu

  In Proc. WiOpt, 2024 (*co-primary authors)

• Adversarial Attacks to Multi-Modal Models PDF

  Zhihao Dou, Xin Hu, Haibo Yang, Zhuqing Liu, and Minghong Fang

  In Proc. ACM LAMPS, 2024

• Securing Distributed Network Digital Twin Systems Against Model Poisoning Attacks PDF

  Zifan Zhang, Minghong Fang, Mingzhe Chen, Gaolei Li, Xi Lin, and Yuchen Liu

  In IEEE Internet of Things Journal, 2024

• Understanding Server-Assisted Federated Learning in the Presence of Incomplete Client Participation PDF

  Haibo Yang, Peiwen Qiu, Prashant Khanduri, Minghong Fang, and Jia Liu

  In Proc. ICML, 2024 (acceptance rate: 27.5%)

• FedREDefense: Defending against Model Poisoning Attacks for Federated Learning using Model Update Reconstruction Error PDF Code

  Yueqi Xie, Minghong Fang, and Neil Zhenqiang Gong

  In Proc. ICML, 2024 (acceptance rate: 27.5%)

• Poisoning Attacks on Federated Learning-based Wireless Traffic Prediction PDF

  Zifan Zhang, Minghong Fang, Jiayuan Huang, and Yuchen Liu

  In Proc. IFIP Networking, 2024 (acceptance rate: 24.6%)

  🏆 Best Paper Runner-up Award

• GradSafe: Detecting Jailbreak Prompts for LLMs via Safety-Critical Gradient Analysis PDF Code

  Yueqi Xie, Minghong Fang, Renjie Pi, and Neil Gong

  In Proc. ACL, 2024 (acceptance rate: 21.3%)

• Poisoning Federated Recommender Systems with Fake Users PDF

  Ming Yin*, Yichang Xu*, Minghong Fang, and Neil Zhenqiang Gong

  In Proc. The Web Conference (WWW), 2024 (*co-primary authors, acceptance rate: 20.2%)

• Robust Federated Learning Mitigates Client-side Training Data Distribution Inference Attacks PDF

  Yichang Xu*, Ming Yin*, Minghong Fang, and Neil Zhenqiang Gong

  In Proc. The Web Conference (WWW), 2024 (*co-primary authors)

• IPCert: Provably Robust Intellectual Property Protection for Machine Learning PDF

  Zhengyuan Jiang, Minghong Fang, and Neil Zhenqiang Gong

  In Proc. ICCV Workshops, 2023

• Machine learning-based modeling approaches for estimating pyrolysis products of varied biomass and operating conditions PDF

  Jiangfeng Shen, Mengguo Yan, Minghong Fang, and Xi Gao

  In Bioresource Technology Reports, 2022

• AFLGuard: Byzantine-robust Asynchronous Federated Learning PDF

  Minghong Fang, Jia Liu, Neil Zhenqiang Gong, and Elizabeth S. Bentley

  In Proc. ACM ACSAC, 2022 (acceptance rate: 24.1%)

• NET-FLEET: Achieving Linear Convergence Speedup for Fully Decentralized Federated Learning with Heterogeneous Data PDF

  Xin Zhang, Minghong Fang, Zhuqing Liu, Haibo Yang, Jia Liu, and Zhengyuan Zhu

  In Proc. ACM MobiHoc, 2022 (acceptance rate: 19.8%)

• FairRoad: Achieving Fairness for Recommender Systems with Optimized Antidote Data PDF

  Minghong Fang, Jia Liu, Michinari Momma, and Yi Sun

  In Proc. ACM SACMAT, 2022

• Data Poisoning Attacks and Defenses to Crowdsourcing Systems PDF

  Minghong Fang, Minghao Sun, Qi Li, Neil Zhenqiang Gong, Jin Tian, and Jia Liu

  In Proc. The Web Conference (WWW), 2021 (acceptance rate: 20.6%)

• Achieving Linear Speedup with Partial Worker Participation in Non-IID Federated Learning PDF

  Haibo Yang, Minghong Fang, and Jia Liu

  In Proc. ICLR, 2021 (acceptance rate: 28.7%)

• FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping PDF Code

  Xiaoyu Cao*, Minghong Fang*, Jia Liu, and Neil Zhenqiang Gong

  In Proc. NDSS, 2021 (*co-primary authors, acceptance rate: 15.2%)

  🏆 Top-cited Security Papers from 2021

• Adaptive Multi-Hierarchical signSGD for Communication-Efficient Distributed Optimization PDF

  Haibo Yang, Xin Zhang, Minghong Fang, and Jia Liu

  In Proc. IEEE SPAWC, Special Session on Distributed Signal Processing for Coding and Communications, 2020 (Invited Paper)

• Private and Communication-Efficient Edge Learning: A Sparse Differential Gaussian-Masking Distributed SGD Approach PDF

  Xin Zhang, Minghong Fang, Jia Liu, and Zhengyuan Zhu

  In Proc. ACM MobiHoc, 2020 (acceptance rate: 15%)

• Influence Function based Data Poisoning Attacks to Top-N Recommender Systems PDF

  Minghong Fang, Neil Zhenqiang Gong, and Jia Liu

  In Proc. The Web Conference (WWW), 2020 (acceptance rate: 25%)

• Toward Low-Cost and Stable Blockchain Networks PDF

  Minghong Fang and Jia Liu

  In Proc. IEEE ICC, 2020

• Local Model Poisoning Attacks to Byzantine-Robust Federated Learning PDF Code

  Minghong Fang*, Xiaoyu Cao*, Jinyuan Jia, and Neil Zhenqiang Gong

  In Proc. USENIX Security Symposium, 2020 (*co-primary authors, acceptance rate: 16.1%)

  🏆 Top-cited Security Papers from 2020

  🏆 Normalized Top-100 Security Papers since 1981

• Byzantine-Resilient Stochastic Gradient Descent for Distributed Learning: A Lipschitz-Inspired Coordinate-wise Median Approach PDF

  Haibo Yang, Xin Zhang, Minghong Fang, and Jia Liu

  In Proc. IEEE CDC, 2019

• Poisoning Attacks to Graph-Based Recommender Systems PDF

  Minghong Fang, Guolei Yang, Neil Zhenqiang Gong, and Jia Liu

  In Proc. ACSAC, 2018 (acceptance rate: 20.1%)

• Prioritizing Disease-Causing Genes Based on Network Diffusion and Rank Concordance PDF

  Minghong Fang, Xiaohua Hu, Tingting He, Yan Wang, Junmin Zhao, Xianjun Shen, and Jie Yuan

  In Proc. IEEE BIBM, 2014 (acceptance rate: 19%)

• A Novel Disease Gene Prediction Method Based on PPI Network PDF

  Junmin Zhao, Tingting He, Xiaohua Hu, Yan Wang, Xianjun Shen, Minghong Fang, and Jie Yuan

  In Proc. IEEE BIBM, 2014 (acceptance rate: 19%)