Yinpeng Dong   Assistant Professor College of AI, Tsinghua University Beijing, China, 100084 Email: [email protected]; [email protected] [Curriculum Vitae] [Google Scholar] [Twitter] [Github]

Biography

I am an assistant professor of College of AI at Tsinghua University. Previously, I was a postdoctoral researcher in the Department of Computer Science and Technology, Tsinghua University, collaborated with Prof. Jun Zhu. I received my B.E. and Ph. D. degrees from the Department of Computer Science and Technology, Tsinghua University in July, 2017 and January, 2022.

My research interests are primarily on machine learning and AI safety. I'm enthusiastic about advancing the scientific understanding of frontier models and algorithms (e.g., large language models, multimodal models, AI alignment, diffusion models) as a foundation for developing safe, reliable, and trustworthy AI/AGI systems. I am looking for highly motivated PhD students and research interns interested in AI theory, algorithms, and safety.

News

• [Nov. 2025] I served as an Area Chair for NeurIPS2025/AAAI2026/ICLR2026.
• [Dec. 2024] Our workshop Test-time Scaling for Computer Vision has been accepted by CVPR 2025.
• [Dec. 2024] I will serve as an Area Chair for ICML 2025.
• [Sep. 2024] I'm invited to give a talk at ECCV 2024 Workshop on The Dark Side of Generative AIs and Beyond. Please find my slide here.
• [Sep. 2024] I am named in the list of world's top-2% scientists for the single-year (2023) impact released by Stanford/Elsevier.
• [Aug. 2024] I will serve as an Area Chair for ICLR 2025.
• [Aug. 2024] Our paper "Omniview-Tuning: Boosting Viewpoint Invariance of Vision-Language Pre-training Models" has been selected for an oral presentation at ECCV 2024. Please see more details in our project page.
• [Jun. 2024] We open-sourced MultiTrust, a comprehensive benchmark to evaluate the trustworthiness of multimodal large language models (MLLMs). Please see more details in our paper and code.
• [Oct. 2023] I am named in the list of world's top-2% scientists for the single-year impact released by Stanford/Elsevier.
• [Sep. 2023] Our recent paper shows that multimodal large language models are also vulnerable to adversarial perturbations of images. Our attack leads to 45% success rate against GPT-4V, 22% success rate against Google's Bard, 26% success rate against Bing Chat, and 86% success rate against ERNIE Bot. Code is available.
• [Dec. 2022] My PhD Thesis "Adversarial Attacks and Robustness Evaluation in Deep Learning" (in Chinese) has been selected as the CCF Outstanding Doctoral Dissertation Award.
• [Oct. 2022] Our paper "BadDet: Backdoor Attacks on Object Detection" has been selected as the Best Paper Award in the ECCV 2022 workshop on Adversarial Robustness in the Real World.

Publications

(* equal contribution; ^# corresponding author)

2025

• Red-Teaming Text-to-Image Systems by Rule-based Preference Modeling
  Yichuan Cao, Yibo Miao, Xiao-Shan Gao, and Yinpeng Dong^#
  Advances in Neural Information Processing Systems (NeurIPS), San Diego, USA, 2025
  
• Mitigating Overthinking in Large Reasoning Models via Manifold Steering
  Yao Huang, Huanran Chen, Shouwei Ruan, Yichi Zhang, Xingxing Wei, and Yinpeng Dong^#
  Advances in Neural Information Processing Systems (NeurIPS), San Diego, USA, 2025
  
• DeceptionBench: A Comprehensive Benchmark for AI Deception Behaviors in Real-world Scenarios
  Yao Huang, Yitong Sun, Yichi Zhang, Ruochen Zhang, Yinpeng Dong, and Xingxing Wei
  Advances in Neural Information Processing Systems (NeurIPS), San Diego, USA, 2025
  
• STAIR: Improving Safety Alignment with Introspective Reasoning (Oral, Accept rate ~1%)
  Yichi Zhang, Siyuan Zhang, Yao Huang, Zeyu Xia, Zhengwei Fang, Xiao Yang, Ranjie Duan, Dong Yan, Yinpeng Dong^#, and Jun Zhu^#
  International Conference on Machine Learning (ICML), Vancouver, Canada, 2025
  
• Efficient Input-level Backdoor Defense on Text-to-Image Synthesis via Neuron Activation Variation (Highlight, Accept rate ~2%)
  Shengfang Zhai, Jiajun Li, Yue Liu, Huanran Chen, Zhihua Tian, Wenjie Qu, Qingni Shen, Ruoxi Jia, Yinpeng Dong^#, and Jiaheng Zhang
  International Conference on Computer Vision (ICCV), Honolulu, Hawaii, USA, 2025
  
• AdvDreamer Unveils: Are Vision-Language Models Truly Ready for Real-World 3D Variations? (Highlight, Accept rate ~2%)
  Shouwei Ruan, Hanqing Liu, Yao Huang, Xiaoqi Wang, Caixin Kang, Hang Su, Yinpeng Dong, and Xingxing Wei
  International Conference on Computer Vision (ICCV), Honolulu, Hawaii, USA, 2025
  
• Exploring the Generalizability of Factual Hallucination Mitigation via Enhancing Precise Knowledge Utilization
  Siyuan Zhang, Yichi Zhang, Yinpeng Dong, Hang Su
  Empirical Methods in Natural Language Processing (EMNLP), Suzhou, China, 2025
  
• Breaking the Ceiling: Exploring the Potential of Jailbreak Attacks through Expanding Strategy Space
  Yao Huang, Yitong Sun, Shouwei Ruan, Yichi Zhang, Yinpeng Dong^#, and Xingxing Wei^#
  The 63rd Annual Meeting of the Association for Computational Linguistics (ACL), Vienna, Austria, 2025
  
• A Comprehensive Study on Robustness of Image Classification Models: Benchmarking and Rethinking
  Chang Liu*, Yinpeng Dong*, Wenzhao Xiang, Xiao Yang, Hang Su, Jun Zhu, Yuefeng Chen, Yuan He, Hui Xue, and Shibao Zheng
  International Journal of Computer Vision (IJCV), 2025
  
• Face3DAdv: Exploiting Robust Adversarial 3D Patches on Physical Face Recognition
  Xiao Yang, Longlong Xu, Tianyu Pang, Yinpeng Dong^#, Yikai Wang, Hang Su, and Jun Zhu
  International Journal of Computer Vision (IJCV), 2025
  
• Real-World Adversarial Defense Against Patch Attacks Based on Diffusion Model
  Xingxing Wei, Caixin Kang, Yinpeng Dong, Zhengyi Wang, Shouwei Ruan, Yubo Chen, and Hang Su
  IEEE Transaction on Pattern Analysis and Machine Intelligence (TPAMI), 2025
  
• Distributionally Location-Aware Transferable Adversarial Patches for Facial Images
  Xingxing Wei, Shouwei Ruan, Yinpeng Dong, Hang Su, and Xiaochun Cao
  IEEE Transaction on Pattern Analysis and Machine Intelligence (TPAMI), 2025
  

2024

• MultiTrust: A Comprehensive Benchmark Towards Trustworthy Multimodal Large Language Models
  Yichi Zhang, Yao Huang, Yitong Sun, Chang Liu, Zhe Zhao, Zhengwei Fang, Yifan Wang, Huanran Chen, Xiao Yang, Xingxing Wei, Hang Su, Yinpeng Dong^#, and Jun Zhu
  Advances in Neural Information Processing Systems (NeurIPS) Datasets and Benchmarks Track, Vancouver, Canada, 2024
  
• T2VSafetyBench: Evaluating the Safety of Text-to-Video Generative Models
  Yibo Miao, Yifan Zhu, Lijia Yu, Jun Zhu, Xiao-Shan Gao, and Yinpeng Dong^#
  Advances in Neural Information Processing Systems (NeurIPS) Datasets and Benchmarks Track, Vancouver, Canada, 2024
  
• Diffusion Models are Certifiably Robust Classifiers
  Huanran Chen, Yinpeng Dong, Shitong Shao, Zhongkai Hao, Xiao Yang, Hang Su, and Jun Zhu
  Advances in Neural Information Processing Systems (NeurIPS), Vancouver, Canada, 2024
  
• Membership Inference on Text-to-Image Diffusion Models via Conditional Likelihood Discrepancy
  Shengfang Zhai, Huanran Chen, Yinpeng Dong^#, Jiajun Li, Qingni Shen, Yansong Gao, Hang Su, and Yang Liu
  Advances in Neural Information Processing Systems (NeurIPS), Vancouver, Canada, 2024
  
• Improving Robustness of 3D Point Cloud Recognition from a Fourier Perspective
  Yibo Miao, Yinpeng Dong^#, Jinlai Zhang, Lijia Yu, Xiao Yang, and Xiao-Shan Gao
  Advances in Neural Information Processing Systems (NeurIPS), Vancouver, Canada, 2024
  
• Omniview-Tuning: Boosting Viewpoint Invariance of Vision-Language Pre-training Models (Oral)
  Shouwei Ruan, Yinpeng Dong, Liu Hanqing, Yao Huang, Hang Su, and Xingxing Wei
  European Conference on Computer Vision (ECCV), Milano, Italy, 2024
  
• DIFFender: Diffusion-Based Adversarial Defense against Patch Attacks
  Caixin Kang, Yinpeng Dong, Zhengyi Wang, Shouwei Ruan, Yubo Chen, Hang Su, and Xingxing Wei
  European Conference on Computer Vision (ECCV), Milano, Italy, 2024
  
• Natural Language Induced Adversarial Images
  Xiaopei Zhu, Peiyang Xu, Guanning Zeng, Yinpeng Dong, and Xiaolin Hu
  ACM International Conference on Multimedia (MM), Melbourne, Australia, 2024
  
• Making Them Ask and Answer: Jailbreaking Large Language Models in Few Queries via Disguise and Reconstruction
  Tong Liu, Yingjie Zhang, Zhe Zhao, Yinpeng Dong, Guozhu Meng, and Kai Chen
  33rd USENIX Security Symposium (USENIX Security '24), Philadelphia, PA, USA, 2024
  
• Robust Classification via a Single Diffusion Model
  Huanran Chen, Yinpeng Dong, Zhengyi Wang, Xiao Yang, Chengqi Duan, Hang Su, and Jun Zhu
  International Conference on Machine Learning (ICML), Vienna, Austria, 2024
  
• Efficient Black-box Adversarial Attacks via Bayesian Optimization Guided by a Function Prior
  Shuyu Cheng, Yibo Miao, Yinpeng Dong^#, Xiao Yang, Xiao-Shan Gao, and Jun Zhu
  International Conference on Machine Learning (ICML), Vienna, Austria, 2024
  
• Machine Vision Therapy: Multimodal Large Language Models Can Enhance Visual Robustness via Denoising In-Context Learning
  Zhuo Huang, Chang Liu, Yinpeng Dong, Hang Su, Shibao Zheng, and Tongliang Liu
  International Conference on Machine Learning (ICML), Vienna, Austria, 2024
  
• Toward Availability Attacks in 3D Point Clouds
  Yifan Zhu, Yibo Miao, Yinpeng Dong, and Xiao-Shan Gao
  International Conference on Machine Learning (ICML), Vienna, Austria, 2024
  
• Exploring the Transferability of Visual Prompting for Multimodal Large Language Models (Highlight, Accept rate ~2.8%)
  Yichi Zhang, Yinpeng Dong^#, Siyuan Zhang, Tianzan Min, Hang Su, and Jun Zhu
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Seattle, USA, 2024
  
• Towards Transferable Targeted 3D Adversarial Attack in the Physical World
  Yao Huang, Yinpeng Dong^#, Shouwei Ruan, Xiao Yang, Hang Su, and Xingxing Wei
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Seattle, USA, 2024
  
• Focus on Hiders: Exploring Hidden Threats for Enhancing Adversarial Training
  Qian Li, Yuxiao Hu, Yinpeng Dong, Dongxiao Zhang, and Yuntian Chen
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Seattle, USA, 2024
  
• Rethinking Model Ensemble in Transfer-based Adversarial Attacks
  Huanran Chen, Yichi Zhang, Yinpeng Dong^#, Xiao Yang, Hang Su, and Jun Zhu
  International Conference on Learning Representations (ICLR), Vienna, Austria, 2024
  
• Embodied Active Defense: Leveraging Recurrent Feedback to Counter Adversarial Patches
  Lingxuan Wu, Xiao Yang, Yinpeng Dong, Liuwei Xie, Hang Su, and Jun Zhu
  International Conference on Learning Representations (ICLR), Vienna, Austria, 2024
  

2023

• How Robust is Google’s Bard to Adversarial Image Attacks?
  Yinpeng Dong, Huanran Chen, Jiawei Chen, Zhengwei Fang, Xiao Yang, Yichi Zhang, Yu Tian, Hang Su, and Jun Zhu
  NeurIPS 2023 Workshop on Robustness of Few-shot and Zero-shot Learning in Foundation Models, New Orleans, USA, 2023
  
• Learning Sample Difficulty from Pre-trained Models for Reliable Prediction
  Peng Cui, Dan Zhang, Zhijie Deng, Yinpeng Dong, and Jun Zhu
  Advances in Neural Information Processing Systems (NeurIPS), New Orleans, USA, 2023
  
• Towards Viewpoint-Invariant Visual Recognition via Adversarial Training
  Shouwei Ruan, Yinpeng Dong, Hang Su, Jianteng Peng, Ning Chen, and Xingxing Wei
  International Conference on Computer Vision (ICCV), Paris, France, 2023
  
• Root Pose Decomposition Towards Generic Non-rigid 3D Reconstruction with Monocular Videos
  Yikai Wang, Yinpeng Dong, Fuchun Sun, and Xiao Yang
  International Conference on Computer Vision (ICCV), Paris, France, 2023
  
• Text-to-Image Diffusion Models can be Easily Backdoored through Multimodal Data Poisoning (Oral)
  Shengfang Zhai, Yinpeng Dong^#, Qingni Shen, Shi Pu, Yuejian Fang, and Hang Su
  ACM International Conference on Multimedia (MM), Ottawa, Canada, 2023
  
• The Art of Defense: Letting Networks Fool the Attacker
  Jinlai Zhang, Yinpeng Dong, Binbin Liu, Bo Ouyang, Jihong Zhu, Minchi Kuang, Houqing Wang, and Yanmei Meng
  IEEE Transactions on Information Forensics and Security (TIFS), 2023
  
• GNOT: A General Neural Operator Transformer for Operator Learning
  Zhongkai Hao, Zhengyi Wang, Hang Su, Chengyang Ying, Yinpeng Dong, Songming Liu, Ze Cheng, Jian Song, Jun Zhu
  International Conference on Machine Learning (ICML), Honolulu, Hawaii, USA, 2023
  
• Benchmarking Robustness of 3D Object Detection to Common Corruptions in Autonomous Driving
  Yinpeng Dong, Caixin Kang, Jinlai Zhang, Zijian Zhu, Yikai Wang, Xiao Yang, Hang Su, Xingxing Wei, and Jun Zhu
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Vancouver, Canada, 2023
  [code]
• Towards Effective Adversarial Textured 3D Meshes on Physical Face Recognition (Highlight, Accept rate ~2.5%)
  Xiao Yang, Chang Liu, Longlong Xu, Yikai Wang, Yinpeng Dong^#, Ning Chen, Hang Su, and Jun Zhu
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Vancouver, Canada, 2023
  
• Understanding the Robustness of 3D Object Detectors with Bird’s-Eye-View Representations in Autonomous Driving
  Zijian Zhu, Yichi Zhang, Hai Chen, Yinpeng Dong^#, Shu Zhao, Wenbo Ding, Jiachen Zhong, and Shibao Zheng
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Vancouver, Canada, 2023
  
• Compacting Binary Neural Networks by Sparse Kernel Selection
  Yikai Wang, Wenbing Huang, Yinpeng Dong, Fuchun Sun, and Anbang Yao
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Vancouver, Canada, 2023
  

2022

• ViewFool: Evaluating the Robustness of Visual Recognition to Adversarial Viewpoints
  Yinpeng Dong, Shouwei Ruan, Hang Su, Caixin Kang, Xingxing Wei, and Jun Zhu
  Advances in Neural Information Processing Systems (NeurIPS), New Orleans, USA, 2022
  [code] [slide]
• Pre-trained Adversarial Perturbations
  Yuanhao Ban and Yinpeng Dong^#
  Advances in Neural Information Processing Systems (NeurIPS), New Orleans, USA, 2022
  [code]
• Isometric 3D Adversarial Examples in the Physical World
  Yibo Miao, Yinpeng Dong^#, Jun Zhu, and Xiao-Shan Gao
  Advances in Neural Information Processing Systems (NeurIPS), New Orleans, USA, 2022
  
• Kallima: A Clean-label Framework for Textual Backdoor Attacks
  Xiaoyi Chen, Yinpeng Dong, Zeyu Sun, Shengfang Zhai, Qingni Shen, and Zhonghai Wu
  European Symposium on Research in Computer Security (ESORICS), Online, 2022
  
• Boosting Transferability of Targeted Adversarial Examples via Hierarchical Generative Networks
  Xiao Yang, Yinpeng Dong, Tianyu Pang, Hang Su, and Jun Zhu
  Advances in European Conference on Computer Vision (ECCV), Tel Aviv, Israel, 2022
  
• BadDet: Backdoor Attacks on Object Detection (Best Paper Award)
  Shih-Han Chan, Yinpeng Dong, Jun Zhu, Xiaolu Zhang, Jun Zhou
  ECCV 2022 workshop on Adversarial Robustness in the Real World, Tel Aviv, Israel, 2022
  
• Towards Generalizable Detection of Face Forgery via Self-Guided Model-Agnostic Learning
  Xiao Yang, Shilong Liu, Yinpeng Dong, Hang Su, Lei Zhang, and Jun Zhu
  Pattern Recognition Letters, 2022
  
• AutoDA: Automated Decision-based Iterative Adversarial Attacks
  Qi-An Fu, Yinpeng Dong, Hang Su, Jun Zhu, and Chao Zhang
  31st USENIX Security Symposium (USENIX Security '22), Boston, MA, USA, 2022
  
• GSmooth: Certified Robustness against Semantic Transformations via Generalized Randomized Smoothing
  Zhongkai Hao, Chengyang Ying, Yinpeng Dong, Hang Su, Jian Song, and Jun Zhu
  International Conference on Machine Learning (ICML), Baltimore, Maryland, USA, 2022
  
• Two Coupled Rejection Metrics Can Tell Adversarial Examples Apart
  Tianyu Pang, Huishuai Zhang, Di He, Yinpeng Dong, Hang Su, Wei Chen, Jun Zhu, and Tie-Yan Liu
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), New Orleans, Louisiana, USA, 2022
  
• Exploring Memorization in Adversarial Training
  Yinpeng Dong, Ke Xu, Xiao Yang, Tianyu Pang, Zhijie Deng, Hang Su, and Jun Zhu
  International Conference on Learning Representations (ICLR), Online, 2022
  [code] [slide]

2021

• Query-Efficient Black-box Adversarial Attacks Guided by a Transfer-based Prior
  Yinpeng Dong*, Shuyu Cheng*, Tianyu Pang, Hang Su, and Jun Zhu
  IEEE Transaction on Pattern Analysis and Machine Intelligence (TPAMI), 2021
  [code]
• Accumulative Poisoning Attacks on Real-time Data
  Tianyu Pang*, Xiao Yang*, Yinpeng Dong, Hang Su, and Jun Zhu
  Advances in Neural Information Processing Systems (NeurIPS), Online, 2021
  
• Black-box Detection of Backdoor Attacks with Limited Information and Data
  Yinpeng Dong, Xiao Yang, Zhijie Deng, Tianyu Pang, Zihao Xiao, Hang Su, and Jun Zhu
  International Conference on Computer Vision (ICCV), Online, 2021
  [appendix] [slide] [poster]
• Towards Face Encryption by Generating Adversarial Identity Masks
  Xiao Yang, Yinpeng Dong, Tianyu Pang, Hang Su, Jun Zhu, Yuefeng Chen, and Hui Xue
  International Conference on Computer Vision (ICCV), Online, 2021
  
• Improving Transferability of Adversarial Patches on Face Recognition with Generative Models
  Zihao Xiao, Xianfeng Gao, Chilin Fu, Yinpeng Dong, Wei Gao, Xiaolu Zhang, Jun Zhou, and Jun Zhu
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Online, 2021
  
• Bag of Tricks for Adversarial Training
  Tianyu Pang, Xiao Yang, Yinpeng Dong, Hang Su, and Jun Zhu
  International Conference on Learning Representations (ICLR), Vienna, Austria, 2021
  

2020

• Adversarial Distributional Training for Robust Deep Learning
  Yinpeng Dong*, Zhijie Deng*, Tianyu Pang, Hang Su, and Jun Zhu
  Advances in Neural Information Processing Systems (NeurIPS), Vancouver, Canada, 2020
  [arXiv] [appendix] [code] [poster]
• Understanding and Exploring the Network with Stochastic Architectures
  Zhijie Deng, Yinpeng Dong, Shifeng Zhang, and Jun Zhu
  Advances in Neural Information Processing Systems (NeurIPS), Vancouver, Canada, 2020
  
• Boosting Adversarial Training with Hypersphere Embedding
  Tianyu Pang, Xiao Yang, Yinpeng Dong, Kun Xu, Hang Su, and Jun Zhu
  Advances in Neural Information Processing Systems (NeurIPS), Vancouver, Canada, 2020
  
• Benchmarking Adversarial Robustness on Image Classification (Oral)
  Yinpeng Dong, Qi-An Fu, Xiao Yang, Tianyu Pang, Hang Su, Zihao Xiao, and Jun Zhu
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Seattle, USA, 2020
  [arXiv] [appendix] [code] [video] [slide]
• Delving into the Adversarial Robustness on Face Recognition
  Xiao Yang, Dingcheng Yang, Yinpeng Dong, Wenjian Yu, Hang Su, and Jun Zhu
  arXiv preprint 2007.04118
  
• Rethinking Softmax Cross-Entropy Loss for Adversarial Robustness
  Tianyu Pang, Kun Xu, Yinpeng Dong, Chao Du, Ning Chen, and Jun Zhu
  International Conference on Learning Representations (ICLR), Addis Ababa, Ethiopia, 2020
  

2019

• Improving Black-box Adversarial Attacks with a Transfer-based Prior
  Shuyu Cheng*, Yinpeng Dong*, Tianyu Pang, Hang Su, and Jun Zhu
  Advances in Neural Information Processing Systems (NeurIPS), Vancouver, Canada, 2019
  [arXiv] [code]
• Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks (Oral)
  Yinpeng Dong, Tianyu Pang, Hang Su, and Jun Zhu
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Long Beach, USA, 2019
  [arXiv] [appendix] [code] [video] [poster]
• Efficient Decision-based Black-box Adversarial Attacks on Face Recognition
  Yinpeng Dong, Hang Su, Baoyuan Wu, Zhifeng Li, Wei Liu, Tong Zhang, and Jun Zhu
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Long Beach, USA, 2019
  [arXiv] [appendix] [code] [poster]
• Stochastic Quantization for Learning Accurate Low-bit Deep Neural Networks
  Yinpeng Dong, Renkun Ni, Jianguo Li, Yurong Chen, Hang Su, and Jun Zhu
  International Journal of Computer Vision (IJCV), 2019
  [code]
• Batch Virtual Adversarial Training for Graph Convolutional Networks
  Zhijie Deng, Yinpeng Dong, and Jun Zhu
  ICML 2019 Workshop on Learning and Reasoning with Graph-Structured Representation, Long Beach, USA, 2019
  
• Towards Interpretable Deep Neural Networks by Leveraging Adversarial Examples
  Yinpeng Dong, Hang Su, Jun Zhu, Fan Bao, and Bo Zhang
  AAAI-19 Workshop on Network Interpretability for Deep Learning, Honolulu, Hawaii, USA, 2019
  
• Composite Binary Decomposition Networks
  You Qiaoben, Zheng Wang, Jianguo Li, Yinpeng Dong, Yu-Gang Jiang, and Jun Zhu
  The Thirty-Third AAAI Conference on Artificial Intelligence (AAAI), Honolulu, Hawaii, USA, 2019
  

2018

• Adversarial Vision Challenge
  Wieland Brendel, Jonas Rauber, Alexey Kurakin, Nicolas Papernot, Behar Veliqi, Sharada P. Mohanty, Florian Laurent, Marcel Salathé, Matthias Bethge, Yaodong Yu, Hongyang Zhang, Susu Xu, Hongbao Zhang, Pengtao Xie, Eric P. Xing, Thomas Brunner, Frederik Diehl, Jérôme Rony, Luiz Gustavo Hafemann, Shuyu Cheng, Yinpeng Dong, Xuefei Ning, Wenshuo Li, Yu Wang
  NeurIPS 2018 Competition Chapter
  
• Towards Robust Detection of Adversarial Examples (Spotlight)
  Tianyu Pang, Chao Du, Yinpeng Dong, and Jun Zhu
  Advances in Neural Information Processing Systems (NeurIPS), Montreal, Canada, 2018
  
• Adversarial Attacks and Defences Competition
  Alexey Kurakin, Ian Goodfellow, Samy Bengio, Yinpeng Dong, Fangzhou Liao, Ming Liang, Tianyu Pang, Jun Zhu, Xiaolin Hu, Cihang Xie, Jianyu Wang, Zhishuai Zhang, Zhou Ren, Alan Yuille, Sangxia Huang, Yao Zhao, Yuzhe Zhao, Zhonglin Han, Junjiajia Long, Yerkebulan Berdibekov, Takuya Akiba, Seiya Tokui, and Motoki Abe
  NeurIPS 2017 Competition Chapter
  
• Learning Visual Knowledge Memory Networks for Visual Question Answering
  Zhou Su, Chen Zhu, Yinpeng Dong, Dongqi Cai, Yurong Chen, and Jianguo Li
  IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Salt Lake City, USA, 2018
  
• Defense against Adversarial Attacks Using High-Level Representation Guided Denoiser
  Fangzhou Liao, Ming Liang, Yinpeng Dong, Tianyu Pang, Jun Zhu, and Xiaolin Hu
  IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Salt Lake City, USA, 2018
  [code]
• Boosting Adversarial Attacks with Momentum (Spotlight)
  Yinpeng Dong, Fangzhou Liao, Tianyu Pang, Hang Su, Jun Zhu, Xiaolin Hu, and Jianguo Li
  IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Salt Lake City, USA, 2018
  [arXiv] [non-targeted attack] [targeted attack] [poster]

2017

• Learning Accurate Low-Bit Deep Neural Networks with Stochastic Quantization (Oral, Best Paper Nomination)
  Yinpeng Dong, Renkun Ni, Jianguo Li, Yurong Chen, Jun Zhu, and Hang Su
  British Machine Vision Conference (BMVC), London, UK, 2017
  [code] [slide] [poster]
• Forecast the Plausible Paths in Crowd Scenes
  Hang Su, Jun Zhu, Yinpeng Dong, and Bo Zhang
  International Joint Conference on Artificial Intelligence (IJCAI), Melbourne, Australia, 2017
• Improving Interpretability of Deep Neural Networks with Semantic Information
  Yinpeng Dong, Hang Su, Jun Zhu, and Bo Zhang
  IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Honolulu, Hawaii, USA, 2017
  [arXiv] [video] [poster]

2016

• Efficient and Robust Semi-supervised Learning over a Sparse-Regularized Graph
  Hang Su, Jun Zhu, Zhaozheng Yin, Yinpeng Dong, and Bo Zhang
  European Conference on Computer Vision (ECCV), Amsterdam, The Netherlands, 2016
• Feature Engineering and Ensemble Modeling for Paper Acceptance Rank Prediction
  Yujie Qian*, Yinpeng Dong*, Ye Ma*, Hailong Jin, and Juanzi Li
  SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD) Workshop KDDCUP, San Francisco, USA, 2016
• Crowd Scene Understanding with Coherent Recurrent Neural Networks
  Hang Su, Yinpeng Dong, Jun Zhu, Haibin Ling, and Bo Zhang
  International Joint Conference on Artificial Intelligence (IJCAI), New York, USA, 2016
  [slide] [poster]

Services

Organizer for:
ICCV 2025 Workshop on SaFeMM-AI: Safe and Trustworthy Multimodal AI Systems
CVPR 2025 Workshop on Test-time Scaling for Computer Vision
ICCV 2023 Workshop on Adversarial Robustness in the Real World
ECCV 2022 Workshop on Adversarial Robustness in the Real World
AAAI 2022 Workshop on Adversarial Machine Learning and Beyond
ICML 2021 Workshop on A Blessing in Disguise: The Prospects and Perils of Adversarial Machine Learning
ICCV 2021 Workshop on Adversarial Robustness in the Real World
CVPR 2021 Workshop on Adversarial Machine Learning in Real-World Computer Vision Systems and Online Challenges (AML-CV)

Area Chair for:
ICLR 2025; ICML 2025; NeurIPS 2025
AAAI 2026; ICLR 2026

Competitions

• Our team (Yinpeng Dong, Chang Liu, Wenzhao Xiang, Yichi Zhang, Haoxing Ye) won the first place in the Adversarial Robustness of Deep Learning track of 2022 International Algorithm Case Competition.
• Our team (Xiao Yang, Dingcheng Yang, Shilong Liu, Zihao Xiao, Yinpeng Dong) won the first place in the GeekPwn DeepFake competition (October 24th, 2020).
• Our team (Shuyu Cheng, Xiao Yang, Dingcheng Yang, Yinpeng Dong) won the first places in the GeekPwn CAAD CTF and Adversarial Patch competitions (October 24th, 2019).
• Our team (Shuyu Cheng and Yinpeng Dong) won the second place in the Untargeted Attack track of NeurIPS 2018 Adversarial Vision Challenge.
• Our team (Yinpeng Dong, Tianyu Pang, Chao Du) won the second places in the Targeted Adversarial Attack track and Defense Against Adversarial Attack track, as well as the third place in the Non-targeted Adversarial Attack track of GeekPwn CAAD (Competition on Adversarial Attacks and Defenses).
• Our team (Tianyu Pang, Chao Du, Yinpeng Dong) won the first place in GeekPwn CAAD (Competition on Adversarial Attacks and Defenses) CTF competition (Las Vegas) in August 10th, 2018.
• Our team (Yinpeng Dong, Fangzhou Liao, Tianyu Pang) won the first places in all three sub-competitions (Non-targeted Adversarial Attacks, Targeted Adversarial Attacks and Defense Against Adversarial Attack) of NeurIPS 2017 Adversarial Attacks and Defenses. We release our codes at [non-targeted attack], [targeted attack] and [defense] for these three tracks. The detailed algorithms are summarized in Boosting Adversarial Attacks with Momentum and Defense against Adversarial Attacks Using High-Level Representation Guided Denoiser.
• Our team (Yujie Qian, Yinpeng Dong, Ye Ma) won the the second place in KDDCUP 2016. This competition is about paper acceptance prediction.

Honors & Awards

• Asian Trustworthy Machine Learning (ATML) Fellowships, 2024.08
• Tsinghua Outstanding Postdoctoral Researcher, 2023.07
• CCF Outstanding Doctoral Dissertation Award (CCF优秀博士学位论文激励计划), 2022.12
• China National Postdoctoral Program for Innovative Talents (博新计划), 2022.06
• Shuimu Tsinghua Scholar Program, 2022.01
• Beijing Outstanding Graduates, 2022.01
• ByteDance Scholars Program, 2020.11
• Tsinghua-HUAWEI Scholarship, Tsinghua University, 2020.10
• Baidu Fellowship, 2020.01
• '84' Future Innovation Scholarship, CST Department of Tsinghua University, 2019.12
  This award is given to Tianyu pang and me for our research on adversarial robustness.
• Microsoft Research Asia (MSRA) Fellowship, 2019.11
• China National Scholarship, Tsinghua University, 2019.10
• VALSE Annual Outstanding Student Paper Award, 2019.04
  This award is given to "Boosting Adversarial Attacks with Momentum" in CVPR 2018.
• CCF-CV Academic Emerging Award (CCF-CV 学术新锐奖), 2018.11
  Only 3 students in China were awarded for their research in computer vision during the first three years of Ph.D. career.
• China National Scholarship, Tsinghua University, 2018.10
• Tsinghua University Future PhD Fellowship, Tsinghua University, 2017.09
  This fellowship was given to only 2 students in our department.

Teaching

2023.06, Lecturer in CCF ADL140: Robust Machine Learning
2019 spring, Head TA in Statistical Machine Learning, instructed by Prof. Jun Zhu Last update: Nov. 2025 by Yinpeng Dong