Zihao Zhu

zihaozhu@link.cuhk.edu.cn

Hi, this is Zihao Zhu (朱梓豪). I am currently a Ph.D. student in Data Science at The Chinese University of Hong Kong, Shenzhen, under the supervision of Prof. Baoyuan Wu. Previously, I received my Master’s degree from the Institute of Information Engineering at the University of Chinese Academy of Sciences in 2021.

My research interests lie in the broad area of AI security, with focuses on three main directions:

Security of Large Language Models: I work on understanding and addressing security challenges in LLMs, including jailbreak attacks and AI alignment. This research aims to make language models more robust while maintaining their utility.
Data Security in AI Systems: Data is the fuel of AI. I investigate various aspects of data security in Data-centric AI (DCAI), with particular emphasis on backdoor attacks and data quality assessment.
Security in Embodied AI: I explore security concerns in embodied AI systems, focusing on risk assessment for AI agents. This emerging area is crucial as AI systems become more integrated into physical environments.

If you share similar interests, please feel free to reach out. I am happy to chat and open to exploring opportunities for collaboration.

news

Feb 19, 2025	Our new paper “BoT: Breaking Long Thought Processes of o1-like Large Language Models through Backdoor Attack” is available on arXiv. Check out the code on GitHub.
Dec 07, 2024	One new preprint is available: “HMGIE: Hierarchical and Multi-Grained Inconsistency Evaluation for Vision-Language Data Cleansing”
Jan 20, 2024	Our paper “Learning to Optimize Permutation Flow Shop Scheduling via Graph-based Imitation Learning” has been accepted to AAAI 2024!
Jan 20, 2024	Our paper “VDC: Versatile Data Cleanser based on Visual-Linguistic Inconsistency by Multimodal Large Language Models” has been accepted to ICLR 2024!

selected publications

arXiv

BoT: Breaking Long Thought Processes of o1-like Large Language Models through Backdoor Attack

Zihao Zhu, Hongbao Zhang, Mingda Zhang, Ruotong Wang , Guanzong Wu, Xu Ke, and Baoyuan Wu

arXiv preprint, 2025

Bib PDF Code Website

@article{zhu2025bot,
  title = {BoT: Breaking Long Thought Processes of o1-like Large Language Models through Backdoor Attack},
  author = {Zhu, Zihao and Zhang, Hongbao and Zhang, Mingda and Wang, Ruotong and Wu, Guanzong and Ke, Xu and Wu, Baoyuan},
  journal = {arXiv preprint},
  year = {2025},
}

arXiv

HMGIE: Hierarchical and Multi-Grained Inconsistency Evaluation for Vision-Language Data Cleansing

Zihao Zhu, Hongbao Zhang , Guanzong Wu, Siwei Lyu, and Baoyuan Wu

arXiv preprint, 2024

Bib PDF

@article{zhu2024hmgie,
  title = {HMGIE: Hierarchical and Multi-Grained Inconsistency Evaluation for Vision-Language Data Cleansing},
  author = {Zhu, Zihao and Zhang, Hongbao and Wu, Guanzong and Lyu, Siwei and Wu, Baoyuan},
  journal = {arXiv preprint},
  year = {2024},
}

arXiv

Reliable Poisoned Sample Detection against Backdoor Attacks Enhanced by Sharpness Aware Minimization

Mingda Zhang, Mingli Zhu, Zihao Zhu, and Baoyuan Wu

arXiv preprint, 2024

Bib PDF

@article{zhang2024reliable,
  title = {Reliable Poisoned Sample Detection against Backdoor Attacks Enhanced by Sharpness Aware Minimization},
  author = {Zhang, Mingda and Zhu, Mingli and Zhu, Zihao and Wu, Baoyuan},
  journal = {arXiv preprint},
  year = {2024},
}

arXiv

EARBench: Towards Evaluating Physical Risk Awareness for Task Planning of Foundation Model-based Embodied AI Agents

Zihao Zhu , Bingzhe Wu, Zhengyou Zhang, Lei Han, Qingshan Liu, and Baoyuan Wu

arXiv preprint, 2024

Bib PDF Code

@article{zhu2024earbench,
  title = {EARBench: Towards Evaluating Physical Risk Awareness for Task Planning of Foundation Model-based Embodied AI Agents},
  author = {Zhu, Zihao and Wu, Bingzhe and Zhang, Zhengyou and Han, Lei and Liu, Qingshan and Wu, Baoyuan},
  year = {2024},
  journal = {arXiv preprint},
}

ICLR

VDC: Versatile Data Cleanser based on Visual-Linguistic Inconsistency by Multimodal Large Language Models

Zihao Zhu, Mingda Zhang, Shaokui Wei , Bingzhe Wu, and Baoyuan Wu

In International Conference on Learning Representations, 2024

Bib PDF Code Website

@inproceedings{zhu2024vdc,
  title = {VDC: Versatile Data Cleanser based on Visual-Linguistic Inconsistency by Multimodal Large Language Models},
  author = {Zhu, Zihao and Zhang, Mingda and Wei, Shaokui and Wu, Bingzhe and Wu, Baoyuan},
  booktitle = {International Conference on Learning Representations},
  year = {2024},
}

arXiv

BlackboxBench: A Comprehensive Benchmark of Black-box Adversarial Attacks

Meixi Zheng, Xuanchen Yan, Zihao Zhu, Hongrui Chen, and Baoyuan Wu

arXiv preprint, 2023

Bib PDF

@article{zheng2023blackboxbench,
  title = {BlackboxBench: A Comprehensive Benchmark of Black-box Adversarial Attacks},
  author = {Zheng, Meixi and Yan, Xuanchen and Zhu, Zihao and Chen, Hongrui and Wu, Baoyuan},
  journal = {arXiv preprint},
  year = {2023},
}

arXiv

Defenses in adversarial machine learning: A survey

Baoyuan Wu, Shaokui Wei, Mingli Zhu, Meixi Zheng, Zihao Zhu, Mingda Zhang, Hongrui Chen, Danni Yuan, Li Liu, and Qingshan Liu

arXiv preprint, 2023

Bib PDF

@article{wu2023defenses,
  title = {Defenses in adversarial machine learning: A survey},
  author = {Wu, Baoyuan and Wei, Shaokui and Zhu, Mingli and Zheng, Meixi and Zhu, Zihao and Zhang, Mingda and Chen, Hongrui and Yuan, Danni and Liu, Li and Liu, Qingshan},
  journal = {arXiv preprint},
  year = {2023},
}

arXiv

Boosting backdoor attack with a learnable poisoning sample selection strategy

Zihao Zhu, Mingda Zhang, Shaokui Wei, Li Shen, Yanbo Fan, and Baoyuan Wu

arXiv preprint, 2023

Bib PDF

@article{zhu2023boosting,
  title = {Boosting backdoor attack with a learnable poisoning sample selection strategy},
  author = {Zhu, Zihao and Zhang, Mingda and Wei, Shaokui and Shen, Li and Fan, Yanbo and Wu, Baoyuan},
  journal = {arXiv preprint},
  year = {2023},
}

arXiv

Attacks in adversarial machine learning: A systematic survey from the life-cycle perspective

Baoyuan Wu, Zihao Zhu, Li Liu, Qingshan Liu, Zhaofeng He, and Siwei Lyu

arXiv preprint, 2023

Bib PDF

@article{wu2023attacks,
  title = {Attacks in adversarial machine learning: A systematic survey from the life-cycle perspective},
  author = {Wu, Baoyuan and Zhu, Zihao and Liu, Li and Liu, Qingshan and He, Zhaofeng and Lyu, Siwei},
  journal = {arXiv preprint},
  year = {2023},
}

NeurIPS

BackdoorBench: A Comprehensive Benchmark of Backdoor Learning

Baoyuan Wu, Hongrui Chen, Mingda Zhang, Zihao Zhu, Shaokui Wei, Danni Yuan, and Hongyuan Zha

In Advances in Neural Information Processing Systems, 2022

Bib PDF Code Website

@inproceedings{wu2022backdoorbench,
  title = {BackdoorBench: A Comprehensive Benchmark of Backdoor Learning},
  author = {Wu, Baoyuan and Chen, Hongrui and Zhang, Mingda and Zhu, Zihao and Wei, Shaokui and Yuan, Danni and Zha, Hongyuan},
  booktitle = {Advances in Neural Information Processing Systems},
  year = {2022},
}

ICASSP

From Shallow to Deep: Compositional Reasoning over Graphs for Visual Question Answering

Zihao Zhu

In IEEE International Conference on Acoustics, Speech and Signal Processing, 2022

Bib PDF

@inproceedings{zhu2022shallow,
  title = {From Shallow to Deep: Compositional Reasoning over Graphs for Visual Question Answering},
  author = {Zhu, Zihao},
  booktitle = {IEEE International Conference on Acoustics, Speech and Signal Processing},
  year = {2022},
}

Cross-Modal Knowledge Reasoning for Knowledge-based Visual Question Answering

Jing Yu, Zihao Zhu, Yujing Wang, Weifeng Zhang, Yue Hu, and Jianlong Tan

Pattern Recognition, 2020

Bib PDF

@article{yu2020cross,
  title = {Cross-Modal Knowledge Reasoning for Knowledge-based Visual Question Answering},
  author = {Yu, Jing and Zhu, Zihao and Wang, Yujing and Zhang, Weifeng and Hu, Yue and Tan, Jianlong},
  journal = {Pattern Recognition},
  year = {2020},
}

IJCAI

Mucko: Multi-Layer Cross-Modal Knowledge Reasoning for Fact-based Visual Question Answering

Zihao Zhu, Jing Yu, Yujing Wang, Yajing Sun, Yue Hu , and Qi Wu

In Proceedings of the International Joint Conference on Artificial Intelligence, 2020

Bib PDF

@inproceedings{zhu2020mucko,
  title = {Mucko: Multi-Layer Cross-Modal Knowledge Reasoning for Fact-based Visual Question Answering},
  author = {Zhu, Zihao and Yu, Jing and Wang, Yujing and Sun, Yajing and Hu, Yue and Wu, Qi},
  booktitle = {Proceedings of the International Joint Conference on Artificial Intelligence},
  year = {2020},
}