Hao Fang   3-year Ph.D. candidate Room 1622, Information Building Tsinghua Shenzhen International Graduate School Shenzhen, Guangdong Province, China, 518055 Email: ffhibnese@gmail.com; fangh25@mails.tsinghua.edu.cn Github: FFHow [Google Scholar][ORCID]

Biography

I am a third-year Ph.D. student in the ITML lab in the SIGS, Tsinghua University, where I am fortunate to be supervised by Prof. Shu-Tao Xia. I also work closely with Prof. Bin-Chen. I received my B.S. degree in Computer Science and Technology from Harbin Institute of Technology, Shenzhen, in 2023. I enjoy playing basketball and swimming in my spare time!

My research interests lie primarily in Large Foundation Models and Trustworthy AI, with a recent focus on the Reinforcement Learning of Large Language Models and Agentic Systems.

Publications

(* Equal contribution; ^# Corresponding author)

2026

• Retrievals Can Be Detrimental: Unveiling the Backdoor Vulnerability of Retrieval-Augmented Diffusion Models
  Hao Fang, Xiaohang Sui, Hongyao Yu, Kuofeng Gao, Jiawei Kong, Sijin Yu, Bin Chen, Shu-Tao Xia
  Annual Meeting of the Association for Computational Linguistics (ACL), 2026
  
• When Efficiency Meets Safety: A Benchmark Security Analysis of KV Cache Compression in Large Language Models
  Xiaoxiao Ma, Kuofeng Gao, Zeyi Lu, Wenxi Jiang, Hao Fang, Hao Wu, Bin Chen, Shu-Tao Xia
  Annual Meeting of the Association for Computational Linguistics (ACL), 2026
  
• Infinite Babble: Inflating 3D Vision-Language Model Inference Overhead via Adversarial Geometric Perturbation
  Shuoyang Sun, Jiaxin Hong, Yv Zhang, Kuofeng Gao, Hao Fang, Fan Mo, Bin Chen, Shu-Tao Xia
  Findings of Annual Meeting of the Association for Computational Linguistics (ACL-Findings), 2026
  
• Bypassing Copyright Protection in Diffusion-based Customization via Two-Stage Latent Feature Optimization
  Ziang Xu, Wenbo Yu, Hongyao Yu, Hao Fang, Jiawei Kong, Bin Chen, Hao Wu, Shu-Tao Xia, Zhiyong Wu
  SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), 2026
  
• GaussTrap: Stealthy Backdoor Attacks on 3D Gaussian Splatting for Targeted Scene Misperception
  Jiaxin Hong, Sixu Chen, Shuoyang Sun, Hongyao Yu, Hao Fang, Yuxin Peng, Bin Chen, Jiawei Li
  SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), 2026
  

2025

• Grounding Language with Vision: A Conditional Mutual Information Calibrated Decoding Strategy for Reducing Hallucinations in LVLMs
  Hao Fang, Changle Zhou, Jiawei Kong, Kuofeng Gao, Bin Chen, Tao Liang, Guojun Ma, and Shu-Tao Xia
  Annual Conference on Neural Information Processing Systems (NeuIPS), 2025
  
• Your Language Model Can Secretly Write Like Humans: Contrastive Paraphrase Attacks on LLM-Generated Text Detectors
  Hao Fang, Jiawei Kong, Tianqu Zhuang, Yixiang Qiu, Kuofeng Gao, Bin Chen^#, Shu-Tao Xia, Yaowei Wang, and Min Zhang
  The 2025 Conference on Empirical Methods in Natural Language Processing (EMNLP), 2025
  
• One Perturbation Is Enough: On Generating Universal Adversarial Perturbations against Vision-Language Pre-Training Models
  Hao Fang, Jiawei Kong, Bin Chen^#, Jiawei Li, Hao Wu, Shu-Tao Xia, and Ke Xu
  IEEE/CVF International Conference on Computer Vision (ICCV), 2025
  
• Hierarchical Features Matter: A Deep Exploration of Progressive Parameterization Method for Dataset Distillation
  Xinhao Zhong*,Hao Fang*, Bin Chen^#, Xulin Gu, Meikang Qiu, Shuhan Qi, and Shu-Tao Xia
  IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2025
  
• GI-NAS: Boosting Gradient Inversion Attacks through Adaptive Neural Architecture Search
  Wenbo Yu*, Hao Fang*, Bin Chen ^#, Xiaohang Sui, Chuan Chen, Hao Wu, Shu-Tao Xia, and Ke Xu
  IEEE Transactions on Information Forensics and Security (TIFS)
  
• Stealthy Shield Defense: A Conditional Mutual Information-Based Approach against Black-Box Model Inversion Attacks
  Tianqu Zhuang*, Hongyao Yu*, Yixiang Qiu*, Hao Fang*, Bin Chen^#, and Shu-Tao Xia
  International Conference on Learning Representations (ICLR), 2025
  
• Rank Matters: Understanding and Defending Model Inversion Attacks via Low-Rank Feature Filtering
  Hongyao Yu, Yixiang Qiu, Hao Fang, Tianqu Zhuang, Bin Chen^#, Sijin Yu, Bin Wang, Shu-Tao Xia, Ke Xu
  SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), 2026
  
• Going Beyond Feature Similarity: Effective Dataset distillation based on Class-aware Conditional Mutual Information
  Xinhao Zhong, Bin Chen^#, Hao Fang, Xulin Gu, Shu-Tao Xia, and En-Hui Yang
  International Conference on Learning Representations (ICLR), 2025
  
• ICAS: Detecting Training Data from Autoregressive Image Generative Models
  Hongyao Yu, Yixiang Qiu, Yiheng Yang, Hao Fang, Tianqu Zhuang, Jiaxin Hong, Bin Chen^#, Hao Wu, and Shu-Tao Xia
  ACM Multimedia (ACM MM), 2025
  

2024

• CLIP-Guided Networks for Transferable Targeted Attacks
  Hao Fang, Jiawei Kong, Bin Chen^#, Tao Dai, Hao Wu, and Shu-Tao Xia,
  European Conference on Computer Vision (ECCV), 2024
  
• A Closer Look at GAN Priors: Exploiting Intermediate Features for Enhanced Model Inversion Attacks (Oral)
  Yixiang Qiu*, Hao Fang*, Hongyao Yu*, Bin Chen^#, Meikang Qiu, and Shu-Tao Xia
  European Conference on Computer Vision (ECCV), 2024
  

2023

• GIFD: A Generative Gradient Inversion Method with Feature Domain Optimization
  Hao Fang, Bin Chen^#, Xuan Wang, Zhi Wang, and Shu-Tao Xia
  IEEE/CVF International Conference on Computer Vision (ICCV), 2023
  

Preprint

• Towards Distillation-Resistant Large Language Models: An Information-Theoretic Perspective
  Hao Fang, Tianyi Zhang, Tianqu Zhuang, Jiawei Kong, Kuofeng Gao, Bin Chen, Leqi Liang, Shu-Tao Xia, Ke Xu
  Preprint, 2026
  
• Seeing Through the Chain: Mitigate Hallucination in Multimodal Reasoning Models via CoT Compression and Contrastive Preference Optimization
  Hao Fang, Jinyu Li, Jiawei Kong, Tianqu Zhuang, Kuofeng Gao, Bin Chen, Shu-Tao Xia, Yaowei Wang
  Preprint, 2026
  
• Enhancing Gradient Inversion Attacks in Federated Learning via Hierarchical Feature Optimization
  Hao Fang, Wenbo Yu, Bin Chen, Xuan Wang, Shu-Tao Xia, Qing Liao, Ke Xu
  Preprint, 2026
  
• Privacy Leakage on DNNs: A Survey of Model Inversion Attacks and Defenses
  Hao Fang, Yixiang Qiu, Hongyao Yu, Wenbo Yu, Jiawei Kong, Baoli Chong, Bin Chen, Xuan Wang, Shu-Tao Xia, Ke Xu
  Preprint, 2024
  

Services

I was a reviewer / PC member of conferences：

• International Conference of Machine Learning (ICML) 2026
• IEEE Conference on Computer Vision and Pattern Recognition (CVPR) 2025
• ACM Multimedia (MM) 2025-2026
• Neural Information Processing Systems (NeurIPS) 2025
• International Conference on Learning Representations (ICLR) 2025-2026
• Association for the Advancement of Artificial Intelligence (AAAI) 2026
• International Joint Conferences on Artificial Intelligence (IJCAI) 2024

I was a reviewer of journals:

• IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI)
• IEEE Transactions on Information Forensics and Security (TIFS)
• IEEE Transactions on Dependable and Secure Computing (TDSC)
• IEEE Transactions on Mobile Computing (TMC)
• ACM Computing Survey
• IEEE Transactions on Medical Imaging (TMI)

Honors & Awards

• NeurIPS 2025 "Reviewer : Top Reviewer", 2025.10
• Chinese National Scholarship for Postgraduate Students, Tsinghua University, 2025.10
• First class scholarship, Tsinghua University, 2024.10
• First class scholarship × 3, Harbin Institute of Technology, Shenzhen
• Fang Binxing Academician Scholarship, Harbin Institute of Technology, Shenzhen, 2023.03
• Chinese National Scholarship for Undergraduate Students (Top 1.5%), Harbin Institute of Technology, Shenzhen, 2022.12
• Excellent Student Model (Top 0.3%), 2022.09

2025 Hao Fang