Ph.D. candidateI am currently a second-year Ph.D. student in the School of Computer Science at the University of Sydney, supervised by Prof. Weidong Cai. Prior to this, I received my M.E. and B.E. degrees from the School of Computer Science and Engineering at Northwestern Polytechnical University (NPU) in 2023 and 2020, respectively, under the supervision of Prof. Yong Xia.
My research focuses on Trustworthy AI, particularly backdoor attacks. Recently, I have been investigating security threats in 3D point cloud data and vision-language models (VLMs).
Warning
Problem: The current name of your GitHub Pages repository ("Solution: Please consider renaming the repository to "
http://".
However, if the current repository name is intended, you can ignore this message by removing "{% include widgets/debug_repo_name.html %}" in index.html.
Action required
Problem: The current root path of this site is "baseurl ("_config.yml.
Solution: Please set the
baseurl in _config.yml to "Education
-
The University of SydneySchool of Computer Science
Ph.D. candidateJan. 2024 - present -
Northwestern Polytechnical UniversityM.E. in Computer Science and TechnologySep. 2020 - Apr. 2023 -
Northwestern Polytechnical UniversityB.E. in Computer Science and TechnologySep. 2016 - Jul. 2020
Experience
-
JD Explore AcademyAlgorithm InternJul. 2021 - Dec. 2021
Honors & Awards
-
USYD-CSC Postgraduate Research Scholarship2024
-
Excellent Master's Thesis2023
-
Outstanding Graduate of NPU2023
-
Social Activity Scholarship of NPU2021
News
Selected Publications (view all )
Stealthy Patch-Wise Backdoor Attack in 3D Point Cloud via Curvature Awareness
Yu Feng, Dingxin Zhang, Dongnan Liu, Runkai Zhao, Yong Xia, Heng Huang, Weidong Cai
Arxiv 2025
We propose SPBA, a stealthy patch-wise backdoor attack for 3D point clouds that leverages local spectral perturbations guided by geometric complexity to achieve high attack success rates while maintaining state-of-the-art imperceptibility.
Stealthy Patch-Wise Backdoor Attack in 3D Point Cloud via Curvature Awareness
Yu Feng, Dingxin Zhang, Dongnan Liu, Runkai Zhao, Yong Xia, Heng Huang, Weidong Cai
Arxiv 2025
We propose SPBA, a stealthy patch-wise backdoor attack for 3D point clouds that leverages local spectral perturbations guided by geometric complexity to achieve high attack success rates while maintaining state-of-the-art imperceptibility.
Contrastive Neuron Pruning for Backdoor Defense
Yu Feng*, Benteng Ma*, Dongnan Liu, Yanning Zhang, Weidong Cai, Yong Xia (* equal contribution)
IEEE Transactions on Image Processing (TIP) 2025
We propose Contrastive Neuron Pruning (CNP), a label-free defense that leverages contrastive learning to identify and prune backdoor-associated neurons, effectively mitigating backdoor attacks with minimal impact on model structure.
Contrastive Neuron Pruning for Backdoor Defense
Yu Feng*, Benteng Ma*, Dongnan Liu, Yanning Zhang, Weidong Cai, Yong Xia (* equal contribution)
IEEE Transactions on Image Processing (TIP) 2025
We propose Contrastive Neuron Pruning (CNP), a label-free defense that leverages contrastive learning to identify and prune backdoor-associated neurons, effectively mitigating backdoor attacks with minimal impact on model structure.
Federated adaptive reweighting for medical image classification
Benteng Ma*, Yu Feng*, Geng Chen, Changyang Li, Yong Xia (* equal contribution)
Pattern Recognition (PR) 2023
We propose a novel Federated Adaptive Reweighting (FedAR) algorithm for medical image classification. FedAR employs a flexible re-weighting scheme that can balance adaptively the contributions of the amount of data and the performance of the local model on each client to the weight of that client.
Federated adaptive reweighting for medical image classification
Benteng Ma*, Yu Feng*, Geng Chen, Changyang Li, Yong Xia (* equal contribution)
Pattern Recognition (PR) 2023
We propose a novel Federated Adaptive Reweighting (FedAR) algorithm for medical image classification. FedAR employs a flexible re-weighting scheme that can balance adaptively the contributions of the amount of data and the performance of the local model on each client to the weight of that client.
Fiba: Frequency-injection based backdoor attack in medical image analysis
Yu Feng*, Benteng Ma*, Jing Zhang, Shanshan Zhao, Yong Xia, Dacheng Tao (* equal contribution)
Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) 2022
We propose a novel Frequency-Injection based Backdoor Attack method (FIBA) that is capable of delivering attacks in various medical image analysis tasks.
Fiba: Frequency-injection based backdoor attack in medical image analysis
Yu Feng*, Benteng Ma*, Jing Zhang, Shanshan Zhao, Yong Xia, Dacheng Tao (* equal contribution)
Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) 2022
We propose a novel Frequency-Injection based Backdoor Attack method (FIBA) that is capable of delivering attacks in various medical image analysis tasks.