Xiaoyun Xu

Xiaoyun Xu

PhD student at Radboud University Nijmegen

About Me

Iโ€™m a final-year PhD student in the Digital Security group at Radboud University, where Iโ€™m fortunate to be advised by Stjepan Picek.

Before that, I earned my MSc in Advanced Computing from the University of Bristol and a BEng in Software Engineering from the University of Electronic Science and Technology of China. I also spent two years as a Research Assistant at ISCAS before starting my PhD.

Research Interests:

My research interests lie primarily in adversarial machine learning and designing robust and general defenses against risks in machine learning technologies.

News

  • 2025.11: ๐ŸŽ‰ MIMIR has been awarded with 3 badges by the Artifact Evaluation Committee of NDSS 2026: Available, Functional, Reproduced.
  • 2025.11: ๐ŸŽ‰ MIMIR is accepted by NDSS 2026.
  • 2025.09: ๐ŸŽ‰ Xiaoyun will serve as a PC member for CCS 2026.
  • 2025.07: ๐ŸŽ‰ โ€œTowards Backdoor Stealthiness in Model Parameter Spaceโ€ has been awarded 3 badges of ACM CCS 2025-A Artifact Evaluation: Artifacts Available, Artifacts Evaluated (Functional), Results Reproduced.
  • 2025.05: ๐ŸŽ‰ One paper is accepted by CCS 2025
  • 2025.02: ๐ŸŽ‰ MIMIR achieved TOP 1 on RobustBench ImageNet Leaderboard
  • 2024.09: ๐ŸŽ‰ BAN is accepted by NeurIPS 2024

Publications

NDSS 2026
sym

MIMIR: Masked Image Modeling for Mutual Information-based Adversarial Robustness

Xiaoyun Xu, Shujian Yu, Zhuoran Liu, Stjepan Picek

Network and Distributed System Security (NDSS) Symposium, 2026

Code arXiv

CCS 2025
sym

Towards Backdoor Stealthiness in Model Parameter Space

Xiaoyun Xu, Zhuoran Liu, Stefanos Koffas, Stjepan Picek

ACM Conference on Computer and Communications Security (CCS), 2025

Code arXiv

NeurIPS 2024
sym

BAN: Detecting Backdoors Activated by Adversarial Neuron Noise

Xiaoyun Xu, Zhuoran Liu, Stefanos Koffas, Shujian Yu, Stjepan Picek

Advances in Neural Information Processing Systems (NeurIPS), 2024

Code arXiv

DSN 2024
sym

Universal Soldier: Using universal adversarial perturbations for detecting backdoor attacks

Xiaoyun Xu, Oguzhan Ersoy, Behrad Tajalli, Stjepan Picek

IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), 2024

arXiv

CCS 2023
sym

Poster: Boosting Adversarial Robustness by Adversarial Pre-training

Xiaoyun Xu, Stjepan Picek

ACM Conference on Computer and Communications Security (CCS), 2023

DSN 2023
sym

IB-RAR: Information Bottleneck as Regularizer for Adversarial Robustness

Xiaoyun Xu, Guilherme Perin, Stjepan Picek

IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), 2023

Code arXiv

CCS@PPLMP 2020
sym

Information leakage by model weights on federated learning

Xiaoyun Xu, Jingzheng Wu, Mutian Yang, Tianyue Luo, Xu Duan, Weiheng Li, Yanjun Wu, Bin Wu

In Proceedings of the 2020 workshop on privacy-preserving machine learning in practice, CCS workshop PPLMP, 2020

Educations

  • 2022 - 2025, PhD student, Radboud University
  • 2017 - 2018, Master, University of Bristol
  • 2013 - 2017, Undergraduate, University of Electronic Science and Technology of China (UESTC)

Services

  • Reviewer/PC: BMVC, ICLR, NeurIPS, SaTML

  • External Reviewer: IEEE SP, NDSS, USENIX Security

Miscellaneous

  • Outside of research, I enjoy seeing the world, exploring diverse cultures and local cuisines, and taking in landscapes.
  • The Legend of Zelda, Sid Meierโ€™s Civilization VI, The Binding of Isaac, Donโ€™t Starve.