+
+||Date|Speaker|Title|Sharer|
+|---|:---:|:---:|:---:|:---:|
+|1|2026.01.02|章琦||||
+|2|2026.01.09|职巳杰||||
+|3|2026.01.16|刘家宁||||
+|4|2026.01.23|赵芷茗||||
+|5|2026.01.30|曾睿||||
+|6|2026.02.06|王异鸣||||
+|7|2026.02.13|||||
+|8|2026.02.20|||||
+|9|2026.02.27|张铃沛||||
+|10|2026.03.06|陈曦||||
+|11|2026.03.13|冯周||||
+|12|2026.03.20|丁婉蒙||||
+|13|2026.03.27|贺兴||||
+|14|2026.04.03|李欣迪||||
+|15|2026.04.10|李俊豪||||
+
+## System Security Group Meeting
+**Location**:Cao Guangbiao High-tech Building 201
+
+**Time**: Sunday 18:00
+
+
+
+||Date|Speaker|Title|Sharer|
+|---|:---:|:---:|:---:|:---:|
+|1|2026.01.04|杨禹||||
From 73275b5f13ddbbd2f91c833498a1aae662a4d7af Mon Sep 17 00:00:00 2001
From: ZJUNESA <70901109+ZJUNESA@users.noreply.github.com>
Date: Wed, 8 Oct 2025 16:18:16 +0800
Subject: [PATCH 321/330] Update README.md
---
README.md | 54 +++++++++++++++++++++++++++---------------------------
1 file changed, 27 insertions(+), 27 deletions(-)
diff --git a/README.md b/README.md
index 42154b3..f80a8b5 100644
--- a/README.md
+++ b/README.md
@@ -23,35 +23,35 @@ such as **conference, title, abstract**,which can be written in the form of [m
|9|2025.02.28|甘雨由|Systematic review of the development of open-source multimodal large language models|-|
|10|2025.03.07|王异鸣|Rethinking the Invisible Protection against Unauthorized Image Usage in Stable Diffusion|Usenix Security 2024|
|11|2025.03.14|李欣迪|Stealthy Backdoor Attack in Self-Supervised Learning Vision Encoders for Large Vision Language Models|CVPR 2025|
-|12|2025.03.21|李俊豪|||
-|13|2025.03.28|贺兴|||
-|14|2024.04.04|陈曦|||
-|15|2025.04.11|陈佳豪|||
-|16|2025.04.18|刘家宁|||
-|17|2025.04.25|张童|||
-|18|2025.05.02|张铃沛|||
-|19|2025.05.09|曾睿|||
-|20|2025.05.16|周豪杰|||
-|21|2025.05.23|冯周|||
-|22|2025.05.30|赵芷茗|||
-|23|2025.06.06|杨勇|||
-|24|2025.06.13|麻瓯勃|||
-|25|2025.06.20|王异鸣|||
-|26|2025.06.27|李俊豪|||
+|12|2025.03.21|陈曦|Deliberative Alignment Reasoning Enables Safer Language Models|OpenAI|
+|13|2025.03.28|贺兴|DIAGNOSIS: Detecting Unauthorized Data Usages in Text-to-Image Diffusion Models|ICLR 2024|
+|14|2024.04.04|李俊豪|Air Gap: Protecting Privacy-Conscious Conversational Agents|CCS 2024|
+|15|2025.04.11|陈佳豪|On the Security and Privacy Risks of Model Content Protocol||
+|16|2025.04.18|张铃沛|CS-LSTMs: Context and Seasonal LSTMs for Time Series Anomaly Detection||
+|17|2025.04.25|张童|Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution|NDSS 2024|
+|18|2025.05.02|刘家宁|AutoDAN-Turbo: A Lifelong Agent for Strategy Self-Exploration to Jailbreak LLMs|ICLR 2025|
+|19|2025.05.09|曾睿|DataSentinel: A Game-Theoretic Detection of Prompt Injection Attacks|SP 2025|
+|20|2025.05.16|周豪杰|SELFDEFEND: LLMs Can Defend Themselves against Jailbreaking in a Pratical Manner|USENIX Security 2025|
+|21|2025.05.23|冯周|Whispering Under the Eaves: Protecting User Privacy Against Commercial and LLM-powered Automatic Speech Recognition Systems|USENIX Security 2025|
+|22|2025.05.30|赵芷茗|Safety Alignment Should Be Made More Than Just A Few Tokens Deep|ICLR 2025|
+|23|2025.06.06|杨勇|Alleviating the Fear of Losing Alignment in LLM Fine-Tuning|SP 2025|
+|24|2025.06.13|王异鸣|DORMANT: Defending against Pose-driven Human Image Animation|USENIX Security 2025|
+|25|2025.06.20|麻瓯勃|Loss of Plasticity in Deep Reinforcement Learning||
+|26|2025.06.27|李俊豪|Doxing via the Lens: Revealing Location-related Privacy Leakage on Multi-modal Large Reasoning Models|arXiv|
|27|2025.07.04|李欣迪|||
-|28|2025.07.11|贺兴|||
-|29|2025.07.18|陈佳豪|||
+|28|2025.07.11|贺兴|Fuzz-Testing Meets LLM-Based Agents: An Automated and Efficient Framework for Jailbreaking Text-To-Image Generation Models|SP 2025|
+|29|2025.07.18|陈佳豪|Delving into the Privacy Risks of Generative Models||
|30|2025.07.25|陈曦|||
-|31|2025.08.01|林瑞潇|||
-|32|2025.08.08|姜毅|||
-|33|2025.08.15|甘雨由|||
-|34|2025.08.22|周豪杰|||
-|35|2025.08.29|张童|||
-|36|2025.09.05|曾睿|||
-|37|2025.09.12|冯周|||
-|38|2025.09.19|赵芷茗|||
-|39|2025.09.26|刘家宁|||
-|40|2025.10.03|王异鸣|||
+|31|2025.08.01|林瑞潇|Industrial Frameworks of LLM-based Multi-Agent Systems||
+|32|2025.08.08|张童|Towards Label-Only Membership Inference Attack against Pre-trained Large Language Models|USENIX Security 2025|
+|33|2025.08.15|周豪杰|Safety Layers in Aligned Large Language Models: The Key to LLM Security|ICLR 2025|
+|34|2025.08.22|甘雨由|SafeNeuron: Detecting Jailbreaking in Large Vision Language Model via Locating Critical Neurons|AAAI 2025|
+|35|2025.08.29|冯周|SafeSpeech: Robust and Universal Voice Protection Against Malicious Speech Synthesis|USENIX Security 2025|
+|36|2025.09.05|曾睿|Cloak, Honey, Trap: Proactive Defenses Against LLM Agents|USENIX Security 2025|
+|37|2025.09.12|王异鸣|||
+|38|2025.09.19|姜毅|Cascading Adversarial Bias from Injection to Distillation in Language Models|CCS 2025|
+|39|2025.09.26|刘家宁|We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs|USENIX Security 2025|
+|40|2025.10.03|赵芷茗|Test-Time Poisoning Attacks Against Test-Time Adaptation Models|SP 2024|
|41|2025.10.10|李欣迪|||
|42|2025.10.17|陈佳豪|||
|43|2025.10.24|张铃沛|||
From 23d5a4d68fc09524c57c5be220a8a7704759abf0 Mon Sep 17 00:00:00 2001
From: ZJUNESA <70901109+ZJUNESA@users.noreply.github.com>
Date: Wed, 8 Oct 2025 17:22:03 +0800
Subject: [PATCH 322/330] Update README.md
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index f80a8b5..2d18c97 100644
--- a/README.md
+++ b/README.md
@@ -38,17 +38,17 @@ such as **conference, title, abstract**,which can be written in the form of [m
|24|2025.06.13|王异鸣|DORMANT: Defending against Pose-driven Human Image Animation|USENIX Security 2025|
|25|2025.06.20|麻瓯勃|Loss of Plasticity in Deep Reinforcement Learning||
|26|2025.06.27|李俊豪|Doxing via the Lens: Revealing Location-related Privacy Leakage on Multi-modal Large Reasoning Models|arXiv|
-|27|2025.07.04|李欣迪|||
+|27|2025.07.04|李欣迪|Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink|USENIX Security 2025|
|28|2025.07.11|贺兴|Fuzz-Testing Meets LLM-Based Agents: An Automated and Efficient Framework for Jailbreaking Text-To-Image Generation Models|SP 2025|
|29|2025.07.18|陈佳豪|Delving into the Privacy Risks of Generative Models||
-|30|2025.07.25|陈曦|||
+|30|2025.07.25|陈曦|BadRobot: Jailbreaking Embodied LLMs in the Physical World|ICLR 2025|
|31|2025.08.01|林瑞潇|Industrial Frameworks of LLM-based Multi-Agent Systems||
|32|2025.08.08|张童|Towards Label-Only Membership Inference Attack against Pre-trained Large Language Models|USENIX Security 2025|
|33|2025.08.15|周豪杰|Safety Layers in Aligned Large Language Models: The Key to LLM Security|ICLR 2025|
|34|2025.08.22|甘雨由|SafeNeuron: Detecting Jailbreaking in Large Vision Language Model via Locating Critical Neurons|AAAI 2025|
|35|2025.08.29|冯周|SafeSpeech: Robust and Universal Voice Protection Against Malicious Speech Synthesis|USENIX Security 2025|
|36|2025.09.05|曾睿|Cloak, Honey, Trap: Proactive Defenses Against LLM Agents|USENIX Security 2025|
-|37|2025.09.12|王异鸣|||
+|37|2025.09.12|王异鸣|Exposing the Guardrails: Reverse-Engineering and Jailbreaking Safety Filters in DALL·E Text-to-Image Pipelines|USENIX Security 2025|
|38|2025.09.19|姜毅|Cascading Adversarial Bias from Injection to Distillation in Language Models|CCS 2025|
|39|2025.09.26|刘家宁|We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs|USENIX Security 2025|
|40|2025.10.03|赵芷茗|Test-Time Poisoning Attacks Against Test-Time Adaptation Models|SP 2024|
From eb33ae4ff41e6aff75f95d8c001a36120540b95c Mon Sep 17 00:00:00 2001
From: ZJUNESA <70901109+ZJUNESA@users.noreply.github.com>
Date: Wed, 8 Oct 2025 18:14:34 +0800
Subject: [PATCH 323/330] Update README.md
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 2d18c97..e9bcf8b 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ such as **conference, title, abstract**,which can be written in the form of [m
|44|2025.10.31|陈曦|||
|45|2025.11.07|李俊豪|||
|46|2025.11.14|贺兴|||
-|47|2025.11.21|陈佳豪||||
+|47|2025.11.21|职巳杰||||
|48|2025.11.28|吴柏祺||||
|49|2025.12.05|朱富康||||
|50|2025.12.12|周豪杰||||
From f4694bae418084272b1bcb882152ffd8c1df963c Mon Sep 17 00:00:00 2001
From: ZJUNESA <70901109+ZJUNESA@users.noreply.github.com>
Date: Wed, 8 Oct 2025 18:14:49 +0800
Subject: [PATCH 324/330] Update README.md
---
Seminar2026/README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Seminar2026/README.md b/Seminar2026/README.md
index c524a1b..907016b 100644
--- a/Seminar2026/README.md
+++ b/Seminar2026/README.md
@@ -15,7 +15,7 @@ such as **conference, title, abstract**,which can be written in the form of [m
||Date|Speaker|Title|Sharer|
|---|:---:|:---:|:---:|:---:|
|1|2026.01.02|章琦||||
-|2|2026.01.09|职巳杰||||
+|2|2026.01.09|陈佳豪||||
|3|2026.01.16|刘家宁||||
|4|2026.01.23|赵芷茗||||
|5|2026.01.30|曾睿||||
From 81e6a02eef45c20597bfb155d01cdcebcd602151 Mon Sep 17 00:00:00 2001
From: ZJUNESA <70901109+ZJUNESA@users.noreply.github.com>
Date: Tue, 16 Dec 2025 16:01:27 +0800
Subject: [PATCH 325/330] Update README.md
---
Seminar2026/README.md | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/Seminar2026/README.md b/Seminar2026/README.md
index 907016b..30884c2 100644
--- a/Seminar2026/README.md
+++ b/Seminar2026/README.md
@@ -40,3 +40,17 @@ such as **conference, title, abstract**,which can be written in the form of [m
||Date|Speaker|Title|Sharer|
|---|:---:|:---:|:---:|:---:|
|1|2026.01.04|杨禹||||
+|2|2026.01.11|徐博||||
+|3|2026.01.18|江世昊||||
+|4|2026.01.25|王晋文||||
+|5|2026.02.01|张宁瑞||||
+|6|2026.02.08|林型双||||
+|7|2026.02.15|||||
+|8|2026.02.22|||||
+|9|2026.03.01|祝遥||||
+|10|2026.03.08|武旗龙||||
+|11|2026.03.15|黄钢||||
+|12|2026.03.22|张凌铭||||
+|13|2026.03.29|刘昕鹏||||
+|14|2026.04.05|常博宇||||
+|15|2026.04.12|杨禹||||
From b8e668d64b3292dd25cf3b5bed1c438995767c9e Mon Sep 17 00:00:00 2001
From: ZJUNESA <70901109+ZJUNESA@users.noreply.github.com>
Date: Tue, 16 Dec 2025 16:02:17 +0800
Subject: [PATCH 326/330] Update README.md
---
Seminar2026/README.md | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/Seminar2026/README.md b/Seminar2026/README.md
index 30884c2..c1c29ef 100644
--- a/Seminar2026/README.md
+++ b/Seminar2026/README.md
@@ -47,10 +47,9 @@ such as **conference, title, abstract**,which can be written in the form of [m
|6|2026.02.08|林型双||||
|7|2026.02.15|||||
|8|2026.02.22|||||
-|9|2026.03.01|祝遥||||
-|10|2026.03.08|武旗龙||||
-|11|2026.03.15|黄钢||||
-|12|2026.03.22|张凌铭||||
-|13|2026.03.29|刘昕鹏||||
-|14|2026.04.05|常博宇||||
-|15|2026.04.12|杨禹||||
+|9|2026.03.01|武旗龙||||
+|10|2026.03.08|黄钢||||
+|11|2026.03.15|张凌铭||||
+|12|2026.03.22|刘昕鹏||||
+|13|2026.03.29|常博宇||||
+|14|2026.04.05|杨禹||||
From abaa8f869e9beeb9e930c78bda90bcf023eaf74d Mon Sep 17 00:00:00 2001
From: ZJUNESA <70901109+ZJUNESA@users.noreply.github.com>
Date: Wed, 17 Dec 2025 13:15:31 +0800
Subject: [PATCH 327/330] Update README.md
---
Seminar2026/README.md | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/Seminar2026/README.md b/Seminar2026/README.md
index c1c29ef..4c3682d 100644
--- a/Seminar2026/README.md
+++ b/Seminar2026/README.md
@@ -44,12 +44,10 @@ such as **conference, title, abstract**,which can be written in the form of [m
|3|2026.01.18|江世昊||||
|4|2026.01.25|王晋文||||
|5|2026.02.01|张宁瑞||||
-|6|2026.02.08|林型双||||
+|6|2026.02.08|武旗龙||||
|7|2026.02.15|||||
|8|2026.02.22|||||
-|9|2026.03.01|武旗龙||||
-|10|2026.03.08|黄钢||||
-|11|2026.03.15|张凌铭||||
-|12|2026.03.22|刘昕鹏||||
-|13|2026.03.29|常博宇||||
-|14|2026.04.05|杨禹||||
+|9|2026.03.01|黄钢||||
+|10|2026.03.08|张凌铭||||
+|11|2026.03.15|常博宇||||
+|12|2026.03.22|杨禹||||
From f7b5a324bcc5c698f41667d0e53579aa27d0b854 Mon Sep 17 00:00:00 2001
From: ZJUNESA <70901109+ZJUNESA@users.noreply.github.com>
Date: Sat, 10 Jan 2026 13:35:47 +0800
Subject: [PATCH 328/330] Update README.md
---
Seminar2026/README.md | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/Seminar2026/README.md b/Seminar2026/README.md
index 4c3682d..a8fe511 100644
--- a/Seminar2026/README.md
+++ b/Seminar2026/README.md
@@ -39,15 +39,13 @@ such as **conference, title, abstract**,which can be written in the form of [m
||Date|Speaker|Title|Sharer|
|---|:---:|:---:|:---:|:---:|
-|1|2026.01.04|杨禹||||
-|2|2026.01.11|徐博||||
-|3|2026.01.18|江世昊||||
-|4|2026.01.25|王晋文||||
-|5|2026.02.01|张宁瑞||||
-|6|2026.02.08|武旗龙||||
+|1|2026.01.04|徐博||||
+|2|2026.01.11|江世昊||||
+|3|2026.01.18|王晋文||||
+|4|2026.01.25|张宁瑞||||
+|5|2026.02.01|武旗龙||||
+|6|2026.02.08|黄钢||||
|7|2026.02.15|||||
|8|2026.02.22|||||
-|9|2026.03.01|黄钢||||
-|10|2026.03.08|张凌铭||||
-|11|2026.03.15|常博宇||||
-|12|2026.03.22|杨禹||||
+|9|2026.03.01|张凌铭||||
+|10|2026.03.08|常博宇||||
From 264ef57e8ec787c202e0e0bf6459d778d0e938a7 Mon Sep 17 00:00:00 2001
From: ZJUNESA <70901109+ZJUNESA@users.noreply.github.com>
Date: Sat, 10 Jan 2026 13:36:31 +0800
Subject: [PATCH 329/330] Update README.md
---
Seminar2025/README.md | 129 ++++++++++++++++++++++++++++++++++--------
1 file changed, 104 insertions(+), 25 deletions(-)
diff --git a/Seminar2025/README.md b/Seminar2025/README.md
index 50d3af9..e9bcf8b 100644
--- a/Seminar2025/README.md
+++ b/Seminar2025/README.md
@@ -1,5 +1,3 @@
-
-
# Agenda 2025
Please upload your **slides** or a **introduction (Chinese or English)** of your presentation **in advance**,
such as **conference, title, abstract**,which can be written in the form of [markdown](http://sspai.com/25137). Please add your title in the agenda.
@@ -12,21 +10,60 @@ such as **conference, title, abstract**,which can be written in the form of [m
-||Date|Speaker|Title|Sharer|
+||Date|Speaker|Title|Publication|
|---|:---:|:---:|:---:|:---:|
-|1|2025.01.03|曾睿|||
-|2|2025.01.10|赵芷茗|||
+|1|2025.01.03|曾睿|BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target|IEEE S&P 2025|
+|2|2025.01.10|赵芷茗|Emulated Disalignment: Safety Alignment for Large Language Models May Backfire!|ACL 2024|
|3|2025.01.17||||
|4|2025.01.24||||
|5|2025.01.31||||
-|6|2025.02.07|冯周|||
-|7|2025.02.14|甘雨由|||
-|8|2025.02.21|王异鸣|||
-|9|2025.02.28|李欣迪|||
-|10|2025.03.07|李俊豪|||
-|11|2025.03.14|贺兴|||
-|12|2025.03.21|陈曦|||
-|13|2025.03.28|陈佳豪|||
+|6|2025.02.07||||
+|7|2025.02.14||||
+|8|2025.02.21|冯周|Towards Backdoor Stealthiness in Model Parameter Space|Preprint 2025|
+|9|2025.02.28|甘雨由|Systematic review of the development of open-source multimodal large language models|-|
+|10|2025.03.07|王异鸣|Rethinking the Invisible Protection against Unauthorized Image Usage in Stable Diffusion|Usenix Security 2024|
+|11|2025.03.14|李欣迪|Stealthy Backdoor Attack in Self-Supervised Learning Vision Encoders for Large Vision Language Models|CVPR 2025|
+|12|2025.03.21|陈曦|Deliberative Alignment Reasoning Enables Safer Language Models|OpenAI|
+|13|2025.03.28|贺兴|DIAGNOSIS: Detecting Unauthorized Data Usages in Text-to-Image Diffusion Models|ICLR 2024|
+|14|2024.04.04|李俊豪|Air Gap: Protecting Privacy-Conscious Conversational Agents|CCS 2024|
+|15|2025.04.11|陈佳豪|On the Security and Privacy Risks of Model Content Protocol||
+|16|2025.04.18|张铃沛|CS-LSTMs: Context and Seasonal LSTMs for Time Series Anomaly Detection||
+|17|2025.04.25|张童|Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution|NDSS 2024|
+|18|2025.05.02|刘家宁|AutoDAN-Turbo: A Lifelong Agent for Strategy Self-Exploration to Jailbreak LLMs|ICLR 2025|
+|19|2025.05.09|曾睿|DataSentinel: A Game-Theoretic Detection of Prompt Injection Attacks|SP 2025|
+|20|2025.05.16|周豪杰|SELFDEFEND: LLMs Can Defend Themselves against Jailbreaking in a Pratical Manner|USENIX Security 2025|
+|21|2025.05.23|冯周|Whispering Under the Eaves: Protecting User Privacy Against Commercial and LLM-powered Automatic Speech Recognition Systems|USENIX Security 2025|
+|22|2025.05.30|赵芷茗|Safety Alignment Should Be Made More Than Just A Few Tokens Deep|ICLR 2025|
+|23|2025.06.06|杨勇|Alleviating the Fear of Losing Alignment in LLM Fine-Tuning|SP 2025|
+|24|2025.06.13|王异鸣|DORMANT: Defending against Pose-driven Human Image Animation|USENIX Security 2025|
+|25|2025.06.20|麻瓯勃|Loss of Plasticity in Deep Reinforcement Learning||
+|26|2025.06.27|李俊豪|Doxing via the Lens: Revealing Location-related Privacy Leakage on Multi-modal Large Reasoning Models|arXiv|
+|27|2025.07.04|李欣迪|Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink|USENIX Security 2025|
+|28|2025.07.11|贺兴|Fuzz-Testing Meets LLM-Based Agents: An Automated and Efficient Framework for Jailbreaking Text-To-Image Generation Models|SP 2025|
+|29|2025.07.18|陈佳豪|Delving into the Privacy Risks of Generative Models||
+|30|2025.07.25|陈曦|BadRobot: Jailbreaking Embodied LLMs in the Physical World|ICLR 2025|
+|31|2025.08.01|林瑞潇|Industrial Frameworks of LLM-based Multi-Agent Systems||
+|32|2025.08.08|张童|Towards Label-Only Membership Inference Attack against Pre-trained Large Language Models|USENIX Security 2025|
+|33|2025.08.15|周豪杰|Safety Layers in Aligned Large Language Models: The Key to LLM Security|ICLR 2025|
+|34|2025.08.22|甘雨由|SafeNeuron: Detecting Jailbreaking in Large Vision Language Model via Locating Critical Neurons|AAAI 2025|
+|35|2025.08.29|冯周|SafeSpeech: Robust and Universal Voice Protection Against Malicious Speech Synthesis|USENIX Security 2025|
+|36|2025.09.05|曾睿|Cloak, Honey, Trap: Proactive Defenses Against LLM Agents|USENIX Security 2025|
+|37|2025.09.12|王异鸣|Exposing the Guardrails: Reverse-Engineering and Jailbreaking Safety Filters in DALL·E Text-to-Image Pipelines|USENIX Security 2025|
+|38|2025.09.19|姜毅|Cascading Adversarial Bias from Injection to Distillation in Language Models|CCS 2025|
+|39|2025.09.26|刘家宁|We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs|USENIX Security 2025|
+|40|2025.10.03|赵芷茗|Test-Time Poisoning Attacks Against Test-Time Adaptation Models|SP 2024|
+|41|2025.10.10|李欣迪|||
+|42|2025.10.17|陈佳豪|||
+|43|2025.10.24|张铃沛|||
+|44|2025.10.31|陈曦|||
+|45|2025.11.07|李俊豪|||
+|46|2025.11.14|贺兴|||
+|47|2025.11.21|职巳杰||||
+|48|2025.11.28|吴柏祺||||
+|49|2025.12.05|朱富康||||
+|50|2025.12.12|周豪杰||||
+|51|2025.12.19|王露怡||||
+|52|2025.12.26|张童||||
## System Security Group Meeting
**Location**:Cao Guangbiao High-tech Building 201
@@ -35,16 +72,58 @@ such as **conference, title, abstract**,which can be written in the form of [m
-||Date|Speaker|Title|Sharer|
+||Date|Speaker|Title|Publication|
|---|:---:|:---:|:---:|:---:|
-|1|2025.01.05|李秉政|||
-|2|2024.01.12|黄钢|||
-|3|2024.01.19|刘昕鹏|||
-|4|2024.01.26||||
-|5|2024.02.02||||
-|6|2024.02.09|江世昊|||
-|7|2024.02.16|张凌铭|||
-|8|2024.02.23|祝遥|||
-|9|2024.03.02|杨禹|||
-|10|2024.03.09|常博宇|||
-|11|2024.03.16|林型双|||
+|1|2025.01.05|李秉政|SymBisect: Accurate Bisection for Fuzzer-Exposed Vulnerabilities|Usenix Security 2024|
+|2|2025.01.12|黄钢|Can LLMs Obfuscate Code? A Systematic Analysis of Large Language Models into Assembly Code Obfuscation|AAAI 2025|
+|3|2025.01.19|刘昕鹏|Unveiling IoT Security in Reality: A Firmware-Centric Journey|Usenix Security 2024|
+|4|2025.01.26||||
+|5|2025.02.02||||
+|6|2025.02.09||||
+|7|2025.02.16||||
+|8|2025.02.23|江世昊|GhostType: The Limits of Using Contactless Electromagnetic Interference to Inject Phantom Keys into Analog Circuits of Keyboards|NDSS 2024|
+|9|2025.03.02|张凌铭|CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing|Usenix Security 2023|
+|10|2025.03.09|祝遥|Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection|NDSS 2025|
+|11|2025.03.16|常博宇|SpecRover: Code Intent Extraction via LLMs|ICSE 2025|
+|12|2025.03.23|杨禹|AdvSQLi: Generating Adversarial SQL Injections Against Real-World WAF-as-a-Service|TIFS 2024|
+|13|2025.03.30|林型双|PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation|NDSS 2025|
+|14|2025.04.06|武旗龙|Large Language Models for Code Analysis : Do LLMs Really Do Their Job?|USENIX Security 2024|
+|15|2025.04.13|李秉政|ARTEMIS: Toward Accurate Detection of Server-Side Request Forgeries through LLM-Assisted Inter-procedural Path-Sensitive Taint Analysis|OOPSLA 2025|
+|16|2025.04.20|黄钢|kAPR: LLM-assisted Automated Program Repair on Linux Kernel|Personal Progress Report|
+|17|2025.04.27|刘昕鹏|Static Analysis for (RTOS-Based) Firmware|Personal Progress Report|
+|18|2025.05.04|江世昊|Inside Your Robot Dog Friend: Architecture and Security Challenges of Embodied AI Intelligent Unmanned Systems|Personal Progress Report|
+|19|2025.05.11|张凌铭|The Case for Learned Provenance-based System Behavior Baseline|ICML 2025|
+|20|2025.05.18|祝遥|Fuzzing across JavaScript and WebAssembly Language Boundary|Personal Progress Report|
+|21|2025.05.25|杨禹|An Empirical Study on EDR Systems’ Robustness against Attack Mutations by LLMs|Personal Progress Report|
+|22|2025.06.01|常博宇|Towards Patch Correctness Assessment|Personal Progress Report|
+|23|2025.06.08|林型双|CompliGuard: Detecting Reusable Components Usage Logical Noncompliance in Smart Contracts|Personal Progress Report|
+|24|2025.06.15|黄钢|HAFE: A Hybrid and Automated PHP WebShell Obfuscation Technique with Branch-Oriented Control and Variable Functions for Detection Evasion|Personal Progress Report|
+|25|2025.06.22|武旗龙|FLLMBackdoor : Stealthy Injection and Triggering in Malicious LLM Deployment Frameworks|Personal Progress Report|
+|26|2025.06.29|祝遥|What We Talk About When We Talk About Logs: Understanding the Effects of Dataset Quality on Endpoint Threat Detection Research|IEEE S&P 2025|
+|27|2025.07.06|张凌铭|RepairAgent: An Autonomous, LLM-Based Agent for Program Repair|ICSE 2025|
+|28|2025.07.13|林型双|Copy-and-Paste? Identifying EVM-Inequivalent Code Smells in Multi-chain Reuse Contracts|ISSTA 2025|
+|29|2025.07.20|江世昊|Demystifying RCE Vulnerabilities in LLM-Integrated Apps|CCS 2024|
+|30|2025.07.27|刘昕鹏|Stealthy and Persistent Attacks Leveraging AI-IDE|Personal Progress Report|
+|31|2025.08.03|杨禹|Generating API Parameter Security Rules with LLM for API Misuse Detection|NDSS 2025|
+|32|2025.08.10|常博宇|COMMITSHIELD: Tracking Vulnerability Introduction and Fix in Version Control Systems|ICSE 2025|
+|33|2025.08.17|黄钢|An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection|USENIX Security 2024|
+|34|2025.08.24|江世昊|BadRobot: Manipulating Embodied LLMs in the Physical World|ICLR 2025|
+|35|2025.08.31|张凌铭|Top Score on the Wrong Exam: On Benchmarking in Machine Learning for Vulnerability Detection|ISSTA 2025|
+|36|2025.09.07|刘昕鹏|UntrustIDE: Exploiting Weaknesses in VS Code Extensions|NDSS 2024|
+|37|2025.09.14|祝遥|AutoLabel: Automated Fine-Grained Log Labeling for Cyber Attack Dataset Generation|USENIX Security 2025|
+|38|2025.09.21|林型双|Forge: An LLM-driven Framework for Large-Scale Smart Contract Vulnerability Dataset Construction|ICSE 2026|
+|39|2025.09.28|武旗龙|The philosopher's stone: Trojaning plugins of large language models|NDSS 2025|
+|40|2025.10.05|常博宇|PATCHAGENT: A Practical Program Repair Agent Mimicking Human Expertise|USENIX Security 2025|
+|41|2025.10.12|杨禹|||
+|42|2025.10.19|徐博||||
+|43|2025.10.26|江世昊||||
+|44|2025.11.02|王晋文||||
+|45|2025.11.09|张宁瑞||||
+|46|2025.11.16|林型双||||
+|47|2025.11.23|祝遥||||
+|48|2025.11.30|武旗龙||||
+|49|2025.12.07|黄钢||||
+|50|2025.12.14|张凌铭||||
+|51|2025.12.21|刘昕鹏||||
+|52|2025.12.28|常博宇||||
+
From ee5053e29d94b09d5aa4ec819ad583141ea5cd19 Mon Sep 17 00:00:00 2001
From: ZJUNESA <70901109+ZJUNESA@users.noreply.github.com>
Date: Sat, 10 Jan 2026 13:37:04 +0800
Subject: [PATCH 330/330] Update README.md
---
README.md | 138 ++++++++++++------------------------------------------
1 file changed, 30 insertions(+), 108 deletions(-)
diff --git a/README.md b/README.md
index e9bcf8b..a8fe511 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
-# Agenda 2025
+
+
+# Agenda 2026
Please upload your **slides** or a **introduction (Chinese or English)** of your presentation **in advance**,
such as **conference, title, abstract**,which can be written in the form of [markdown](http://sspai.com/25137). Please add your title in the agenda.
@@ -10,60 +12,23 @@ such as **conference, title, abstract**,which can be written in the form of [m
-||Date|Speaker|Title|Publication|
+||Date|Speaker|Title|Sharer|
|---|:---:|:---:|:---:|:---:|
-|1|2025.01.03|曾睿|BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target|IEEE S&P 2025|
-|2|2025.01.10|赵芷茗|Emulated Disalignment: Safety Alignment for Large Language Models May Backfire!|ACL 2024|
-|3|2025.01.17||||
-|4|2025.01.24||||
-|5|2025.01.31||||
-|6|2025.02.07||||
-|7|2025.02.14||||
-|8|2025.02.21|冯周|Towards Backdoor Stealthiness in Model Parameter Space|Preprint 2025|
-|9|2025.02.28|甘雨由|Systematic review of the development of open-source multimodal large language models|-|
-|10|2025.03.07|王异鸣|Rethinking the Invisible Protection against Unauthorized Image Usage in Stable Diffusion|Usenix Security 2024|
-|11|2025.03.14|李欣迪|Stealthy Backdoor Attack in Self-Supervised Learning Vision Encoders for Large Vision Language Models|CVPR 2025|
-|12|2025.03.21|陈曦|Deliberative Alignment Reasoning Enables Safer Language Models|OpenAI|
-|13|2025.03.28|贺兴|DIAGNOSIS: Detecting Unauthorized Data Usages in Text-to-Image Diffusion Models|ICLR 2024|
-|14|2024.04.04|李俊豪|Air Gap: Protecting Privacy-Conscious Conversational Agents|CCS 2024|
-|15|2025.04.11|陈佳豪|On the Security and Privacy Risks of Model Content Protocol||
-|16|2025.04.18|张铃沛|CS-LSTMs: Context and Seasonal LSTMs for Time Series Anomaly Detection||
-|17|2025.04.25|张童|Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution|NDSS 2024|
-|18|2025.05.02|刘家宁|AutoDAN-Turbo: A Lifelong Agent for Strategy Self-Exploration to Jailbreak LLMs|ICLR 2025|
-|19|2025.05.09|曾睿|DataSentinel: A Game-Theoretic Detection of Prompt Injection Attacks|SP 2025|
-|20|2025.05.16|周豪杰|SELFDEFEND: LLMs Can Defend Themselves against Jailbreaking in a Pratical Manner|USENIX Security 2025|
-|21|2025.05.23|冯周|Whispering Under the Eaves: Protecting User Privacy Against Commercial and LLM-powered Automatic Speech Recognition Systems|USENIX Security 2025|
-|22|2025.05.30|赵芷茗|Safety Alignment Should Be Made More Than Just A Few Tokens Deep|ICLR 2025|
-|23|2025.06.06|杨勇|Alleviating the Fear of Losing Alignment in LLM Fine-Tuning|SP 2025|
-|24|2025.06.13|王异鸣|DORMANT: Defending against Pose-driven Human Image Animation|USENIX Security 2025|
-|25|2025.06.20|麻瓯勃|Loss of Plasticity in Deep Reinforcement Learning||
-|26|2025.06.27|李俊豪|Doxing via the Lens: Revealing Location-related Privacy Leakage on Multi-modal Large Reasoning Models|arXiv|
-|27|2025.07.04|李欣迪|Mirage in the Eyes: Hallucination Attack on Multi-modal Large Language Models with Only Attention Sink|USENIX Security 2025|
-|28|2025.07.11|贺兴|Fuzz-Testing Meets LLM-Based Agents: An Automated and Efficient Framework for Jailbreaking Text-To-Image Generation Models|SP 2025|
-|29|2025.07.18|陈佳豪|Delving into the Privacy Risks of Generative Models||
-|30|2025.07.25|陈曦|BadRobot: Jailbreaking Embodied LLMs in the Physical World|ICLR 2025|
-|31|2025.08.01|林瑞潇|Industrial Frameworks of LLM-based Multi-Agent Systems||
-|32|2025.08.08|张童|Towards Label-Only Membership Inference Attack against Pre-trained Large Language Models|USENIX Security 2025|
-|33|2025.08.15|周豪杰|Safety Layers in Aligned Large Language Models: The Key to LLM Security|ICLR 2025|
-|34|2025.08.22|甘雨由|SafeNeuron: Detecting Jailbreaking in Large Vision Language Model via Locating Critical Neurons|AAAI 2025|
-|35|2025.08.29|冯周|SafeSpeech: Robust and Universal Voice Protection Against Malicious Speech Synthesis|USENIX Security 2025|
-|36|2025.09.05|曾睿|Cloak, Honey, Trap: Proactive Defenses Against LLM Agents|USENIX Security 2025|
-|37|2025.09.12|王异鸣|Exposing the Guardrails: Reverse-Engineering and Jailbreaking Safety Filters in DALL·E Text-to-Image Pipelines|USENIX Security 2025|
-|38|2025.09.19|姜毅|Cascading Adversarial Bias from Injection to Distillation in Language Models|CCS 2025|
-|39|2025.09.26|刘家宁|We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs|USENIX Security 2025|
-|40|2025.10.03|赵芷茗|Test-Time Poisoning Attacks Against Test-Time Adaptation Models|SP 2024|
-|41|2025.10.10|李欣迪|||
-|42|2025.10.17|陈佳豪|||
-|43|2025.10.24|张铃沛|||
-|44|2025.10.31|陈曦|||
-|45|2025.11.07|李俊豪|||
-|46|2025.11.14|贺兴|||
-|47|2025.11.21|职巳杰||||
-|48|2025.11.28|吴柏祺||||
-|49|2025.12.05|朱富康||||
-|50|2025.12.12|周豪杰||||
-|51|2025.12.19|王露怡||||
-|52|2025.12.26|张童||||
+|1|2026.01.02|章琦||||
+|2|2026.01.09|陈佳豪||||
+|3|2026.01.16|刘家宁||||
+|4|2026.01.23|赵芷茗||||
+|5|2026.01.30|曾睿||||
+|6|2026.02.06|王异鸣||||
+|7|2026.02.13|||||
+|8|2026.02.20|||||
+|9|2026.02.27|张铃沛||||
+|10|2026.03.06|陈曦||||
+|11|2026.03.13|冯周||||
+|12|2026.03.20|丁婉蒙||||
+|13|2026.03.27|贺兴||||
+|14|2026.04.03|李欣迪||||
+|15|2026.04.10|李俊豪||||
## System Security Group Meeting
**Location**:Cao Guangbiao High-tech Building 201
@@ -72,58 +37,15 @@ such as **conference, title, abstract**,which can be written in the form of [m
-||Date|Speaker|Title|Publication|
+||Date|Speaker|Title|Sharer|
|---|:---:|:---:|:---:|:---:|
-|1|2025.01.05|李秉政|SymBisect: Accurate Bisection for Fuzzer-Exposed Vulnerabilities|Usenix Security 2024|
-|2|2025.01.12|黄钢|Can LLMs Obfuscate Code? A Systematic Analysis of Large Language Models into Assembly Code Obfuscation|AAAI 2025|
-|3|2025.01.19|刘昕鹏|Unveiling IoT Security in Reality: A Firmware-Centric Journey|Usenix Security 2024|
-|4|2025.01.26||||
-|5|2025.02.02||||
-|6|2025.02.09||||
-|7|2025.02.16||||
-|8|2025.02.23|江世昊|GhostType: The Limits of Using Contactless Electromagnetic Interference to Inject Phantom Keys into Analog Circuits of Keyboards|NDSS 2024|
-|9|2025.03.02|张凌铭|CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing|Usenix Security 2023|
-|10|2025.03.09|祝遥|Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection|NDSS 2025|
-|11|2025.03.16|常博宇|SpecRover: Code Intent Extraction via LLMs|ICSE 2025|
-|12|2025.03.23|杨禹|AdvSQLi: Generating Adversarial SQL Injections Against Real-World WAF-as-a-Service|TIFS 2024|
-|13|2025.03.30|林型双|PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation|NDSS 2025|
-|14|2025.04.06|武旗龙|Large Language Models for Code Analysis : Do LLMs Really Do Their Job?|USENIX Security 2024|
-|15|2025.04.13|李秉政|ARTEMIS: Toward Accurate Detection of Server-Side Request Forgeries through LLM-Assisted Inter-procedural Path-Sensitive Taint Analysis|OOPSLA 2025|
-|16|2025.04.20|黄钢|kAPR: LLM-assisted Automated Program Repair on Linux Kernel|Personal Progress Report|
-|17|2025.04.27|刘昕鹏|Static Analysis for (RTOS-Based) Firmware|Personal Progress Report|
-|18|2025.05.04|江世昊|Inside Your Robot Dog Friend: Architecture and Security Challenges of Embodied AI Intelligent Unmanned Systems|Personal Progress Report|
-|19|2025.05.11|张凌铭|The Case for Learned Provenance-based System Behavior Baseline|ICML 2025|
-|20|2025.05.18|祝遥|Fuzzing across JavaScript and WebAssembly Language Boundary|Personal Progress Report|
-|21|2025.05.25|杨禹|An Empirical Study on EDR Systems’ Robustness against Attack Mutations by LLMs|Personal Progress Report|
-|22|2025.06.01|常博宇|Towards Patch Correctness Assessment|Personal Progress Report|
-|23|2025.06.08|林型双|CompliGuard: Detecting Reusable Components Usage Logical Noncompliance in Smart Contracts|Personal Progress Report|
-|24|2025.06.15|黄钢|HAFE: A Hybrid and Automated PHP WebShell Obfuscation Technique with Branch-Oriented Control and Variable Functions for Detection Evasion|Personal Progress Report|
-|25|2025.06.22|武旗龙|FLLMBackdoor : Stealthy Injection and Triggering in Malicious LLM Deployment Frameworks|Personal Progress Report|
-|26|2025.06.29|祝遥|What We Talk About When We Talk About Logs: Understanding the Effects of Dataset Quality on Endpoint Threat Detection Research|IEEE S&P 2025|
-|27|2025.07.06|张凌铭|RepairAgent: An Autonomous, LLM-Based Agent for Program Repair|ICSE 2025|
-|28|2025.07.13|林型双|Copy-and-Paste? Identifying EVM-Inequivalent Code Smells in Multi-chain Reuse Contracts|ISSTA 2025|
-|29|2025.07.20|江世昊|Demystifying RCE Vulnerabilities in LLM-Integrated Apps|CCS 2024|
-|30|2025.07.27|刘昕鹏|Stealthy and Persistent Attacks Leveraging AI-IDE|Personal Progress Report|
-|31|2025.08.03|杨禹|Generating API Parameter Security Rules with LLM for API Misuse Detection|NDSS 2025|
-|32|2025.08.10|常博宇|COMMITSHIELD: Tracking Vulnerability Introduction and Fix in Version Control Systems|ICSE 2025|
-|33|2025.08.17|黄钢|An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection|USENIX Security 2024|
-|34|2025.08.24|江世昊|BadRobot: Manipulating Embodied LLMs in the Physical World|ICLR 2025|
-|35|2025.08.31|张凌铭|Top Score on the Wrong Exam: On Benchmarking in Machine Learning for Vulnerability Detection|ISSTA 2025|
-|36|2025.09.07|刘昕鹏|UntrustIDE: Exploiting Weaknesses in VS Code Extensions|NDSS 2024|
-|37|2025.09.14|祝遥|AutoLabel: Automated Fine-Grained Log Labeling for Cyber Attack Dataset Generation|USENIX Security 2025|
-|38|2025.09.21|林型双|Forge: An LLM-driven Framework for Large-Scale Smart Contract Vulnerability Dataset Construction|ICSE 2026|
-|39|2025.09.28|武旗龙|The philosopher's stone: Trojaning plugins of large language models|NDSS 2025|
-|40|2025.10.05|常博宇|PATCHAGENT: A Practical Program Repair Agent Mimicking Human Expertise|USENIX Security 2025|
-|41|2025.10.12|杨禹|||
-|42|2025.10.19|徐博||||
-|43|2025.10.26|江世昊||||
-|44|2025.11.02|王晋文||||
-|45|2025.11.09|张宁瑞||||
-|46|2025.11.16|林型双||||
-|47|2025.11.23|祝遥||||
-|48|2025.11.30|武旗龙||||
-|49|2025.12.07|黄钢||||
-|50|2025.12.14|张凌铭||||
-|51|2025.12.21|刘昕鹏||||
-|52|2025.12.28|常博宇||||
-
+|1|2026.01.04|徐博||||
+|2|2026.01.11|江世昊||||
+|3|2026.01.18|王晋文||||
+|4|2026.01.25|张宁瑞||||
+|5|2026.02.01|武旗龙||||
+|6|2026.02.08|黄钢||||
+|7|2026.02.15|||||
+|8|2026.02.22|||||
+|9|2026.03.01|张凌铭||||
+|10|2026.03.08|常博宇||||