团队简介：团队聚焦大数据与人工智能安全领域前沿研究，包括AI大模型安全，多模态深度学习，统计机器学习。

团队负责人：钱亚冠教授

核心成员：张宇来、鲍琦琦、孙方莉、袁园、郭艳茹、朱凯

近五年核心成果：

在AI领域国际顶级会议（如ICCV、ECCV）及国内外权威期刊（如IEEE TIFS、IEEE TKDE、IEEE TDSC、IEEE TNNLS、ACM TOPS、《软件学报》《计算机研究与发展》）发表AI安全相关论文30多篇，其中SCI论文25篇（中科院1区TOP 6篇，2区8篇，3区6篇）；中国计算机学会CCF推荐论文30篇（顶会3篇，CCF-A类10篇，CCF-B类11篇）。授权国家发明专利8项，部分成果已落地至智能安防场景。承担中央军委科技委创新特区项目、国家自然科学基金（面上项目、青年项目）、浙江省自然科学基金（重点项目、面上项目、青年项目）等国家级/省部级课题，及企业联合研发项目10余项，科研经费充足。建立广泛的学术交流与合作，包括与浙江大学、哈尔滨工业大学、西安交通大学等高校开展跨学科联合攻关，共享科研平台与数据资源。注重产业落地，与海康威视共建AI安全联合实验室，深度参与企业实际场景的技术攻关，为学生提供丰富的实习实训机会。已培养30余名研究生及AI算法工程师，部分学生继续深造攻读博士学位。

（一）单模态对抗样本攻击

[1] Yaguan Qian, Shuke He, Chenyu Zhao, Jiaqiang Sha, Wei Wang, Bin Wang. “LEA²: A Lightweight Ensemble Adversarial Attack via Non-overlapping Vulnerable Frequency Regions”, International Conference on Computer Vision (ICCV). Paris, France, 2023. (CCF-A)  

[2] Yaguan Qian, Kecheng Chen, Bin Wang, Zhaoquan Gu, Shouling Ji, Wei Wang, Yanchun Zhang. “Enhancing Transferability of Adversarial Examples through Mixed-Frequency Inputs”, IEEE Transactions on Information Forensics and Security (TIFS). Early Access, 2024. (CCF-A，中科院 1区TOP)

[3] Zhaozhe Hu, Bin Chen, Jia-Li Yin, Bo-Hao Chen, Yaguan Qian, Shouling Ji. Mix2Aug: Revisiting Mixing-based Augmentations for Improving Robust Generalization of Adversarial Training. IEEE Transactions on Dependable and Secure Computing, Early Access, 2025. (CCF-A，中科院2区TOP) .

[4]  钱亚冠, 余芹芹, 沙嘉强, 鲍琦琦, 顾钊铨, 纪守领, 王滨. “基于双重信息对齐的多目标生成式对抗攻击”, 2025. 计算机研究与发展

[5] Yaguan Qian, Danfeng Ma, Bin Wang, Jun Pan, Jiamin Wang, Zhaoquan Gu, Jianhai Chen, Wujie Zhou, Jingsheng Lei. “Spot Evasion Attacks: Adversarial Examples for License Plate Recognition Systems with Convolutional Neural Networks”, Computers & Security, 95(2020), p.1-14. (CCF-B)

[6] Yaguan Qian, Jiaming Wang, Haijiang Wang, Zhaoquan Gu, Bin Wang, Shaoning Zeng, Wassim Swaileh. “Visually Imperceptible Adversarial Patch Attacks”. Computers & Security, 123(2022), p.1-11. (CCF-B)

[7]  钱亚冠, 孔亚鑫, 陈科成, 沈云开, 鲍琦琦,纪守领. “利用频谱衰减增强深度神经网络对抗迁移攻击”, 2025. 电子与信息学报

（二）多模态对抗样本攻击

[1] Yaguan Qian, Xuchen Zhu, Qiqi Bao, Fei Yu, Wei Wang, Shouling Ji, Zhaoquan Gu, Bin Wang. “Exploiting Shared Adversarial Features for Attacks in Large Vision-Language Models”, IEEE Transactions on Information Forensics and Security (TIFS), 2026,21, p.592 - 607. (CCF-A，中科院 1区TOP)

[2] Yaguan Qian, Yaxing Kong, Qiqi Bao, Zhaoquan Gu, Bin Wang , Shouling Ji, Jianping Zhang, Zhen Lei. “Individuality & Commonality Attack: Enhancing Transferability in VLP Models through Modal Feature Exploitation”, IEEE Transactions on Image Processing (TIP), 2026, 26, p.1082 - 1095. (CCF-A，中科院 1区TOP)

[3] Yaguan Qian, Qinqin Yu, Qiqi Bao, Shouling Ji, Wei Wang, Bin Wang, Zhaoquan Gu, Zhen Lei. “A Multimodal Adversarial Attack Method Based on Frequency Domain Enhancement and Fine-grained Cross-modal Guidance”, IEEE Transactions on Dependable and Secure Computing (TDSC). 2025,22(6), p.7877-7889. (CCF-A，中科院2区TOP)

[4] Yaguan Qian, Zhihao Chen, Qiqi Bao, Chang Zong, Fei Yu, Shouling Ji, Wei Wang,  Bin Wang, Zhaoquan Gu. RPA: Recursive Perturbation-Based Universal Adversarial Attacks on Multimodal Generative Tasks, 2025, IEEE Transactions on Circuits and Systems for Video Technology (TCSVT). Early Access, 2025. (CCF-B，中科院1区 TOP)

（二）对抗样本防御

[1] Yaguan Qian, Chenyu Zhao, Zhaoquan Gu, Bin Wang, Shouling Ji, Wei Wang, Yanchun Zhang. “F²AT: Feature-Focusing Adversarial Training via Disentanglement of Natural and Perturbed Patterns”. IEEE Transactions on Knowledge and Data Engineering (TKDE). 2025, 37(9), p.5201-5203. (CCF-A，中科院 1区TOP)

[2] Yaguan Qian, Yankai Guo, Qiqi Shao, Jiaming Wang, Bin Wang, Zhaoquan Gu, Xiang Ling, Chunming Wu. “EI-MTD: Moving Target Defense for Edge Intelligence against Adversarial Attacks”, ACM Transactions on Privacy and Security (TOPS), 2022, 25(3), p.23-46. (CCF-B)

[3]  钱亚冠, 马骏, 何念念, 王滨, 顾钊铨, 凌祥, Wassim Swaileh. “面向边缘智能的两阶段对抗知识迁移方法”, 软件学报, 2022, 33(12).

[4]  钱亚冠, 张锡敏, 王滨, 顾钊铨, 李蔚, 云本胜. 基于二阶对抗样本的对抗训练防御, 电子与信息学报, 2021, 43(11):3367-3373.

[5] Jianchang Huang, Yinyao Dai, Fang Lu, Bin Wang, Zhaoquan Gu, Boyang Zhou, Yaguan Qian. “Denoising Deep Features of Convolutional Neural Networks against Adversarial Examples”, Applied Intelligence, 54(2): 1672-1690, 2024 (CCF-C，中科院 2区)

[6] Xiaoguo Ding, Liangjian Zhang, Qiqi Bao,  Yaguan Qian, Bin Wang, Zhaoquan Gu, Yanchun Zhang. “Enhancing robust generalization through appropriate adversarial example attack intensity”, Neurocomputing, 657(2025) (CCF-C，中科院 2区)

[7] Chenyu Zhao, Yaguan Qian, Bin Wang, Zhaoquan Gu, Shouling Ji, Wei Wang, Yanchun Zhang. “Guided Adversarial Training via Diversely Aligned Decision Boundaries and Historical Memory Enhancement”. Neurocomputing, 619(2025). (CCF-C，中科院 2区)

[8] Xiaoyu Liang, Yaguan Qian, Jianchang Huang, Xiang Ling, Bin Wang, and Chunming Wu. “Towards Desirable Decision Boundary by Moderate-Margin Adversarial Training”. Pattern Recognition Letters (PRL), 173(2023), p.30-37, 2023. (CCF-C，中科院 3区)

（三）后门攻击与防御

[1] Yaguan Qian, Zejie Lian, Yiming Li, Wei Wang, Zhaoquan Gu, Bin Wang, Yanchun Zhang. “Evading Backdoor Defense: Hiding Backdoor with Attention-Grabbing Scapegoat”. Computers & Security, 150(2025). (CCF-B)

[2] Jiaoze Mao, Yaguan Qian, Jianchang Huang, Zejie Lian, Renhui Tao, Bin Wang, Wei Wang, Tengteng Yao. “Object-free Backdoor Attack and Defense on Semantic Segmentation”. Computer & Security, 132(2023), p.1-15, 2023. (CCF-B)

[3] Yaguan Qian, Boyuan Ji, Shuke He, Shenhui Huang, Xiang Ling, Bin Wang, Wei Wang. “Enhancing robustness of backdoor attacks on real-world object detection systems”. Journal of Computer Security, 2025, 33(4). (CCF-B)

（四）AI安全的其他相关成果

[1] Yaguan Qian, Zhihao Chen, Qiqi Bao, Yan Gan, Chenhao Lin, Shuo Wang, Jiali Yin, Hegui Zhu, Shouling Ji, Wei Wang, Bin Wang, Zhaoquan Gu. “Adversarial Attacks on Vision-Language Multimodal Systems: A Survey”, ACM Transactions on Privacy and Security (TOPS),  2025. (CCF-B)