Xinfeng Li

Xinfeng Li

Nanyang Technological University

🔥 News

  • 2025.06:  🔥 AudioTrust, the First Comprehensive Trustworthiness Benchmark for Audio Large Language Models, is now released! We hope this can serve as a solid foundation for academia and industry for safe audio-based LLM system development. [Github] (Media Coverage: [量子位])
  • 2025.06:  🎉 Neural Invisibility Cloak got accepted by USENIX Security’25. Congratulations to Wenjun!
  • 2025.04:  🔥 Lead/Contributed to 3 (Trustworthy) LLM Agent survey papers are now released: (1) TrustAgent: A survey on trustworthy LLM agents: Threats and countermeasures [Paper (Accepted by KDD’25)]; (2) Advances and challenges in foundation agents: From brain-inspired intelligence to evolutionary, collaborative, and safe systems [Paper Github] [HuggingFace] (Media Coverage, e.g., [SANER, 机器之心]); (3) A Comprehensive Survey in LLM (-Agent) Full Stack Safety: Data, Training, and Deployment.
  • 2024.11:  🎉 LightAntenna got accepted by NDSS 2025! We reveal a new Electromagnetic Interference (EMI) threat where everyday fluorescent lamps can secretly manipulate IoT devices. Unlike visible metal antennas, LightAntenna transforms unaltered lamps into stealthy EMI sources, enabling remote attacks up to 20 meters away. This groundbreaking method exposes a hidden threat in plain sight.
  • 2024.08:  💪🏻 Raconteur was accepted by NDSS 2025! Raconteur is the first tool using Large Language Models (LLMs) to explain shell commands clearly. It provides detailed insights into command functions and purposes, aligning with MITRE ATT&CK standards. Equipped with professional cybersecurity knowledge, Raconteur delivers accurate explanations. A documentation retriever helps in understanding new commands. Tested extensively, Raconteur offers unique insights, helping security analysts better understand command intentions. Please find out more (e.g., our dataset) on the [website].
  • 2024.08:  📝 Legilimens was accepted by CCS 2024! A new SOTA for the LLM unsafe moderation technique, with significant improvement in efficiency. Congratulations to Jialin and Dr. Deng.
  • 2024.05:  🔥 SafeGen was accepted by CCS 2024! As T2I technologies advance, their misuse for generating sexually explicit content has become a major concern. SafeGen effectively mitigates this by removing any explicit visual representations from the model, making it safe regardless of the adversarial text input, outperforming eight other protection approaches. SafeGen adjusts the model’s visual self-attention layers to ensure that the high-quality production of benign images is not compromised. More information is on our [code][pretrained model].
  • 2024.05:  🔥 SafeEar got accepted by CCS 2024! To our knowledge, this is the first content privacy-preserving audio deepfake detection framework. As audio deepfakes and user privacy concerns have become increasingly significant societal issues, we demonstrate how to achieve reliable deepfake detection while preventing both machine and human adversaries from eavesdropping on sensitive user speech content. To facilitate future research, we also developed a comprehensive multilingual deepfake dataset (more than 1,500,000 genuine & deepfake audio samples) using advanced TTS/VC techniques. Please check out our [website][code].
  • 2023.08:  🎉 VRifle got accepted by NDSS 2024! We demonstrate how to achieve a completely inaudible adversarial perturbation attack via ultrasound, which achieves the farthest attack range (~10 meters away) and the most universal capability (1 perturbation can tamper with >28,000 benign samples). Our novel ultrasonic transformation model can be generalized to other modalities of attacks, such as laser and electromagnetic.
  • 2023.08:  🔥 I attended the USENIX Security 2023 Symposium and presented our work NormDetect in person.
  • 2023.07:  😄 Our practical backdoor attack (SMA) against ASR models was accepted by ACM MM 2023!
  • 2022.09:  🎉 Tuner and UltraBD were accepted by IoT-J 2023 and ICPADS 2022! We demonstrate a practical inaudible backdoor attack against speaker recognition systems.
  • 2022.07:  💪🏻 NormDetect is accepted by USENIX Security 2023! We rethink the challenging topic of defending against inaudible voice attacks and present a software-based mitigation that can instantly protect legacy and future devices in an actionable and practical manner, which is verified on 24 mainstream smart devices with voice interfaces.
  • 2021.07:  🎉 PROLE Score is accepted by USENIX Security 2022! “OK Siri” or “Hey Google”? We conduct an extensive voiceprint security measurement. Our findings and designed metrics shall aid manufacturers and users in DIY highly secure voiceprint phrases.
  • 2020.12:  🔥 EarArray is accepted by NDSS 2021! We uncover the inherent physical properties of the inaudible attack, i.e., ultrasound field distributions, and redesign microphone arrays for accurate detection and attack localization.