CleverHans Lab

Nick Jia

PhD student

Papers

Backdoor Detection through Duplicated Execution of Outsourced Training
Hengrui Jia, Sierra Wyllie, Akram Bin Sediq, Ahmed A. Ibrahim, Nicolas Papernot
In Proceedings of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning

@inproceedings{hengrui2025backdoorconference,
  author = {Jia, Hengrui and Wyllie, Sierra and Sediq, Akram Bin and Ibrahim, Ahmed A. and Papernot, Nicolas},
  booktitle = {Proceedings of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning},
  title = {Backdoor Detection through Duplicated Execution of Outsourced Training},
  year = {2025}
}

Gradients Look Alike: Sensitivity is Often Overestimated in DP-SGD
Anvith Thudi, Hengrui Jia, Casey Meehan, Ilia Shumailov, Nicolas Papernot
In Proceedings of the 33rd USENIX Security Symposium

Paper

@inproceedings{anvith2024gradientsconference,
  author = {Thudi, Anvith and Jia, Hengrui and Meehan, Casey and Shumailov, Ilia and Papernot, Nicolas},
  booktitle = {Proceedings of the 33rd USENIX Security Symposium},
  title = {Gradients Look Alike: Sensitivity is Often Overestimated in DP-SGD},
  year = {2024}
}

Finding Private Bugs: Debugging Implementations of Differentially Private Stochastic Gradient Descent
Congyu Fang, Hengrui Jia, Ali Shahin Shamsabadi, Nicolas Papernot

@article{congyu2024findingpreprint,
  author = {Fang, Congyu and Jia, Hengrui and Shamsabadi, Ali Shahin and Papernot, Nicolas},
  title = {Finding Private Bugs: Debugging Implementations of Differentially Private Stochastic Gradient Descent},
  year = {2024}
}

Augment then Smooth: Reconciling Differential Privacy with Certified Robustness
Jiapeng Wu, Atiyeh Ashari Ghomi, David Glukhov, Jesse C. Cresswell, Franziska Boenisch, Nicolas Papernot

Paper

@article{jiapeng2024augmentjournal,
  author = {Wu, Jiapeng and Ghomi, Atiyeh Ashari and Glukhov, David and Cresswell, Jesse C. and Boenisch, Franziska and Papernot, Nicolas},
  title = {Augment then Smooth: Reconciling Differential Privacy with Certified Robustness},
  year = {2024}
}

LLM Dataset Inference: Detect Datasets, not Strings
Pratyush Maini, Hengrui Jia, Nicolas Papernot, Adam Dziedzic
In Proceedings of the 38th Conference on Neural Information Processing Systems

Paper

@inproceedings{pratyush2024llmconference,
  author = {Maini, Pratyush and Jia, Hengrui and Papernot, Nicolas and Dziedzic, Adam},
  booktitle = {Proceedings of the 38th Conference on Neural Information Processing Systems},
  title = {LLM Dataset Inference: Detect Datasets, not Strings},
  year = {2024}
}

LLM Dataset Inference: Detect Datasets, not Strings
Pratyush Maini, Hengrui Jia, Nicolas Papernot, Adam Dziedzic

Paper

@article{pratyush2024llmworkshop,
  author = {Maini, Pratyush and Jia, Hengrui and Papernot, Nicolas and Dziedzic, Adam},
  title = {LLM Dataset Inference: Detect Datasets, not Strings},
  year = {2024}
}

Sentence Embedding Encoders are Easy to Steal but Hard to Defend
Adam Dziedzic, Franziska Boenisch, Haonan Duan, Mingjian Jiang, Nicolas Papernot

Paper

@article{adam2023sentenceworkshop,
  author = {Dziedzic, Adam and Boenisch, Franziska and Duan, Haonan and Jiang, Mingjian and Papernot, Nicolas},
  title = {Sentence Embedding Encoders are Easy to Steal but Hard to Defend},
  year = {2023}
}

Proof-of-Learning is Currently More Broken Than You Think
Congyu Fang, Hengrui Jia, Anvith Thudi, Mohammad Yaghini, Christopher A. Choquette-Choo, Natalie Dullerud, Varun Chandrasekaran, Nicolas Papernot
In Proceedings of the 8th IEEE European Symposium on Security and Privacy, Delft, Netherlands

Paper

@inproceedings{congyu2023proofoflearningconference,
  author = {Fang, Congyu and Jia, Hengrui and Thudi, Anvith and Yaghini, Mohammad and Choquette-Choo, Christopher A. and Dullerud, Natalie and Chandrasekaran, Varun and Papernot, Nicolas},
  booktitle = {Proceedings of the 8th IEEE European Symposium on Security and Privacy, Delft, Netherlands},
  title = {Proof-of-Learning is Currently More Broken Than You Think},
  year = {2023}
}

On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning
Anvith Thudi, Hengrui Jia, Ilia Shumailov, Nicolas Papernot
In Proceedings of the 31st USENIX Security Symposium

Paper

@inproceedings{anvith2022onconference,
  author = {Thudi, Anvith and Jia, Hengrui and Shumailov, Ilia and Papernot, Nicolas},
  booktitle = {Proceedings of the 31st USENIX Security Symposium},
  title = {On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning},
  year = {2022}
}

A Zest of LIME: Towards Architecture-Independent Model Distances
Hengrui Jia, Hongyu Chen, Jonas Guan, Ali Shahin Shamsabadi, Nicolas Papernot
In Proceedings of the 10th International Conference on Learning Representations

Paper

@inproceedings{hengrui2022aconference,
  author = {Jia, Hengrui and Chen, Hongyu and Guan, Jonas and Shamsabadi, Ali Shahin and Papernot, Nicolas},
  booktitle = {Proceedings of the 10th International Conference on Learning Representations},
  title = {A Zest of LIME: Towards Architecture-Independent Model Distances},
  year = {2022}
}

In Differential Privacy, There is Truth: on Vote-Histogram Leakage in Ensemble Private Learning
Jiaqi Wang, Roei Schuster, Ilia Shumailov, David Lie, Nicolas Papernot
In Proceedings of the 36th Conference on Neural Information Processing Systems

Paper

@inproceedings{jiaqi2022inconference,
  author = {Wang, Jiaqi and Schuster, Roei and Shumailov, Ilia and Lie, David and Papernot, Nicolas},
  booktitle = {Proceedings of the 36th Conference on Neural Information Processing Systems},
  title = {In Differential Privacy, There is Truth: on Vote-Histogram Leakage in Ensemble Private Learning},
  year = {2022}
}

Entangled Watermarks as a Defense against Model Extraction
Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot
In Proceedings of the 30th USENIX Security Symposium

Paper

@inproceedings{hengrui2021entangledconference,
  author = {Jia, Hengrui and Choquette-Choo, Christopher A. and Chandrasekaran, Varun and Papernot, Nicolas},
  booktitle = {Proceedings of the 30th USENIX Security Symposium},
  title = {Entangled Watermarks as a Defense against Model Extraction},
  year = {2021}
}

Proof-of-Learning: Definitions and Practice
Hengrui Jia, Mohammad Yaghini, Christopher A. Choquette-Choo, Natalie Dullerud, Anvith Thudi, Varun Chandrasekaran, Nicolas Papernot
In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA

Paper

@inproceedings{hengrui2021proofoflearningconference,
  author = {Jia, Hengrui and Yaghini, Mohammad and Choquette-Choo, Christopher A. and Dullerud, Natalie and Thudi, Anvith and Chandrasekaran, Varun and Papernot, Nicolas},
  booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA},
  title = {Proof-of-Learning: Definitions and Practice},
  year = {2021}
}

Machine Unlearning
Lucas Bourtoule, Varun Chandrasekaran, Christopher A. Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, Nicolas Papernot
In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA

Paper

@inproceedings{lucas2021machineconference,
  author = {Bourtoule, Lucas and Chandrasekaran, Varun and Choquette-Choo, Christopher A. and Jia, Hengrui and Travers, Adelin and Zhang, Baiwu and Lie, David and Papernot, Nicolas},
  booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA},
  title = {Machine Unlearning},
  year = {2021}
}

SoK: Machine Learning Governance
Varun Chandrasekaran, Hengrui Jia, Anvith Thudi, Adelin Travers, Mohammad Yaghini, Nicolas Papernot

Paper

@article{varun2021sokpreprint,
  author = {Chandrasekaran, Varun and Jia, Hengrui and Thudi, Anvith and Travers, Adelin and Yaghini, Mohammad and Papernot, Nicolas},
  title = {SoK: Machine Learning Governance},
  year = {2021}
}