Chong Xiang

I am a PhD student at Princeton University, advised by Prof. Prateek Mittal. I primarily work on AI security.

I developed a series of certifiably robust defenses against adversarial patch attacks, including PatchGuard, PatchGuard++, PatchCleanser, PatchCURE, DetectorGuard, and ObjectSeeker. Here is a short survey on this topic.

Recently, I have been working on LLM security, e.g., RobustRAG.

I graduated from Shanghai Jiao Tong University (SJTU) with a Bachelor's degree in 2019. I was a member of Network Security and Privacy Protection (NSEC) Lab and was advised by Prof. Haojin Zhu (2016-2019). I also worked with Prof. Bo Li as a research intern at University of Illinois Urbana-Champaign (2018).

Here is my [Curriculum Vitae]. Please feel free to reach out via email at cxiang@princeton.edu :)

Selected Publications

Certifiably Robust RAG against Retrieval Corruption
Chong Xiang^*, Tong Wu^*, Zexuan Zhong, David Wagner, Danqi Chen, Prateek Mittal
arXiv: 2405.15556 [GitHub]
PatchCURE: Improving Certifiable Robustness, Model Utility, and Computation Efficiency of Adversarial Patch Defenses
Chong Xiang, Tong Wu, Sihui Dai, Jonathan Petit, Suman Jana, Prateek Mittal
33rd USENIX Security Symposium (USENIX Security 2024) [GitHub] [USENIX Open Access Media with Video and Slides]
ObjectSeeker: Certifiably Robust Object Detection against Patch Hiding Attacks via Patch-agnostic Masking
Chong Xiang, Alexander Valtchanov, Saeed Mahloujifar, Prateek Mittal
44th IEEE Symposium on Security and Privacy (S&P 2023) [GitHub] [Slides]
PatchCleanser: Certifiably Robust Defense against Adversarial Patches for Any Image Classifier
Chong Xiang, Saeed Mahloujifar, Prateek Mittal
31st USENIX Security Symposium (USENIX Security 2022) [GitHub] [USENIX Open Access Media with Video and Slides]
DetectorGuard: Provably Securing Object Detectors against Localized Patch Hiding Attacks
Chong Xiang, Prateek Mittal
2021 ACM Conference on Computer and Communications Security (CCS 2021) [GitHub] [ACM DL] [Video] [Slides]
PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking
Chong Xiang, Arjun Nitin Bhagoji, Vikash Sehwag, Prateek Mittal
30th USENIX Security Symposium (USENIX Security 2021) [GitHub] [USENIX Open Access Media with Video and Slides]
Generating 3D Adversarial Point Clouds
Chong Xiang, Charles R. Qi, Bo Li
2019 IEEE Conference on Computer Vision and Pattern Recognition (CVPR 2019) [GitHub]
See my C.V. or Google Scholar for a full list of publications

Miscellaneous

Review service: USENIX Security, SaTML, ICML, NeurIPS, ICLR, WWW, AAAI, TPAMI, TIP, TVCG, TIFS, TOPS, TMM
Recorded talk on certifiably robust perception against adversarial patches (April 2023) [link]
Blog posts for adversarial patches and certifiably robust image classification: [post1] [post2]
Paper list for adversarial patch research: [link]
Leaderboard for certifiable robustness against adversarial patch attacks: [link]