Michael Backes

Founding Director and Chairman

CISPA Helmholtz Center for Information Security

director@cispa.de

Research homepage

Home

Group

Publications

Hiring

About

Publication Overview

I published about 300 papers at peer-reviewed international conferences, journals and workshops, and about 140 papers in technical reports. About 100 of these papers were published in the four flagship conference for information security and Privacy (S&P, CCS, Usenix Security, NDSS). I moreover edited 14 proceedings and filed 6 patents. For a continuously updated publication overview, please see my DBLP entry.

Recent publications (2021 -- 2024)

• MGTBench: Benchmarking Machine-Generated Text Detection

  Xinlei He, Xinyue Shen, Zeyuan Chen, Michael Backes, Yang Zhang

  CCS, 2024.

• "Do Anything Now": Characterizing and Evaluating In-The-Wild Jailbreak Prompts on Large Language Models

  Xinyue Shen, Zeyuan Chen, Michael Backes, Yun Shen, Yang Zhang

  CCS, 2024.

• Quantifying Privacy Risks of Prompts in Visual Prompt Learning

  Yixin Wu, Rui Wen, Michael Backes, Pascal Berrang, Mathias Humbert, Yun Shen, Yang Zhang

  USENIX Security, 2024.

• Instruction Backdoor Attacks Against Cutomized LLMs

  Rui Zhang, Hongwei Li, Rui Wen, Wenbo Jiang, Yuan Zhang, Michael Backes, Yun Shen, Yang Zhang

  USENIX Security, 2024.

• Prompt Stealing Attacks Against Text-to-Image Generation Models

  Xinyue Shen, Yiting Qu, Michael Backes, Yang Zhang

  USENIX Security, 2024.

• SecurityNet: Assessing Machine Learning Vulnerabilities on Public Models

  Boyang Zhang, Zheng Li, Ziqing Yang, Xinlei He, Michael Backes, Mario Fritz, Yang Zhang

  USENIX Security, 2024.

• Measuring the Effects of Stack Overflow Code Snippet Evolution on Open-Source Software Security

  Alfusainey Jallow, Michael Schilling, Michael Backes, Sven Bugiel

  S&P, 2024.

• Link Stealing Attacks Against Inductive Graph Neural Networks

  Yixin Wu, Xinlei He, Pascal Berrang, Mathias Humbert, Michael Backes, Neil Zhenqiang Gong, Yang Zhang

  PoPETS, 2024.

• Games and Beyond: Analyzing the Bullet Chats of Esports Livestreaming

  Yukun Jiang, Xinyue Shen, Rui Wen, Zeyang Sha, Junjie Chu, Yugeng Liu, Michael Backes, Yang Zhang

  ICWSM, 2024.

• FAKEPCD: Fake Point Cloud Detection via Source Attribution

  Yiting Qu, Zhikun Zhang, Yun Shen, Michael Backes, Yang Zhang

  ASIACCS, 2024.

• Generated Distributions Are All You Need for Membership Inference Attacks Against Generative Models

  Minxing Zhang, Ning Yu, Rui Wen, Michael Backes, Yang Zhang

  WACV, 2024.

• TrustLLM: Trustworthiness in Large Language Models

  Lichao Sun, Yue Huang, Haoran Wang, Siyuan Wu, Qihui Zhang, Chujie Gao, Yixin Huang, Wenhan Lyu, Yixuan Zhang, Xiner Li, Zhengliang Liu, Yixin Liu, Yijue Wang, Zhikun Zhang, Bhavya Kailkhura, Caiming Xiong, Chaowei Xiao, Chunyuan Li, Eric P. Xing, Furong Huang, Hao Liu, Heng Ji, Hongyi Wang, Huan Zhang, Huaxiu Yao, Manolis Kellis, Marinka Zitnik, Meng Jiang, Mohit Bansal, James Zou, Jian Pei, Jian Liu, Jianfeng Gao, Jiawei Han, Jieyu Zhao, Jiliang Tang, Jindong Wang, John Mitchell, Kai Shu, Kaidi Xu, Kai-Wei Chang, Lifang He, Lifu Huang, Michael Backes, Neil Zhenqiang Gong, Philip S. Yu, Pin-Yu Chen, Quanquan Gu, Ran Xu, Rex Ying, Shuiwang Ji, Suman Jana, Tianlong Chen, Tianming Liu, Tianyi Zhou, William Wang, Xiang Li, Xiangliang Zhang, Xiao Wang, Xing Xie, Xun Chen, Xuyu Wang, Yan Liu, Yanfang Ye, Yinzhi Cao, Yue Zhao

  ICML, 2024.

• Memorization in Self-Supervised Learning Improves Downstream Generalization

  Wenhao Wang, Muhammad Ahmad Kaleem, Adam Dziedzic, Michael Backes, Nicolas Papernot, Franziska Boenisch

  ICLR, 2024.

• Composite Backdoor Attacks Against Large Language Models

  Hai Huang, Zhengyu Zhao, Michael Backes, Yun Shen, Yang Zhang

  NAACL (Findings), 2024.

• Detection and Attribution of Models Trained on Generated Data

  Ge Han, Ahmed Salem, Zheng Li, Shanqing Guo, Michael Backes, Yang Zhang

  ICASSP, 2024.

• Adversarial vulnerability bounds for Gaussian process classification

  Michael Thomas Smith, Kathrin Grosse, Michael Backes, Mauricio A. Álvarez

  Machine Learning, 2023.

• Pareto-optimal Defenses for the Web Infrastructure: Theory and Practice

  Giorgio Di Tizio, Patrick Speicher, Milivoj Simeonovski, Michael Backes, Ben Stock, Robert Künnemann

  ACM Transactions on Privacy and Security, 2023.

• Unsafe Diffusion: On the Generation of Unsafe Images and Hateful Memes From Text-To-Image Models

  Yiting Qu, Xinyue Shen, Xinlei He, Michael Backes, Savvas Zannettou, Yang Zhang

  CCS, 2023.

• Can't Steal? Cont-Steal! Contrastive Stealing Attacks Against Image Encoders

  Zeyang Sha, Xinlei He, Ning Yu, Michael Backes, Yang Zhang

  CVPR, 2023.

• Is Adversarial Training Really a Silver Bullet for Mitigating Data Poisoning?

  Rui Wen, Zhengyu Zhao, Zhuoran Liu, Michael Backes, Tianhao Wang, Yang Zhang

  ICLR, 2023.

• Generated Graph Detection

  Yihan Ma, Zhikun Zhang, Ning Yu, Xinlei He, Michael Backes, Yun Shen, Yang Zhang

  ICML, 2023.

• Data Poisoning Attacks Against Multimodal Encoders

  Ziqing Yang, Xinlei He, Zheng Li, Michael Backes, Mathias Humbert, Pascal Berrang, Yang Zhang

  ICML, 2023.

• Backdoor Attacks Against Dataset Distillation

  Yugeng Liu, Zheng Li, Michael Backes, Yun Shen, Yang Zhang

  NDSS, 2023.

• A Systematic Study of the Consistency of Two-Factor Authentication User Journeys on Top-Ranked Websites

  Sanam Ghorbani Lyastani, Michael Backes, Sven Bugiel

  NDSS, 2023.

• SEAL: Capability-Based Access Control for Data-Analytic Scenarios.

  Hamed Rasifard, Rahul Gopinath, Michael Backes, Hamed Nemati

  SACMAT, 2023.

• On the Evolution of (Hateful) Memes by Means of Multimodal Contrastive Learning

  Yiting Qu, Xinlei He, Shannon Pierson, Michael Backes, Yang Zhang, Savvas Zannettou

  S&P, 2023.

• PrivTrace: Differentially Private Trajectory Synthesis by Adaptive Markov Models

  Haiming Wang, Zhikun Zhang, Tianhao Wang, Shibo He, Michael Backes, Jiming Chen, Yang Zhang

  USENIX Security, 2023.

• Two-in-One: A Model Hijacking Attack Against Text Generation Models

  Wai Man Si, Michael Backes, Yang Zhang, Ahmed Salem

  USENIX Security, 2023.

• Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages

  Cristian-Alexandru Staicu, Sazzadur Rahaman, Ágnes Kiss, Michael Backes

  USENIX Security, 2023.

• FACE-AUDITOR: Data Auditing in Facial Recognition Systems

  Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Yang Zhang

  USENIX Security, 2023.

• UnGANable: Defending Against GAN-based Face Manipulation

  Zheng Li, Ning Yu, Ahmed Salem, Michael Backes, Mario Fritz, Yang Zhang

  USENIX Security, 2023.

• Backdoor smoothing: Demystifying backdoor attacks on deep neural networks.

  Kathrin Grosse, Taesung Lee, Battista Biggio, Youngja Park, Michael Backes, Ian M. Molloy

  Computers & Security, 2022.

• Graph Unlearning.

  Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Mathias Humbert, Yang Zhang

  CCS, 2022.

• On the Privacy Risks of Cell-Based NAS Architectures.

  Hai Huang, Zhikun Zhang, Yun Shen, Michael Backes, Qi Li, Yang Zhang

  CCS, 2022.

• Auditing Membership Leakages of Multi-Exit Networks.

  Zheng Li, Yiyong Liu, Xinlei He, Ning Yu, Michael Backes, Yang Zhang

  CCS, 2022.

• Membership Inference Attacks by Exploiting Loss Trajectory.

  Yiyong Liu, Zhengyu Zhao, Michael Backes, Yang Zhang

  CCS, 2022.

• Freely Given Consent?: Studying Consent Notice of Third-Party Tracking and Its Violations of GDPR in Android Apps.

  Trung Tin Nguyen, Michael Backes, Ben Stock

  CCS, 2022.

• Finding MNEMON: Reviving Memories of Node Embeddings.

  Yun Shen, Yufei Han, Zhikun Zhang, Min Chen, Ting Yu, Michael Backes, Yang Zhang, Gianluca Stringhini

  CCS, 2022.

• Why So Toxic?: Measuring and Triggering Toxic Behavior in Open-Domain Chatbots.

  Wai Man Si, Michael Backes, Jeremy Blackburn, Emiliano De Cristofaro, Gianluca Stringhini, Savvas Zannettou, Yang Zhang

  CCS, 2022.

• A Framework for Constructing Single Secret Leader Election from MPC.

  Michael Backes, Pascal Berrang, Lucjan Hanzlik, Ivan Pryvalov

  ESORICS, 2022.

• Dynamic Backdoor Attacks Against Machine Learning Models.

  Ahmed Salem, Rui Wen, Michael Backes, Shiqing Ma, Yang Zhang

  EuroS&P, 2022.

• On Xing Tian and the Perseverance of Anti-China Sentiment Online.

  Xinyue Shen, Xinlei He, Michael Backes, Jeremy Blackburn, Savvas Zannettou, Yang Zhang

  ICWSM, 2022.

• Get a Model! Model Hijacking Attack Against Machine Learning Models.

  Ahmed Salem, Michael Backes, Yang Zhang

  NDSS, 2022.

• Industrial practitioners' mental models of adversarial machine learning.

  Lukas Bieringer, Kathrin Grosse, Michael Backes, Battista Biggio, Katharina Krombholz

  SOUPS @ USENIX Security, 2022.

• ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models.

  Yugeng Liu, Rui Wen, Xinlei He, Ahmed Salem, Zhikun Zhang, Michael Backes, Emiliano De Cristofaro, Mario Fritz, Yang Zhang

  USENIX Security, 2022.

• Inference Attacks Against Graph Neural Networks.

  Zhikun Zhang, Min Chen, Michael Backes, Yun Shen, Yang Zhang

  USENIX Security, 2022.

• BadNL: Backdoor Attacks against NLP Models with Semantic-preserving Improvements.

  Xiaoyi Chen, Ahmed Salem, Dingfan Chen, Michael Backes, Shiqing Ma, Qingni Shen, Zhonghai Wu, Yang Zhang

  ACSAC, 2021.

• Measuring User Perception for Detecting Unexpected Access to Sensitive Resource in Mobile Apps.

  Trung Tin Nguyen, Duc Cuong Nguyen, Michael Schilling, Gang Wang, Michael Backes

  AsiaCCS, 2021.

• When Machine Unlearning Jeopardizes Privacy.

  Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Mathias Humbert, Yang Zhang

  CCS, 2021.

• DoubleX: Statically Detecting Vulnerable Data Flows in Browser Extensions at Scale.

  Aurore Fass, Dolière Francis Somé, Michael Backes, Ben Stock

  CCS, 2021.

• 12 Angry Developers - A Qualitative Study on Developers' Struggles with CSP.

  Sebastian Roth, Lea Gröber, Michael Backes, Katharina Krombholz, Ben Stock

  CCS, 2021.

• Accountability in the Decentralised-Adversary Setting.

  Robert Künnemann, Deepak Garg, Michael Backes

  CSF, 2021.

• MLCapsule: Guarded Offline Deployment of Machine Learning as a Service.

  Lucjan Hanzlik, Yang Zhang, Kathrin Grosse, Ahmed Salem, Maximilian Augustin, Michael Backes, Mario Fritz

  CVPR Workshops, 2021.

• Statically Detecting JavaScript Obfuscation and Minification Techniques in the Wild.

  Marvin Moog, Markus Demmel, Michael Backes, Aurore Fass

  DSN, 2021.

• Do winning tickets exist before DNN training?

  Kathrin Grosse, Michael Backes

  SDM, 2021.

• Explanation Beats Context: The Effect of Timing & Rationales on Users' Runtime Permission Decisions.

  Yusra Elbitar, Michael Schilling, Trung Tin Nguyen, Michael Backes, Sven Bugiel

  USENIX Security, 2021.

• PrivSyn: Differentially Private Data Synthesis.

  Zhikun Zhang, Tianhao Wang, Ninghui Li, Jean Honorio, Michael Backes, Shibo He, Jiming Chen, Yang Zhang

  USENIX Security, 2021.

• Stealing Links from Graph Neural Networks.

  Xinlei He, Jinyuan Jia, Michael Backes, Neil Zhenqiang Gong, Yang Zhang

  USENIX Security, 2021.

• A11y and Privacy don't have to be mutually exclusive: Constraining Accessibility Service Misuse on Android.

  Jie Huang, Michael Backes, Sven Bugiel

  USENIX Security, 2021.

• Share First, Ask Later (or Never?) Studying Violations of GDPR's Explicit Consent in Android Apps.

  Trung Tin Nguyen, Michael Backes, Ninja Marnau, Ben Stock

  USENIX Security, 2021.

• Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications.

  Marten Oltrogge, Nicolas Huaman, Sabrina Amft, Yasemin Acar, Michael Backes, Sascha Fahl

  USENIX Security, 2021.