Siyuan Liang

attack arXiv Aug 12, 2025 · Aug 2025

SMA: Who Said That? Auditing Membership Leakage in Semi-Black-box RAG Controlling

Shixuan Sun, Siyuan Liang, Ruoyu Chen et al. · Sun Yat-Sen University · University of Chinese Academy of Sciences +3 more

Source-aware membership inference audit for RAG/MRAG systems attributing outputs to training data, retrieval, or user input via zero-order optimization

Membership Inference Attack Sensitive Information Disclosure nlpmultimodal

PDF

attack arXiv Aug 7, 2025 · Aug 2025

Physical Adversarial Camouflage through Gradient Calibration and Regularization

Jiawei Liang, Siyuan Liang, Jianjie Huang et al. · Sun Yat-Sen University · Peng Cheng Laboratory +2 more

Physical adversarial camouflage attack on object detectors using gradient calibration and decorrelation for multi-angle, multi-distance robustness

Input Manipulation Attack vision

PDF

attack arXiv Mar 13, 2026 · 24d ago

CtrlAttack: A Unified Attack on World-Model Control in Diffusion Models

Shuhan Xu, Siyuan Liang, Hongling Zheng et al. · Wuhan University · Nanyang Technological University +1 more

Adversarial attack on diffusion I2V models that disrupts temporal consistency via low-dimensional velocity field perturbations

Input Manipulation Attack visiongenerative

PDF

defense arXiv Aug 2, 2025 · Aug 2025

PromptSafe: Gated Prompt Tuning for Safe Text-to-Image Generation

Zonglei Jing, Xiao Yang, Xiaoqian Li et al. · Beihang University · Beijing University of Posts and Telecommunications +3 more

Gated soft prompt tuning defense for T2I diffusion models that adaptively suppresses NSFW generation based on estimated prompt toxicity

Prompt Injection generative

PDF

Text-to-image (T2I) models have demonstrated remarkable generative capabilities but remain vulnerable to producing not-safe-for-work (NSFW) content, such as violent or explicit imagery. While recent moderation efforts have introduced soft prompt-guided tuning by appending defensive tokens to the input, these approaches often rely on large-scale curated image-text datasets and apply static, one-size-fits-all defenses at inference time. However, this results not only in high computational cost and degraded benign image quality, but also in limited adaptability to the diverse and nuanced safety requirements of real-world prompts. To address these challenges, we propose PromptSafe, a gated prompt tuning framework that combines a lightweight, text-only supervised soft embedding with an inference-time gated control network. Instead of training on expensive image-text datasets, we first rewrite unsafe prompts into semantically aligned but safe alternatives using an LLM, constructing an efficient text-only training corpus. Based on this, we optimize a universal soft prompt that repels unsafe and attracts safe embeddings during the diffusion denoising process. To avoid over-suppressing benign prompts, we introduce a gated mechanism that adaptively adjusts the defensive strength based on estimated prompt toxicity, thereby aligning defense intensity with prompt risk and ensuring strong protection for harmful inputs while preserving benign generation quality. Extensive experiments across multiple benchmarks and T2I models show that PromptSafe achieves a SOTA unsafe generation rate (2.36%), while preserving high benign fidelity. Furthermore, PromptSafe demonstrates strong generalization to unseen harmful categories, robust transferability across diffusion model architectures, and resilience under adaptive adversarial attacks, highlighting its practical value for safe and scalable deployment.

diffusion transformer Beihang University · Beijing University of Posts and Telecommunications · Taishan University +2 more

PDF arXiv

attack arXiv Aug 21, 2025 · Aug 2025

Towards a 3D Transfer-based Black-box Attack via Critical Feature Guidance

Shuchao Pang, Zhenghan Chen, Shen Zhang et al. · Nanjing University of Science and Technology · Microsoft +2 more

Transfer-based black-box adversarial attack on 3D point clouds by corrupting shared critical features across DNN architectures