Zitao Chen

Ayo~ I am an incoming Assistant Professor in the EECS department at the University of Kansas. I completed my PhD degree in Electrical and Computer Engineering from the University of British Columbia in 2025. I received my bachelor's degree from China University of Geosciences (Wuhan) in 2018 and my M.A.Sc degree from UBC in 2020. [CV]

My research primarily focuses on Trustworthy Machine Learning, aiming to understand why ML systems might fail and develop solutions to enhance their trustworthiness for use. My current interests include ML privacy, accountability and safety.

Email: {first name} {last initial} AT ece.ubc.ca | AT ku.edu

Selected Publications [Google Scholar]

Anonymity Unveiled: A Practical Framework for Auditing Data Use in Deep Learning Models [paper] [code]
Zitao Chen, Karthik Pattabiraman
[CCS'25] In Proceedings of the 2025 ACM Conference on Computer and Communications Security (Acceptance rate in Cycle A: <13%)
Artifact Available, Functional and Results Reproduced

A Method to Facilitate Membership Inference Attacks in Deep Learning Models [paper] [code]
Zitao Chen, Karthik Pattabiraman
[NDSS'25] The ISOC Network and Distributed Systems Security Symposium (Acceptance rate: 16.1%)
Artifact Available, Functional and Results Reproduced

Overconfidence is a Dangerous Thing: Mitigating Membership Inference Attacks by Enforcing Less Confident Prediction [paper] [code]
Zitao Chen, Karthik Pattabiraman
[NDSS'24] The ISOC Network and Distributed Systems Security Symposium (Acceptance rate: 15%)
Artifact Available, Functional and Results Reproduced

Jujutsu: A Two-stage Defense against Adversarial Patch Attacks on Deep Neural Networks [paper] [code]
Zitao Chen, Pritam Dash, Karthik Pattabiraman
[AisaCCS'23] In Proceedings of the 18th ACM ASIA Conference on Computer and Communications Security (Acceptance rate: 16%)

A Low-cost Fault Corrector for Deep Neural Networks through Range Restriction [paper] [code]
Zitao Chen, Guanpeng Li, Karthik Pattabiraman
[DSN'21] The 51st IEEE/IFIP International Conference on Dependable Systems and Networks (Acceptance rate: 16.3%)
Best Paper Award Runner-Up (2 out of 295 submissions)
Selected for IEEE Top Picks in Test and Reliability
Invited for submission to the IEEE Design & Test (DnT) journal
Our Ranger algorithm was adopted by Intel OpenVINO [details]

PID-Piper: Recovering Robotic Vehicles from Physical Attacks [paper] [code]
Pritam Dash, Guanpeng Li, Zitao Chen, Mehdi Karimibiuki, and Karthik Pattabiraman
[DSN'21] The 51st IEEE/IFIP International Conference on Dependable Systems and Networks (Acceptance rate: 16.3%)
Best Paper Award (1 out of 295 submissions)

TensorFI: A Flexible Fault Injection Framework for TensorFlow Applications [paper] [code]
Zitao Chen*, Niranjhana Narayanan*, Bo Fang, Guanpeng Li, Karthik Pattabiraman, Nathan DeBardeleben
[ISSRE'20] The 31st International Symposium on Software Reliability Engineering (Acceptance rate: 25.7%)

BinFI: An Efficient Fault Injector for Safety-Critical Machine Learning Systems [paper] [code]
Zitao Chen, Guanpeng Li, Karthik Pattabiraman, Nathan DeBardeleben
[SC'19] International Conference for High Performance Computing, Networking, Storage, and Analysi (Acceptance rate: 20.9%)
Finalist for the SC Reproducibility Initiative (3 out of 344 submissions)

Selected Awards and Honors
Professional Services

Program Committee

  • The Network and Distributed System Security Symposium (NDSS 2026)
  • The IEEE European Symposium on Security and Privacy (EuroS&P 2026)
  • The European Dependable Computing Conference (EDCC 2026)
  • ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis workshop (LAMPS) @ CCS'25
  • IEEE Workshop on Reliable and Secure AI for Software Engineering (ReSAISE) @ ISSRE'25

Reviewer

  • IEEE Transactions on Dependable and Secure Computing (TDSC)
  • IEEE Transactions on Parallel and Distributed Systems (TPDS)
  • IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD)
  • Elsevier Neural Networks
  • Elsevier Computer & Security