Zitao Chen

Ayo~ I am a Ph.D. student in the ECE department at University of British Columbia (UBC), where I'm working in the Dependable Systems Lab with Prof. Karthik Pattabiraman. I received my bachelor's degree from China University of Geosciences (Wuhan) in 2018 and my M.A.Sc degree from UBC in 2020. [CV]

My research primarily focuses on Trustworthy Machine Learning, aiming to understand why ML systems might fail and develop solutions to enhance their trustworthiness for use. My interests include ML privacy, accountability and safety.

Email: {first name} {last initial} AT ece.ubc.ca

I'll be joinning the EECS department at the University of Kansas as an Assistant Professor.

Selected Publications [Google Scholar]

Anonymity Unveiled: A Practical Framework for Auditing Data Use in Deep Learning Models [paper] [code]
Zitao Chen, Karthik Pattabiraman
[CCS'25] In Proceedings of the 2025 ACM Conference on Computer and Communications Security (Acceptance rate: TBD)
Artifact Available, Functional and Results Reproduced

A Method to Facilitate Membership Inference Attacks in Deep Learning Models [paper] [code]
Zitao Chen, Karthik Pattabiraman
[NDSS'25] The ISOC Network and Distributed Systems Security Symposium (Acceptance rate: 16.1%)
Artifact Available, Functional and Results Reproduced

Overconfidence is a Dangerous Thing: Mitigating Membership Inference Attacks by Enforcing Less Confident Prediction [paper] [code]
Zitao Chen, Karthik Pattabiraman
[NDSS'24] The ISOC Network and Distributed Systems Security Symposium (Acceptance rate: 15%)
Artifact Available, Functional and Results Reproduced

Jujutsu: A Two-stage Defense against Adversarial Patch Attacks on Deep Neural Networks [paper] [code]
Zitao Chen, Pritam Dash, Karthik Pattabiraman
[AisaCCS'23] In Proceedings of the 18th ACM ASIA Conference on Computer and Communications Security (Acceptance rate: 16%)

A Low-cost Fault Corrector for Deep Neural Networks through Range Restriction [paper] [code]
Zitao Chen, Guanpeng Li, Karthik Pattabiraman
[DSN'21] The 51st IEEE/IFIP International Conference on Dependable Systems and Networks (Acceptance rate: 16.3%)
Best Paper Award Runner-Up (2 out of 295 submissions)
Our Ranger algorithm was adopted by Intel OpenVINO [details]
IEEE Top Picks in Test and Reliability

PID-Piper: Recovering Robotic Vehicles from Physical Attacks [paper] [code]
Pritam Dash, Guanpeng Li, Zitao Chen, Mehdi Karimibiuki, and Karthik Pattabiraman
[DSN'21] The 51st IEEE/IFIP International Conference on Dependable Systems and Networks (Acceptance rate: 16.3%)
Best Paper Award (1 out of 295 submissions)

TensorFI: A Flexible Fault Injection Framework for TensorFlow Applications [paper] [code]
Zitao Chen*, Niranjhana Narayanan*, Bo Fang, Guanpeng Li, Karthik Pattabiraman, Nathan DeBardeleben
[ISSRE'20] The 31st International Symposium on Software Reliability Engineering (Acceptance rate: 25.7%)

BinFI: An Efficient Fault Injector for Safety-Critical Machine Learning Systems [paper] [code]
Zitao Chen, Guanpeng Li, Karthik Pattabiraman, Nathan DeBardeleben
[SC'19] International Conference for High Performance Computing, Networking, Storage, and Analysi (Acceptance rate: 20.9%)
Finalist for the SC Reproducibility Initiative (3 out of 344 submissions)

Selected Awards and Honors
Professional Services

Program Committee

  • The Network and Distributed System Security Symposium (NDSS 2026)
  • The IEEE European Symposium on Security and Privacy (EuroS&P 2026)
  • The European Dependable Computing Conference (EDCC 2026)
  • ACM Workshop on Large AI Systems and Models with Privacy and Security Analysis workshop (LAMPS) @ CCS'25
  • IEEE Workshop on Reliable and Secure AI for Software Engineering (ReSAISE) @ ISSRE'25

Reviewer

  • IEEE Transactions on Dependable and Secure Computing (TDSC)
  • IEEE Transactions on Parallel and Distributed Systems (TPDS)
  • IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD)
  • Elsevier Neural Networks
  • Elsevier Computer & Security