|
Yifan Liao (廖一凡) I'm a Ph.D. student at HKUST (Guangzhou). Advised by Prof. Xinlei He, with supervision from Prof. Xinhu Zheng. Previously, I worked as a research assistant for one year at the NUS Research Institute in Chongqing, under the supervision of Prof. Zhiyong Huang. I obtained my M.Comp. in Artificial Intelligence at National University of Singapore (NUS), where I worked closely with Prof. Yun Lin and Prof. Jinsong Dong on my master dissertation project. Before joining NUS, I received my B.Eng. in Mechanical Engineering at Chongqing University (CQU). |
|
Leading ResearchI'm interested in AI4testing and Autonomous Driving testing. Most of my research is about detecting the anomalies targeting agents. Some projects are highlighted. |
|
Detecting and Explaining Anomalies Caused by Web Tamper Attacks via Building Consistency-based Normality
Yifan Liao, Ming Xu, Yun Lin, Xiwen Teoh, Xiaofei Xie, Ruitao Feng, Hongyu Zhang, Jinsong Dong ASE'24 (CCF-A) Project Page | Paper This project detects and explains attack-induced anomalies in web applications by learning normal behavior at runtime using first-order logic constraints and LLM-assisted script synthesis. |
|
|
Towards Stealthy and Effective Backdoor Attacks on Lane Detection: A Naturalistic Data Poisoning Approach
Yifan Liao, Yuxin Cao, Yedi Zhang, Wentao He, Yan Xiao, Zhiyong Huang, Jinsong Dong CVPR'26 (CCF-A) Project Page | Paper We expose and evaluate backdoor vulnerabilities in lane detection via diffusion-based naturalistic data poisoning, using gradient-informed trigger placement and structure/scene-consistency losses for stealthy, effective attacks. |
|
|
Work Zones challenge VLM Trajectory Planning: Toward Mitigation and Robust Autonomous Driving
Yifan Liao, Zhen Sun, Xiaoyun Qiu, Zixiao Zhao, Wenbing Tang, Xinlei He, Xinhu Zheng, Tianwei Zhang, Xinyi Huang, Xingshuo Han Preprint 2025 Project Page | Paper We propose REACT-Drive, a trajectory planning framework that integrates VLMs with Retrieval-Augmented Generation (RAG). Specifically, REACT-Drive leverages VLMs to convert prior failure cases into constraint rules and executable trajectory planning code, while RAG retrieves similar patterns in new scenarios to guide trajectory generation. |
|
|
Escaping the Linearity Trap: Manifold Detours for Black-Box Adversarial Attacks on Singing Audio Deepfake Detection
Yifan Liao, Yule Liu, Zhen Sun, Zongming Zhang, Yupeng He, Jiaheng Wei, Xinhu Zheng, Xinlei He Preprint 2026 Project Page | Paper We propose MARS (Meta-Adversarial Regression of Semantics), a transfer-based black-box framework tailored to SSL-SVDD. Structurally, MARS shifts to hypothesis-evidence manipulation by constructing a natural semantic anchor from the pre-trained SSL space and an artifact anchor from the fine-tuned space. Algorithmically, MARS escapes the Linearity Trap via bi-level optimization: the inner stage induces tangential exploration, while the outer stage guides the audio toward the natural semantic manifold. |
|
|
Beyond Waveform Robustness: Robust Feature-Vocoder Adversarial Attacks on Automatic Speech Recognition
Yifan Liao, Zongmin Zhang, Zhen Sun, Yuhui Sun, Xinhu Zheng, Xinlei He Preprint 2026 Project Page | Paper We perturb more generalizable acoustic-phonetic representations rather than low-level waveform samples, reducing dependence on surrogate-specific waveform gradients and encouraging adversarial perturbations that generalize across ASR systems. To bypass different defenses, we shift the adversarial signal from explicit additive waveform noise to SSL feature-space perturbations and reconstruct them through a vocoder into speech-like waveform adversarial signals, making the resulting samples less aligned with waveform-bounded defenses. Extensive experiments show that, when optimized only on raw Whisper-small as a public surrogate model, our attack transfers effectively to black-box ASR models with a +26.6 WER improvement over the SOTA baseline, while also remaining effective against multiple training defenses with a +36.2 WER improvement. These results reveal a blind spot in current ASR robustness evaluation. |
