🔥 Biography

I am a research fellow at Nanyang Technological University, working with Prof. Yang Liu. I received my Ph.D. Degree from the University of Chinese Academy of Sciences, advised by Professor Xiaochun Cao. My PhD research interests include computer vision, adversarial attack, adversarial training and reinforcement learning etc.

I was a visiting student (Remote) from February, 2023 to September, 2023 in the Torr Vision Group, University of Oxford. I was a research intern from March, 2022 to February, 2023 at Ali Group Security. I was a research intern from May, 2020 to February, 2022 at Tencent AI Lab.

At present, I am focused on issues related to the security of large models, including jailbreaking attacks on LLM (Large Language Models), adversarial transferability on VLM (Vision Language Models), and so on.

I am actively seeking highly self-motivated students who have a strong background and interests in my research topics (but are not limited). Please drop me an email with your CV if you are interested in working with me (Email: jiaxiaojunqaq@gmail.com). Together, we have the chance to embark on a gratifying journey, confronting real-world problems and achieving substantial, tangible impacts.

🎉 News

• 2025.04:   One paper on Dataset Ownership Verification for MLLM is accepted in SIGIR2025.
• 2025.03:   One paper on Jailbreak Defense for MLLM is accepted in TOSEM2025.
• 2025.02:   One paper on Ownership Verification is accepted in TPAMI2025.
• 2025.02:   One paper on Adversarial Attack for Arbitrary-scale Super-resolution is accepted in TIFS2025.
• 2025.01:   One paper on Jailbreak Attack for LLM is accepted in ICLR2025.
• 2024.12:   One paper on Jailbreak Attack for T2I Models is accepted in AAAI2025.
• 2024.12:   One Journal paper on Adversarial Attack for MLLMs is accepted to TIFS2025.
• 2024.08:   Champion in CCDM 2024 Red Teaming Multimodal Large Language Model Security Challenge.
• 2024.07:   One paper on Unlearnable Examples for VLP is accepted in ACM MM2024.
• 2024.07:   One paper on Transferability of Adversarial Examples on VLP is accepted in ECCV2024.
• 2024.06:   One paper on Fast Adversarial Training is accepted in TIFS2024.
• 2024.05:   One paper on Universal Adversarial Examples is accepted in TIFS2024.
• 2024.04:   One paper on Survey on Transferability of Adversarial Examples is accepted in TMLR2024.
• 2024.03:   One paper on Fast Adversarial Training is accepted in TPAMI2024.
• 2024.02:   One paper on Adversarial Attack on 3D is accepted in CVPR2024.
• 2024.01:   One paper on Backdoor Attack is accepted in ICLR2024.
• 2024.01:   One Journal paper on Backdoor Attack is accepted to TIFS2024.
• 2023.12:   Second runner-up in NeurIPS 2023 Red Teaming Track - Base Model Subtrack.
• 2023.12:   One paper on AI safety and robustness is accepted in AAAI2024.
• 2023.12:   One Journal paper on AI safety and robustness is accepted in IJCV2024.
• 2023.10:   One Journal paper on Fast Adversarial Training is accepted to TIFS2024.

📝 Publications

• Move: Effective and harmless ownership verification via embedded external features,
  Yiming Li, Linghui Zhu, Xiaojun Jia(Corresponding Author), Yang Bai, Yong Jiang, Shu-Tao Xia, Xiaochun Cao, Kui Ren,
  IEEE Transactions on Pattern Analysis and Machine Intelligence 2025 (TPAMI 2025) | Project | Github

• Scale-Invariant Adversarial Attack against Arbitrary-scale Super-resolution,
  Yihao Huang, Xin Luo, Qing Guo, Felix Juefei-Xu, Xiaojun Jia(Corresponding Author), Weikai Miao, Geguang Pu, Yang Liu
  IEEE Transactions on Information Forensics and Security 2025 (TIFS 2025) | Project | Github

• Improved techniques for optimization-based jailbreaking on large language models,
  Xiaojun Jia, Tianyu Pang, Chao Du, Yihao Huang, Jindong Gu, Yang Liu, Xiaochun Cao, Min Lin,
  International Conference on Learning Representations 2025 (ICLR 2025) | Project | Github

• Perception-guided Jailbreak against Text-to-Image Models,
  Yihao Huang, Le Liang, Tianlin Li, Xiaojun Jia(Corresponding Author), Run Wang, Weikai Miao, Geguang Pu, Yang Liu
  Thirty-Ninth AAAI Conference on Artificial Intelligence (AAAI-25) | Project | Github

• Efficient Generation of Targeted and Transferable Adversarial Examples for Vision-Language Models via Diffusion Models,
  Qi Guo, Shanmin Pang, Xiaojun Jia(Corresponding Author), Yang Liu, Qing Guo
  IEEE Transactions on Information Forensics and Security 2025 (TIFS 2025) | Project | Github

• Multimodal Unlearnable Examples: Protecting Data against Multimodal Contrastive Learning,
  Xinwei Liu, Xiaojun Jia(Corresponding Author), Yuan Xun, Siyuan Liang, Xiaochun Cao,
  Proceedings of the 32nd ACM International Conference on Multimedia 2024 (ACM MM, 2024) | Project | Github

• Boosting Transferability in Vision-Language Attacks via Diversification along the Intersection Region of Adversarial Trajectory,
  Sensen Gao, Xiaojun Jia(Corresponding Author), Xuhong Ren, Ivor Tsang, and Qing Guo
  European Conference on Computer Vision 2024 (ECCV 2024) | Project | Github

• Revisiting and Exploring Efficient Fast Adversarial Training via LAW: Lipschitz Regularization and Auto Weight Averaging,
  Xiaojun Jia, Yuefeng Chen, Xiaofeng Mao, Ranjie Duan, Jindong Gu, Rong Zhang, Hui Xue, Yang Liu, and Xiaochun Cao,
  IEEE Transactions on Information Forensics and Security 2024 (TIFS 2024) | Project | Github

• Texture Re-scalable Universal Adversarial Perturbation,
  Yihao Huang, Qing Guo, Felix Juefei-Xu, Ming Hu, Xiaojun Jia(Corresponding Author), Xiaochun Cao, Geguang Pu and Yang Liu,
  IEEE Transactions on Information Forensics and Security 2024 (TIFS 2024) | Project | [Github]

• A Survey on Transferability of Adversarial Examples Across Deep Neural Networks,
  Jindong Gu, Xiaojun Jia, Pau de Jorge, Wenqian Yu, Xinwei Liu, Avery Ma, Yuan Xun, Anjun Hu, Ashkan Khakzar, Zhijiang Li, Xiaochun Cao, Philip Torr,
  Transactions on Machine Learning Research 2024 (TMLR 2024) | Project | Github

• Improving Fast Adversarial Training with Prior-Guided Knowledge,
  Xiaojun Jia, Yong Zhang, Xingxing Wei, Baoyuan Wu, Ke Ma, Jue Wang, and Xiaochun Cao,
  IEEE Transactions on Pattern Analysis and Machine Intelligence 2024 (TPAMI 2024) | Project | Github

• Hide in Thicket: Generating Imperceptible and Rational Adversarial Perturbations on 3D Point Clouds,
  Tianrui Lou, Xiaojun Jia(Corresponding Author), Jindong Gu, Li Liu, Siyuan Liang, Bangyan He, Xiaochun Cao,
  Computer Vision and Pattern Recognition Conference 2024 (CVPR 2024) | Project | Github

• Poisoned Forgery Face: Towards Backdoor Attacks on Face Forgery Detection,
  Jiawei Liang, Siyuan Liang, Aishan Liu, Xiaojun Jia, Junhao Kuang, Xiaochun Cao,
  International Conference on Learning Representations 2024 (ICLR 2024) | Project | Github

• Minimalism is King! High-Frequency Energy-based Screening for Data-Efficient Backdoor Attacks,
  Yuan Xun, Xiaojun Jia(Corresponding Author), Jindong Gu, Xinwei Liu, Qing Guo, Xiaochun Cao,
  IEEE Transactions on Information Forensics and Security 2024 (TIFS 2024) | Project | [Github]

• Does Few-shot Learning Suffer from Backdoor Attacks?,
  Xinwei Liu, Xiaojun Jia(Corresponding Author), Jindong Gu, Yuan Xun, Siyuan Liang, Xiaochun Cao,
  Thirty-Eighth AAAI Conference on Artificial Intelligence (AAAI 2024)

• Context-Aware Robust Fine-Tuning,
  Xiaofeng Mao, Yufeng Chen, Xiaojun Jia, Rong Zhang, Hui Xue and Zhao Li,
  International Journal of Computer Vision (IJCV 2023)

• Propagation is Better: Accelerating Single-Step Adversarial Training via Sampling Subnetwork,
  Xiaojun Jia, Jianshu Li, Jindong Gu, Yang Bai and Xiaochun Cao,
  IEEE Transactions on Information Forensics and Security 2024 (TIFS 2024) | Project | Github

• Hi-SIGIR: Hierachical Semantic-Guided Image-to-image Retrieval via Scene Graph,
  Yulu Wang, Pengwen Dai, Xiaojun Jia, Zhitao Zeng, Rui Li, Xiaochun Cao,
  Proceedings of the 31st ACM International Conference on Multimedia 2023 (ACM MM, 2023) | Project | Github

• Robust Automatic Speech Recognition via WavAugment Guided Phoneme Adversarial Training,
  Gege Qi, Yuefeng Chen, Xiaofeng Mao, Xiaojun Jia, Ranjie Duan, rong zhang, hui xue,
  INTERSPEECH 2023 | Project | Github

• Inequality phenomenon in adversarial training, and its unrealized threats,
  Ranjie Duan, YueFeng Chen, Yao Zhu, Xiaojun Jia, Rong Zhang, Hui Xue
  International Conference on Learning Representations 2023 (ICLR 2023) | Project | Github

• Generating Transferable 3D Adversarial Point Cloud via Random Perturbation Factorization,
  Bangyan He, Jian Liu, Yiming Li, Siyuan Liang, Jingzhi Li, Xiaojun Jia(Corresponding Author), Xiaochun Cao
  Association for the Advance of Artificial Intelligence 2023 (AAAI 2023) | Project | Github

• A Large-scale Multiple-objective Method for Black-box Attack against Object Detection,
  Siyuan Liang, Longkang Li, Yanbo Fan, Xiaojun Jia, Jingzhi Li, Baoyuan Wu, and Xiaochun Cao
  European Conference on Computer Vision 2022 (ECCV 2022) | Project | Github

• Watermark Vaccine: Adversarial Attacks to Prevent Watermark Removal,
  Xinwei Liu, Jian Liu, Yang Bai, Jindong Gu, Tao Chen, Xiaojun Jia(Corresponding Author), Xiaochun Cao
  European Conference on Computer Vision 2022 (ECCV 2022) | Project | Github

• Prior-Guided Adversarial Initialization for Fast Adversarial Training,
  Xiaojun Jia, Yong Zhang, Xingxing Wei, Baoyuan Wu, Ke Ma, Jue Wang, Xiaochun Cao
  European Conference on Computer Vision 2022 (ECCV 2022) | Project | Github

• Boosting Fast Adversarial Training with Learnable Adversarial Initialization,
  Xiaojun Jia, Yong Zhang, Baoyuan Wu, Jue Wang, Xiaochun Cao
  IEEE Transactions on Image Processing 2022 (TIP 2022) | Project | Github

• LAS-AT: Adversarial Training with Learnable Attack Strategy(Oral),
  Xiaojun Jia, Yong Zhang, Baoyuan Wu, Ke Ma, Jue Wang, Xiaochun Cao
  Computer Vision and Pattern Recognition Conference 2022 (CVPR(Oral), 2022) | Project | Github

• Defending against Model Stealing via Verifying Embedded External Features,
  Yiming Li, Linghui Zhu, Xiaojun Jia, Yong Jiang, Shu-Tao Xia, Xiaochun Cao
  Association for the Advance of Artificial Intelligence 2021 (AAAI 2021) | Project | Github

• Adv-watermark: A novel watermark perturbation for adversarial examples,
  Xiaojun Jia, Xingxing Wei, Xiaochun Cao, Xiaoguang Han
  Proceedings of the 28th ACM International Conference on Multimedia 2020 (ACM MM, 2020) | Project | Github

• Comdefend: An efficient image compression model to defend adversarial examples,
  Xiaojun Jia, Xingxing Wei, Xiaochun Cao, Hassan Foroosh
  Computer Vision and Pattern Recognition Conference 2019 (CVPR 2019) | Project | Github

🎉 Professional Service

Reviewer: CVPR, ICCV, ECCV, NeurIPS, ICML, ICLR, AAAI, IJCAI, IEEE TPAMI, IEEE TIP, IEEE TIFS

🎖 Honors and Awards

• 2024.08 CCDM 2024 Red Teaming Multimodal Large Language Model Security Challenge, Champion.
• 2023.12 NeurIPS 2023 Red Teaming Track - Base Model Subtrack, Second runner-up.
• 2021.06 ACM MM2021 Security AI Challenger: Robust Logo Detection, Runner-up.
• 2021.11 Face security confrontation in OPPO Security Challenge, Runner-up.
• 2021 Best Paper of Adversarial for Good Award, ICML AdvML Workshop.

🚩 Organization

• 2024 Global Challenge for Safe and Secure LLMs.
• 2024 DataCon2024 Big Data Security Analysis Competition.

📖 Educations

• 2023.08 - now Nanyang Technological University, Research Fellow.
• 2018.06 - 2023.07 School of Cyberspace Security, University of Chinese Academy of Sciences, PhD.
• 2014.09 - 2018.06, School of Information Engineering, China University of Geosciences, Bachelor.

💬 Invited Talks

• 2025.04, 2025 Black Hat Asia - AI Summit, Singapore, Title “LLM Firewalls: Are They the Future of AI Security?”
• 2024.10, 2024 Patian White Hat Hacker Annual Ceremony, China, Title “The dual threat of large vision-language models: an in-depth exploration from adversarial to jailbreak attacks”
• 2024.07, 2024 World Al Conference & High-levelMeeting on Global Al Governance, China, Title “An in-depth exploration from machine learning safety to large model safety”

💻 Internships

• 2020.05 - 2022.02, Research Intern, Tencent AI Lab, Tencent, China.
• 2022.03 - 2023.07, Research Intern, Ali Group Security, China.