When Smiley Turns Hostile: Interpreting How Emojis Trigger LLMs’ Toxicity Shiyao Cui, Xijia Feng, Yingkang Wang, Junxiao Yang, Zhexin Zhang, Biplab Sikdar, Hongning Wang, Han Qiu, Minlie Huang Proceedings of the Aaai Conference on Artificial Intelligence, 2026 Emojis are globally used non-verbal cues in digital communication, and extensive research has examined how large language models (LLMs) understand and utilize emojis across contexts. While usually associated with friendliness or playfulness, it is observed that emojis may trigger toxic content generation in LLMs. Motivated by such a observation, we aim to investigate: (1) whether emojis can clearly enhance the toxicity generation in LLMs and (2) how to interpret this phenomenon.* We begin with a comprehensive exploration of emoji-triggered LLM toxicity generation by automating the construction of prompts with emojis to subtly express toxic intent. Experiments across 5 mainstream languages on 7 famous LLMs along with jailbreak tasks demonstrate that prompts with emojis could easily induce toxicity generation. To understand this phenomenon, we conduct model-level interpretations spanning semantic cognition, sequence generation and tokenization, suggesting that emojis can act as a heterogeneous semantic channel to bypass the safety mechanisms. To pursue deeper insights, we further probe the pre-training corpus and uncover potential correlation between the emoji-related data polution with the toxicity generation behaviors.
ShieldVLM: Safeguarding the Multimodal Implicit Toxicity via Deliberative Reasoning with LVLMs: ShieldVLM Shiyao Cui, QingLin Zhang, Xuan Ouyang, Renmiao Chen, Zhexin Zhang, Yida Lu, Hongning Wang, Han Qiu, Minlie Huang Mm 2025 Proceedings of the 33rd ACM International Conference on Multimedia Co Located with mm 2025, 2025 Toxicity detection in multimodal text-image content faces growing challenges, especially with multimodal implicit toxicity, where each modality appears benign on its own but conveys hazard when combined. Multimodal implicit toxicity appears not only as formal statements in social platforms but also prompts that can lead to toxic dialogs from Large Vision-Language Models (LVLMs). Despite the success in unimodal text or image moderation, toxicity detection for multimodal content, particularly the multimodal implicit toxicity, remains underexplored. To fill this gap, we comprehensively build a taxonomy for multimodal implicit toxicity (MMIT) and introduce an MMIT-dataset, comprising 2,100 multimodal statements and prompts across 7 risk categories (31 sub-categories) and 5 typical cross-modal correlation modes. To advance the detection of multimodal implicit toxicity, we build ShieldVLM, a model which identifies implicit toxicity in multimodal statements, prompts and dialogs via deliberative cross-modal reasoning. Experiments show that ShieldVLM outperforms existing strong baselines in detecting both implicit and explicit toxicity. The model and dataset will be publicly available to support future researches (Warning: This paper contains potentially sensitive contents). Warning: This paper contains potentially sensitive contents.
DCDiff: Enhancing JPEG Compression via Diffusion-based DC Coefficients Estimation Ziyuan Zhang, Han Qiu, Tianwei Zhang, Bin Chen, Chao Zhang Proceedings Design Automation Conference, 2025 JPEG is the most widely-used image compression method on low-cost cameras which cannot support learning-based compressors. One promising approach to enhance JPEG aims to drop DC coefficients at the cameras’ ends (without extra computation) and reconstruct those DC coefficients after receiving them. They all face the challenge that their DC reconstruction relies on a statistical property, which will cause deviationintroduced errors and propagate. In this paper, we propose DCDiff, a novel end-to-end DC estimation method to tackle the above challenge. Instead of using statistical methods to recover DC coefficients and then fix errors, we directly leverage a generative model to estimate DC coefficients in an end-to-end manner. In the meantime, we generate masks to correct certain image locations that do not satisfy the statistical distribution to suppress error propagation. Extensive experiments show that DCDiff not only outperforms all baselines on compression performance but also introduces a tiny impact on downstream tasks and is fully compatible with 2 typical low-cost processors with JPEG support.
REMU: Memory-aware Radiation Emulation via Dual Addressing for In-orbit Deep Learning System Longnv Xu, Meiqi Wang, Han Qiu, Jun Liu, Yuanjie Li, Hewu Li Proceedings Design Automation Conference, 2025 The deployment of commercial-off-the-shelf (COTS) GPUs in space has emerged as a promising approach for supporting inorbit deep neural network (DNN) inference. However, unlike terrestrial environments, understanding the impact of space radiation on COTS GPU-enabled DNNs is critical. This is challenging because existing methods, such as real-world radiation testing and software emulation, fail to link radiation-induced memory errors to runtime DNN behaviors. In this paper, we propose REMU, a memory-aware Radiation EMUlator to fill this gap. REMU introduces a dual addressing mechanism across virtual, physical, and DRAM memory spaces, enabling precise mapping and efficient injection of radiation-induced errors from DRAM to runtime DNN inference. Extensive evaluations across 10 well-known DNN models and 2 typical in-orbit computing tasks demonstrate the effectiveness of REMU, providing valuable insights for understanding the resilience of runtime DNN inferences on space radiations.
Partitioning or Not? Hierarchical Task Offloading Optimization in Collaborative Satellite Edge Computing Networks Yan Chen, Haiquan Wang, Jun Liu, Xiaolin Jia, Jiejie Zhao, Han Qiu Proceedings International Conference on Distributed Computing Systems, 2025 As a promising paradigm, Satellite Edge Computing (SEC) enables new opportunities for facilitating intelligent processing onboard, crucial for the timely execution of mission-critical tasks. These tasks typically involve high data capture rates and rely on compute-intensive Deep Neural Network (DNN) models. However, a single satellite struggles to handle these tasks promptly due to its limited computational capabilities. Thus, effective collaboration within the SEC network is urgently needed to adapt to diverse capture rates, optimize resource utilization, and ensure real-time responses. Motivated by the fact that partitioning a DNN model can accelerate task inference and make better use of idle resources by simultaneous sub-task execution and reduced transmitted data, we propose HiO2, a hierarchical task offloading framework that maximizes system throughput by effective collaboration among satellites and ground stations to process the partitioned sub-tasks. This highlights the challenge of designing effective task partitioning and offloading strategies in dynamic, resource-constrained networks. HiO2 addresses this challenge with two key methods. First, it adopts a distributed swarm-level task offloading strategy that assigns tasks to swarms based on their optimal quantity. Second, HiO2 introduces a distributed node-level partitioning and offloading scheme, which dynamically identifies efficient cut-points according to workload and network dynamics, then offloads sub-tasks by collaboration among nodes in each swarm. Extensive data-driven evaluations demonstrate that, compared to the state-of-the-art baselines, HiO2 improves throughput to 1.19×, reduces average task completion time to 69.7%, and consistently meets task deadlines.
Adversarial Attacks on Autonomous Driving Systems in the Physical World: A Survey Lijun Chi, Mounira Msahli, Qingjie Zhang, Han Qiu, Tianwei Zhang, Gerard Memmi, Meikang Qiu IEEE Transactions on Intelligent Vehicles, 2025 Autonomous Driving Systems (ADS) represent a revolutionary advancement in transportation and offer unprecedented safety and convenience. Real-world physical attacks are emphasized because Autonomous Driving Systems (ADS) depend heavily on sensors and perception modules to detect and interpret their surroundings, making security a critical concern. Defenders usually have the upper hand in the digital sphere while they are challenged in the physical world because attackers have greater flexibility for covert operations. A comprehensive analysis is essential for understanding attack trends, evolution, and defense directions. This paper provides a survey of state-of-the-art physical attacks that threaten ADS perception. A novel multi-label classification method is introduced to categorize these attacks along four main dimensions. Visualization and analysis of the classification enhance the understanding of these multidimensional threats. Five research directions for future exploration are also proposed.
Image Compression for Resource-Constrained AIoT System With Compressed Sensing Bin Chen, Yujun Huang, Han Qiu, Shu-Tao Xia, Wei Fei, Xuan Wang, Meikang Qiu IEEE Transactions on Systems Man and Cybernetics Systems, 2025 In today’s big data era, a key requirement is to implement intelligent semantic analysis (such as image recognition) on data gathered from an extensive array of smart devices in Artificial Intelligence IoT (AIoT) scenarios, all of which is processed at central cloud service providers. Recent advancements in deep-learning-based image compression have fostered semantic compression between machines. However, the deployment of an overparameterized encoder on Internet of Things (IoT) devices remains a challenge due to their restricted computing and storage capabilities. To tackle this issue, we propose a novel approach named compressed sensing (CS)-based asymmetric semantic image compression (CS-ASIC), explicitly designed for resource-constrained AIoT systems. This asymmetric semantic compression scheme intends to surpass the limitations of IoT devices, thereby facilitating efficient semantic compression for machine vision tasks. CS-ASIC notably includes a lightweight front encoder founded on deep image CS techniques, which utilizes rich image priors to learn measurement matrices for sampling. In tandem, a deep iterative decoder is designed cooperatively with the linear encoder offloaded at the server to enhance image reconstruction and semantic analysis across various semantic analysis tasks. Furthermore, we introduce a groundbreaking lossy CS semantic rate-distortion theoretical framework that justifies a compromise in rate for extended semantic distortion. Extensive experimental results underscore the superiority of the proposed CS-ASIC concerning the signal-semantic rate-distortion tradeoff, and its lower encoding complexity over existing codecs in an AIoT simulation environment.
Cowpox: Towards the Immunity of VLM-based Multi-Agent Systems Proceedings of Machine Learning Research, 2025
VIDEOSHIELD: REGULATING DIFFUSION-BASED VIDEO GENERATION MODELS VIA WATERMARKING 13th International Conference on Learning Representations Iclr 2025, 2025
A BENCHMARK FOR SEMANTIC SENSITIVE INFORMATION IN LLMS' OUTPUTS 13th International Conference on Learning Representations Iclr 2025, 2025
AN ENGORGIO PROMPT MAKES LARGE LANGUAGE MODEL BABBLE ON 13th International Conference on Learning Representations Iclr 2025, 2025
Understanding the Dark Side of LLMs' Intrinsic Self-Correction Qingjie Zhang, Di Wang, Haoting Qian, Yiming Li, Tianwei Zhang, Minlie Huang, Ke Xu, Hewu Li, Liu Yan, Han Qiu Proceedings of the Annual Meeting of the Association for Computational Linguistics, 2025
“I've Decided to Leak”: Probing Internals Behind Prompt Leakage Intents Jianshuo Dong, Yutong Zhang, Liu Yan, Zhenyu Zhong, Tao Wei, Ke Xu, Minlie Huang, Chao Zhang, Han Qiu Emnlp 2025 2025 Conference on Empirical Methods in Natural Language Processing Proceedings of the Conference, 2025
Speculating LLMs' Chinese Training Data Pollution from Their Tokens Qingjie Zhang, Di Wang, Haoting Qian, Liu Yan, Tianwei Zhang, Ke Xu, Qi Li, Minlie Huang, Hewu Li, Han Qiu Emnlp 2025 2025 Conference on Empirical Methods in Natural Language Processing Proceedings of the Conference, 2025
Message from the Program Chairs; CSCloud2024 Gerard Memmi, Han Qiu, Zakirul Alam Proceedings 11th IEEE International Conference on Cyber Security and Cloud Computing Cscloud 2024, 2024
YOU ONLY QUERY ONCE: AN EFFICIENT LABEL-ONLY MEMBERSHIP INFERENCE ATTACK 12th International Conference on Learning Representations Iclr 2024, 2024
Backdooring Multimodal Learning Xingshuo Han, Yutong Wu, Qingjie Zhang, Yuan Zhou, Yuan Xu, Han Qiu, Guowen Xu, Tianwei Zhang Proceedings IEEE Symposium on Security and Privacy, 2024
COSMIC: Compress Satellite Images Efficiently via Diffusion Compensation Advances in Neural Information Processing Systems, 2024
Purifying Quantization-conditioned Backdoors via Layer-wise Activation Correction with Distribution Approximation Proceedings of Machine Learning Research, 2024
System Log Parsing: A Survey Tianzhu Zhang, Han Qiu, Gabriele Castellano, Myriana Rifai, Chung Shue Chen, Fabio Pianese IEEE Transactions on Knowledge and Data Engineering, 2023
Message from the Program Chairs IDS 2022 Han Qiu, Luna Li, Linghe Kong Proceedings 2022 IEEE 8th International Conference on Big Data Security on Cloud IEEE International Conference on High Performance and Smart Computing and IEEE International Conference on Intelligent Data and Security Bigdatasecurity Hpsc IDS 2022, 2022
Message from the IEEE SpaCCS 2021 Program Chairs 19th IEEE International Symposium on Parallel and Distributed Processing with Applications 11th IEEE International Conference on Big Data and Cloud Computing 14th IEEE International Conference on Social Computing and Networking and 11th IEEE International Conference on Sustainable Computing and Communications Ispa Bdcloud Socialcom Sustaincom 2021, 2021
Towards Fast Network Intrusion Detection based on Efficiency-preserving Federated Learning Tian Dong, Han Qiu, Jialiang Lu, Meikang Qiu, Chun Fan 19th IEEE International Symposium on Parallel and Distributed Processing with Applications 11th IEEE International Conference on Big Data and Cloud Computing 14th IEEE International Conference on Social Computing and Networking and 11th IEEE International Conference on Sustainable Computing and Communications Ispa Bdcloud Socialcom Sustaincom 2021, 2021
Resisting Adversarial Examples via Wavelet Extension and Denoising Qinkai Zheng, Han Qiu, Tianwei Zhang, Gerard Memmi, Meikang Qiu, Jialiang Lu Lecture Notes in Computer Science Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, 2021
Review on Image Processing Based Adversarial Example Defenses in Computer Vision Meikang Qiu, Han Qiu Proceedings 2020 IEEE 6th Intl Conference on Big Data Security on Cloud Bigdatasecurity 2020 2020 IEEE Intl Conference on High Performance and Smart Computing Hpsc 2020 and 2020 IEEE Intl Conference on Intelligent Data and Security IDS 2020, 2020
Re-Think Monitoring Services for 5G Network: Challenges and Perspectives Yuchia Tseng, Gopalasingham Aravinthan, Bela Berde, Sofiane Imadaliz, Drissa Houatra, Han Qiu Proceedings 6th IEEE International Conference on Cyber Security and Cloud Computing Cscloud 2019 and 5th IEEE International Conference on Edge Computing and Scalable Cloud Edgecom 2019, 2019
Estimating Web Attack Detection via Model Uncertainty from Inaccurate Annotation Xinyu Gong, Yuefu Zhou, Yue Bi, Mingcheng He, Shiying Sheng, Han Qiu, Ruan He, Jialiang Lu Proceedings 6th IEEE International Conference on Cyber Security and Cloud Computing Cscloud 2019 and 5th IEEE International Conference on Edge Computing and Scalable Cloud Edgecom 2019, 2019
An Efficient Secure Storage Scheme Based on Information Fragmentation Han Qiu, Gerard Memmi, Hassan Noura Proceedings 4th IEEE International Conference on Cyber Security and Cloud Computing Cscloud 2017 and 3rd IEEE International Conference of Scalable and Smart Cloud Ssc 2017, 2017
