@inproceedings{Wang2026GenBreak,
     title={{GenBreak: Red Teaming Text-to-Image Generation Using Large Language Models}},
     author={Zilong Wang and Xiang Zheng and Xiaosen Wang and Bo Wang and Xingjun Ma},
     booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
     year={2026}
}

@inproceedings{wang2025attention,
     title={{Attention! Your Vision Language Model Could Be Maliciously Manipulated}},
     author={Xiaosen Wang and Shaokang Wang and Zhijin Ge and Yuyang Luo and Shudong Zhang},
     booktitle={Advances in Neural Information Processing Systems (NeurIPS)},
     year={2025}
}

@inproceedings{cao2025ViT,
     title={{ViT-EnsembleAttack: Augmenting Ensemble Models for Stronger Adversarial Transferability in Vision Transformers}},
     author={Hanwen Cao and Haobo Lu and Xiaosen Wang and Kun He},
     booktitle={Proceedings of the IEEE/CVF International Conference on Computer Vision},
     year={2025}
}

@inproceedings{hu2025Alleviating,
     title={{Alleviating noise memorization for adversarially robust few-shot learning}},
     author={Yiman Hu and Yixiong Zou and Xiaosen Wang and Yuhua Li and Kun He and Ruixuan Li},
     booktitle={Neural Networks},
     year={2025}
}

@inproceedings{wang2025IDEATOR,
     title={{IDEATOR: Jailbreaking Large Vision-Language Models Using Themselves}},
     author={Ruofan Wang and Juncheng Li and Yixu Wang and Bo Wang and Xiaosen Wang and Yan Teng and Yingchun Wang and Xingjun Ma and Yu-Gang Jiang},
     booktitle={Proceedings of the IEEE/CVF International Conference on Computer Vision},
     year={2025}
}

@inproceedings{zhang2024bag,
     title={{Bag of Tricks to Boost Adversarial Transferability}},
     author={Zeliang Zhang and Rongyi Zhu and Wei Yao and Xiaosen Wang and Chenliang Xu},
     booktitle={Proceedings of the European Conference on Computer Vision},
     year={2024}
}

@inproceedings{wang2024boosting,
     title={{Boosting Adversarial Transferability by Block Shuffle and Rotation}},
     author={Kunyu Wang and Xuanran He and Wenxuan Wang and Xiaosen Wang},
     booktitle={Proceedings of the IEEE/CVF International Conference on Computer Vision},
     pages={24336-24346},
     year={2024}
}

@inproceedings{yang2024mma,
     title={{MMA-Diffusion: MultiModal Attack on Diffusion Models}},
     author={Yijun Yang and Ruiyuan Gao and Xiaosen Wang and Nan Xu and Qiang Xu},
     booktitle={Proceedings of the IEEE/CVF International Conference on Computer Vision},
     pages={7737-7746},
     year={2024}
}

@inproceedings{wang2023rethinkinga,
     title={{Rethinking the Backward Propagation for Adversarial Transferability}},
     author={Xiaosen Wang and Kangheng Tong and Kun He},
     booktitle={Proceedings of the Advances in Neural Information Processing Systems},
     year={2023}
}

@inproceedings{ge2023boosting,
     title={{Boosting Adversarial Transferability by Achieving Flat Local Maxima}},
     author={Zhijin Ge and Hongying Liu and Xiaosen Wang and Fanhua Shang and Yuanyuan Liu},
     booktitle={Proceedings of the Advances in Neural Information Processing Systems},
     year={2023}
}

@inproceedings{wang2023diversifying,
     title={{Diversifying the High-level Features for better Adversarial Transferability}},
     author={Zhiyuan Wang and Zeliang Zhang and Siyuan Liang and Xiaosen Wang},
     booktitle={Proceedings of the British Machine Vision Conference},
     year={2023}
}

@inproceedings{ge2023improving,
     title={{Improving the Transferability of Adversarial Examples with Arbitrary Style Transfer}},
     author={Zhijin Ge and Fanhua Shang and Hongying Liu and Yuanyuan Liu and Liang Wan and Wei Feng and Xiaosen Wang},
     booktitle={Proceedings of the ACM International Conference on Multimedia},
     pages={4440–4449},
     year={2023}
}

@inproceedings{wang2023structure,
     title={{Structure Invariant Transformation for better Adversarial Transferability}},
     author={Xiaosen Wang and Zeliang Zhang and Jianping Zhang},
     booktitle={Proceedings of the IEEE/CVF International Conference on Computer Vision},
     pages={4607-4619},
     year={2023}
}

@inproceedings{zhang2023improving,
     title={{Improving the Transferability of Adversarial Samples by Path-Augmented Method}},
     author={Jianping Zhang and Jen-tse Huang and Wenxuan Wang and Yichen Li and Weibin Wu and Xiaosen Wang and Yuxin Su and Michael R. Lyu},
     booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
     pages={8173-8182},
     year={2023}
}

@inproceedings{yu2022texthacker,
     title={{TextHacker: Learning based Hybrid Local Search Algorithm for Text Hard-label Adversarial Attack}},
     author={Zhen Yu and Xiaosen Wang and Wanxiang Che and Kun He},
     booktitle={Proceedings of the Conference on Empirical Methods in Natural Language Processing (Findings)},
     pages={622–637},
     year={2022}
}

@inproceedings{wang2022triangle,
     title={{Triangle Attack: A Query-efficient Decision-based Adversarial Attack}},
     author={Xiaosen Wang and Zeliang Zhang and Kangheng Tong and Dihong Gong and Kun He and Zhifeng Li and Wei Liu},
     booktitle={Proceedings of the European Conference on Computer Vision},
     pages={156--174},
     year={2022}
}

@inproceedings{wang2022detecting,
     title={Detecting textual adversarial examples through randomized substitution and vote},
     author={Xiaosen Wang and Yifeng Xiong and Kun He},
     booktitle={Proceedings of the Conference on Uncertainty in Artificial Intelligence},
     pages={2056--2065},
     year={2022}
}

@inproceedings{yang2022robust,
     title={{Robust Textual Embedding against Word-level Adversarial Attacks}},
     author={Yichen Yang and Xiaosen Wang and Kun He},
     booktitle={Proceedings of the Conference on Uncertainty in Artificial Intelligence},
     pages={2214–2224},
     year={2022}
}

@inproceedings{wang2021boosting,
     title={{Boosting Adversarial Transferability through Enhanced Momentum}},
     author={Xiaosen Wang and Jiadong Lin and Han Hu and Jingdong Wang and Kun He},
     booktitle={Proceedings of the British Machine Vision Conference},
     year={2021}
}

@inproceedings{wang2021admix,
     title={{Admix: Enhancing the Transferability of Adversarial Attacks}},
     author={Xiaosen Wang and Xuanran He and Jingdong Wang and Kun He},
     booktitle={Proceedings of the IEEE/CVF International Conference on Computer Vision},
     pages={16158-16167},
     year={2021}
}

@inproceedings{wang2021enhancing,
     title={{Natural Language Adversarial Defense through Synonym Encoding}},
     author={Xiaosen Wang and Hao Jin and Yichen Yang and Kun He},
     booktitle={Proceedings of the Conference on Uncertainty in Artificial Intelligence},
     pages={823-833},
     year={2021}
}

@inproceedings{wang2021enhancing,
     title={{Enhancing the Transferability of Adversarial Attacks through Variance Tuning}},
     author={Xiaosen Wang and Kun He},
     booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
     pages={1924-1933},
     year={2021}
}

@inproceedings{wang2021adversarial,
     title={{Adversarial Training with Fast Gradient Projection Method against Synonym Substitution based Text Attacks}},
     author={Xiaosen Wang and Yichen Yang and Yihe Deng and Kun He},
     booktitle={Proceedings of the AAAI Conference on Artificial Intelligence},
     pages={13997-14005},
     year={2021}
}

@article{he2019a,
     title={{A New Anchor Word Selection Method for the Separable Topic Discovery}},
     author={Kun He and Wu Wang and Xiaosen Wang and John E. Hopcroft},
     journal={Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery},
     volume={9},
     number={5},
     pages={e1313}
     year={2019}
}

@article{wang2026devling,
     title={{Devling into Adversarial Transferability on Image Classification: Review, Benchmark, and Evaluation}},
     author={Xiaosen Wang and Zhijin Ge and Bohan Liu and Zheng Fang and Fengfan Zhou and Ruixuan Zhang and Shaokang Wang and Yuyang Luo},
     journal={arXiv preprint arXiv:2602.23117},
     year={2026}
}

@article{wang2025security,
     title={{Security Risk of Misalignment between Text and Image in Multi-modal Model}},
     author={Xiaosen Wang and Zhijin Ge and Shaokang Wang},
     journal={arXiv preprint arXiv:2602.23117},
     year={2025}
}

@article{liu2025boosting,
     title={{Boosting the Local Invariance for Better Adversarial Transferability}},
     author={Bohan Liu and Xiaosen Wang},
     journal={arXiv preprint arXiv:2503.06140},
     year={2025}
}

@article{luo2025disrupting,
     title={{Disrupting Semantic and Abstract Features for Better Adversarial Transferability}},
     author={Yuyang Luo and Xiaosen Wang and Zhijin Ge and Yingzhe He},
     journal={arXiv preprint arXiv:2507.16052},
     year={2025}
}

@article{wang2023rethinkingb,
     title={{Generating Visually Realistic Adversarial Patch}},
     author={Xiaosen Wang and Kunyu Wang},
     journal={arXiv preprint arXiv:2312.03030},
     year={2023}
}

@article{wang2023rethinkingb,
     title={{Rethinking Mixup for Improving the Adversarial Transferability}},
     author={Xiaosen Wang and Zeyuan Yin},
     journal={arXiv preprint arXiv:2311.17087},
     year={2023}
}

@article{zhang2023improving,
     title={{Improving Adversarial Transferability with Scheduled Step Size and Dual Example}},
     author={Zeliang Zhang and Peihan Liu and Xiaosen Wang and Chenliang Xu},
     journal={arXiv preprint arXiv:62301.12968},
     year={2023}
}

@article{wang2021ipgdat,
     title={{I-PGD-AT: Efficient Adversarial Training via Imitating Iterative PGD Attack}},
     author={Xiaosen Wang and Bhavya Kailkhura and Krishnaram Kenthapadi and Bo Li},
     journal={OpenReview: TEt7PsVZux6},
     year={2021}
}

@article{wang2021multi,
     title={{Multi-stage Optimization based Adversarial Training}},
     author={Xiaosen Wang and Chuanbiao Song and Kun He and Liwei Wang},
     journal={arXiv preprint arXiv:2106.15357},
     year={2021}
}

@article{wang2019atgan,
     title={{AT-GAN: A Generative Attack Model for Adversarial Transferring on Generative Adversarial Nets}},
     author={Xiaosen Wang and Kun He and Chuanbiao Song and Liwei Wang and John E. Hopcroft},
     journal={arXiv preprint arXiv:1904.07793},
     year={2019}
}