Yue Gao

I am a Ph.D. graduate from the Computer Science Department at the University of Wisconsin–Madison, advised by Kassem Fawaz in the Wi-Pi and MadS&P research group. I also worked with Nicolas Papernot on adversarial machine learning. Prior to joining UW–Madison, I obtained my Bachelor’s degree in Computer Science from Shanghai University.

After graduation, I joined Snowflake as a Product Security Engineer.

My research interest broadly lies in machine learning security and system security. My current works focus on the adversarial robustness of machine learning systems, with the goal of understanding, detecting, and mitigating vulnerabilities in real-world machine learning systems.

News

Feb 11, 2025	Our paper Supply-Chain Attacks in Machine Learning Frameworks was accepted by MLSys 2025.
Dec 13, 2024	Our paper SEA: Shareable and Explainable Attribution for Query-based Black-box Attacks was accepted by SaTML 2025.
Oct 24, 2023	Gave a talk about forensics and intelligence sharing for ML Security at IBM Research (GARD).
Oct 16, 2023	Gave a talk about the vulnerabilities of preprocessing in adversarial machine learning at Google ML Red Team.
Apr 20, 2023	Gave a talk about the vulnerabilities of preprocessing in adversarial machine learning at RIKEN-AIP.
Oct 11, 2022	Gave a talk about the limitations of stochastic pre-processing defenses (slides).
Oct 8, 2022	Recognized as a Top Reviewer (10%) for NeurIPS 2022.

Selected Publications

MLSys

Supply-Chain Attacks in Machine Learning Frameworks

Yue Gao, Ilia Shumailov, and Kassem Fawaz

In The Eighth Annual Conference on Machine Learning and Systems, 2025

Bib

  title = {Supply-Chain Attacks in Machine Learning Frameworks},
  author = {Gao, Yue and Shumailov, Ilia and Fawaz, Kassem},
  booktitle = {The Eighth Annual Conference on Machine Learning and Systems},
  year = {2025},
}

SaTML

SEA: Shareable and Explainable Attribution for Query-based Black-box Attacks

Yue Gao, Ilia Shumailov, and Kassem Fawaz

In Proceedings of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2025

Bib PDF

@inproceedings{gao2025sea,
  title = {SEA: Shareable and Explainable Attribution for Query-based Black-box Attacks},
  author = {Gao, Yue and Shumailov, Ilia and Fawaz, Kassem},
  booktitle = {Proceedings of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)},
  year = {2025},
}

NeurIPS

On the Limitations of Stochastic Pre-processing Defenses

Yue Gao, Ilia Shumailov, Kassem Fawaz, and Nicolas Papernot

In Proceedings of the 36th Conference on Neural Information Processing Systems, 2022

Bib PDF Code Poster Slides

@inproceedings{gao2022limitations,
  author = {Gao, Yue and Shumailov, Ilia and Fawaz, Kassem and Papernot, Nicolas},
  title = {On the Limitations of Stochastic Pre-processing Defenses},
  booktitle = {Proceedings of the 36th Conference on Neural Information Processing Systems},
  year = {2022},
}

USENIX Security

Experimental Security Analysis of the App Model in Business Collaboration Platforms

Yunang Chen*, Yue Gao*, Nick Ceccio, Rahul Chatterjee, Kassem Fawaz, and Earlence Fernandes

In 31st USENIX Security Symposium (USENIX Security 22), Aug 2022

Bib PDF Slides Talk Website

@inproceedings{chen2022bcp,
  title = {Experimental Security Analysis of the App Model in Business Collaboration Platforms},
  author = {Chen*, Yunang and Gao*, Yue and Ceccio, Nick and Chatterjee, Rahul and Fawaz, Kassem and Fernandes, Earlence},
  booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
  year = {2022},
  address = {Boston, MA},
  pages = {2011--2028},
  url = {https://www.usenix.org/conference/usenixsecurity22/presentation/chen-yunang-experimental},
  publisher = {USENIX Association},
  month = aug,
}

ICML

Rethinking Image-Scaling Attacks: The Interplay Between Vulnerabilities in Machine Learning Systems

Yue Gao, Ilia Shumailov, and Kassem Fawaz

In Proceedings of the 39th International Conference on Machine Learning, Jul 2022

Accepted for Long Presentation (2%)

Bib PDF Code Poster Slides Talk

@inproceedings{gao2022interplay,
  title = {Rethinking Image-Scaling Attacks: The Interplay Between Vulnerabilities in Machine Learning Systems},
  author = {Gao, Yue and Shumailov, Ilia and Fawaz, Kassem},
  booktitle = {Proceedings of the 39th International Conference on Machine Learning},
  year = {2022},
  address = {Baltimore, MI},
  pages = {7102--7121},
  series = {Proceedings of Machine Learning Research},
  publisher = {PMLR},
  month = jul,
  volume = {162},
}

CVPR Workshop
Variational Autoencoder for Low Bit-rate Image Compression

Lei Zhou*, Chunlei Cai*, Yue Gao, Sanbao Su, and Junmin Wu

In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, Jul 2018

Winner of the 1st Workshop and Challenge on Learned Image Compression.

Bib PDF
@inproceedings{zhou2018compression, author = {Zhou*, Lei and Cai*, Chunlei and Gao, Yue and Su, Sanbao and Wu, Junmin}, booktitle = {Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR) Workshops}, year = {2018}, }