Huan Zhang

Huan Zhang 

Huan Zhang

Ph.D. Student
Department of Computer Science
Los Angeles, CA, 90095

Email: firstlast AT ucla DOT edu

Resume (pdf)

About me

I am a 7-th year PhD student at UCLA and my primary research areas include machine learning, optimization and parallel computing. My advisors is Prof. Cho-Jui Hsieh. During 2015-2018 I was co-advised by Prof. Venkatesh Akella and Prof. Cho-Jui Hsieh at UC Davis. During 2012-2015, I also worked on a few topics in computer architecture and computer networks with Prof. Venkatesh Akella, Prof. Matthew Farrens and Prof. S. J. Ben Yoo.


My works roughly fall into the following categories:

1. Formal robustness analysis of neural networks: CROWN [ZWC+18] is a generic theoretical framework for robustness verification through layer-wise linear outer-bounds propagation, which generalizes and improves my early work Fast-Lin [WZC+18b]. RecurJac [ZZH19] gives robustness guarantee through a different approach of bounding local Lipschitz constant, outperforming my early work Fast-Lip [WZC+18b] by up to a few magnitudes. Unified source code for all algorithms can be found here.

2. Crafting adversarial examples: crafting adversarial examples on various deep learning applications including image captioning (Show-and-fool [CZC+18]) and NLP tasks. Proposing new formulations for finding adversarial examples including EAD [(CSZ+18)] and Structured Attack [XLZ+19]. Zeroth order optimization (ZOO) based black-box attack [CZS+18] with limited queries [TTC+19] and in non-smooth and non-differentiable settings [CLC+19].

3. Understanding robustness and adversarial examples: Difficulty on robust generalization and the blind-spot attack on adversarial training [ZCS+19]; Robustness and accuracy trade-off on ImageNet [SZC+18]; local Lipschitz constant based robustness estimation (CLEVER [WZC+18a]).

4. Defense against adversarial examples: through randomization [LCZ+18].

5. Optimization and scalable machine learning: Zeroth order optimization [LZH+16], asynchronous gradient descent and coordinate descent [ZHA16] [ZH16], distributed and decentralized optimization of neural networks [LZZ+17], extreme multi-label learning [SZK+17], tensor decomposition [SWZ16] and GPU acceleration of gradient boosted decision trees [ZSH18] (part of LightGBM).

I also worked on computer architecture [ZAN+14] [SZN+13] and computer networks [YZZ+13] [KPZ+15] during the early years of my PhD.

Publications (“*” indicates equal contribution)

[ZCS+19] The Limitations of Adversarial Training and the Blind-Spot Attack, Huan Zhang*, Hongge Chen*, Zhao Song, Duane Boning, Inderjit Dhillon, Cho-Jui Hsieh. ICLR 2019. (* Equal contribution) (pdf)

[CLC+19] Query-Efficient Hard-label Black-box Attack: An Optimization-based Approach, Minhao Cheng, Thong Le, Pin-Yu Chen, Huan Zhang, Jinfeng Yi, Cho-Jui Hsieh. ICLR 2019. (pdf)

[XLZ+19] Structured Adversarial Attack: Towards General Implementation and Better Interpretability. Kaidi Xu*, Sijia Liu*, Pu Zhao*, Pin-Yu Chen, Huan Zhang, Quanfu Fan, Deniz Erdogmus, Yanzhi Wang, Xue Lin, ICLR 2019. (pdf)

[ZZH19] RecurJac: An Efficient Recursive Algorithm for Bounding Jacobian Matrix of Neural Networks and Its Applications, Huan Zhang, Pengchuan Zhang, Cho-Jui Hsieh. AAAI 2019. (pdf) (code)

[TTC+19] AutoZOOM: Autoencoder-based Zeroth Order Optimization Method for Attacking Black-box Neural Networks, Chun-Chen Tu, Paishun Ting, Pin-Yu Chen, Sijia Liu, Huan Zhang, Jinfeng Yi, Cho-Jui Hsieh, Shin-Ming Cheng. AAAI 2019. (pdf)

[ZWC+18] Efficient Neural Network Robustness Certification with General Activation Functions, Huan Zhang*, Tsui-Wei Weng*, Pin-Yu Chen, Cho-Jui Hsieh, Luca Daniel. (* Equal contribution). NIPS 2018. (pdf) (code)

[SZC+18] Is Robustness the Cost of Accuracy? Lessons Learned from 18 Deep Image Classifiers, Dong Su*, Huan Zhang*, Hongge Chen, Jinfeng Yi, Pin-Yu Chen, Yupeng Gao. (* Equal contribution). ECCV 2018. (pdf) (code)

[LCZ+18] Towards Robust Neural Networks via Random Self-ensemble, Xuanqing Liu, Minhao Cheng, Huan Zhang, Cho-Jui Hsieh. ECCV 2018. (pdf)

[WZM+18] Realtime query completion via deep language models, Po-Wei Wang, Huan Zhang, Vijai Mohan, Inderjit S. Dhillon and J. Zico Kolter. SIGIR Workshop On eCommerce, 2018. (pdf) (code)

[WZC+18b] Towards Fast Computation of Certified Robustness for ReLU Networks , Tsui-Wei Weng*, Huan Zhang*, Hongge Chen, Zhao Song, Cho-Jui Hsieh, Duane Boning, Inderjit S. Dhillon, Luca Daniel. (* Equal contribution). ICML 2018 (pdf) (code)

[CZC+18] Attacking Visual Language Grounding with Adversarial Examples: A Case Study on Neural Image Captioning. Hongge Chen*, Huan Zhang*, Pin-Yu Chen, Jinfeng Yi and Cho-Jui Hsieh (* Equal contribution). ACL 2018 (pdf) (code).

[WZC+18a] Evaluating the Robustness of Neural Networks: An Extreme Value Theory Approach , Tsui-Wei Weng*, Huan Zhang*, Pin-Yu Chen, Jinfeng Yi, Dong Su, Yupeng Gao, Cho-Jui Hsieh, Luca Daniel (* Equal contribution). ICLR 2018 (pdf) (code)

[CSZ+18] EAD: Elastic-Net Attacks to Deep Neural Networks via Adversarial Examples, Pin-Yu Chen*, Yash Sharma*, Huan Zhang, Jinfeng Yi and Cho-Jui Hsieh. AAAI 2018. (pdf) (code)

[CZS+18] ZOO: Zeroth Order Optimization based Black-box Attacks to Deep Neural Networks without Training Substitute Models, Pin-Yu Chen*, Huan Zhang*, Yash Sharma, Jinfeng Yi, Cho-Jui Hsieh. (* Equal contribution) ACM Conference on Computer and Communications Security (CCS) Workshop on Artificial Intelligence and Security (AISec), 2017. (pdf) (code)

[ZSH18] GPU-acceleration for Large-scale Tree Boosting, Huan Zhang, Si Si, Cho-Jui Hsieh. SysML Conference, 2018. (pdf) (code)

[LZZ+17] Can Decentralized Algorithms Outperform Centralized Algorithms? A Case Study for Decentralized Parallel Stochastic Gradient Descent, Xiangru Lian, Ce Zhang, Huan Zhang, Cho-Jui Hsieh, Wei Zhang, and Ji Liu. NIPS 2017. (Oral paper) (pdf)

[SZK+17] Gradient Boosted Decision Trees for High Dimensional Sparse Output, Si Si, Huan Zhang, Sathiya Keerthi, Dhruv Mahajan, Inderjit Dhillon, Cho-Jui Hsieh. ICML 2017. (pdf)

[ZHA16] HogWild++: A New Mechanism for Decentralized Asynchronous Stochastic Gradient Descent, Huan Zhang, Cho-Jui Hsieh and Venkatesh Akella. ICDM 2016 (full-length paper). (pdf) (code)

[ZH16] Fixing the Convergence Problems in Parallel Asynchronous Dual Coordinate Descent, Huan Zhang, Cho-Jui Hsieh. ICDM 2016 (full-length paper). (pdf) (code)

[SWZ16] Sublinear Time Orthogonal Tensor Decomposition, Zhao Song, David P. Woodruff and Huan Zhang. NIPS 2016. (pdf) (code)

[LZH+16] A Comprehensive Linear Speedup Analysis for Asynchronous Stochastic Parallel Optimization from Zeroth-Order to First-Order, Xiangru Lian, Huan Zhang, Cho-Jui Hsieh, Yijun Huang, Ji Liu. NIPS 2016. (pdf)

[KPZ+15] Field demonstration of 100-Gb/s real-time coherent optical OFDM detection, by Noriaki Kaneda, Timo Pfau, Huan Zhang, Jeffrey Lee, Young-Kai Chen, Chun Ju Youn, Yong Hwan Kwon, Eun Soo Num, S. Chandrasekhar. Journal of Lightwave Technology, Vol. 33, No. 7, April 1 2015.

[ZAN+14] Burst Mode Processing: An Architectural Framework for Improving Performance in Future Chip Microprocessors, by Huan Zhang, Rajeevan Amirtharajah, Christopher Nitta, Matthew Farrens and Venkatesh Akella. Workshop on Workshop on Managing Overprovisioned Systems, Co-located with ASPLOS-19, 2014.

[SZN+13] HySIM: Towards a Scalable, Accurate and Fast Simulator for Manycore Processors by Kramer Straube, Huan Zhang, Christopher Nitta, Matthew Farrenss and Venkatesh Akella.3rd Workshop on the Intersections of Computer Architecture and Reconfigurable Logic, Co-located with MICRO-46, December 2013.

[YZZ+13] Spectral and Spatial 2D Fragmentation-Aware Routing and Spectrum Assignment Algorithms in Elastic Optical Networks, by Yawei Yin, Huan Zhang, Mingyang Zhang, Ming Xia, Zuqing Zhu, S. Dahlfort and S.J.B Yoo. IEEE/OSA Journal of Optical Communications and Networking, Vol. 5, No. 10, October 2013.


IBM PhD Fellowship, 2018-2019


I developed a GPU acceleration algorithm for LightGBM, a popular open-source package for large-scale gradient boosted decision tree (GBDT) training. I am a maintainer of the LightGBM project.

Teaching Experience

Teaching assistant for ECS 132, Probability and Statistical Modeling for Computer Science, Fall 2015

Teaching assistant for EEC 171, Parallel Computer Architecture, Spring 2013


“Blind Guide Device Based on the Smart Phone”, China Patent ZL.2010 2 0516516.9. Yang Yang, Huan Zhang, Ding Zhao, Li Chen et al. Issued on July, 20, 2011. (pdf)

Some Undergraduate Projects

I did some interesting projects during my undergraduate years. They have become non-relevant to my current research but I am still keeping links and descriptions here because I do occasionally get emails asking some details.

Click here for a list of my previous projects.


Email:firstlast AT ucla DOT edu

404 Westwood Plaza
Engineering VI
Los Angeles, CA 90095-1596