[CS] Wenxin Ding Dissertation Defense/Jan 22, 2026

Thu Jan 8 12:13:23 CST 2026

This is an announcement of Wenxin Ding's Dissertation Defense.
===============================================
Candidate: Wenxin Ding

Date: Thursday, January 22, 2026

Time:  1:30 pm CST

Remote Location: https://uchicago.zoom.us/j/92293084622?pwd=JbRAMaJKou3aGVY7AmMbjgpFi4cbQD.1

Location: JCL 298

Title: Steering Model Robustness via Minimal Training Data Modification

Abstract: Advances in machine learning have resulted in models of increasing size and complexity. Recent generative models are trained on billions of samples and feature billions of parameters. Given their massive volume of training data, many assume that these large models are inherently robust to training-time attacks, because it would require modifying a significant portion of the training data to compromise the model’s robustness. My thesis challenges this prevailing assumption, and asks: “Is it possible to change a model’s security behavior by injecting minimal yet strategically optimized samples to its training data?” I study this question using both empirical and analytical approaches, for both deep neural networks (DNNs) and text-to-image generative models. My research establishes new theoretical characterization for training robust classifiers and identifies new vulnerabilities in generative models. 

In this talk, I will present my research on post-breach recovery of DNN models, where attackers breach the server to gain white-box access to the deployed model, and thus model owners need mechanisms to recover from such incidents. My work demonstrates that a model trainer can add a small amount of unseen (or hidden) samples into the training data to obtain a new model version that is robust to adversarial attacks originated from the breached model. This model versioning algorithm enables fast post-breach recovery, a critical issue underexplored by existing DNN defenses.

I also expand the scope of model robustness to the problem of provenance tracing. Today, practitioners can easily fine-tune a model from an existing base model for task-specific applications. However, releasing and deploying fine-tuned models without disclosing the source misleads users on model quality and ethics of its training process. Towards this, I develop a provenance system with provable guarantees through optimized data retrieval.  

I will conclude by discussing ongoing challenges on AI security in the generative era.

Advisors: Ben Zhao and Heather Zheng

Committee Members: Ben Zhao, Heather Zheng, Yuxin Chen, and Grant Ho