Jiahao Yu's Page

I am a second-year computer science Ph.D. student at Northwestern University, working with Prof. Xinyu. My research interests lie in reinforcement learning and secure machine learning. I hold B.S. degree from Shanghai Jiao Tong University (2021). If you have any research issue, feel free to contact me! Enjoy research and life :)

news

Apr 18, 2024	Our GPTFuzzer work won Geekcon 2023 Annual Themed Debate Breakthrough Awards and was covered by SECGEEK.
Apr 16, 2024	Our bandfuzz work won first prize in SBFT and was covered in news.
Nov 29, 2023	Our prompt injection work on custom GPTs was covered on WIRED.
Dec 2, 2022	Our work was accepted by USENIX Security 2023!

selected publications

ICML

RICE: Breaking Through the Training Bottlenecks of Reinforcement Learning with Explanation

Spotlight Top-3.5%

Zelei Cheng, Xian Wu, Jiahao Yu, and 3 more authors

In Proceedings of the 41st International Conference on Machine Learning 2024
arXiv

GPTFUZZER: Red Teaming Large Language Models with Auto-Generated Jailbreak Prompts

Geekcon 2023 Annual Themed Debate Breakthrough Awards

Jiahao Yu, Xingwei Lin, Zheng Yu, and 1 more author

In 2023

PDF
USENIX

AIRS Explanation for Deep Reinforcement Learning based Security Applications

Jiahao Yu, Wenbo Guo, Qi Qin, and 3 more authors

In Proceedings of the 2023 USENIX Security 2022

Abs PDF

Recently, we have witnessed the success of deep reinforcement learning (DRL) in many security applications, ranging from malware mutation to selfish blockchain mining. Like all other machine learning methods, the lack of explainability has been limiting its broad adoption as users have difficulty establishing trust in DRL models’ decisions. Over the past years, different methods have been proposed to explain DRL models but unfortunately, they are often not suitable for security applications, in which explanation fidelity, efficiency, and the capability of model debugging are largely lacking. In this work, we propose AIRS, a general framework to explain deep reinforcement learning-based security applications. Unlike previous works that pinpoint important features to the agent’s current action, our explanation is at the step level. It models the relationship between the final reward and the key steps that a DRL agent takes, and thus outputs the steps that are most critical towards the final reward the agent has gathered. Using four representative security-critical applications, we evaluate AIRS from the perspectives of explainability, fidelity, stability, and efficiency. We show that AIRS could outperform alternative explainable DRL methods. We also showcase AIRS’s utility, demonstrating that our explanation could facilitate the DRL model’s failure offset, help users establish trust in a model decision, and even assist the identification of inappropriate reward designs.