avatar

Heyi Zhang

Trustworthy AI, Security and Privacy, Cybersecurity

Welcome! Here you can find information about my research, publications, academic activities, and contact details.

Research Interests

I hold a Ph.D. in Cyberspace Security from Shanghai Jiao Tong University. My research broadly falls into two complementary directions: Trustworthy AI and AI for safety-critical applications.

For Trustworthy AI, I develop trustworthy AI methodologies to enhance the robustness, security, privacy, and reliability of AI systems under heterogeneous and dynamic real-world conditions, leveraging robust learning, anomaly detection, distributed/federated learning, privacy-preserving techniques (e.g., differential privacy), and optimization methods.

For AI for safety-critical applications, I develop data-driven and AI-enabled solutions for the safe, reliable, and trustworthy deployment of AI in healthcare, wireless networks, IoT, and cybersecurity, leveraging domain-aware modeling, machine learning, data analytics, and system-level optimization.

Selected Publications

For a complete list of my publications, please visit my Google Scholar profile.

[1] Building Trust Beyond Update Divergence: Dual-Refined Aggregation for Byzantine-Robust Federated Learning
Heyi Zhang, X. He, J. Wu, et al.
IEEE Transactions on Information Forensics and Security (TIFS), 2026.

Contribution: To address stealthy Byzantine attacks under heterogeneous data distributions in federated learning, we developed a dual-refined aggregation framework that leverages sparse saliency structures for malicious update detection and group-wise robustness-aware weighted aggregation for robust model aggregation

Technical Expertise: Distributed Learning, Robust Aggregation, Group-wise Robustness, Anomaly Detection, PyTorch, Data Analysis.

[2] Coded Computing Meets Differential Privacy: Byzantine-Robust and Privacy-Preserving Distributed Machine Learning
Y. Xue, J. Wu, X. Lin, Heyi Zhang, et al.
IEEE Transactions on Dependable and Secure Computing (TDSC), 2026.

Contribution: To address stragglers and privacy challenges in distributed learning, we developed a Byzantine-robust framework integrating differential privacy with Lagrange coded computing to achieve secure, privacy-preserving, and communication-efficient distributed learning.

Technical Expertise: Differential Privacy, Lagrange Coded Computing, Distributed Programming, Byzantine Fault Tolerance, Straggler Mitigation, Distributed Optimization, PyTorch.

[3] Integrating Blockchain and Deep Learning Into Extremely Resource-Constrained IoT: An Energy-Saving Zero-Knowledge PoL Approach
Heyi Zhang, J. Wu, X. Lin, et al.
IEEE Internet of Things Journal (IoTJ), 2023.

Contribution: To address resource and security challenges in resource-constrained IoT, We developed a blockchain-enabled trustworthy distributed learning framework integrating a Zero-Knowledge Proof of Learning (ZPoL) consensus protocol and a quality-aware incentive mechanism.

Technical Expertise: Ethereum Blockchain, Proof of Learning (PoL), Zero-Knowledge Proof (ZKP), Stackelberg Game, Deep Learning, PyTorch, Numpy.

[4] Toward Byzantine-robust Distributed Learning for Sentiment Classification on Social Media Platform
Heyi Zhang, J. Wu, X. Lin, et al.
IEEE Transactions on Computational Social Systems (TCSS), 2024.

Contribution: To address Byzantine attacks and straggler issues in distributed machine learning, we developed a Byzantine-robust framework leveraging Lagrange coded computing together with coded-domain similarity-based coded aggregation for Byzantine-robust and efficient distributed model training.

Technical Expertise: Lagrange Coded Computing, Byzantine Fault Tolerance, Cosine similarity, Ethereum Blockchain, Distributed Programming, PyTorch, Numpy, Solidity.

[5] SoK: Benchmarking Poisoning Attacks and Defenses in Federated Learning
Heyi Zhang, Y. Liu, X. He, et al.
arXiv, 2025. Open-source Benchmark (GitHub, 60+ Stars). [Paper] [GitHub]

Contribution: To systematically benchmark poisoning attacks and defenses in federated learning, we developed and open-sourced FLPoison, a unified, modular, and extensible framework for reproducible robustness evaluation across diverse federated learning algorithms and heterogeneous data settings.

Technical Expertise: Federated Learning, Adversarial Machine Learning, Benchmarking, Robustness Evaluation, Reproducible AI, PyTorch, Pandas.

Academic Services

Program Committee Member or Reviewer for leading journals and conferences, including:

  • IEEE Transactions on Dependable and Secure Computing (TDSC)
  • IEEE Transactions on Network Science and Engineering (TNSE)
  • Cluster Computing (Springer Nature)
  • Scientific Reports (Springer Nature)
  • The Web Conference (WWW)
  • AAAI Conference on Artificial Intelligence (AAAI)

External Reviewer for:

  • USENIX Security Symposium
  • ACM Conference on Computer and Communications Security (CCS)
  • Network and Distributed System Security Symposium (NDSS)
  • IEEE Transactions on Parallel and Distributed Systems (TPDS)
  • IEEE Internet of Things Journal (IoTJ)
  • IEEE Transactions on Industrial Informatics (TII)
  • International Conference on Machine Learning (ICML)
  • European Conference on Computer Vision (ECCV)