Sizhe Chen’s homepage


Hi! I am a first-year Ph.D. student in Department of EECS, UC Berkeley, where I am fortunately advised by Prof. David Wagner. My research interests lie in trustworthy machine learning and AI security in real-world applications. Currently, I am working on safe LLMs. Previously, I got my M.Eng. and B.Eng. (Summa Cum Laude) from Shanghai Jiao Tong University supervised by Prof. Xiaolin Huang. I also had a great time visiting UW, NEU, UCSC, and interning at Tencent.


  • Norman Mu, Sarah Li Chen, Zifan Wang, Sizhe Chen, David Karamardian, Lulwa Aljeraisy, Dan Hendrycks, David Wagner. Can LLMs Follow Simple Rules? 2023. [Website]
  • Shutong Wu*, Sizhe Chen*, Cihang Xie, Xiaolin Huang. One-Pixel Shortcut: On the Learning Preference of Deep Neural Networks. International Conference on Learning Representations (ICLR), Spotlight (8%), 2023. [PDF]
  • Sizhe Chen, Geng Yuan, Xinwen Cheng, Yifan Gong, Minghai Qin, Yanzhi Wang, Xiaolin Huang. Self-Ensemble Protection: Training Checkpoints Are Good Data Protectors. International Conference on Learning Representations (ICLR), 2023. [PDF]
  • Sizhe Chen, Zhehao Huang, Qinghua Tao, Xiaolin Huang. Query Attack by Multi-Identity Surrogates. IEEE Transactions on Artificial Intelligence (TAI), 2023. [PDF]
  • Sizhe Chen, Qinghua Tao, Zhixing Ye, Xiaolin Huang. Measuring the Transferability of L_infty Attacks by the L_2 Norm. IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2023. [PDF]
  • Yingwen Wu, Sizhe Chen, Kun Fang, Xiaolin Huang. Unifying Gradients to Improve Real-World Robustness for Deep Networks. ACM Transactions on Intelligent Systems and Technology (TIST), 2023. [PDF]
  • Zhengbao He, Tao Li, Sizhe Chen, Xiaolin Huang. Investigating Catastrophic Overfitting in Fast Adversarial Training: A Self-fitting Perspective. The IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), 2023. [PDF]
  • Sizhe Chen, Zhehao Huang, Qinghua Tao, Yingwen Wu, Cihang Xie, Xiaolin Huang. Adversarial Attack on Attackers: Post-Process to Mitigate Black-Box Score-Based Query Attacks. Annual Conference on Neural Information Processing Systems (NeurIPS), 2022. [PDF]
  • Sizhe Chen, Zhengbao He, Chengjin Sun, Jie Yang, Xiaolin Huang. Universal Adversarial Attack on Attention and the Resulting Dataset DAmageNet. IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2022. [PDF]
  • Tao Li, Yingwen Wu, Sizhe Chen, Kun Fang, Xiaolin Huang. Subspace Adversarial Training. The IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Oral (4%), 2022. [PDF]
  • Sizhe Chen, Fan He, Xiaolin Huang, Kun Zhang. Relevance Attack on Detectors. Pattern Recognition (PR), 2022. [PDF]


  • Departmental Fellowship of EECS, UC Berkeley, 2023.
  • Travel Support in NeurIPS’22, ICLR’23.
  • National Scholarship (Top 0.2% national-wide), 2021 and 2022.
  • Extraordinary Bachelor’s Thesis (Top 1% in Shanghai Jiao Tong University), 2020.


  • Reviewer: NeurIPS’23, ICLR’23/24, CVPR’23/24, ICCV’23, ECCV’22, TPAMI, MACH, PR, etc.