Researcher profile

Dongxiao Yu

Dongxiao Yu contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate

Cryptography and Security Distributed, Parallel, and Cluster Computing Machine Learning Artificial Intelligence cs.CY Networking and Internet Architecture

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author

11works

0followers

6topics

4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

preprint2026arXiv

Certified Unlearning in Decentralized Federated Learning

Driven by the right to be forgotten (RTBF), machine unlearning has become an essential requirement for privacy-preserving machine learning. However, its realization in decentralized federated learning (DFL) remains largely unexplored. In DFL, clients exchange local updates only with neighbors, causing model information to propagate and mix across the network. As a result, when a client requests data deletion, its influence is implicitly embedded throughout the system, making removal difficult without centralized coordination. We propose a novel certified unlearning framework for DFL based on Newton-style updates. Our approach first quantifies how a client's data influence propagates during training. Leveraging curvature information of the loss with respect to the target data, we then construct corrective updates using Newton-style approximations. To ensure scalability, we approximate second-order information via Fisher information matrices. The resulting updates are perturbed with calibrated noise and broadcast through the network to eliminate residual influence across clients. We theoretically prove that our approach satisfies the formal definition of certified unlearning, ensuring that the unlearned model is difficult to distinguish from a retrained model without the deleted data. We also establish utility bounds showing that the unlearned model remains close to retraining from scratch. Extensive experiments across diverse decentralized settings demonstrate the effectiveness and efficiency of our framework.

preprint2026arXiv

Second-Order Convergence in Private Stochastic Non-Convex Optimization

We investigate the problem of finding second-order stationary points (SOSP) in differentially private (DP) stochastic non-convex optimization. Existing methods suffer from two key limitations: (i) inaccurate convergence error rate due to overlooking gradient variance in the saddle point escape analysis, and (ii) dependence on auxiliary private model selection procedures for identifying DP-SOSP, which can significantly impair utility, particularly in distributed settings. To address these issues, we propose a generic perturbed stochastic gradient descent (PSGD) framework built upon Gaussian noise injection and general gradient oracles. A core innovation of our framework is using model drift distance to determine whether PSGD escapes saddle points, ensuring convergence to approximate local minima without relying on second-order information or additional DP-SOSP identification. By leveraging the adaptive DP-SPIDER estimator as a specific gradient oracle, we develop a new DP algorithm that rectifies the convergence error rates reported in prior work. We further extend this algorithm to distributed learning with heterogeneous data, providing the first formal guarantees for finding DP-SOSP in such settings. Our analysis also highlights the detrimental impacts of private selection procedures in distributed learning under high-dimensional models, underscoring the practical benefits of our design. Numerical experiments on real-world datasets validate the efficacy of our approach.

preprint2025arXiv

Distributed Bilevel Optimization with Dual Pruning for Resource-limited Clients

With the development of large-scale models, traditional distributed bilevel optimization algorithms cannot be applied directly in low-resource clients. The key reason lies in the excessive computation involved in optimizing both the lower- and upper-level functions. Thus, we present the first resource-adaptive distributed bilevel optimization framework with a second-order free hypergradient estimator, which allows each client to optimize the submodels adapted to the available resources. Due to the coupled influence of partial outer parameters x and inner parameters y, it's challenging to theoretically analyze the upper bound regarding the globally averaged hypergradient for full model parameters. The error bound of inner parameter also needs to be reformulated since the local partial training. The provable theorems show that both RABO and RAFBO can achieve an asymptotically optimal convergence rate of $O(1/\sqrt{C_x^{\ast}Q})$, which is dominated by the minimum coverage of the outer parameter $C_x^{\ast}$. Extensive experiments on two different tasks demonstrate the effectiveness and computation efficiency of our proposed methods.

preprint2022arXiv

Decentralized Wireless Federated Learning with Differential Privacy

This paper studies decentralized federated learning algorithms in wireless IoT networks. The traditional parameter server architecture for federated learning faces some problems such as low fault tolerance, large communication overhead and inaccessibility of private data. To solve these problems, we propose a Decentralized-Wireless-Federated-Learning algorithm called DWFL. The algorithm works in a system where the workers are organized in a peer-to-peer and server-less manner, and the workers exchange their privacy preserving data with the analog transmission scheme over wireless channels in parallel. With rigorous analysis, we show that DWFL satisfies $(ε,δ)$-differential privacy and the privacy budget per worker scales as $\mathcal{O}(\frac{1}{\sqrt{N}})$, in contrast with the constant budget in the orthogonal transmission approach. Furthermore, DWFL converges at the same rate of $\mathcal{O}(\sqrt{\frac{1}{TN}})$ as the best known centralized algorithm with a central parameter server. Extensive experiments demonstrate that our algorithm DWFL also performs well in real settings.

preprint2022arXiv

Extending On-chain Trust to Off-chain -- Trustworthy Blockchain Data Collection using Trusted Execution Environment (TEE)

Blockchain creates a secure environment on top of strict cryptographic assumptions and rigorous security proofs. It permits on-chain interactions to achieve trustworthy properties such as traceability, transparency, and accountability. However, current blockchain trustworthiness is only confined to on-chain, creating a "trust gap" to the physical, off-chain environment. This is due to the lack of a scheme that can truthfully reflect the physical world in a real-time and consistent manner. Such an absence hinders further real-world blockchain applications, especially for security-sensitive ones. In this paper, we propose a scheme to extend blockchain trust from on-chain to off-chain, and take trustworthy vaccine transportation as an example. Our scheme consists of 1) a Trusted Execution Environment (TEE)-enabled trusted environment monitoring system built with the Arm Cortex-M33 microcontroller that continuously senses the inside of a vaccine box through trusted sensors and generates anti-forgery data; and 2) a consistency protocol to upload the environment status data from the TEE system to blockchain in a truthful, real-time consistent, continuous and fault-tolerant fashion. Our security analysis indicates that no adversary can tamper with the vaccine in any way without being captured. We carry out an experiment to record the internal status of a vaccine shipping box during transportation, and the results indicate that the proposed system incurs an average latency of 84 ms in local sensing and processing followed by an average latency of 130 ms to have the sensed data transmitted to and available in the blockchain.

preprint2022arXiv

Harnessing Context for Budget-Limited Crowdsensing with Massive Uncertain Workers

Crowdsensing is an emerging paradigm of ubiquitous sensing, through which a crowd of workers are recruited to perform sensing tasks collaboratively. Although it has stimulated many applications, an open fundamental problem is how to select among a massive number of workers to perform a given sensing task under a limited budget. Nevertheless, due to the proliferation of smart devices equipped with various sensors, it is very difficult to profile the workers in terms of sensing ability. Although the uncertainties of the workers can be addressed by standard Combinatorial Multi-Armed Bandit (CMAB) framework through a trade-off between exploration and exploitation, we do not have sufficient allowance to directly explore and exploit the workers under the limited budget. Furthermore, since the sensor devices usually have quite limited resources, the workers may have bounded capabilities to perform the sensing task for only few times, which further restricts our opportunities to learn the uncertainty. To address the above issues, we propose a Context-Aware Worker Selection (CAWS) algorithm in this paper. By leveraging the correlation between the context information of the workers and their sensing abilities, CAWS aims at maximizing the expected total sensing revenue efficiently with both budget constraint and capacity constraints respected, even when the number of the uncertain workers is massive. The efficacy of CAWS can be verified by rigorous theoretical analysis and extensive experiments.

preprint2022arXiv

MalFox: Camouflaged Adversarial Malware Example Generation Based on Conv-GANs Against Black-Box Detectors

Deep learning is a thriving field currently stuffed with many practical applications and active research topics. It allows computers to learn from experience and to understand the world in terms of a hierarchy of concepts, with each being defined through its relations to simpler concepts. Relying on the strong capabilities of deep learning, we propose a convolutional generative adversarial network-based (Conv-GAN) framework titled MalFox, targeting adversarial malware example generation against third-party black-box malware detectors. Motivated by the rival game between malware authors and malware detectors, MalFox adopts a confrontational approach to produce perturbation paths, with each formed by up to three methods (namely Obfusmal, Stealmal, and Hollowmal) to generate adversarial malware examples. To demonstrate the effectiveness of MalFox, we collect a large dataset consisting of both malware and benignware programs, and investigate the performance of MalFox in terms of accuracy, detection rate, and evasive rate of the generated adversarial malware examples. Our evaluation indicates that the accuracy can be as high as 99.0% which significantly outperforms the other 12 well-known learning models. Furthermore, the detection rate is dramatically decreased by 56.8% on average, and the average evasive rate is noticeably improved by up to 56.2%.

preprint2022arXiv

Malware-on-the-Brain: Illuminating Malware Byte Codes with Images for Malware Classification

Malware is a piece of software that was written with the intent of doing harm to data, devices, or people. Since a number of new malware variants can be generated by reusing codes, malware attacks can be easily launched and thus become common in recent years, incurring huge losses in businesses, governments, financial institutes, health providers, etc. To defeat these attacks, malware classification is employed, which plays an essential role in anti-virus products. However, existing works that employ either static analysis or dynamic analysis have major weaknesses in complicated reverse engineering and time-consuming tasks. In this paper, we propose a visualized malware classification framework called VisMal, which provides highly efficient categorization with acceptable accuracy. VisMal converts malware samples into images and then applies a contrast-limited adaptive histogram equalization algorithm to enhance the similarity between malware image regions in the same family. We provided a proof-of-concept implementation and carried out an extensive evaluation to verify the performance of our framework. The evaluation results indicate that VisMal can classify a malware sample within 4.0ms and have an average accuracy of 96.0%. Moreover, VisMal provides security engineers with a simple visualization approach to further validate its performance.

preprint2022arXiv

Online Learning for Failure-aware Edge Backup of Service Function Chains with the Minimum Latency

Virtual network functions (VNFs) have been widely deployed in mobile edge computing (MEC) to flexibly and efficiently serve end users running resource-intensive applications, which can be further serialized to form service function chains (SFCs), providing customized networking services. To ensure the availability of SFCs, it turns out to be effective to place redundant SFC backups at the edge for quickly recovering from any failures. The existing research largely overlooks the influences of SFC popularity, backup completeness and failure rate on the optimal deployment of SFC backups on edge servers. In this paper, we comprehensively consider from the perspectives of both the end users and edge system to backup SFCs for providing popular services with the lowest latency. To overcome the challenges resulted from unknown SFC popularity and failure rate, as well as the known system parameter constraints, we take advantage of the online bandit learning technique to cope with the uncertainty issue. Combining the Prim-inspired method with the greedy strategy, we propose a Real-Time Selection and Deployment(RTSD) algorithm. Extensive simulation experiments are conducted to demonstrate the superiority of our proposed algorithms.

preprint2022arXiv

SPDL: Blockchain-secured and Privacy-preserving Decentralized Learning

Decentralized learning involves training machine learning models over remote mobile devices, edge servers, or cloud servers while keeping data localized. Even though many studies have shown the feasibility of preserving privacy, enhancing training performance or introducing Byzantine resilience, but none of them simultaneously considers all of them. Therefore we face the following problem: \textit{how can we efficiently coordinate the decentralized learning process while simultaneously maintaining learning security and data privacy?} To address this issue, in this paper we propose SPDL, a blockchain-secured and privacy-preserving decentralized learning scheme. SPDL integrates blockchain, Byzantine Fault-Tolerant (BFT) consensus, BFT Gradients Aggregation Rule (GAR), and differential privacy seamlessly into one system, ensuring efficient machine learning while maintaining data privacy, Byzantine fault tolerance, transparency, and traceability. To validate our scheme, we provide rigorous analysis on convergence and regret in the presence of Byzantine nodes. We also build a SPDL prototype and conduct extensive experiments to demonstrate that SPDL is effective and efficient with strong security and privacy guarantees.

preprint2022arXiv

zk-PCN: A Privacy-Preserving Payment Channel Network Using zk-SNARKs

Payment channel network (PCN) is a layer-two scaling solution that enables fast off-chain transactions but does not involve on-chain transaction settlement. PCNs raise new privacy issues including balance secrecy, relationship anonymity and payment privacy. Moreover, protecting privacy causes low transaction success rates. To address this dilemma, we propose zk-PCN, a privacy-preserving payment channel network using zk-SNARKs. We prevent from exposing true balances by setting up \textit{public balances} instead. Using public balances, zk-PCN can guarantee high transaction success rates and protect PCN privacy with zero-knowledge proofs. Additionally, zk-PCN is compatible with the existing routing algorithms of PCNs. To support such compatibility, we propose zk-IPCN to improve zk-PCN with a novel proof generation (RPG) algorithm. zk-IPCN reduces the overheads of storing channel information and lowers the frequency of generating zero-knowledge proofs. Finally, extensive simulations demonstrate the effectiveness and efficiency of zk-PCN in various settings.

Dongxiao Yu

Quick read

Decide how to stay connected

How to connect with this researcher

Open a focused conversation when the fit is right

See the researcher in context

Building this graph slice

11 published item(s)

Certified Unlearning in Decentralized Federated Learning

Second-Order Convergence in Private Stochastic Non-Convex Optimization

Distributed Bilevel Optimization with Dual Pruning for Resource-limited Clients

Decentralized Wireless Federated Learning with Differential Privacy

Extending On-chain Trust to Off-chain -- Trustworthy Blockchain Data Collection using Trusted Execution Environment (TEE)

Harnessing Context for Budget-Limited Crowdsensing with Massive Uncertain Workers

MalFox: Camouflaged Adversarial Malware Example Generation Based on Conv-GANs Against Black-Box Detectors

Malware-on-the-Brain: Illuminating Malware Byte Codes with Images for Malware Classification

Online Learning for Failure-aware Edge Backup of Service Function Chains with the Minimum Latency

SPDL: Blockchain-secured and Privacy-preserving Decentralized Learning

zk-PCN: A Privacy-Preserving Payment Channel Network Using zk-SNARKs