Hongyang Zhang   张弘扬

  Postdoc Fellow

Toyota Technological Institute at Chicago (TTIC)

hongyanz AT ttic.edu [Google Scholar] [DBLP] [GitHub]

Office: TTIC 409

I am a Postdoc fellow at Toyota Technological Institute at Chicago (TTIC), hosted by Avrim Blum and Greg Shakhnarovich. I am interested in the problems where beautiful theory and practical methodology meet, which broadly include theories and applications of machine learning and algorithms, such as adversarial defenses and attacks, non-convex/convex optimization, deep learning, low-rank subspace recovery, noise-tolerant active learning, property testing, and compressed sensing.

Before joining TTIC, I completed my Ph.D. degree in 2019 with wonderful 4-year study at Machine Learning Department, Carnegie Mellon University. I was fortunate to be co-advised by Maria-Florina Balcan and David P. Woodruff. Prior to that, I graduated from Peking University in 2015, working with Zhouchen Lin and Chao Zhang in Zero Lab. I was a former intern at IBM Almaden Research Center and Petuum Inc.

Research Areas

Machine Learning, AI Security, Optimization, and their Applications. Current research focus includes:

  • Robustness: Building theoretical foundations for computationally efficient adversarial defenses and attacks. Developing practical, large-scaled algorithms for real-world AI security problems.

  • Optimization: Developing new paradigms toward global optimality of non-convex optimization in polynomial time. Designing algorithms and understanding landscape (e.g., duality gap) of deep neural network, GAN, matrix factorization.

  • Sample Efficiency: Designing principled, practical and scalable algorithms for big data problems with near-optimal sample complexity. These include models of matrix completion and sensing, robust PCA, margin-based active learning, property testing, phase retrieval.

  • Applications: Applications of machine learning models in image and video processing, medical data.


  • 2020/2/10. Our new work on provable hardness results of Random Smoothing was available on [arXiv].
  • 2019/9/3. Two papers were accepted to NeurIPS 2019.
  • 2019/4/26. One paper was accepted to Journal of Machine Learning Research.
  • 2019/4/25. I defended my Ph.D. Thesis titled "New Advances in Sparse Learning, Deep Networks, and Adversarial Learning: Theory and Applications". I was fortunate to have Maria-Florina Balcan, David P. Woodruff, Ruslan Salakhutdinov, and Avrim Blum as my thesis committee. [thesis]
  • 2019/4/21. One paper was accepted to ICML 2019.
  • 2019/1/17. TRADESv2 created a new record in Unrestricted Adversarial Examples Challenge. [leaderboard]
  • 2018/12/22. One paper was accepted to AISTATS 2019.
  • 2018/11/8. In NeurIPS 2018 Adversarial Vision Challenge, our team won the 1st place (out of 400+ teams) in both Robust Model Track and Targeted Attacks Track, and the 3rd place in Untargeted Attacks Track [news]. Please check our new method TRADES [paper] [code].
  • 2018/9/27. One paper was accepted to SODA 2019.
  • 2018/6/27. One paper was accepted to Proceedings of the IEEE.
  • 2018/9/4-2018/10/9. I was visiting Simons Institute at UC Berkeley.
  • 2018/5/29-2018/8/24. I was doing an internship at Petuum, Inc.
  • 2018/4/16. One paper was accepted to ICALP 2018.
  • 2017/10/26. One paper was accepted to ITCS 2018.
  • 2017/9/4. Two papers were accepted to NIPS 2017.
  • 2017/6/15-2017/8/15. I was visiting IBM theory group, San Jose.
  • 2017/5/12. One paper was accepted to ICML 2017.
  • 2017/5/8. My new book has been published by Elsevier Press. [Elsevier link] [Amazon link]
  • 2016/8/12. One paper was accepted to NIPS 2016.
  • 2016/5/3. One paper was accepted to IEEE Transactions on Information Theory.
  • 2016/4/26. One paper was accepted to COLT 2016.

    Selected Publications [Full List of Publications]

  • With Avrim Blum, Travis Dick, Naren Manoj (α-β order). "Random Smoothing Might be Unable to Certify L∞ Robustness for High-Dimensional Images", under review by JMLR, 2020. [arXiv] [code]

  • Hongyang Zhang, Yaodong Yu, Jiantao Jiao, Eric P. Xing, Laurent El Ghaoui, Michael I. Jordan. "Theoretically Principled Trade-off between Robustness and Accuracy", ICML 2019 (Long Talk), Long Beach, USA. [arXiv] [code] (Winner of NeurIPS 2018 Adversarial Vision Challenge)

        TRADES remains the top-performing algorithm in adversarial defenses after 1-year time test by various third-party evaluations. Here is an example.

  • With Maria-Florina Balcan, Yi Li, David P. Woodruff (α-β order). "Testing Matrix Rank, Optimally", SODA 2019, San Diego, USA. [pdf] [arXiv]

  • With Maria-Florina Balcan, Yingyu Liang, David P. Woodruff (α-β order). "Non-Convex Matrix Completion and Related Problems via Strong Duality", Journal of Machine Learning Research, 2019. [pdf]

        A preliminary version of this paper appears in ITCS 2018, Cambridge, USA. [arXiv]

  • With Pranjal Awasthi, Maria-Florina Balcan, Nika Haghtalab (α-β order). “Learning and 1-bit Compressed Sensing under Asymmetric Noise”, COLT 2016, New York, USA. [pdf]

  • BOOK: With Zhouchen Lin (α-β order). “Low Rank Models in Visual Analysis: Theories, Algorithms and Applications”, Elsevier Press, 2017. [Elsevier link] [Amazon link]


    Table of Contents

  • Introduction
  • Linear Models (Single Subspace Models, Multiple-Subspace Models, Theoretical Analysis)
  • Non-Linear Models (Kernel Methods, Laplacian and Hyper-Laplacian Methods, Locally Linear Representation, Transformation Invariant Clustering)
  • Optimization Algorithms (Convex Algorithms, Non-Convex Algorithms, Randomized Algorithms)
  • Representative Applications (Video Denoising, Background Modeling, Robust Alignment by Sparse and Low-Rank Decomposition, Transform Invariant Low-Rank Textures, Motion and Image Segmentation, Image Saliency Detection, Partial-Duplicate Image Search, Image Tag Completion and Refinement, Other Applications)
  • Conclusions (Low-Rank Models for Tensorial Data, Nonlinear Manifold Clustering, Randomized Algorithms)
  • Academic Activities

    Journal Refereeing: Journal of Machine Learning Research, Machine Learning, Proceedings of the IEEE, IEEE Journal of Selected Topics in Signal Processing, IEEE Transactions on Pattern Analysis and Machine Intelligence, IEEE Transactions on Signal Processing, IEEE Transactions on Cybernetics, IEEE Signal Processing Letters, IEEE Access, Neurocomputing, ACM Transactions on Knowledge Discovery from Data.

    Conference Refereeing: AAAI 2016, ICML 2016, NIPS 2016, IJCAI 2017 (PC member), STOC 2017, NIPS 2017 (PC member), AAAI 2018 (PC member), STOC 2018, ISIT 2018, ICML 2018 (PC member), COLT 2018, NeurIPS 2018 (PC member), APPROX 2018, ACML 2018 (PC member), AISTATS 2019 (PC member), ITCS 2019, NeurIPS 2019 (PC member), AAAI 2020 (PC member), STOC 2020, ICML 2020 (PC member), NeurIPS 2020 (PC member), FOCS 2020.

    Volunteer: ICML 2016.

    Selected Talks

  • Theoretically Principled Trade-off between Robustness and Accuracy, Simons Institute, IPAM, TTIC, Caltech, CMU, ICML 2019, ICML Workshop on the Security and Privacy of Machine Learning. [slide] [video]

  • Testing Matrix Rank, Optimally, SODA 2019. [slide]

  • Testing and Learning from Big Data, Optimally, CMU AI Lunch 2018. [slide]

  • New Paradigms and Global Optimality in Non-Convex Optimization, CMU Theory Lunch 2017. [slide] [video]

  • Active Learning of Linear Separators under Asymmetric Noise, invited by Asilomar 2017. [slide]

  • Noise-Tolerant Life-Long Matrix Completion via Adaptive Sampling, CMU Machine Learning Lunch 2016. [slide]


  • 10-702/36-702 Statistical Machine Learning (at CMU, TA for Larry Wasserman): Spring 2018.

  • 10-725/36-725 Convex Optimization (at CMU, TA for Pradeep Ravikumar and Aarti Singh): Fall 2017.

  • Image Processing (at PKU, TA for Chao Zhang): Spring 2014.


    I like traveling and photography. Check here some of the photos that I took.