Ryan Feng

Intro

I am a Ph.D. candidate in Computer Science and Engineering at the University of Michigan and am co-advised by Prof. Atul Prakash and Prof. Stella Yu. I also work closely with Prof. Somesh Jha. Previously, I received my B.S. in Computer Engineering at the University of Washington.

My current research focuses on problems in machine learning robustness with a focus on the physical world. My goal is to develop robust, safe, and trustworthy AI agents. Previously, I have conducted research in robotics at the Personal Robotics Lab. Outside of work, I enjoy watching sports, playing sports, and playing music.

Links and Contact Info: [Email] [C.V.] [Google Scholar] [LinkedIn] [Github] [Twitter]

Research

My current research work is in machine learning robustness with a focus on the physical world. This includes FoCal, a test-time search method to make foundation models more robust to input variations such as 3D viewpoints, lighting, contrast, 2D rotations, and day-night (left); GRAPHITE, the first automatic, physical, black-box attack against computer vision models such as traffic sign recognizers and automatic license plate readers (right); and OARS, an adaptive black-box attack against MLaaS stateful defenses. My goal is to develop safe, robust, and trustworthy AI agents that can reason about their context to make more informed decisions.

Publications

Conference Publications

Utkarsh Singhal*, Ryan Feng*, Stella X. Yu, Atul Prakash, "Test-Time Canonicalization by Foundation Models for Robust Perception", in Proceedings of the 2025 International Conference on Machine Learning (ICML 2025), July 2025. [Link] [Code] [Website] [* denotes equal contribution]

Ashish Hooda*, Neal Mangaokar*, Ryan Feng, Kassem Fawaz, Somesh Jha, Atul Prakash, "D4: Detection of Adversarial Diffusion Deepfakes Using Disjoint Ensembles", in Proceedings of the 2024 IEEE/CVF Winter Conference on Applications of Computer Vision (WACV 2024), January 2024. [Link]

Ryan Feng*, Ashish Hooda*, Neal Mangaokar*, Kassem Fawaz, Somesh Jha, Atul Prakash, "Stateful Defenses for Machine Learning Models Are Not Yet Secure Against Black-box Attacks", in Proceedings of the 2023 ACM Conference on Computer and Communications Security (CCS 2023) , November 2023. [Link] [* denotes equal contribution]

Jihye Choi, Jayaram Raghuram, Ryan Feng, Jiefeng Chen, Somesh Jha, Atul Prakash, "Concept-based Explanations for Out-Of-Distribution Detectors", in Proceedings of the 2023 International Conference on Machine Learning (ICML 2023), July 2023. [Link]

Ryan Feng, Neal Mangaokar, Jiefeng Chen, Earlence Fernandes, Somesh Jha, Atul Prakash, "GRAPHITE: Generating Automatic Physical Examples for Machine-Learning Attacks on Computer Vision Systems", in Proceedings of the 2022 IEEE European Symposium on Security and Privacy (EuroS&P 2022), June 2022. [Link] [Code] [Presentation Slides]

Yeganeh Jalalpour, Li-Yun Wang, Ryan Feng, Wu-chi Feng, “Leveraging Image Processing Techniques to Thwart Adversarial Attacks in Image Classification”, in Proceedings of the 2019 IEEE International Symposium on Multimedia (ISM 2019), December 2019. [Link]

Ryan Feng*, Youngsun Kim*, Gilwoo Lee*, Ethan K. Gordon, Matt Schmittle, Shivaum Kumar, Tapomayukh Bhattacharjee, Siddhartha S. Srinivasa, “Robot-Assisted Feeding: Generalizing Skewering Strategies across Food Items on a Realistic Plate”, in Proceedings of the 2019 International Symposium on Robotics Research (ISRR 2019), October 2019. [Link] [Video] [* denotes equal contribution]

Ben Hamlin, Wu-chi Feng, Ryan Feng, “ISIFT: Extracting Incremental Results from SIFT”, in Proceedings of the 2018 ACM Multimedia Systems Conference (MMSys 2018) , June 2018. [Link]

Wu-chi Feng, Ryan Feng, Paul Wyatt, Feng Liu, “Understanding the Impact of Compression on Feature Detection and Matching in Computer Vision”, in Proceedings of the 2016 IEEE International Symposium on Multimedia (ISM 2016), December 2016. [Link]

Workshop Publications

Ashish Hooda*, Neal Mangaokar*, Ryan Feng, Kassem Fawaz, Somesh Jha, Atul Prakash, "Theoretically Principled Trade-off for Stateful Defenses against Query-Based Black-Box Attacks", in ICML 2023 Workshop on New Frontiers in Adversarial Machine Learning (AdvML 2023), July 2023. [Link]

Nelson Manohar-Alers, Ryan Feng, Sahib Singh, Jiguo Song, Atul Prakash, “Using Anomaly Feature Vectors for Detecting, Classifying and Warning of Outlier Adversarial Examples”, in ICML 2021 Workshop on Adversarial Machine Learning, July 2021. [Link]

Teaching

Winter 2023: EECS 598-012 Secure and Trustworthy Machine Learning

Other

AV Safety and Security Reading Group: Along with Noah Curran, I am co-organizing an AV Safety and Security Reading Group for 2023-2024
LifeSaVR: A firefighter training simulator experience in virtual reality
[Demo Video] [Geekwire Article]