CV

Professional Experience

Researcher, State Key Laboratory of Blockchain and Data Security, Zhejiang University June 2024 – Present

Member of the AI Data Security Team

• Conducting research on AI-generated content (AIGC) security
• Developing the DFscan platform for multimodal deepfake detection; leading the technical team in platform design and development

Qiushi Research Fellow, ZJU-Hangzhou Global Scientific and Technological Innovation Center December 2023 – May 2024

Member of the Cyberspace Security Research Institute

• Conducted research on multimodal data security and privacy protection technologies
• Developed multimodal deepfake detection systems

Postdoctoral Researcher, Zhejiang University January 2021 – November 2023

College of Computer Science and Technology

• Researched voice security and privacy protection in human-computer interaction scenarios
• Supervisor: Prof. Kui Ren (Qiushi Chair Professor, AAAS/ACM/CCF/IEEE Fellow, Dean of the College of Computer Science and Technology)

Education

Ph.D., Computer Science — Lancaster University, UK October 2016 – December 2020

• Thesis: Acoustic-Channel Attack and Defence Methods for Personal Voice Assistants
• Supervisors: Prof. Utz Roedig (University College Cork) and Prof. Jeff Yan (University of Southampton)

Dual Master’s Degree — KU Leuven, Belgium & Tsinghua University, China September 2012 – September 2015

• Electrical Engineering (KU Leuven) & Integrated Circuit Engineering (Tsinghua University)
• Supervisor: Prof. Guoqiang Bai (Tsinghua University)

B.Eng., Electronic Science and Technology — Beijing University of Posts and Telecommunications September 2008 – June 2012

Publications

MixFake: Benchmarking and Enhancing Audio Deepfake Detection in Diverse Real-world Mixed Audio

Qingcao Li, Yipeng Lin, Weichen Lian, Zhongjie Ba, **Peng Cheng**† (corresponding author), Zhichao Lian. "MixFake: Benchmarking and Enhancing Audio Deepfake Detection in Diverse Real-world Mixed Audio." IEEE International Conference on Multimedia and Expo (ICME 2026). [Spotlight]

HyperPotter: Spell the Charm of High-Order Interactions in Audio Deepfake Detection

Qing Wen, Hao Li, Zhongjie Ba, **Peng Cheng*** (corresponding author), Mingyi He, Li Lu, Kui Ren. "HyperPotter: Spell the Charm of High-Order Interactions in Audio Deepfake Detection." International Conference on Machine Learning (ICML 2026).

Attack-Resistant Watermarking for AIGC Image Forensics via Diffusion-based Semantic Deflection

Qian Liu, Yaoxin Zhang, Zhongjie Ba, Chao Shuai, **Peng Cheng**, Tianwei Zheng, Zhibo Wang. "Attack-Resistant Watermarking for AIGC Image Forensics via Diffusion-based Semantic Deflection." The 14th International Conference on Learning Representations (ICLR 2026).

Beyond Content: A Comprehensive Speech Toxicity Dataset and Detection Framework Incorporating Paralinguistic Cues

Zhongjie Ba, Lixiang Yi, **Peng Cheng*** (corresponding author), Qiwei Li, Qinglong Wang, Li Lu. "Beyond Content: A Comprehensive Speech Toxicity Dataset and Detection Framework Incorporating Paralinguistic Cues." The 40th AAAI Conference on Artificial Intelligence (AAAI 2026).

Deepfake Detection: Key Challenges and Technical Approaches

Kui Ren, Fangjun Lin, Zhongjie Ba, Zhuotao Liu, **Peng Cheng**. (2025). "Deepfake Detection: Key Challenges and Technical Approaches." Computing Magazine of the CCF. 1(2): 8–15.

Robust Watermarks Leak: Channel-Aware Feature Extraction Enables Adversarial Watermark Manipulation

Zhongjie Ba, Yaoxin Zhang, **Peng Cheng** (corresponding author), Bin Gong, Xiaoyuan Zhang, Qinglong Wang, Kui Ren. (2025). "Robust Watermarks Leak: Channel-Aware Feature Extraction Enables Adversarial Watermark Manipulation." *arXiv preprint*, arXiv:2502.06418, 2025, https://doi.org/10.48550/arXiv.2502.06418.

SecHeadset: A Practical Privacy Protection System for Real-time Voice Communication

Peng Huang, Kun Pan, Qingni Wang, **Peng Cheng***, Li Lu, Zhongjie Ba, Kui Ren. "SecHeadset: A Practical Privacy Protection System for Real-time Voice Communication." Proceedings of the ACM MobiSys. Anaheim, California, US. 2025. doi: to appear.

SurrogatePrompt: Bypassing the Safety Filter of Text-to-Image Models via Substitution

Zhongjie Ba, Jieming Zhong, Jiachen Lei, **Peng Cheng***, Qingni Wang, Zhan Qin, Zhibo Wang, Kui Ren. "SurrogatePrompt: Bypassing the Safety Filter of Text-to-Image Models via Substitution." Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. Salt Lake City, UT, USA. 2024. doi: 10.1145/3658644.3670317.

Indelible “Footprints” of Inaudible Command Injection

Zhongjie Ba, Bin Gong, Yuwei Wang, Yiwen Liu, **Peng Cheng***, Feng Lin, Li Lu, Kui Ren. "Indelible "Footprints" of Inaudible Command Injection." IEEE Transactions on Information Forensics and Security. 19, pp. 6589-6604. 2024. doi: 10.1109/TIFS.2024.3421486.

ALIF: Low-Cost Adversarial Audio Attacks on Black-Box Speech Platforms Using Linguistic Features

**Peng Cheng**, Yuwei Wang, Peng Huang, Zhongjie Ba, Xiaohong Lin, Feng Lin, Li Lu, Kui Ren. "ALIF: Low-Cost Adversarial Audio Attacks on Black-Box Speech Platforms Using Linguistic Features." Proceedings of IEEE Symposium on Security and Privacy. San Francisco, CA, USA. 2024. doi: 10.1109/SP54263.2024.00047.

Phoneme-Based Proactive Anti-Eavesdropping with Controlled Recording Privilege

Peng Huang, Yao Wei, **Peng Cheng***, Zhongjie Ba, Li Lu, Feng Lin, Yuwei Wang, Kui Ren. "Phoneme-Based Proactive Anti-Eavesdropping with Controlled Recording Privilege." IEEE Transactions on Dependable and Secure Computing. 22(2), pp. 1074-1090. 2025. doi: 10.1109/TDSC.2024.3408163.

Masked Diffusion Models Are Fast and Privacy-Aware Learners

Jiachen Lei, Qingni Wang, **Peng Cheng***, Zhongjie Ba, Zhan Qin, Zhibo Wang, Zhiyi Liu, Kui Ren. "Masked Diffusion Models Are Fast and Privacy-Aware Learners." arXiv preprint arXiv:2306.11363. 2023. doi: to appear.

Transferring Audio Deepfake Detection Capability Across Languages

Zhongjie Ba, Qing Wen, **Peng Cheng***, Yuwei Wang, Feng Lin, Li Lu, Zhiyi Liu. "Transferring Audio Deepfake Detection Capability Across Languages." Proceedings of the ACM Web Conference. Austin, TX, USA. 2023. doi: 10.1145/3543507.3583392.

InfoMasker: Preventing Eavesdropping Using Phoneme-Based Noise

Peng Huang, Yao Wei, **Peng Cheng***, Zhongjie Ba, Li Lu, Feng Lin, Fengwei Zhang, Kui Ren. "InfoMasker: Preventing Eavesdropping Using Phoneme-Based Noise." Proceedings of the Network and Distributed System Security Symposium. San Diego, CA, USA. 2023. doi: to appear.

UniAP: Protecting Speech Privacy With Non-Targeted Universal Adversarial Perturbations

Peng Cheng, Yuexin Wu, Yuan Hong, Zhongjie Ba, Feng Lin, Li Lu, Kui Ren. "UniAP: Protecting Speech Privacy With Non-Targeted Universal Adversarial Perturbations." IEEE Transactions on Dependable and Secure Computing. 21(1), pp. 31-46. 2024. doi: 10.1109/TDSC.2023.3235266.

Personal Voice Assistant Security and Privacy—A Survey

**Peng Cheng**, Utz Roedig. "Personal Voice Assistant Security and Privacy—A Survey." Proceedings of the IEEE. 110(4), pp. 476-507. 2022. doi: 10.1109/JPROC.2022.3154330.

Adversarial Command Detection Using Parallel Speech Recognition Systems

**Peng Cheng**, MS Arun Sankar, Ibrahim Ethem Bagci, Utz Roedig. (2021). "Adversarial Command Detection Using Parallel Speech Recognition Systems." *Computer Security - ESORICS 2021 International Workshops*, Darmstadt, Germany (Virtual), 238–255.

SonarSnoop: Active Acoustic Side-Channel Attacks

**Peng Cheng**, Ibrahim Ethem Bagci, Utz Roedig, Jie Yan. "SonarSnoop: Active Acoustic Side-Channel Attacks." International Journal of Information Security. 19(2), pp. 213-228. 2020. doi: 10.1007/s10207-019-00452-6.

Smart Speaker Privacy Control—Acoustic Tagging for Personal Voice Assistants

**Peng Cheng**, Ibrahim Ethem Bagci, Jie Yan, Utz Roedig. (2019). "Smart Speaker Privacy Control—Acoustic Tagging for Personal Voice Assistants." *IEEE Security and Privacy Workshops (SPW 2019)*, San Francisco, CA, USA, 144–149.

Towards Reactive Acoustic Jamming for Personal Voice Assistants

**Peng Cheng**, Ibrahim Ethem Bagci, Jie Yan, Utz Roedig. (2018). "Towards Reactive Acoustic Jamming for Personal Voice Assistants." *Proceedings of the 2nd International Workshop on Multimedia Privacy and Security*, Toronto, Canada, 1–13.

Research Projects

Total Funding: £7.01M (British Pounds)

National Natural Science Foundation of China (NSFC)

• Principal Investigator: “Research on Speech Synthesis Data Compliance Management Technology Based on Intrinsic Characteristics of Audio Signals” (2025–2028, NSFC General Program, £54K)
• Participant: “High-Performance Visual Perception Models Using Deep Learning” (2023–2026, £59K)
• Participant: “Cross-Chain Security in Heterogeneous Blockchain Networks” (2023–2027, NSFC Key Project, £309K)
• Participant: “Research on Voice Attack and Defense Based on the Physical Characteristics of Smart Device Sensing Components” (2022–2025, £64K)

Key R&D Programs of China

• Participant: “Multimodal Network Environment Construction Technology Based on Public Cloud-Network Resources”, 2024–2027 (£1.64M)
• Participant: “Aggregation and Transfer of Machine Learning Models” under the National Science and Technology Innovation 2030 Initiative, 2021–2025 (£1.51M)
• Participant: “Security Protection Technology for Industrial Control Programming Platforms Based on Domestic Cryptographic Algorithms”, 2022–2024 (£1.60M)

Provincial, Municipal, and University-Level Projects

• Participant, Key R&D Programme of Zhejiang Province, 2025 (£272K)
• Participant, Hangzhou Key R&D Program: “Key Technologies and Platform Development for Security Detection of Large AI Models”, 2024–2027 (£1.83M)
• Principal Investigator, Hangzhou West Innovation Corridor Development Special Fund: “Toolchain for Deep Synthetic Content Analysis Based on Physical Attribute Attribution”, 2024–2026 (£33K)

Industry Collaboration

• Principal Investigator, Zhejiang University–Alibaba: “Active and Passive Security Protection Technologies for the Maojing Voice Interaction System”, 2025–2026 (£41K)
• Participant, Zhejiang University–Ant Group Joint Laboratory: “Security Risk Detection and Alignment Strategies for Large Model-based AI Agents”, 2025 (£65K)
• Participant, China Southern Power Grid Research Institute: “Research and Development of AI-Driven Automated Security Detection Technologies for Power Systems”, 2024–2026 (£255K)
• Participant, CRRC Zhuzhou Electric Locomotive Research Institute: “Deep Learning Algorithm Evaluation and Security Verification Platform”, 2024–2027 (£127K)
• Participant, China Southern Power Grid Research Institute: “Research on AI Attack-Defense Library Design and Test Component Development (2023)”, 2023–2025 (£163K)

Honors & Awards

• Third Place — IJCAI 2025 Deepfake Detection Challenge (2025), Advisor, Track: Audio-Visual Detection and Localization (DDL-AV)
• National Grand Prize (Top-Tier Award) — 19th “Challenge Cup” National Competition (2024), Advisor (Ranked 2nd among 3 advisors), Project: “Multimodal AI Audit Matrix: Deepfake Detection and NSFW Content Regulation Platform”
• Top 5 Nationwide — 3rd China Artificial Intelligence Competition (2021), Primary Advisor, Track: Audio Deepfake Detection Under Open-Speaker Scenarios
• Top 5 Nationwide — 3rd China Artificial Intelligence Competition (2021), Primary Advisor, Track: Speaker-Specific Audio Deepfake Detection
• ICML 2026 Silver Reviewer — Top-tier recognition awarded by the ICML 2026 Program Chairs for exceptional peer review quality
• Finalist for “Most Innovative Research” Pwnie Award — Black Hat USA 2019, First Author, “SonarSnoop: Active Acoustic Side-Channel Attacks”
• Postdoctoral Excellence Grant (Second Class) — Zhejiang Provincial Department of Human Resources and Social Security (August 2021)
• Ph.D. Scholarship — Faculty of Science and Technology, Lancaster University, UK (2016–2020)

Student Supervision & Mentorship

• Co-supervising 5 Ph.D. students, 7 Master’s students, and 1 undergraduate student at Zhejiang University on AIGC security and multimodal privacy
• Co-supervised a Master’s student to win the National Graduate Scholarship (China) — the highest-level scholarship for Master’s students in China (Oct 2024)
• Successfully mentored 1 Ph.D. student, 5 Master’s students, and 5 undergraduates to degree completion
• Teaching Assistant: CS4615: Computer Systems Security, University College Cork; SCC110: Software Development, Lancaster University

Academic Services

Journal Editorial Roles

• Special Issue Initiator and Guest Editor-in-Chief: “Intelligent Voice Security and Defense Technologies”, Journal of Cyber Security, 2025

Conference Reviewer

• ICML 2026, ICLR 2026, ACM MM 2026, IEEE SLT 2026, AAAI 2026, ACM Web Conference (WWW 2025)
• ICML 2026 Silver Reviewer — top-tier recognition awarded by the ICML 2026 Program Chairs

Journal Reviewer

• Proceedings of the IEEE, IEEE Transactions on Information Forensics and Security (TIFS), IEEE Transactions on Dependable and Secure Computing (TDSC), IEEE Internet of Things Journal (IoT-J), ACM Transactions on Internet of Things (TIOT), Journal of Information Network Security

Granted Patents

• Qian, Y., Zhang, X., Wang, Q., Ba, Z., Cheng, P., et al. “Review System, Method, Computer Device, and Medium for Image Sensitive Elements.” China, Patent No. CN106610969A, Granted: 02-Apr-2025.
• Ba, Z., Wu, Y., Cheng, P., et al. “Privacy Protection Method and Device Using White-Box Speech Adversarial Examples.” China, Patent No. CN2022109965917, Granted: 03-Dec-2024.
• Ba, Z., Zheng, Q., Cheng, P., et al. “Enhanced Deepfake Image Detection Method and Device Based on Generative Adversarial Networks (GANs).” China, Patent No. CN2024100814592, Granted: 21-Jun-2024.
• Ba, Z., Wang, Y., Cheng, P., et al. “Security Evaluation Method for Speech Recognition Models via Semantic Space Perturbation.” China, Patent No. CN116758899B, Granted: 13-Oct-2023.
• Huang, P., Ba, Z., Cheng, P., et al. “Privacy Protection Method, System, and Medium for Voice Communication Based on Voice Obfuscation.” China, Patent No. CN119449493B, Granted: 08-Jul-2025.
• Gong, B., Huang, P., Ba, Z., Cheng, P., et al. “Cross-Domain Detection Method and Device for Deep Synthetic Audio Based on Self-Supervised Auxiliary Tasks.” China, Patent No. CN119479611B, Granted: 29-Apr-2025.

Other Academic Activities

• Contributed to a €720,839 grant proposal (Science Foundation Ireland – SFI) on Security and Privacy of Personal Voice Assistants under Prof. Utz Roedig (2019)
• Visiting Scholar, Department of Computer Science, University College Cork (UCC), Ireland (2019–2020)
• Participant, São Paulo Advanced Science School (ESPCA) on Smart Cities, University of São Paulo (2017) — selected as one of 75 global top graduate students and postdoctoral researchers (sponsored by FAPESP)