Ruyi Ding

Assistant Professor, Division of Electrical and Computer Engineering, Louisiana State University (LSU)

Previously: PhD, Northeastern University

Research Interests: AI Security, Hardware Security, Side-Channel Analysis

“如意”在中文中寓意“顺遂心意”，象征着对美好未来的追求与坚定信念。

In Chinese, 'Ruyi' (如意) conveys the meaning of 'fulfilling one's aspirations,' representing the pursuit of a prosperous future and steadfast resolve.

Prospective Students: Apply / Contact

About Me

I am an Assistant Professor at the Division of Electrical and Computer Engineering at Louisiana State University. My research focuses on AI security and hardware security, specializing in neural network robustness, privacy preservation, and side-channel analysis.
I am actively looking for Ph.D. students for Spring 2026 and Fall 2026. Feel free to shoot me an email if you are interested in AI security and hardware security!

Featured Research Projects

🏆 CCS 2025

MoEcho: Side-Channel Attacks on MoE LLMs

DAC 2025

Graph in the Vault: GNN TEE Protection

NDSS 2025

Probe-Me-Not: Encoder Protection

NeurIPS 2024

GraphCroc: Cross-Correlation Autoencoder

🏆 ASIACCS 2023

Best Paper

EMShepherd: Side-channel Detection

ECCV 2024

Non-transferable Pruning

ICCV 2023

VertexSerum: GNN Link Inference

🏆 CCS 2025

MoEcho: Exploiting Side-Channel Attacks to Compromise User Privacy in Mixture-of-Experts LLMs

The FIRST side-channel attack against Mixture-of-Expert-based Large Language Models. MoEcho demonstrates how adversaries can leverage four different side-channel attack vectors to compromise user's private input and system responses in modern LLM deployments.

Side-Channel Attack LLM Security Privacy

Read Paper →

DAC 2025

Graph in the Vault: Protecting Edge GNN Inference with TEE

GNNVault introduces the first secure Graph Neural Network (GNN) deployment strategy using Trusted Execution Environment (TEE) to protect model IP and data privacy on edge devices.

GNN Security TEE Edge Computing

Read Paper →

NDSS 2025

Probe-Me-Not: Protecting Pre-trained Encoders from Malicious Probing

EncoderLock safeguards pre-trained encoders from malicious probing by restricting performance on prohibited domains while preserving functionality in authorized ones.

Encoder Security Domain Protection Responsible AI

Read Paper →

NeurIPS 2024

GraphCroc: Cross-Correlation Autoencoder for Graph Structural Reconstruction

GraphCroc enhances graph autoencoders (GAEs) with cross-correlation, improving representation of features like islands and directional edges in multi-graph scenarios.

Graph Learning Autoencoder Cross-Correlation

Read Paper →

🏆 ASIACCS 2023

Best Paper Award

EMShepherd: Detecting Adversarial Samples via Side-channel Leakage

EMShepherd detects adversarial attacks by capturing electromagnetic (EM) traces of model execution, leveraging differences in EM footprints caused by adversarial inputs. This air-gapped approach achieves a 100% detection rate for most adversarial types on FPGA accelerators.

Side-Channel Analysis Adversarial Detection Hardware Security

Read Paper →

ECCV 2024

Non-transferable Pruning for Controlled Model Reuse

NonTransferable Pruning (NTP) safeguards pretrained DNNs by controlling transferability to unauthorized domains via selective pruning. Using ADMM and fisher space regularization, NTP optimizes sparsity and non-transferable learning loss.

Model Protection Neural Pruning Transfer Learning

Read Paper →

ICCV 2023

VertexSerum: Poisoning Graph Neural Networks for Link Inference

VertexSerum enhances graph link stealing by amplifying connectivity leakage, using an attention mechanism for accurate node adjacency inference. It outperforms state-of-the-art attacks, boosting AUC scores by 9.8% across datasets and GNN structures.

Graph Security Privacy Attack GNN Vulnerability

Read Paper →

News

[2025-08] One paper is accepted in CCS 2025 . See you in Taipei, China!
[2025-05] Invited to serve as a TPC member for ICCAD 2025
[2025-04] Received HOST 2025 Travel Grant. Thank you, HOST!
[2025-04] Received DAC Young Fellow. Thank you, DAC!
[2025-03] Received Northeastern 2025 Outstanding PhD Student Research Award. Thank you, Northeastern!
[2025-02] Received Northeastern PhD Network Travel Award. Thank you, Northeastern!
[2025-02] One paper is accepted in HOST 2025
[2025-02] One paper is accepted in DAC 2025
[2025-01] I was awarded the Internet Society Fellowship! Thank you, NDSS 2025!
[2024-10] One paper is accepted in NDSS 2025 !
[2024-09] One paper is accepted in NeurIPS 2024 !
[2024-07] One paper is accepted in ECCV 2024 !

Research Interests

AI Security: Exploring machine learning security and privacy issue during training, inference and deployment.
Hardware Security: Security and Privacy of embedding DNNs.
Side-channel Analysis: Power/EM side-channel anaylsis and micro-architecture SCA.
Data Analysis: Traffic data analysis and event detection.

Publications

CCS 2025. MoEcho: Exploiting Side-Channel Attacks to Compromise User Privacy in Mixture-of-Experts LLMs PDF
DAC 2025. Graph in the Vault: Protecting Edge GNN Inference with TEE. PDF
HOST 2025. MACPruning: Dynamic Operation Pruning to Mitigate Side-Channel DNN Model Extraction. PDF
NDSS 2025. Probe-Me-Not: Protecting Pre-trained Encoders from Malicious Probing. PDF
NeurIPS 2024. GraphCroc: Cross-Correlation Autoencoder for Graph Structural Reconstruction. PDF
ECCV 2024. Non-transferable Pruning for Controlled Model Reuse. PDF
ICCV 2023. VertexSerum: Poisoning Graph Neural Networks for Link Inference. PDF
ASIACCS 2023. EMShepherd: Detecting Adversarial Samples via Side-channel Leakage. PDF

For a complete list, please see my Google Scholar.

Teaching

Fall 2025

EE 4745 - Neural Computing Louisiana State University

Office Hours: M 3-4pm

Location: PFT Hall 1212

Contact

Feel free to reach out to me at ruyiding[at]lsu[dot]edu or connect with me on LinkedIn.