Feng Liu (he/him) @ The University of Melbourne

Home
Research Focus
Research Group
Teaching
Publications
Professional Services
Miscellaneous
Join Us

Research Mission Statement

My mission is to build reliable AI—AI that is statistically grounded, trustworthy, and impactful—so it can advance science and benefit society with confidence.

Research Focus - Core ML

As we deploy many AI systems in the real world, the reliability and safety of these systems are crucial. To cope with possible risks brought by these systems, we focus on investigating trustworthy machine learning. At the current stage, we try to understand and handle the trustworthiness in current AI-related systems via developing advanced statistical tools and metrics. Compared to the classical statistical tools, we are developing a series of data-adaptive statistical tools where the statistics used are adaptive instead of static, like previous ones. Based on these new tools, we hope to significantly improve the trade-off between utility and certified/provable trustworthiness.

Specifically, current core-machine-learning research directions include data-adaptive statistical hypothesis testing (as a basis for theoretical/statistical guarantees), misinformation detection/defense, privacy and copyright protection in AI systems, and efficient post-training paradigm on pre-trained vision models, vision-language models, and large-language models. Detailed topics are as follows.

(I am also keen to use the reliable AI tools to address science problems, please see them scrolling down on this page.)

Data-adaptive Statistical Hypothesis Testing

In statistical hypothesis testing, we aim to verify if the data at hand sufficiently support a particular hypothesis. For example, testing if two datasets are drawn from the same distribution (i.e., the two-sample testing); testing if data are drawn from a given distribution (i.e., the goodness-of-fit testing); and testing if two datasets are independent (i.e., the independence testing).

The statistics used in testing methods or testing methods themselves are widely used in the field of machine learning, such as transfer learning, generative models, and causal discovery. This research line focuses on discovering more powerful statistics and testing methods for the field. Specifically, we focus on deep-kernel-based hypothesis testing methods in the following areas [ICML 2020] [ICML 2021] [NeurIPS 2021] [ICML 2022] [arXiv 2024] [ICLR 2025] [UAI 2025].

  • Two-sample Testing: Testing if two datasets are drawn from the same distribution.

  • (Conditional) Independence Testing: Testing if two datasets are independent (on conditions).

  • Distributional Closeness Testing: Testing if two datasets are statistically close to each other, given a pre-defined discrepancy.


Close Collaborators: Dr Danica J. Sutherland@UBC, Dr Liuhua Peng@UoM, Prof Arthur Gretton@UCL-Gatsby, and Dr Wenkai Xu@Oxford

Misinformation Detection and Defense

Misinformation generally refers to information that is not correct or can mislead users living in an AI-related environment. Thus, it is important to detect such information or make the AI-related activities robust to such information.

AI-generated Data Detection

AI-generated content (text/images) can mislead users and erode trust when used for spam, plagiarism, or influence. We build statistically principled detectors that remain reliable under distribution shift. We focus on the following two topics [ICLR 2025].

  • Kernel relative tests for machine-generated text detection (deep-kernel hypothesis testing), suitable for scenarios where we cannot control how to generate them.

  • Watermarking for machine-generated text detection, suitable for scenarios where we can control how to generate them.

Defending against Adversarial Attacks

Deep neural networks are susceptible to adversarial examples that are generated by changing natural inputs with malicious perturbation. Those examples are imperceptible to human eyes but can fool deep models to make wrong predictions with high confidence. Thus, to make deep neural networks more reliable, we focus on the following two topics [ICML 2021] [NeurIPS 2021] [ICML 2022] [ICML 2022] [ICML 2023] [ICML 2024] [ICML 2025] [ICML 2025].

  • Detecting adversarial attacks (i.e., adversarial attack detection).

  • Training a robust model against future adversarial attacks (i.e., adversarial training).

  • Purifying inputs, making them reliable for the well-trained models (i.e., adversarial purification).


Close Collaborators: Dr Jingfeng Zhang@RIKEN-AIP, A/Prof Bo Han@HKBU, A/Prof Tongliang Liu@USYD, Dr Gang Niu@RIKEN-AIP, and Prof Masashi Sugiyama@UTokyo

Being Aware of Out-of-distribution/Open-set Data

The success of supervised learning is established on an implicit assumption that training and test data share the same distribution (especially share the same label set), i.e., the in-distribution (ID) assumption. However, test data distribution in many real-world scenarios may violate the assumption and, instead, contain out-of-distribution (OOD) data whose label set is different from ID data. Given a well-trained ID classifier, if this classifier classifies OOD data as ID classes, we might face serious accidents when deploying the classifier into real-world scenarios. To mitigate the risk of OOD data, we focus on the following topics [ICML 2021] [NeurIPS 2022 (Outstanding Paper)] [NeurIPS 2022 (Spotlight)] [ICLR 2023] [ICML 2023] [ICLR 2024 (Spotlight)] [ACL 2025].

  • Detecting out-of-distribution data.

  • Training a robust model in the open world (e.g., open-set learning, out-of-distribution generalization).


Close Collaborators: Dr Zhen Fang@UTS, A/Prof Bo Han@HKBU, A/Prof Sharon Yixuan Li@UW-Madison, and A/Prof Tongliang Liu@USYD

Privacy and Copyright Protection in AI Systems

When we talk about AI-related models (classifiers or generative models), we cannot ignore the fact that these models are trained with some data that perhaps contains some sensitive/private information, which will pose a challenge to protecting the privacy and copyright of data. Without effective/provable tools to detect the illegal use of data/models, it is impossible to regulate the development of AI techniques.

Protecting Data/Model's Copyright in GenAI

GenAI raises urgent questions about provenance, copyright, and the right to be forgotten. We study verifiable tracing and removal mechanisms to protect creators and users. We focus on the following two topics [ICML 2025 R2-FM Workshop] [ICML 2025].

  • Data/Model's copyright provenance and misuse tracing.

  • Unlearning for LLMs to remove copyrighted or sensitive data while preserving utility.


Close Collaborators: A/Prof Bo Han@HKBU and A/Prof Sharon Yixuan Li@UW-Madison

Protecting Data Privacy

With the development of machine learning (ML) algorithms, deep neural networks (DNNs) are increasingly adopted in various privacy-sensitive applications, such as facial recognition, medical diagnoses, and intelligent virtual assistants. Since training DNNs could involve processing sensitive and proprietary datasets in privacy-related applications, there are great concerns about privacy leakage. To protect the privacy of individuals whose personal information is used during the training, enterprises typically release only well-trained DNNs through ML-as-a-services platforms, wherein users can download pre-trained models (e.g., Pytorch Hub) or query the model via some sort of programming or user interfaces (e.g., Amazon Recognition), which are referred to as white-box access and black-box access, respectively. However, a pre-trained model can still be used to restore the orginal training data. To prevent the data-leakage issue of pre-trained models, we focus on the following topics [KDD 2022] [NeurIPS 2024] [TPAMI 2025].

  • Evaluation of Model-inversion Risks.

  • Defending against Model-inversion Attacks.


Close Collaborators: A/Prof Bo Han@HKBU, Dr Jingfeng Zhang@RIKEN-AIP, and A/Prof Mingyuan Zhou@UT Austin

Efficient Post-training

When a pre-trained model (vision model, vision-language model, large-language model) is available (white-box or black-box), how could we efficiently post-train or finetune it to our downstream tasks?

Parameter-efficient Post-training/Finetuning

We design light-weight adaptation that adds minimal parameters while maintaining stability across tasks. We focus on the following topics.

Close Collaborators: Lei Feng@NTU, A/Prof Jianzhong Qi@UoM, and A/Prof Bo Han@HKBU

Efficient Black-box Post-training/Finetuning

When model weights are inaccessible, we adapt capabilities via input-space prompting and reprogramming. We focus on the following two topics.

  • Prompt ensembling, to automatically ensemble prompts in a given pool, inference-only optimization.

  • Black-box visual reprogramming for CLIP and other VLMs.

Close Collaborators: A/Prof Bo Han@HKBU, A/Prof Tongliang Liu@USYD, Dr Gang Niu@RIKEN-AIP, and Prof Masashi Sugiyama@UTokyo

Weak-to-strong Generalization

Understand how human can teach the future superintelligence, making it follow our guidance. Weak-to-strong methods are ways to mimic this scenario. [TMLR 2025]

Close Collaborators: A/Prof Sarah Erfani@UoM and Prof James Bailey@UoM

Research Focus - AI for Science

Scientific discovery increasingly depends on our ability to extract knowledge from vast, complex, and often noisy data. While AI has shown remarkable promise in accelerating breakthroughs across domains such as physics, biology, and climate science, its widespread adoption in scientific research remains constrained by reliability concerns—ranging from reproducibility and robustness to fairness and interpretability. I am motivated to pursue research on AI for Science because I believe that building reliable AI tools is the key to unlocking trustworthy insights, enabling collaboration between human expertise and machine intelligence, and ensuring that AI-driven discoveries are not only innovative but also verifiable and impactful. By advancing methodologies that prioritize reliability, we can transform AI from a promising assistant into a dependable partner in tackling the world’s most pressing scientific challenges.

Specifically, current research directions include AI for Meteorology and AI for Medical Diagnosis.

AI for Meteorology

Meteorology plays a critical role in safeguarding lives, guiding agriculture, and supporting climate resilience, yet numerical weather prediction (NWP) models often suffer from systematic biases and limited resolution. With the increasing frequency of extreme weather events under climate change, improving forecast accuracy has never been more urgent. My research focuses on developing AI tools to correct and enhance forecasts generated by NWP models, enabling more reliable and fine-grained predictions. Specifically, current research directions are as follows.

  • Madden-Julian Oscillation (MJO) Prediction: A planetary-scale tropical convective system, serves as a primary source of global subseasonal (i.e., targeting three to four weeks) predictability.

  • Statistical Uncertainty Measurement for Weather Prediction: Measuring the prediction uncertainty when multiple NWP predictions are available.

Close Collaborators: Dr Vassili Kitsios@CSIRO and Dr Jing Zhao@CAS

AI for Medical Diagnosis

Medical diagnosis is one of the most impactful and high-stakes applications of artificial intelligence. With the growing availability of medical imaging, genomic, and electronic health record data, AI has the potential to assist clinicians in detecting diseases earlier, personalizing treatment decisions, and reducing diagnostic errors. Unlike traditional diagnostic tools, AI systems can learn subtle and complex patterns across diverse data modalities, enabling insights that may be beyond human perception. My current research interests are mainly as follows

  • Mitigating Batch Effects: Reliably mitigate the batch effects happening in the AI-related tools using trasfer learning or invariant adaptation.

  • Training/Finetuning a model using a few data: Have a AI-related model with only limited data. [Nature Communications 2022] [Nature Communications 2024]

Close Collaborators: A/Prof Jia Song@STJU