Back to
Mr Bao Doan

Mr Bao Doan

Research Associate
Engineering
Computer Science and Engineering

I am a Postdoctoral Research Fellow at UNSW Sydney, specialising in developing reliable Retrieval-Augmented Generation (RAG) systems that integrate large language models (LLMs) with external knowledge bases. 

My research focuses on optimising transformer architectures for improved semantic retrieval, implementing advanced prompt engineering techniques to reduce hallucination, and developing robust evaluation frameworks for RAG performance. 

I work extensively with vector embeddings, neural information retrieval, and fine-tuning methodologies to enhance the factual accuracy and reliability of LLM outputs in knowledge-intensive applications, while addressing scalability challenges in real-world RAG deployments across diverse domains.
  • Book Chapters | 2024
    Doan BG; Nguyen DQ; Montague P; Abraham T; De Vel O; Camtepe S; Kanhere SS; Abbasnejad E; Ranasinghe DC, 2024, 'Bayesian Learned Models Can Detect Adversarial Malware for Free', in , pp. 45 - 65, http://dx.doi.org/10.1007/978-3-031-70879-4_3
  • Journal articles | 2022
    Doan BG; Xue M; Ma S; Abbasnejad E; C. Ranasinghe D, 2022, 'TnT Attacks! Universal Naturalistic Adversarial Patches Against Deep Neural Network Systems', IEEE Transactions on Information Forensics and Security, 17, pp. 3816 - 3830, http://dx.doi.org/10.1109/tifs.2022.3198857
    Journal articles | 2022
    Gao Y; Kim Y; Doan BG; Zhang Z; Zhang G; Nepal S; Ranasinghe DC; Kim H, 2022, 'Design and Evaluation of a Multi-Domain Trojan Detection Method on Deep Neural Networks', IEEE Transactions on Dependable and Secure Computing, 19, pp. 2349 - 2364, http://dx.doi.org/10.1109/TDSC.2021.3055844
  • Preprints | 2025
    Doan BG; Shamsi A; Guo X-Y; Mohammadi A; Alinejad-Rokny H; Sejdinovic D; Teney D; Ranasinghe DC; Abbasnejad E, 2025, Bayesian Low-Rank LeArning (Bella): A Practical Approach to Bayesian Neural Networks, http://dx.doi.org/10.48550/arxiv.2407.20891
    Conference Papers | 2025
    Doan BG; Shamsi A; Guo XY; Mohammadi A; Alinejad-Rokny H; Sejdinovic D; Teney D; Ranasinghe DC; Abbasnejad E, 2025, 'Bayesian Low-Rank Learning (Bella): A Practical Approach to Bayesian Neural Networks', in Proceedings of the Aaai Conference on Artificial Intelligence, pp. 16298 - 16307, http://dx.doi.org/10.1609/aaai.v39i15.33790
    Conference Papers | 2024
    Doan BG; Nguyen DQ; Lindquist C; Montague P; Abraham T; De Vel O; Camtepe S; Kanhere SS; Abbasnejad E; Ranasinghe DC, 2024, 'On the Credibility of Backdoor Attacks Against Object Detectors in the Physical World', in Proceedings Annual Computer Security Applications Conference Acsac, pp. 940 - 956, http://dx.doi.org/10.1109/ACSAC63791.2024.00079
    Preprints | 2024
    Doan BG; Nguyen DQ; Lindquist C; Montague P; Abraham T; De Vel O; Camtepe S; Kanhere SS; Abbasnejad E; Ranasinghe DC, 2024, On the Credibility of Backdoor Attacks Against Object Detectors in the Physical World, http://dx.doi.org/10.48550/arxiv.2408.12122
    Preprints | 2024
    Doan BG; Nguyen DQ; Montague P; Abraham T; De Vel O; Camtepe S; Kanhere SS; Abbasnejad E; Ranasinghe DC, 2024, Bayesian Learned Models Can Detect Adversarial Malware For Free, http://dx.doi.org/10.48550/arxiv.2403.18309
    Preprints | 2023
    Doan BG; Abbasnejad E; Shi JQ; Ranasinghe DC, 2023, Bayesian Learning with Information Gain Provably Bounds Risk for a Robust Adversarial Defense, http://dx.doi.org/10.48550/arxiv.2212.02003
    Conference Papers | 2023
    Doan BG; Yang S; Montague P; De Vel O; Abraham T; Camtepe S; Kanhere SS; Abbasnejad E; Ranasinghe DC, 2023, 'Feature-Space Bayesian Adversarial Learning Improved Malware Detector Robustness', in Proceedings of the 37th Aaai Conference on Artificial Intelligence Aaai 2023, pp. 14783 - 14791, http://dx.doi.org/10.1609/aaai.v37i12.26727
    Preprints | 2023
    Doan BG; Yang S; Montague P; De Vel O; Abraham T; Camtepe S; Kanhere SS; Abbasnejad E; Ranasinghe DC, 2023, Feature-Space Bayesian Adversarial Learning Improved Malware Detector Robustness, http://dx.doi.org/10.48550/arxiv.2301.12680
    Preprints | 2022
    Doan BG; Xue M; Ma S; Abbasnejad E; Ranasinghe DC, 2022, TnT Attacks! Universal Naturalistic Adversarial Patches Against Deep Neural Network Systems, http://dx.doi.org/10.48550/arxiv.2111.09999
    Conference Papers | 2022
    Yang S; Doan BG; Montague P; De Vel O; Abraham T; Camtepe S; Ranasinghe DC; Kanhere SS, 2022, 'Transferable Graph Backdoor Attack', in ACM International Conference Proceeding Series, pp. 321 - 332, http://dx.doi.org/10.1145/3545948.3545976
    Preprints | 2022
    Yang S; Doan BG; Montague P; De Vel O; Abraham T; Camtepe S; Ranasinghe DC; Kanhere SS, 2022, Transferable Graph Backdoor Attack, http://dx.doi.org/10.48550/arxiv.2207.00425
    Conference Papers | 2020
    Doan BG; Abbasnejad E; Ranasinghe DC, 2020, 'Februus: Input Purification Defense Against Trojan Attacks on Deep Neural Network Systems', in Annual Computer Security Applications Conference, ACM, pp. 897 - 912, presented at ACSAC '20: Annual Computer Security Applications Conference, http://dx.doi.org/10.1145/3427228.3427264
    Preprints | 2020
    Doan BG; Abbasnejad E; Ranasinghe DC, 2020, Februus: Input Purification Defense Against Trojan Attacks on Deep Neural Network Systems, http://dx.doi.org/10.48550/arxiv.1908.03369
    Preprints | 2020
    Gao Y; Doan BG; Zhang Z; Ma S; Zhang J; Fu A; Nepal S; Kim H, 2020, Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review, http://dx.doi.org/10.48550/arxiv.2007.10760
    Preprints | 2019
    Gao Y; Kim Y; Doan BG; Zhang Z; Zhang G; Nepal S; Ranasinghe DC; Kim H, 2019, Design and Evaluation of a Multi-Domain Trojan Detection Method on Deep Neural Networks, http://dx.doi.org/10.48550/arxiv.1911.10312

My research specialises in the robustness and trustworthiness of deep neural networks, from Convolutional Neural Networks (CNNs) to Large Language Models (LLMs) and transformer architectures. 

My research focuses on adversarial machine learning, developing sophisticated attack and defense mechanisms against threats including adversarial examples, data poisoning, and model inversion attacks, while exploring both "ML for security" and "security for ML" paradigms. 

I investigate privacy-preserving techniques such as differential privacy and federated learning, and recently expanded into building secure Retrieval-Augmented Generation (RAG) systems using open-source LLMs, addressing unique challenges like prompt injection attacks, retrieval poisoning, and hallucination mitigation in trustworthy AI deployments.

My Research Supervision

I am currently supervising undergraduate & graduate students for their Thesis projects