334 matches found
Ensembling Large Language Models for Code Vulnerability Detection: an Empirical Evaluation
Code vulnerability detection is crucial for ensuring the security and reliability of modern software systems. Recently, Large Language Models LLMs have shown promising capabilities in this domain. However, notable discrepancies in detection results often arise when analyzing identical code segmen...
Flow-Based Detection and Identification of Zero-Day IoT Cameras
The majority of consumer IoT devices lack mechanisms for administrators to monitor and control them, hindering tailored security policies. A key challenge is identifying whether a new device, especially a streaming IoT camera, has joined the network. We present zCamInspector, a system for...
A Framework for Detection and Classification of Attacks on Surveillance Cameras under IoT Networks
The increasing use of Internet of Things IoT devices has led to a rise in security related concerns regarding IoT Networks. The surveillance cameras in IoT networks are vulnerable to security threats such as brute force and zero-day attacks which can lead to unauthorized access by hackers and...
A Survey of Threats against Voice Authentication and Anti-Spoofing Systems
Voice authentication has undergone significant changes from traditional systems that relied on handcrafted acoustic features to deep learning models that can extract robust speaker embeddings. This advancement has expanded its applications across finance, smart devices, law enforcement, and beyon...
When Machine Learning Meets Vulnerability Discovery: Challenges and Lessons Learned
In recent years, machine learning has demonstrated impressive results in various fields, including software vulnerability detection. Nonetheless, using machine learning to identify software vulnerabilities presents new challenges, especially regarding the scale of data involved, which was not a...
Consiglieres in the Shadow: Understanding the Use of Uncensored Large Language Models in Cybercrimes
The advancement of AI technologies, particularly Large Language Models LLMs, has transformed computing while introducing new security and privacy risks. Prior research shows that cybercriminals are increasingly leveraging uncensored LLMs ULLMs as backends for malicious services. Understanding the...
A Robust Cross-Domain IDS Using BiGRU-LSTM-Attention for Medical and Industrial IoT Security
The increased Internet of Medical Things IoMT and the Industrial Internet of Things IIoT interconnectivity has introduced complex cybersecurity challenges, exposing sensitive data, patient safety, and industrial operations to advanced cyber threats. To mitigate these risks, this paper introduces ...
MCPSecBench: a Systematic Security Benchmark and Playground for Testing Model Context Protocols
Large Language Models LLMs are increasingly integrated into real-world applications via the Model Context Protocol MCP, a universal, open standard for connecting AI agents with data sources and external tools. While MCP enhances the capabilities of LLM-based agents, it also introduces new securit...
Causal Graph Profiling Via Structural Divergence for Robust Anomaly Detection in Cyber-Physical Systems
With the growing complexity of cyberattacks targeting critical infrastructures such as water treatment networks, there is a pressing need for robust anomaly detection strategies that account for both system vulnerabilities and evolving attack patterns. Traditional methods -- statistical,...
Log2Sig: Frequency-Aware Insider Threat Detection Via Multivariate Behavioral Signal Decomposition
Insider threat detection presents a significant challenge due to the deceptive nature of malicious behaviors, which often resemble legitimate user operations. However, existing approaches typically model system logs as flat event sequences, thereby failing to capture the inherent frequency dynami...
SVC 2025: the First Multimodal Deception Detection Challenge
Deception detection is a critical task in real-world applications such as security screening, fraud prevention, and credibility assessment. While deep learning methods have shown promise in surpassing human-level performance, their effectiveness often depends on the availability of high-quality a...
A Survey on Data Security in Large Language Models
Large Language Models LLMs, now a foundation in advancing natural language processing, power applications such as text generation, machine translation, and conversational systems. Despite their transformative potential, these models inherently rely on massive amounts of training data, often...
Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection
With the rapid expansion of web-based applications and cloud services, malicious JavaScript code continues to pose significant threats to user privacy, system integrity, and enterprise security. But, detecting such threats remains challenging due to sophisticated code obfuscation techniques and...
SUSE CVE-2024-45795
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traffic parsing, leading to denial of service...
CompLeak: Deep Learning Model Compression Exacerbates Privacy Leakage
Model compression is crucial for minimizing memory storage and accelerating inference in deep learning DL models, including recent foundation models like large language models LLMs. Users can access different compressed model versions according to their resources and budget. However, while existi...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the configuration file upload process. An attacker with administrative privileges could create datasets with arbitrary names and locations, causing unintended behavior and potentially causing a denial of...
SynthCTI: LLM-Driven Synthetic CTI Generation to Enhance MITRE Technique Mapping
Cyber Threat Intelligence CTI mining involves extracting structured insights from unstructured threat data, enabling organizations to understand and respond to evolving adversarial behavior. A key task in CTI mining is mapping threat descriptions to MITRE ATT&CK techniques. However, this process...
Split Happens: Combating Advanced Threats with Split Learning and Function Secret Sharing
Split Learning SL -- splits a model into two distinct parts to help protect client data while enhancing Machine Learning ML processes. Though promising, SL has proven vulnerable to different attacks, thus raising concerns about how effective it may be in terms of data privacy. Recent works have...
Accelerating Automatic Program Repair with Dual Retrieval-Augmented Fine-Tuning and Patch Generation on Large Language Models
Automated Program Repair APR is essential for ensuring software reliability and quality while enhancing efficiency and reducing developers' workload. Although rule-based and learning-based APR methods have demonstrated their effectiveness, their performance was constrained by the defect type of...
Spectral Feature Extraction for Robust Network Intrusion Detection Using MFCCs
The rapid expansion of Internet of Things IoT networks has led to a surge in security vulnerabilities, emphasizing the critical need for robust anomaly detection and classification techniques. In this work, we propose a novel approach for identifying anomalies in IoT network traffic by leveraging...