The Ripple Effect: on Unforeseen Complications of Backdoor Attacks

Recent research highlights concerns about the trustworthiness of third-party Pre-Trained Language Models PTLMs due to potential backdoor attacks. These backdoored PTLMs, however, are effective only for specific pre-defined downstream tasks. In reality, these PTLMs can be adapted to many other...

Unveiling the Black Box: a Multi-Layer Framework for Explaining Reinforcement Learning-Based Cyber Agents

Reinforcement Learning RL agents are increasingly used to simulate sophisticated cyberattacks, but their decision-making processes remain opaque, hindering trust, debugging, and defensive preparedness. In high-stakes cybersecurity contexts, explainability is essential for understanding how...

On the Security Risks of ML-Based Malware Detection Systems: a Survey

Malware presents a persistent threat to user privacy and data integrity. To combat this, machine learning-based ML-based malware detection MD systems have been developed. However, these systems have increasingly been attacked in recent years, undermining their effectiveness in practice. While the...

Nosy Layers, Noisy Fixes: Tackling DRAs in Federated Learning Systems Using Explainable AI

Federated Learning FL has emerged as a powerful paradigm for collaborative model training while keeping client data decentralized and private. However, it is vulnerable to Data Reconstruction Attacks DRA such as "LoKI" and "Robbing the Fed", where malicious models sent from the server to the clie...

Sybil-Based Virtual Data Poisoning Attacks in Federated Learning

Federated learning is vulnerable to poisoning attacks by malicious adversaries. Existing methods often involve high costs to achieve effective attacks. To address this challenge, we propose a sybil-based virtual data poisoning attack, where a malicious client generates sybil nodes to amplify the...

A Survey of Learning-Based Intrusion Detection Systems for In-Vehicle Network

Connected and Autonomous Vehicles CAVs enhance mobility but face cybersecurity threats, particularly through the insecure Controller Area Network CAN bus. Cyberattacks can have devastating consequences in connected vehicles, including the loss of control over critical systems, necessitating robus...

Random Client Selection on Contrastive Federated Learning for Tabular Data

Vertical Federated Learning VFL has revolutionised collaborative machine learning by enabling privacy-preserving model training across multiple parties. However, it remains vulnerable to information leakage during intermediate computation sharing. While Contrastive Federated Learning CFL was...

Cutting through Privacy: a Hyperplane-Based Data Reconstruction Attack in Federated Learning

Federated Learning FL enables collaborative training of machine learning models across distributed clients without sharing raw data, ostensibly preserving data privacy. Nevertheless, recent studies have revealed critical vulnerabilities in FL, showing that a malicious central server can manipulat...

Private Transformer Inference in MLaaS: a Survey

Transformer models have revolutionized AI, powering applications like content generation and sentiment analysis. However, their deployment in Machine Learning as a Service MLaaS raises significant privacy concerns, primarily due to the centralized processing of sensitive user data. Private...

The Ephemeral Threat: Assessing the Security of Algorithmic Trading Systems Powered by Deep Learning

We study the security of stock price forecasting using Deep Learning DL in computational finance. Despite abundant prior research on the vulnerability of DL to adversarial perturbations, such work has hitherto hardly addressed practical adversarial threat models in the context of DL-powered...

Correlating Account on Ethereum Mixing Service Via Domain-Invariant Feature Learning

The untraceability of transactions facilitated by Ethereum mixing services like Tornado Cash poses significant challenges to blockchain security and financial regulation. Existing methods for correlating mixing accounts suffer from limited labeled data and vulnerability to noisy annotations, whic...

Optimizing DDoS Detection in SDNs through Machine Learning Models

The emergence of Software-Defined Networking SDN has changed the network structure by separating the control plane from the data plane. However, this innovation has also increased susceptibility to DDoS attacks. Existing detection techniques are often ineffective due to data imbalance and accurac...

Robust Federated Learning with Confidence-Weighted Filtering and GAN-Based Completion under Noisy and Incomplete Data

Federated learning FL presents an effective solution for collaborative model training while maintaining data privacy across decentralized client datasets. However, data quality issues such as noisy labels, missing classes, and imbalanced distributions significantly challenge its effectiveness. Th...

Ivanti Neurons for ITSM 安全漏洞

Ivanti Neurons for ITSM is an automation platform for IT service management, based on artificial intelligence and machine learning technologies, designed to optimize the IT service delivery process and enhance user experience. An authentication bypass vulnerability exists in Ivanti Neurons for...

GPML: Graph Processing for Machine Learning

The dramatic increase of complex, multi-step, and rapidly evolving attacks in dynamic networks involves advanced cyber-threat detectors. The GPML Graph Processing for Machine Learning library addresses this need by transforming raw network traffic traces into graph representations, enabling...

Modeling Interdependent Cybersecurity Threats Using Bayesian Networks: a Case Study on In-Vehicle Infotainment Systems

Cybersecurity threats are increasingly marked by interdependence, uncertainty, and evolving complexity challenges that traditional assessment methods such as CVSS, STRIDE, and attack trees fail to adequately capture. This paper reviews the application of Bayesian Networks BNs in cybersecurity ris...

MUBox: a Critical Evaluation Framework of Deep Machine Unlearning

Recent legal frameworks have mandated the right to be forgotten, obligating the removal of specific data upon user requests. Machine Unlearning has emerged as a promising solution by selectively removing learned information from machine learning models. This paper presents MUBox, a comprehensive...

Adaptive Security Policy Management in Cloud Environments Using Reinforcement Learning

The security of cloud environments, such as Amazon Web Services AWS, is complex and dynamic. Static security policies have become inadequate as threats evolve and cloud resources exhibit elasticity 1. This paper addresses the limitations of static policies by proposing a security policy managemen...

Improved Algorithms for Differentially Private Language Model Alignment

Language model alignment is crucial for ensuring that large language models LLMs align with human preferences, yet it often involves sensitive user data, raising significant privacy concerns. While prior work has integrated differential privacy DP with alignment techniques, their performance...

Privacy-Preserving Analytics for Smart Meter (AMI) Data: a Hybrid Approach to Comply with CPUC Privacy Regulations

Advanced Metering Infrastructure AMI data from smart electric and gas meters enables valuable insights for utilities and consumers, but also raises significant privacy concerns. In California, regulatory decisions CPUC D.11-07-056 and D.11-08-045 mandate strict privacy protections for customer...