A Hybrid Intrusion Detection System with a New Approach to Protect the Cybersecurity of Cloud Computing

Cybersecurity is one of the foremost challenges facing the world of cloud computing. Recently, the widespread adoption of smart devices in cloud computing environments that provide Internet-based services has become prevalent. Therefore, it is essential to consider the security threats in these...

PhishingHook: Catching Phishing Ethereum Smart Contracts Leveraging EVM Opcodes

The Ethereum Virtual Machine EVM is a decentralized computing engine. It enables the Ethereum blockchain to execute smart contracts and decentralized applications dApps. The increasing adoption of Ethereum sparked the rise of phishing activities. Phishing attacks often target users through...

Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks

Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence AI systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems. "Unlike direct prompt injections,...

Towards Provable (In)Secure Model Weight Release Schemes

Recent secure weight release schemes claim to enable open-source model distribution while protecting model ownership and preventing misuse. However, these approaches lack rigorous security foundations and provide only informal security guarantees. Inspired by established works in cryptography, we...

Intelligent ARP Spoofing Detection Using Multi-Layered Machine Learning (ML) Techniques for IoT Networks

Address Resolution Protocol ARP spoofing remains a critical threat to IoT networks, enabling attackers to intercept, modify, or disrupt data transmission by exploiting ARP's lack of authentication. The decentralized and resource-constrained nature of IoT environments amplifies this vulnerability,...

Beyond Laplace and Gaussian: Exploring the Generalized Gaussian Mechanism for Private Machine Learning

Differential privacy DP is obtained by randomizing a data analysis algorithm, which necessarily introduces a tradeoff between its utility and privacy. Many DP mechanisms are built upon one of two underlying tools: Laplace and Gaussian additive noise mechanisms. We expand the search space of...

Quantum Machine Learning

The meteoric rise of artificial intelligence in recent years has seen machine learning methods become ubiquitous in modern science, technology, and industry. Concurrently, the emergence of programmable quantum computers, coupled with the expectation that large-scale fault-tolerant machines will...

Differential Privacy in Machine Learning: from Symbolic AI to LLMs

Machine learning models should not reveal particular information that is not otherwise accessible. Differential privacy provides a formal framework to mitigate privacy risks by ensuring that the inclusion or exclusion of any single data point does not significantly alter the output of an algorith...

Systems-Theoretic and Data-Driven Security Analysis in ML-enabled Medical Devices

The integration of AI/ML into medical devices is rapidly transforming healthcare by enhancing diagnostic and treatment facilities. However, this advancement also introduces serious cybersecurity risks due to the use of complex and often opaque models, extensive interconnectivity, interoperability...

A Comprehensive Survey on Underwater Acoustic Target Positioning and Tracking: Progress, Challenges, and Perspectives

Underwater target tracking technology plays a pivotal role in marine resource exploration, environmental monitoring, and national defense security. Given that acoustic waves represent an effective medium for long-distance transmission in aquatic environments, underwater acoustic target tracking h...

Offensive Robot Cybersecurity

Offensive Robot Cybersecurity introduces a groundbreaking approach by advocating for offensive security methods empowered by means of automation. It emphasizes the necessity of understanding attackers' tactics and identifying vulnerabilities in advance to develop effective defenses, thereby...

Busting the Paper Ballot: Voting Meets Adversarial Machine Learning

We show the security risk associated with using machine learning classifiers in United States election tabulators. The central classification task in election tabulation is deciding whether a mark does or does not appear on a bubble associated to an alternative in a contest on the ballot. Barrett...

Human-Centred AI in FinTech: Developing a User Experience (UX) Research Point of View (PoV) Playbook

Advancements in Artificial Intelligence AI have significantly transformed the financial industry, enabling the development of more personalized and adaptable financial products and services. This research paper explores various instances where Human-Centred AI HCAI has facilitated these...

A Common Pool of Privacy Problems: Legal and Technical Lessons from a Large-Scale Web-Scraped Machine Learning Dataset

We investigate the contents of web-scraped data for training AI systems, at sizes where human dataset curators and compilers no longer manually annotate every sample. Building off of prior privacy concerns in machine learning models, we ask: What are the legal privacy implications of web-scraped...

VReaves: Eavesdropping on Virtual Reality App Identity and Activity Via Electromagnetic Side Channels

Virtual reality VR has recently proliferated significantly, consisting of headsets or head-mounted displays HMDs and hand controllers for an embodied and immersive experience. The VR device is usually embedded with different kinds of IoT sensors, such as cameras, microphones, communication sensor...

FARFETCH'D: a Side-Channel Analysis Framework for Privacy Applications on Confidential Virtual Machines

Confidential virtual machines CVMs based on trusted execution environments TEEs enable new privacy-preserving solutions. Yet, they leave side-channel leakage outside their threat model, shifting the responsibility of mitigating such attacks to developers. However, mitigations are either not gener...

Trustworthy Artificial Intelligence for Cyber Threat Analysis

Artificial Intelligence brings innovations into the society. However, bias and unethical exist in many algorithms that make the applications less trustworthy. Threats hunting algorithms based on machine learning have shown great advantage over classical methods. Reinforcement learning models are...

Striking Back at Cobalt: Using Network Traffic Metadata to Detect Cobalt Strike Masquerading Command and Control Channels

Off-the-shelf software for Command and Control is often used by attackers and legitimate pentesters looking for discretion. Among other functionalities, these tools facilitate the customization of their network traffic so it can mimic popular websites, thereby increasing their secrecy. Cobalt...

Data-Driven Understanding of Security Issue Reporting in GitHub Repositories of Open Source Npm Packages

The npm Node Package Manager ecosystem is the most important package manager for JavaScript development with millions of users. Consequently, a plethora of earlier work investigated how vulnerability reporting, patch propagation, and in general detection as well as resolution of security issues i...

SoK: Data Reconstruction Attacks against Machine Learning Models: Definition, Metrics, and Benchmark

Data reconstruction attacks, which aim to recover the training dataset of a target model with limited access, have gained increasing attention in recent years. However, there is currently no consensus on a formal definition of data reconstruction attacks or appropriate evaluation metrics for...