Network Threat Detection: Addressing Class Imbalanced Data with Deep Forest

With the rapid expansion of Internet of Things IoT networks, detecting malicious traffic in real-time has become a critical cybersecurity challenge. This research addresses the detection challenges by presenting a comprehensive empirical analysis of machine learning techniques for malware detecti...

Ai-Driven Vulnerability Analysis in Smart Contracts: Trends, Challenges and Future Directions

Smart contracts, integral to blockchain ecosystems, enable decentralized applications to execute predefined operations without intermediaries. Their ability to enforce trustless interactions has made them a core component of platforms such as Ethereum. Vulnerabilities such as numerical overflows,...

QualitEye: Public and Privacy-Preserving Gaze Data Quality Verification

Gaze-based applications are increasingly advancing with the availability of large datasets but ensuring data quality presents a substantial challenge when collecting data at scale. It further requires different parties to collaborate, therefore, privacy concerns arise. We propose QualitEye--the...

Cyber Security of Sensor Systems for State Sequence Estimation: an AI Approach

Sensor systems are extremely popular today and vulnerable to sensor data attacks. Due to possible devastating consequences, counteracting sensor data attacks is an extremely important topic, which has not seen sufficient study. This paper develops the first methods that accurately...

A Review of Various Datasets for Machine Learning Algorithm-Based Intrusion Detection System: Advances and Challenges

IDS aims to protect computer networks from security threats by detecting, notifying, and taking appropriate action to prevent illegal access and protect confidential information. As the globe becomes increasingly dependent on technology and automated processes, ensuring secured systems,...

A Systematic Review of Metaheuristics-Based and Machine Learning-Driven Intrusion Detection Systems in IoT

The widespread adoption of the Internet of Things IoT has raised a new challenge for developers since it is prone to known and unknown cyberattacks due to its heterogeneity, flexibility, and close connectivity. To defend against such security breaches, researchers have focused on building...

Robust and Verifiable MPC with Applications to Linear Machine Learning Inference

In this work, we present an efficient secure multi-party computation MPC protocol that provides strong security guarantees in settings with dishonest majority of participants who may behave arbitrarily. Unlike the popular MPC implementation known as SPDZ Crypto '12, which only ensures security wi...

CHIP: Chameleon Hash-Based Irreversible Passport for Robust Deep Model Ownership Verification and Active Usage Control

The pervasion of large-scale Deep Neural Networks DNNs and their enormous training costs make their intellectual property IP protection of paramount importance. Recently introduced passport-based methods attempt to steer DNN watermarking towards strengthening ownership verification against...

Adversarial Machine Learning for Robust Password Strength Estimation

Passwords remain one of the most common methods for securing sensitive data in the digital age. However, weak password choices continue to pose significant risks to data security and privacy. This study aims to solve the problem by focusing on developing robust password strength estimation models...

Adaptive Privacy-Preserving SSD

Data remanence in NAND flash complicates complete deletion on IoT SSDs. We design an adaptive architecture offering four privacy levels PL0-PL3 that select among address, data, and parity deletion techniques. Quantitative analysis balances efficacy, latency, endurance, and cost. Machine-learning...

SimProcess: High Fidelity Simulation of Noisy ICS Physical Processes

Industrial Control Systems ICS manage critical infrastructures like power grids and water treatment plants. Cyberattacks on ICSs can disrupt operations, causing severe economic, environmental, and safety issues. For example, undetected pollution in a water plant can put the lives of thousands at...

Transformers for Secure Hardware Systems: Applications, Challenges, and Outlook

The rise of hardware-level security threats, such as side-channel attacks, hardware Trojans, and firmware vulnerabilities, demands advanced detection mechanisms that are more intelligent and adaptive. Traditional methods often fall short in addressing the complexity and evasiveness of modern...

Malicious code in ml-preprocessing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 449fa18004b9f5016f86ea6f5c97358b4ca5263d4649325b946379ca51610f63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Engineering Trustworthy Machine-Learning Operations with Zero-Knowledge Proofs

As Artificial Intelligence AI systems, particularly those based on machine learning ML, become integral to high-stakes applications, their probabilistic and opaque nature poses significant challenges to traditional verification and validation methods. These challenges are exacerbated in regulated...

RADEP: a Resilient Adaptive Defense Framework against Model Extraction Attacks

Machine Learning as a Service MLaaS enables users to leverage powerful machine learning models through cloud-based APIs, offering scalability and ease of deployment. However, these services are vulnerable to model extraction attacks, where adversaries repeatedly query the application programming...

CVE-2024-49361

ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit...

CVE-2023-30444

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350...

CVE-2022-21741

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

CVE-2022-21739

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

CVE-2022-41911

TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so...