CVE-2021-29613

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...

CVE-2021-29548

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

CVE-2021-29515

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...

CVE-2021-29563

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination...

CVE-2021-29551

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixTriangularSolvehttps://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrixtriangularsolveopimpl.hL160-L240 fails to terminate kernel...

CVE-2021-29522

TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...

CVE-2020-25459

An issue was discovered in function synctree in heterodecisiontreeguest.py in WeBank FATE Federated AI Technology Enabler 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling...

CVE-2019-20634

An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails tha...

CVE-2019-8760

This issue was addressed by improving Face ID machine learning models. This issue is fixed in iOS 13. A 3D model constructed to look like the enrolled user may authenticate via Face ID...

Energy Consumption Framework and Analysis of Post-Quantum Key-Generation on Embedded Devices

The emergence of quantum computing and Shor's algorithm necessitates an imminent shift from current public key cryptography techniques to post-quantum robust techniques. NIST has responded by standardising Post-Quantum Cryptography PQC algorithms, with ML-KEM FIPS-203 slated to replace ECDH...

Interpretable Anomaly Detection in Encrypted Traffic Using SHAP with Machine Learning Models

The widespread adoption of encrypted communication protocols such as HTTPS and TLS has enhanced data privacy but also rendered traditional anomaly detection techniques less effective, as they often rely on inspecting unencrypted payloads. This study aims to develop an interpretable machine...

Password Strength Detection Via Machine Learning: Analysis, Modeling, and Evaluation

As network security issues continue gaining prominence, password security has become crucial in safeguarding personal information and network systems. This study first introduces various methods for system password cracking, outlines password defense strategies, and discusses the application of...

A Survey on Secure Machine Learning

In this survey, we will explore the interaction between secure multiparty computation and the area of machine learning. Recent advances in secure multiparty computation MPC have significantly improved its applicability in the realm of machine learning ML, offering robust solutions for...

On the Security Risks of ML-Based Malware Detection Systems: a Survey

Malware presents a persistent threat to user privacy and data integrity. To combat this, machine learning-based ML-based malware detection MD systems have been developed. However, these systems have increasingly been attacked in recent years, undermining their effectiveness in practice. While the...

Private Transformer Inference in MLaaS: a Survey

Transformer models have revolutionized AI, powering applications like content generation and sentiment analysis. However, their deployment in Machine Learning as a Service MLaaS raises significant privacy concerns, primarily due to the centralized processing of sensitive user data. Private...

A Survey of Learning-Based Intrusion Detection Systems for In-Vehicle Network

Connected and Autonomous Vehicles CAVs enhance mobility but face cybersecurity threats, particularly through the insecure Controller Area Network CAN bus. Cyberattacks can have devastating consequences in connected vehicles, including the loss of control over critical systems, necessitating robus...

Optimizing DDoS Detection in SDNs through Machine Learning Models

The emergence of Software-Defined Networking SDN has changed the network structure by separating the control plane from the data plane. However, this innovation has also increased susceptibility to DDoS attacks. Existing detection techniques are often ineffective due to data imbalance and accurac...

On the Interplay of Explainability, Privacy and Predictive Performance with Explanation-Assisted Model Extraction

Machine Learning as a Service MLaaS has gained important attraction as a means for deploying powerful predictive models, offering ease of use that enables organizations to leverage advanced analytics without substantial investments in specialized infrastructure or expertise. However, MLaaS...

Ivanti Neurons for ITSM 安全漏洞

Ivanti Neurons for ITSM is an automation platform for IT service management, based on artificial intelligence and machine learning technologies, designed to optimize the IT service delivery process and enhance user experience. An authentication bypass vulnerability exists in Ivanti Neurons for...

GPML: Graph Processing for Machine Learning

The dramatic increase of complex, multi-step, and rapidly evolving attacks in dynamic networks involves advanced cyber-threat detectors. The GPML Graph Processing for Machine Learning library addresses this need by transforming raw network traffic traces into graph representations, enabling...