Security Bulletin: Several vulnerabilities affect Watson Machine Learning Accelerator on Cloud Pak for Data 5.0.0

Summary Several vulnerabilities in Watson Machine Learning Accelerator on Cloud Pak for Data 5.0.0 have been fixed in Watson Machine Learning Accelerator on Cloud Pak for Data 5.0 latest refresh. Vulnerability Details CVEID:CVE-2024-3568 DESCRIPTION: Hugging Face Transformers could allow a remote...

Security Bulletin: Apache Log4j vulnerability (CVE-2021-4422) addressed in IBM Watson Machine Learning Accelerator

Summary Apache Log4j, which is used by and included with IBM Watson Machine Learning Accelerator , contains security vulnerability issue CVE-2021-44228. This bulletin provides mitigations for the Log4Shell vulnaribility CVE-2021-44228 by applying workaround steps to IBM Watson Machine Learning...

Network Attack Traffic Detection with Hybrid Quantum-Enhanced Convolution Neural Network

The emerging paradigm of Quantum Machine Learning QML combines features of quantum computing and machine learning ML. QML enables the generation and recognition of statistical data patterns that classical computers and classical ML methods struggle to effectively execute. QML utilizes quantum...

A Virtual Cybersecurity Department for Securing Digital Twins in Water Distribution Systems

Digital twins DTs help improve real-time monitoring and decision-making in water distribution systems. However, their connectivity makes them easy targets for cyberattacks such as scanning, denial-of-service DoS, and unauthorized access. Small and medium-sized enterprises SMEs that manage these...

Leveraging LLM to Strengthen ML-Based Cross-Site Scripting Detection

According to the Open Web Application Security Project OWASP, Cross-Site Scripting XSS is a critical security vulnerability. Despite decades of research, XSS remains among the top 10 security vulnerabilities. Researchers have proposed various techniques to protect systems from XSS attacks, with...

New whitepaper outlines the taxonomy of failure modes in AI agents

We are releasing a taxonomy of failure modes in AI agents to help security professionals and machine learning engineers think through how AI systems can fail and design them with safety and security in mind. The taxonomy continues Microsoft AI Red Team's work to lead the creation of systematizati...

Evaluating the Vulnerability of ML-Based Ethereum Phishing Detectors to Single-Feature Adversarial Perturbations

This paper explores the vulnerability of machine learning models to simple single-feature adversarial attacks in the context of Ethereum fraudulent transaction detection. Through comprehensive experimentation, we investigate the impact of various adversarial attack strategies on model performance...

Optimized Approaches to Malware Detection: a Study of Machine Learning and Deep Learning Techniques

Digital systems find it challenging to keep up with cybersecurity threats. The daily emergence of more than 560,000 new malware strains poses significant hazards to the digital ecosystem. The traditional malware detection methods fail to operate properly and yield high false positive rates with l...

Snorkeling in Dark Waters: a Longitudinal Surface Exploration of Unique Tor Hidden Services (Extended Version)

The Onion Router Tor is a controversial network whose utility is constantly under scrutiny. On the one hand, it allows for anonymous interaction and cooperation of users seeking untraceable navigation on the Internet. This freedom also attracts criminals who aim to thwart law enforcement...

A Collaborative Intrusion Detection System Using Snort IDS Nodes

Intrusion Detection Systems IDSs are integral to safeguarding networks by detecting and responding to threats from malicious traffic or compromised devices. However, standalone IDS deployments often fall short when addressing the increasing complexity and scale of modern cyberattacks. This paper...

Intelligent Detection of Non-Essential IoT Traffic on the Home Gateway

The rapid expansion of Internet of Things IoT devices, particularly in smart home environments, has introduced considerable security and privacy concerns due to their persistent connectivity and interaction with cloud services. Despite advancements in IoT security, effective privacy measures rema...

Mining Characteristics of Vulnerable Smart Contracts across Lifecycle Stages

Smart contracts are the cornerstone of decentralized applications and financial protocols, which extend the application of digital currency transactions. The applications and financial protocols introduce significant security challenges, resulting in substantial economic losses. Existing solution...

FLARE: Feature-Based Lightweight Aggregation for Robust Evaluation of IoT Intrusion Detection

The proliferation of Internet of Things IoT devices has expanded the attack surface, necessitating efficient intrusion detection systems IDSs for network protection. This paper presents FLARE, a feature-based lightweight aggregation for robust evaluation of IoT intrusion detection to address the...

Trace Gadgets: Minimizing Code Context for Machine Learning-Based Vulnerability Prediction

As the number of web applications and API endpoints exposed to the Internet continues to grow, so does the number of exploitable vulnerabilities. Manually identifying such vulnerabilities is tedious. Meanwhile, static security scanners tend to produce many false positives. While machine...

Artificial Intelligence – What's all the fuss?

Talking about AI: Definitions Artificial Intelligence AI — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing...

Malicious Code Detection in Smart Contracts Via Opcode Vectorization

With the booming development of blockchain technology, smart contracts have been widely used in finance, supply chain, Internet of things and other fields in recent years. However, the security problems of smart contracts become increasingly prominent. Security events caused by smart contracts...

DYNAMITE: Dynamic Defense Selection for Enhancing Machine Learning-Based Intrusion Detection against Adversarial Attacks

The rapid proliferation of the Internet of Things IoT has introduced substantial security vulnerabilities, highlighting the need for robust Intrusion Detection Systems IDS. Machine learning-based intrusion detection systems ML-IDS have significantly improved threat detection capabilities; however...

From Data Behavior to Code Analysis: a Multimodal Study on Security and Privacy Challenges in Blockchain-Based DApp

The recent proliferation of blockchain-based decentralized applications DApp has catalyzed transformative advancements in distributed systems, with extensive deployments observed across financial, entertainment, media, and cybersecurity domains. These trustless architectures, characterized by the...

Bypassing Prompt Injection and Jailbreak Detection in LLM Guardrails

Large Language Models LLMs guardrail systems are designed to protect against prompt injection and jailbreak attacks. However, they remain vulnerable to evasion techniques. We demonstrate two approaches for bypassing LLM prompt injection and jailbreak detection systems via traditional character...

The Evolution of Zero Trust Architecture (ZTA) from Concept to Implementation

Zero Trust Architecture ZTA is one of the paradigm changes in cybersecurity, from the traditional perimeter-based model to perimeterless. This article studies the core concepts of ZTA, its beginning, a few use cases and future trends. Emphasising the always verify and least privilege access, some...