Spectral Feature Extraction for Robust Network Intrusion Detection Using MFCCs

The rapid expansion of Internet of Things IoT networks has led to a surge in security vulnerabilities, emphasizing the critical need for robust anomaly detection and classification techniques. In this work, we propose a novel approach for identifying anomalies in IoT network traffic by leveraging...

BarkBeetle: Stealing Decision Tree Models with Fault Injection

Machine learning models, particularly decision trees DTs, are widely adopted across various domains due to their interpretability and efficiency. However, as ML models become increasingly integrated into privacy-sensitive applications, concerns about their confidentiality have grown, particularly...

Unifying Re-Identification, Attribute Inference, and Data Reconstruction Risks in Differential Privacy

Differentially private DP mechanisms are difficult to interpret and calibrate because existing methods for mapping standard privacy parameters to concrete privacy risks -- re-identification, attribute inference, and data reconstruction -- are both overly pessimistic and inconsistent. In this work...

Exploit for Cleartext Transmission of Sensitive Information in Paloaltonetworks Cortex_Xdr_Agent

Nuclei2Snort 📖 项目介绍 Nuclei2Snort 是一个高效的自动化工具，用于将 Nuclei POC（Proof of Concept）模板批量转换为 Snort IDS/IPS 规则。该工具帮助安全研究人员和运维团队快速将 Nuclei 的漏洞检测模板转换为可部署的网络入侵检测规则。 ✨ 主要特性 - 🚀 批量转换: 支持单文件和目录批量转换 - 🌐 智能翻译: 集成腾讯云翻译API，自动将英文漏洞描述翻译为中文 - 🔧 自动分类: 智能识别漏洞类型并映射到相应的Snort分类 - ⚡ 并发处理: 支持多线程并发转换，提高处理效率 - 🛡️ 安全配置:...

Adaptive Malware Detection Using Sequential Feature Selection: a Dueling Double Deep Q-Network (D3QN) Framework for Intelligent Classification

Traditional malware detection methods exhibit computational inefficiency due to exhaustive feature extraction requirements, creating accuracy-efficiency trade-offs that limit real-time deployment. We formulate malware classification as a Markov Decision Process with episodic feature acquisition a...

Rethinking and Exploring String-Based Malware Family Classification in the Era of LLMs and RAG

Malware Family Classification MFC aims to identify the fine-grained family e.g., GuLoader or BitRAT to which a potential malware sample belongs, in contrast to malware detection or sample classification that predicts only an Yes/No. Accurate family identification can greatly facilitate automated...

VLAI: a RoBERTa-Based Model for Automated Vulnerability Severity Classification

This paper presents VLAI, a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling fast...

PhishKey: a Novel Centroid-Based Approach for Enhanced Phishing Detection Using Adaptive HTML Component Extraction

Phishing attacks pose a significant cybersecurity threat, evolving rapidly to bypass detection mechanisms and exploit human vulnerabilities. This paper introduces PhishKey to address the challenges of adaptability, robustness, and efficiency. PhishKey is a novel phishing detection method using...

Closing the Loop on API Security: How Imperva Helps You Expose, Contain, and Mitigate Business Logic Threats

In a world powered by APIs, waiting for an attack is waiting too long. Business logic risks like Broken Object Level Authorization BOLA don’t announce themselves with obvious signatures or malware. They hide in plain sight within normal-looking traffic and by the time a BOLA exploit turns into a...

Counterfactual Influence As a Distributional Quantity

Machine learning models are known to memorize samples from their training data, raising concerns around privacy and generalization. Counterfactual self-influence is a popular metric to study memorization, quantifying how the model's prediction for a sample changes depending on the sample's...

CVE-2025-6417

A vulnerability has been found in PHPGurukul Art Gallery Management System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-artist.php. The manipulation of the argument awarddetails leads to sql injection. The attack can be launched...

On the Existence of Consistent Adversarial Attacks in High-Dimensional Linear Classification

What fundamentally distinguishes an adversarial attack from a misclassification due to limited model expressivity or finite data? In this work, we investigate this question in the setting of high-dimensional binary classification, where statistical effects due to limited data availability play a...

Rectifying Privacy and Efficacy Measurements in Machine Unlearning: a New Inference Attack Perspective

Machine unlearning focuses on efficiently removing specific data from trained models, addressing privacy and compliance concerns with reasonable costs. Although exact unlearning ensures complete data removal equivalent to retraining, it is impractical for large-scale models, leading to growing...

Technical Evaluation of a Disruptive Approach in Homomorphic AI

We present a technical evaluation of a new, disruptive cryptographic approach to data security, known as HbHAI Hash-based Homomorphic Artificial Intelligence. HbHAI is based on a novel class of key-dependent hash functions that naturally preserve most similarity properties, most AI algorithms rel...

Enhancing One-run Privacy Auditing with Quantile Regression-Based Membership Inference

Differential privacy DP auditing aims to provide empirical lower bounds on the privacy guarantees of DP mechanisms like DP-SGD. While some existing techniques require many training runs that are prohibitively costly, recent work introduces one-run auditing approaches that effectively audit DP-SGD...

Enclosing Prototypical Variational Autoencoder for Explainable Out-of-Distribution Detection

Understanding the decision-making and trusting the reliability of Deep Machine Learning Models is crucial for adopting such methods to safety-relevant applications. We extend self-explainable Prototypical Variational models with autoencoder-based out-of-distribution OOD detection: A Variational...

Haptic-Based User Authentication for Tele-robotic System

Tele-operated robots rely on real-time user behavior mapping for remote tasks, but ensuring secure authentication remains a challenge. Traditional methods, such as passwords and static biometrics, are vulnerable to spoofing and replay attacks, particularly in high-stakes, continuous interactions...

LLM-Powered Intent-Based Categorization of Phishing Emails

Phishing attacks remain a significant threat to modern cybersecurity, as they successfully deceive both humans and the defense mechanisms intended to protect them. Traditional detection systems primarily focus on email metadata that users cannot see in their inboxes. Additionally, these systems...

Domain Adaptation for Image Classification of Defects in Semiconductor Manufacturing

In the semiconductor sector, due to high demand but also strong and increasing competition, time to market and quality are key factors in securing significant market share in various application areas. Thanks to the success of deep learning methods in recent years in the computer vision domain,...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netsched: ets: A double addition of the classifier was corrected in the class, where netem is a child qdisc. As described in Gerrard’s report 1, there are use cases where a netem child qdisc can make the enqueue callback of the...