Phishing Detection in Ethereum Via Temporal Graph Contrastive Learning

Blockchain and decentralized finance have revolutionized the financial ecosystem while simultaneously exposing it to cryptocurrency phishing attacks. Existing phishing detection methods primarily rely on graph learning, but they face significant limitations. Static graph learning approaches fail ...

ProvAgent: Threat Detection Based on Identity-Behavior Binding and Multi-Agent Collaborative Attack Investigation

Advanced Persistent Threats APTs pose critical challenges to modern cybersecurity due to their multi-stage and stealthy nature. While provenance-based detection approaches show promise in capturing causal attack semantics, current threat provenance practices face two paradoxical issues: 1 expert...

Few-Shot Learning for Security Bug Report Identification

Security bug reports require prompt identification to minimize the window of vulnerability in software systems. Traditional machine learning ML techniques for classifying bug reports to identify security bug reports rely heavily on large amounts of labeled data. However, datasets for security bug...

From One Attack Domain to Another: Contrastive Transfer Learning with Siamese Networks for APT Detection

Advanced Persistent Threats APT pose a major cybersecurity challenge due to their stealth, persistence, and adaptability. Traditional machine learning detectors struggle with class imbalance, high dimensional features, and scarce real world traces. They often lack transferability-performing well ...

AutoGraphAD: A Novel Approach Using Variational Graph Autoencoders for Anomalous Network Flow Detection

Network Intrusion Detection Systems NIDS are essential tools for detecting network attacks and intrusions. While extensive research has explored the use of supervised Machine Learning for attack detection and characterisation, these methods require accurately labelled datasets, which are very...

PhishSSL: Self-Supervised Contrastive Learning for Phishing Website Detection

Phishing websites remain a persistent cybersecurity threat by mimicking legitimate sites to steal sensitive user information. Existing machine learning-based detection methods often rely on supervised learning with labeled data, which not only incurs substantial annotation costs but also limits...

Contrastive Self-Supervised Network Intrusion Detection Using Augmented Negative Pairs

Network intrusion detection remains a critical challenge in cybersecurity. While supervised machine learning models achieve state-of-the-art performance, their reliance on large labelled datasets makes them impractical for many real-world applications. Anomaly detection methods, which train...

Human-AI Collaborative Bot Detection in MMORPGs

In Massively Multiplayer Online Role-Playing Games MMORPGs, auto-leveling bots exploit automated programs to level up characters at scale, undermining gameplay balance and fairness. Detecting such bots is challenging, not only because they mimic human behavior, but also because punitive actions...

MirGuard: Towards a Robust Provenance-Based Intrusion Detection System against Graph Manipulation Attacks

Learning-based Provenance-based Intrusion Detection Systems PIDSes have become essential tools for anomaly detection in host systems due to their ability to capture rich contextual and structural information, as well as their potential to detect unknown attacks. However, recent studies have shown...

BlindGuard: Safeguarding LLM-Based Multi-Agent Systems under Unknown Attacks

The security of LLM-based multi-agent systems MAS is critically threatened by propagation vulnerability, where malicious agents can distort collective decision-making through inter-agent message interactions. While existing supervised defense methods demonstrate promising performance, they may be...

Contrastive-KAN: a Semi-Supervised Intrusion Detection Framework for Cybersecurity with Scarce Labeled Data

In the era of the Fourth Industrial Revolution, cybersecurity and intrusion detection systems are vital for the secure and reliable operation of IoT and IIoT environments. A key challenge in this domain is the scarcity of labeled cyber-attack data, as most industrial systems operate under normal...

EventHunter: Dynamic Clustering and Ranking of Security Events from Hacker Forum Discussions

Hacker forums provide critical early warning signals for emerging cybersecurity threats, but extracting actionable intelligence from their unstructured and noisy content remains a significant challenge. This paper presents an unsupervised framework that automatically detects, clusters, and...

CLIProv: a Contrastive Log-To-Intelligence Multimodal Approach for Threat Detection and Provenance Analysis

With the increasing complexity of cyberattacks, the proactive and forward-looking nature of threat intelligence has become more crucial for threat detection and provenance analysis. However, translating high-level attack patterns described in Tactics, Techniques, and Procedures TTP intelligence...

Phantom Subgroup Poisoning: Stealth Attacks on Federated Recommender Systems

Federated recommender systems FedRec have emerged as a promising solution for delivering personalized recommendations while safeguarding user privacy. However, recent studies have demonstrated their vulnerability to poisoning attacks. Existing attacks typically target the entire user group, which...

Boosting Generative Adversarial Transferability with Self-Supervised Vision Transformer Features

The ability of deep neural networks DNNs come from extracting and interpreting features from the data provided. By exploiting intermediate features in DNNs instead of relying on hard labels, we craft adversarial perturbation that generalize more effectively, boosting black-box transferability...

When Better Features Mean Greater Risks: the Performance-Privacy Trade-Off in Contrastive Learning

With the rapid advancement of deep learning technology, pre-trained encoder models have demonstrated exceptional feature extraction capabilities, playing a pivotal role in the research and application of deep learning. However, their widespread use has raised significant concerns about the risk o...

Revisiting Adversarial Perception Attacks and Defense Methods on Autonomous Driving Systems

Autonomous driving systems ADS increasingly rely on deep learning-based perception models, which remain vulnerable to adversarial attacks. In this paper, we revisit adversarial attacks and defense methods, focusing on road sign recognition and lead object detection and prediction e.g., relative...

CoTSRF: Utilize Chain of Thought As Stealthy and Robust Fingerprint of Large Language Models

Despite providing superior performance, open-source large language models LLMs are vulnerable to abusive usage. To address this issue, recent works propose LLM fingerprinting methods to identify the specific source LLMs behind suspect applications. However, these methods fail to provide stealthy...

Think Twice Before You Act: Enhancing Agent Behavioral Safety with Thought Correction

LLM-based autonomous agents possess capabilities such as reasoning, tool invocation, and environment interaction, enabling the execution of complex multi-step tasks. The internal reasoning process, i.e., thought, of behavioral trajectory significantly influences tool usage and subsequent actions...

Random Client Selection on Contrastive Federated Learning for Tabular Data

Vertical Federated Learning VFL has revolutionised collaborative machine learning by enabling privacy-preserving model training across multiple parties. However, it remains vulnerable to information leakage during intermediate computation sharing. While Contrastive Federated Learning CFL was...