151 matches found
A Large Scale Study of AI-Based Binary Function Similarity Detection Techniques for Security Researchers and Practitioners
Binary Function Similarity Detection BFSD is a foundational technique in software security, underpinning a wide range of applications including vulnerability detection, malware analysis. Recent advances in AI-based BFSD tools have led to significant performance improvements. However, existing...
Secure Retrieval-Augmented Generation against Poisoning Attacks
Large language models LLMs have transformed natural language processing NLP, enabling applications from content generation to decision support. Retrieval-Augmented Generation RAG improves LLMs by incorporating external knowledge but also introduces security risks, particularly from data poisoning...
Benchmarking Fake Voice Detection in the Fake Voice Generation Arms Race
As advances in synthetic voice generation accelerate, an increasing variety of fake voice generators have emerged, producing audio that is often indistinguishable from real human speech. This evolution poses new and serious threats across sectors where audio recordings serve as critical evidence...
Where Have All the Firewalls Gone? Security Consequences of Residential IPv6 Transition
IPv4 NAT has limited the spread of IoT botnets considerably by default-denying bots' incoming connection requests to in-home devices unless the owner has explicitly allowed them. As the Internet transitions to majority IPv6, however, residential connections no longer require the use of NAT. This...
Hot-Swap MarkBoard: an Efficient Black-Box Watermarking Approach for Large-Scale Model Distribution
Recently, Deep Learning DL models have been increasingly deployed on end-user devices as On-Device AI, offering improved efficiency and privacy. However, this deployment trend poses more serious Intellectual Property IP risks, as models are distributed on numerous local devices, making them...
Learning-Based Privacy-Preserving Graph Publishing against Sensitive Link Inference Attacks
Publishing graph data is widely desired to enable a variety of structural analyses and downstream tasks. However, it also potentially poses severe privacy leakage, as attackers may leverage the released graph data to launch attacks and precisely infer private information such as the existence of...
PhreshPhish: a Real-World, High-Quality, Large-Scale Phishing Website Dataset and Benchmark
Phishing remains a pervasive and growing threat, inflicting heavy economic and reputational damage. While machine learning has been effective in real-time detection of phishing attacks, progress is hindered by lack of large, high-quality datasets and benchmarks. In addition to poor-quality due to...
KeyDroid: a Large-Scale Analysis of Secure Key Storage in Android Apps
Most contemporary mobile devices offer hardware-backed storage for cryptographic keys, user data, and other sensitive credentials. Such hardware protects credentials from extraction by an adversary who has compromised the main operating system, such as a malicious third-party app. Since 2011,...
Yotta: a Large-Scale Trustless Data Trading Scheme for Blockchain System
Data trading is one of the key focuses of Web 3.0. However, all the current methods that rely on blockchain-based smart contracts for data exchange cannot support large-scale data trading while ensuring data security, which falls short of fulfilling the spirit of Web 3.0. Even worse, there is...
KEENHash: Hashing Programs into Function-Aware Embeddings for Large-Scale Binary Code Similarity Analysis
Binary code similarity analysis BCSA is a crucial research area in many fields such as cybersecurity. Specifically, function-level diffing tools are the most widely used in BCSA: they perform function matching one by one for evaluating the similarity between binary programs. However, such methods...
A Halpha Metric for Identifying Dormant Black Holes in X-Ray Transients
Dormant black holes BHs in X-ray transients can be identified by the presence of broad Ha emission lines from quiescent accretion discs. Unfortunately, short-period cataclysmic variables CVs can also produce broad Ha lines, especially when viewed at high inclinations, and are thus a major source ...
[SECURITY] Fedora 42 Update: zsync-0.6.2-3.fc42
zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync. However, where rsync is designed for...
MalVis: a Large-Scale Image-Based Framework and Dataset for Advancing Android Malware Classification
As technology advances, Android malware continues to pose significant threats to devices and sensitive data. The open-source nature of the Android OS and the availability of its SDK contribute to this rapid growth. Traditional malware detection techniques, such as signature-based, static, and...
Improved Algorithms for Differentially Private Language Model Alignment
Language model alignment is crucial for ensuring that large language models LLMs align with human preferences, yet it often involves sensitive user data, raising significant privacy concerns. While prior work has integrated differential privacy DP with alignment techniques, their performance...
LM-Scout: Analyzing the Security of Language Model Integration in Android Apps
Developers are increasingly integrating Language Models LMs into their mobile apps to provide features such as chat-based assistants. To prevent LM misuse, they impose various restrictions, including limits on the number of queries, input length, and allowed topics. However, if the LM integration...
Mitigating Backdoor Triggered and Targeted Data Poisoning Attacks in Voice Authentication Systems
Voice authentication systems remain susceptible to two major threats: backdoor triggered attacks and targeted data poisoning attacks. This dual vulnerability is critical because conventional solutions typically address each threat type separately, leaving systems exposed to adversaries who can...
CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
π« CAMEL is an open-source community dedicated to finding the scaling laws of agents. We believe that studying these agents on a large scale offers valuable insights into their behaviors, capabilities, and potential risks. To facilitate research in this field, we implement and support various type...
Snorkeling in Dark Waters: a Longitudinal Surface Exploration of Unique Tor Hidden Services (Extended Version)
The Onion Router Tor is a controversial network whose utility is constantly under scrutiny. On the one hand, it allows for anonymous interaction and cooperation of users seeking untraceable navigation on the Internet. This freedom also attracts criminals who aim to thwart law enforcement...
Penetration Testing Services: Strengthening Cybersecurity Against Evolving Threats
Cybersecurity threats are evolving at an unprecedented pace, leaving organizations vulnerable to large-scale attacks. Security breaches and dataβ¦...
IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024
Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras...