6894 matches found
Evaluation Pipeline for Systematically Searching for Anomaly Detection Systems
Digitalization in the medical world provides major benefits while making it a target for attackers and thus hard to secure. To deal with network intruders we propose an anomaly detection system on hardware to detect malicious clients in real-time. We meet real-time and power restrictions using...
From LLMs to MLLMs to Agents: a Survey of Emerging Paradigms in Jailbreak Attacks and Defenses within LLM Ecosystem
Large language models LLMs are rapidly evolving from single-modal systems to multimodal LLMs and intelligent agents, significantly expanding their capabilities while introducing increasingly severe security risks. This paper presents a systematic survey of the growing complexity of jailbreak...
Detecting Hard-Coded Credentials in Software Repositories Via LLMs
Software developers frequently hard-code credentials such as passwords, generic secrets, private keys, and generic tokens in software repositories, even though it is strictly advised against due to the severe threat to the security of the software. These credentials create attack surfaces...
Busting the Paper Ballot: Voting Meets Adversarial Machine Learning
We show the security risk associated with using machine learning classifiers in United States election tabulators. The central classification task in election tabulation is deciding whether a mark does or does not appear on a bubble associated to an alternative in a contest on the ballot. Barrett...
Position: Certified Robustness Does Not (Yet) Imply Model Security
While certified robustness is widely promoted as a solution to adversarial examples in Artificial Intelligence systems, significant challenges remain before these techniques can be meaningfully deployed in real-world applications. We identify critical gaps in current research, including the parad...
Quantum Enhanced Entropy Pool for Cryptographic Applications and Proofs
This paper investigates the integration of quantum randomness into Verifiable Random Functions VRFs using the Ed25519 elliptic curve to strengthen cryptographic security. By replacing traditional pseudorandom number generators with quantum entropy sources, we assess the impact on key security and...
Protecting Your Voice: Temporal-Aware Robust Watermarking
Whitepaper called Protecting Your Voice: Temporal-Aware Robust Watermarking...
AdRo-FL: Informed and Secure Client Selection for Federated Learning in the Presence of Adversarial Aggregator
Whitepaper called AdRo-FL: Informed And Secure Client Selection For Federated Learning In The Presence Of Adversarial Aggregator...
Consensus Power Inequality: a Comparative Study of Blockchain Networks
The distribution of consensus power is a cornerstone of decentralization, influencing the security, resilience, and fairness of blockchain networks while ensuring equitable impact among participants. This study provides a rigorous evaluation of consensus power inequality across five prominent...
CWGAN-GP Augmented CAE for Jamming Detection in 5G-NR in Non-IID Datasets
In the ever-expanding domain of 5G-NR wireless cellular networks, over-the-air jamming attacks are prevalent as security attacks, compromising the quality of the received signal. We simulate a jamming environment by incorporating additive white Gaussian noise AWGN into the real-world In-phase and...
Facility Location Problem under Local Differential Privacy without Super-set Assumption
In this paper, we introduce an adaptation of the facility location problem and analyze it within the framework of local differential privacy LDP. Under this model, we ensure the privacy of client presence at specific locations...
EditLord: Learning Code Transformation Rules for Code Editing
Code editing is a foundational task in software development, where its effectiveness depends on whether it introduces desired code property changes without changing the original code's intended functionality. Existing approaches often formulate code editing as an implicit end-to-end task, omittin...
MM-AttacKG: a Multimodal Approach to Attack Graph Construction with Large Language Models
Cyber Threat Intelligence CTI parsing aims to extract key threat information from massive data, transform it into actionable intelligence, enhance threat detection and defense efficiency, including attack graph construction, intelligence fusion and indicator extraction. Among these research topic...
SmartGuard: Leveraging Large Language Models for Network Attack Detection through Audit Log Analysis and Summarization
End-point monitoring solutions are widely deployed in today's enterprise environments to support advanced attack detection and investigation. These monitors continuously record system-level activities as audit logs and provide deep visibility into security events. Unfortunately, existing methods ...
Global Microprocessor Correctness in the Presence of Transient Execution
Correctness for microprocessors is generally understood to be conformance with the associated instruction set architecture ISA. This is the basis for one of the most important abstractions in computer science, allowing hardware designers to develop highly-optimized processors that are functionall...
From Thinking to Output: Chain-Of-Thought and Text Generation Characteristics in Reasoning Language Models
Recently, there have been notable advancements in large language models LLMs, demonstrating their growing abilities in complex reasoning. However, existing research largely overlooks a thorough and systematic comparison of these models' reasoning processes and outputs, particularly regarding thei...
A Common Pool of Privacy Problems: Legal and Technical Lessons from a Large-Scale Web-Scraped Machine Learning Dataset
We investigate the contents of web-scraped data for training AI systems, at sizes where human dataset curators and compilers no longer manually annotate every sample. Building off of prior privacy concerns in machine learning models, we ask: What are the legal privacy implications of web-scraped...
VReaves: Eavesdropping on Virtual Reality App Identity and Activity Via Electromagnetic Side Channels
Virtual reality VR has recently proliferated significantly, consisting of headsets or head-mounted displays HMDs and hand controllers for an embodied and immersive experience. The VR device is usually embedded with different kinds of IoT sensors, such as cameras, microphones, communication sensor...
Semantic-Aware Parsing for Security Logs
Security analysts struggle to quickly and efficiently query and correlate log data due to the heterogeneity and lack of structure in real-world logs. Existing AI-based parsers focus on learning syntactic log templates but lack the semantic interpretation needed for querying. Directly querying lar...
A Novel Approach to Differential Privacy with Alpha Divergence
As data-driven technologies advance swiftly, maintaining strong privacy measures becomes progressively difficult. Conventional $ε, δ$-differential privacy, while prevalent, exhibits limited adaptability for many applications. To mitigate these constraints, we present alpha differential privacy AD...
Breaking Espressif’s ESP32 V3: Program Counter Control with Computed Values using Fault Injection
Espressif introduced the ESP32 V3, a low-cost System-on-Chip SoC with wireless connectivity, as a response to earlier hardware revisions that were susceptible to Fault Injection FI attacks. Despite its FI countermeasures, the authors of this paper are the first to bypass all security features of...
Zero-Knowledge Proof-Of-Location Protocols for Vehicle Subsidies and Taxation Compliance
This paper introduces a new set of privacy-preserving mechanisms for verifying compliance with location-based policies for vehicle taxation, or for electric vehicle EV subsidies, using Zero-Knowledge Proofs ZKPs. We present the design and evaluation of a Zero-Knowledge Proof-of-Location ZK-PoL...
SafeGenBench: a Benchmark Framework for Security Vulnerability Detection in LLM-Generated Code
The code generation capabilities of large language modelsLLMs have emerged as a critical dimension in evaluating their overall performance. However, prior research has largely overlooked the security risks inherent in the generated code. In this work, we introduce SafeGenBench, a benchmark...
Tracker Installations Are Not Created Equal: Understanding Tracker Configuration of Form Data Collection
Targeted advertising is fueled by the comprehensive tracking of users' online activity. As a result, advertising companies, such as Google and Meta, encourage website administrators to not only install tracking scripts on their websites but configure them to automatically collect users' Personall...
A Smart Contract-Based Non-Transferable Signature Verification System Using Nominative Signatures
Nominative signatures allow us to indicate who can verify a signature, and they can be employed to construct a non-transferable signature verification system that prevents the signature verification by a third party in unexpected situations. For example, this system can prevent IOU/loan certifica...
Towards Effective Complementary Security Analysis Using Large Language Models
A key challenge in security analysis is the manual evaluation of potential security weaknesses generated by static application security testing SAST tools. Numerous false positives FPs in these reports reduce the effectiveness of security analysis. We propose using Large Language Models LLMs to...
Analyzing PDFs like Binaries: Adversarially Robust PDF Malware Analysis Via Intermediate Representation and Language Model
Malicious PDF files have emerged as a persistent threat and become a popular attack vector in web-based attacks. While machine learning-based PDF malware classifiers have shown promise, these classifiers are often susceptible to adversarial attacks, undermining their reliability. To address this...
Public-Key Quantum Authentication and Digital Signature Schemes Based on the QMA-Complete Problem
We propose a quantum authentication and digital signature protocol whose security is founded on the Quantum Merlin ArthurQMA-completeness of the consistency of local density matrices. The protocol functions as a true public-key cryptography system, where the public key is a set of local density...
Secret Sharing in 5G-MEC: Applicability for Joint Security and Dependability
Multi-access Edge Computing MEC, an enhancement of 5G, processes data closer to its generation point, reducing latency and network load. However, the distributed and edge-based nature of 5G-MEC presents privacy and security challenges, including data exposure risks. Ensuring efficient manipulatio...
SAFEx: Analyzing Vulnerabilities of MoE-Based LLMs Via Stable Safety-Critical Expert Identification
Large language models based on Mixture-of-Experts have achieved substantial gains in efficiency and scalability, yet their architectural uniqueness introduces underexplored safety alignment challenges. Existing safety alignment strategies, predominantly designed for dense models, are ill-suited t...
Open Sky, Open Threats: Replay Attacks in Space Launch and Re-Entry Phases
This paper examines the effects of replay attacks on the integrity of both uplink and downlink communications during critical phases of spacecraft communication. By combining software-defined radios SDRs with a real-time channel emulator, we replicate realistic attack conditions on the Orion...
A Geometry-Grounded Data Perimeter in Azure
While data perimeter is ubiquitous in cybersecurity speak, it rarely defines how boundary points are arranged. In this paper we show how Azure s blast radius ultrametric provides the distance, and how solving the Traveling Salesman Problem in this ultrametric space provides the ordering, yielding...
Navigating the Deep: Signature Extraction on Deep Neural Networks
Neural network model extraction has emerged in recent years as an important security concern, as adversaries attempt to recover a network's parameters via black-box queries. A key step in this process is signature extraction, which aims to recover the absolute values of the network's weights laye...
SAFER-D: a Self-Adaptive Security Framework for Distributed Computing Architectures
The rise of the Internet of Things and Cyber-Physical Systems has introduced new challenges on ensuring secure and robust communication. The growing number of connected devices increases network complexity, leading to higher latency and traffic. Distributed computing architectures DCAs have gaine...
Probe Before You Talk: Towards Black-Box Defense against Backdoor Unalignment for Large Language Models
Backdoor unalignment attacks against Large Language Models LLMs enable the stealthy compromise of safety alignment using a hidden trigger while evading normal safety auditing. These attacks pose significant threats to the applications of LLMs in the real-world Large Language Model as a Service...
Centre Driven Controlled Evolution of Wireless Virtual Networks Based on Broadcast Tokens
In a wireless sensor network, the virtual connectivity between nodes is a function of the keys shared between various nodes. Pre-embedding these key configurations in the nodes would make the network inflexible. On the other hand, permitting subsets of nodes to engage in a common key synthesis...
Privacy-Preserving LLM Interaction with Socratic Chain-Of-Thought Reasoning and Homomorphically Encrypted Vector Databases
Large language models LLMs are increasingly used as personal agents, accessing sensitive user data such as calendars, emails, and medical records. Users currently face a trade-off: They can send private records, many of which are stored in remote databases, to powerful but untrusted LLM providers...
Applications of Zero-Knowledge Proofs on Bitcoin
This paper explores how zero-knowledge proofs can enhance Bitcoin's functionality and privacy. First, we consider Proof-of-Reserve schemes: by using zk-STARKs, a custodian can prove its Bitcoin holdings are more than a predefined threshold X, without revealing addresses or actual balances. We...
RansomLord NG Anti-Ransomware Exploit Tool 1.0
RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware by placing PE files in the x32 or x64 directories where the program is run from. This is the NG version that currently...
Probing the Robustness of Large Language Models Safety to Latent Perturbations
Safety alignment is a key requirement for building reliable Artificial General Intelligence. Despite significant advances in safety alignment, we observe that minor latent shifts can still trigger unsafe responses in aligned models. We argue that this stems from the shallow nature of existing...
Security through the Eyes of AI: How Visualization Is Shaping Malware Detection
Malware, a persistent cybersecurity threat, increasingly targets interconnected digital systems such as desktop, mobile, and IoT platforms through sophisticated attack vectors. By exploiting these vulnerabilities, attackers compromise the integrity and resilience of modern digital ecosystems. To...
Malware Classification Leveraging NLP and Machine Learning for Enhanced Accuracy
This paper investigates the application of natural language processing NLP-based n-gram analysis and machine learning techniques to enhance malware classification. We explore how NLP can be used to extract and analyze textual features from malware samples through n-grams, contiguous string or API...
AndroIDS : Android-Based Intrusion Detection System Using Federated Learning
The exponential growth of android-based mobile IoT systems has significantly increased the susceptibility of devices to cyberattacks, particularly in smart homes, UAVs, and other connected mobile environments. This article presents a federated learning-based intrusion detection framework called...
Sharpening Kubernetes Audit Logs with Context Awareness
Kubernetes has emerged as the de facto orchestrator of microservices, providing scalability and extensibility to a highly dynamic environment. It builds an intricate and deeply connected system that requires extensive monitoring capabilities to be properly managed. To this account, K8s natively...
CUBA: Controlled Untargeted Backdoor Attack against Deep Neural Networks
Backdoor attacks have emerged as a critical security threat against deep neural networks in recent years. The majority of existing backdoor attacks focus on targeted backdoor attacks, where trigger is strongly associated to specific malicious behavior. Various backdoor detection methods depend on...
Emission Impossible: Privacy-Preserving Carbon Emissions Claims
Information and Communication Technologies ICT have a significant climate impact, and data centres account for a large proportion of the carbon emissions from ICT. To achieve sustainability goals, it is important that all parties involved in ICT supply chains can track and share accurate carbon...
Few-Shot Learning-Based Cyber Incident Detection with Augmented Context Intelligence
In recent years, the adoption of cloud services has been expanding at an unprecedented rate. As more and more organizations migrate or deploy their businesses to the cloud, a multitude of related cybersecurity incidents such as data breaches are on the rise. Many inherent attributes of cloud...
Your Brain on ChatGPT: Accumulation of Cognitive Debt when Using an AI Assistant for Essay Writing Task
With today's wide adoption of LLM products like ChatGPT from OpenAI, humans and businesses engage and use LLMs on a daily basis. Like any other tool, it carries its own set of advantages and limitations. This study focuses on finding out the cognitive cost of using an LLM in the educational conte...
SecureFed: a Two-Phase Framework for Detecting Malicious Clients in Federated Learning
Federated Learning FL protects data privacy while providing a decentralized method for training models. However, because of the distributed schema, it is susceptible to adversarial clients that could alter results or sabotage model performance. This study presents SecureFed, a two-phase FL...
PRISON: Unmasking the Criminal Potential of Large Language Models
As large language models LLMs advance, concerns about their misconduct in complex social contexts intensify. Existing research overlooked the systematic understanding and assessment of their criminal capability in realistic interactions. We propose a unified framework PRISON, to quantify LLMs'...