6907 matches found
Evaluating Query Efficiency and Accuracy of Transfer Learning-Based Model Extraction Attack in Federated Learning
Federated Learning FL is a collaborative learning framework designed to protect client data, yet it remains highly vulnerable to Intellectual Property IP threats. Model extraction ME attacks pose a significant risk to Machine Learning as a Service MLaaS platforms, enabling attackers to replicate...
A Systematic Classification of Vulnerabilities in MoveEVM Smart Contracts (MWC)
We introduce the MoveEVM Weakness Classification MWC system -- a dedicated vulnerability taxonomy for smart contracts built with Move and executed in EVM-compatible environments. While Move was originally designed to prevent common security flaws via linear resource types and strict ownership, it...
An Empirical Study of JavaScript Inclusion Security Issues in Chrome Extensions
JavaScript, a scripting language employed to augment the capabilities of web browsers within web pages or browser extensions, utilizes code segments termed JavaScript inclusions. While the security aspects of JavaScript inclusions in web pages have undergone substantial scrutiny, a thorough...
LAMDA: a Longitudinal Android Malware Benchmark for Concept Drift Analysis
Machine learning ML-based malware detection systems often fail to account for the dynamic nature of real-world training and test data distributions. In practice, these distributions evolve due to frequent changes in the Android ecosystem, adversarial development of new malware families, and the...
Understanding the Relationship between Personal Data Privacy Literacy and Data Privacy Information Sharing by University Students
With constant threats to the safety of personal data in the United States, privacy literacy has become an increasingly important competency among university students, one that ties intimately to the information sharing behavior of these students. This survey based study examines how university...
Securing Credit Inquiries: the Role of Real-Time User Approval in Preventing SSN Identity Theft
Unauthorized credit inquiries are also a central entry point for identity theft, with Social Security Numbers SSNs being widely utilized in fraudulent cases. Traditional credit inquiry systems do not usually possess strict user authentication, making them vulnerable to unauthorized access. This...
Zero Trust Cybersecurity: Procedures and Considerations in Context
In response to the increasing complexity and sophistication of cyber threats, particularly those enhanced by advancements in artificial intelligence, traditional security methods are proving insufficient. This paper explores the Zero Trust cybersecurity framework, which operates on the principle ...
Mal-D2GAN: Double-Detector Based GAN for Malware Generation
Machine learning ML has been developed to detect malware in recent years. Most researchers focused their efforts on improving the detection performance but ignored the robustness of the ML models. In addition, many machine learning algorithms are very vulnerable to intentional attacks. To solve...
ARMS: a Vision for Actor Reputation Metric Systems in the Open-Source Software Supply Chain
Many critical information technology and cyber-physical systems rely on a supply chain of open-source software projects. OSS project maintainers often integrate contributions from external actors. While maintainers can assess the correctness of a change request, assessing a change request's...
Co-PatcheR: Collaborative Software Patching with Component(S)-Specific Small Reasoning Models
Motivated by the success of general-purpose large language models LLMs in software patching, recent works started to train specialized patching models. Most works trained one model to handle the end-to-end patching pipeline including issue localization, patch generation, and patch validation...
Strong Membership Inference Attacks on Massive Datasets and (Moderately) Large Language Models
State-of-the-art membership inference attacks MIAs typically require training many reference models, making it difficult to scale these attacks to large pre-trained language models LLMs. As a result, prior research has either relied on weaker attacks that avoid training reference models e.g.,...
A Study of Semi-Fungible Token Based Wi-Fi Access Control
Current Wi-Fi authentication methods face issues such as insufficient security, user privacy leakage, high management costs, and difficulty in billing. To address these challenges, a Wi-Fi access control solution based on blockchain smart contracts is proposed. Firstly, semi-fungible Wi-Fi tokens...
Anonymity-Washing
Anonymization is a foundational principle of data privacy regulation, yet its practical application remains riddled with ambiguity and inconsistency. This paper introduces the concept of anonymity-washing -- the misrepresentation of the anonymity level of sanitized'' personal data -- as a critica...
Adapting Novelty Towards Generating Antigens for Antivirus Systems
It is well known that anti-malware scanners depend on malware signatures to identify malware. However, even minor modifications to malware code structure results in a change in the malware signature thus enabling the variant to evade detection by scanners. Therefore, there exists the need for a...
MLRan: a Behavioural Dataset for Ransomware Analysis and Detection
Ransomware remains a critical threat to cybersecurity, yet publicly available datasets for training machine learning-based ransomware detection models are scarce and often have limited sample size, diversity, and reproducibility. In this paper, we introduce MLRan, a behavioural ransomware dataset...
$PD^3F$: a Pluggable and Dynamic DoS-Defense Framework against Resource Consumption Attacks Targeting Large Language Models
Large Language Models LLMs, due to substantial computational requirements, are vulnerable to resource consumption attacks, which can severely degrade server performance or even cause crashes, as demonstrated by denial-of-service DoS attacks designed for LLMs. However, existing works lack mitigati...
Exemplifying Emerging Phishing: QR-Based Browser-In-The-Browser (BiTB) Attack
Lately, cybercriminals constantly formulate productive approaches to exploit individuals. This article exemplifies an innovative attack, namely QR-based Browser-in-The-Browser BiTB, using proficiencies of Large Language Model LLM i.e. Google Gemini. The presented attack is a fusion of two emergin...
Usability of Token-Based and Remote Electronic Signatures: a User Experience Study
As electronic signatures e-signatures become increasingly integral to secure digital transactions, understanding their usability and security perception from an end-user perspective has become crucial. This study empirically evaluates and compares two major e-signature systems -- token-based and...
Fixing 7,400 Bugs for 1$: Cheap Crash-Site Program Repair
The rapid advancement of bug-finding techniques has led to the discovery of more vulnerabilities than developers can reasonably fix, creating an urgent need for effective Automated Program Repair APR methods. However, the complexity of modern bugs often makes precise root cause analysis difficult...
LLM-Driven APT Detection for 6G Wireless Networks: a Systematic Review and Taxonomy
Sixth Generation 6G wireless networks, which are expected to be deployed in the 2030s, have already created great excitement in academia and the private sector with their extremely high communication speed and low latency rates. However, despite the ultra-low latency, high throughput, and...
MADCAT: Combating Malware Detection under Concept Drift with Test-Time Adaptation
We present MADCAT, a self-supervised approach designed to address the concept drift problem in malware detection. MADCAT employs an encoder-decoder architecture and works by test-time training of the encoder on a small, balanced subset of the test-time data using a self-supervised objective. Duri...
Toward Malicious Clients Detection in Federated Learning
Federated learning FL enables multiple clients to collaboratively train a global machine learning model without sharing their raw data. However, the decentralized nature of FL introduces vulnerabilities, particularly to poisoning attacks, where malicious clients manipulate their local models to...
Benchmarking Poisoning Attacks against Retrieval-Augmented Generation
Retrieval-Augmented Generation RAG has proven effective in mitigating hallucinations in large language models by incorporating external knowledge during inference. However, this integration introduces new security vulnerabilities, particularly to poisoning attacks. Although prior work has explore...
Verifiable Deep Learning Inference on an Untrusted Party
Whitepaper called Verifiable Deep Learning Inference On An Untrusted Party...
An Attack to Break Permutation-Based Private Third-Party Inference Schemes for LLMs
Recent advances in Large Language Models LLMs have led to the widespread adoption of third-party inference services, raising critical privacy concerns. Existing methods of performing private third-party inference, such as Secure Multiparty Computation SMPC, often rely on cryptographic methods...
Chain-Of-Lure: a Synthetic Narrative-Driven Approach to Compromise Large Language Models
In the era of rapid generative AI development, interactions between humans and large language models face significant misusing risks. Previous research has primarily focused on black-box scenarios using human-guided prompts and white-box scenarios leveraging gradient-based LLM generation methods,...
Towards a Quantum-Classical Augmented Network
In the past decade, several small-scale quantum key distribution networks have been established. However, the deployment of large-scale quantum networks depends on the development of quantum repeaters, quantum channels, quantum memories, and quantum network protocols. To improve the security of...
Wazuh 4.10.2
Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...
Modeling Interdependent Privacy Threats
The rise of online social networks, user-gene-rated content, and third-party apps made data sharing an inevitable trend, driven by both user behavior and the commercial value of personal information. As service providers amass vast amounts of data, safeguarding individual privacy has become...
Invisible Tokens, Visible Bills: the Urgent Need to Audit Hidden Operations in Opaque LLM Services
Whitepaper called Invisible Tokens, Visible Bills: The Urgent Need To Audit Hidden Operations In Opaque LLM Services...
Sec5GLoc: Securing 5G Indoor Localization Via Adversary-Resilient Deep Learning Architecture
Emerging 5G millimeter-wave and sub-6 GHz networks enable high-accuracy indoor localization, but security and privacy vulnerabilities pose serious challenges. In this paper, we identify and address threats including location spoofing and adversarial signal manipulation against 5G-based indoor...
A Linear Approach to Data Poisoning
We investigate the theoretical foundations of data poisoning attacks in machine learning models. Our analysis reveals that the Hessian with respect to the input serves as a diagnostic tool for detecting poisoning, exhibiting spectral signatures that characterize compromised datasets. We use rando...
TSA-WF: Exploring the Effectiveness of Time Series Analysis for Website Fingerprinting
Whitepaper called TSA-WF: Exploring The Effectiveness Of Time Series Analysis For Website Fingerprinting...
SecurePay: Enabling Secure and Fast Payment Processing for Platform Economy
Recent years have witnessed a rapid development of platform economy, as it effectively addresses the trust dilemma between untrusted online buyers and merchants. However, malicious platforms can misuse users' funds and information, causing severe security concerns. Previous research efforts aimed...
A Critical Evaluation of Defenses against Prompt Injection Attacks
Large Language Models LLMs are vulnerable to prompt injection attacks, and several defenses have recently been proposed, often claiming to mitigate these attacks successfully. However, we argue that existing studies lack a principled approach to evaluating these defenses. In this paper, we argue...
Revisiting Adversarial Perception Attacks and Defense Methods on Autonomous Driving Systems
Autonomous driving systems ADS increasingly rely on deep learning-based perception models, which remain vulnerable to adversarial attacks. In this paper, we revisit adversarial attacks and defense methods, focusing on road sign recognition and lead object detection and prediction e.g., relative...
AI/ML for 5G and beyond Cybersecurity
The advancements in communication technology 5G and beyond and global connectivity Internet of Things IoT also come with new security problems that will need to be addressed in the next few years. The threats and vulnerabilities introduced by AI/ML based 5G and beyond IoT systems need to be...
Gaming Tool Preferences in Agentic LLMs
Large language models LLMs can now access a wide range of external tools, thanks to the Model Context Protocol MCP. This greatly expands their abilities as various agents. However, LLMs rely entirely on the text descriptions of tools to decide which ones to use--a process that is surprisingly...
Towards Anonymous Neural Network Inference
We introduce funion, a system providing end-to-end sender-receiver unlinkability for neural network inference. By leveraging the Pigeonhole storage protocol and BACAP blinding-and-capability scheme from the Echomix anonymity system, funion inherits the provable security guarantees of modern...
Architectural Backdoors for Within-Batch Data Stealing and Model Inference Manipulation
For nearly a decade the academic community has investigated backdoors in neural networks, primarily focusing on classification tasks where adversaries manipulate the model prediction. While demonstrably malicious, the immediate real-world impact of such prediction-altering attacks has remained...
JALMBench: Benchmarking Jailbreak Vulnerabilities in Audio Language Models
Whitepaper called JALMBench: Benchmarking Jailbreak Vulnerabilities In Audio Language Models...
Privacy-Preserving Bathroom Monitoring for Elderly Emergencies Using PIR and LiDAR Sensors
In-home elderly monitoring requires systems that can detect emergency events - such as falls or prolonged inactivity - while preserving privacy and requiring no user input. These systems must be embedded into the surrounding environment, capable of capturing activity, and responding promptly. Thi...
ACSE-Eval: Can LLMs Threat Model Real-World Cloud Infrastructure?
While Large Language Models have shown promise in cybersecurity applications, their effectiveness in identifying security threats within cloud deployments remains unexplored. This paper introduces AWS Cloud Security Engineering Eval, a novel dataset for evaluating LLMs cloud security threat...
Adaptively Secure Distributed Broadcast Encryption with Linear-Size Public Parameters
Distributed broadcast encryption DBE is a variant of broadcast encryption BE that can efficiently transmit a message to a subset of users, in which users independently generate user private keys and user public keys instead of a central trusted authority generating user keys. In this paper, we...
Gentoo Linux Security Advisory 201607-06
Gentoo Linux Security Advisory 201607-06 - A buffer overflow in CUPS might allow remote attackers to execute arbitrary code. Versions less than 2.0.2-r1 are affected...
EtherBee: a Global Dataset of Ethereum Node Performance Measurements Coupled with Honeypot Interactions and Full Network Sessions
We introduce EtherBee, a global dataset integrating detailed Ethereum node metrics, network traffic metadata, and honeypot interaction logs collected from ten geographically diverse vantage points over three months. By correlating node data with granular network sessions and security events,...
Large Language Models in the IoT Ecosystem -- a Survey on Security Challenges and Applications
The Internet of Things IoT and Large Language Models LLMs have been two major emerging players in the information technology era. Although there has been significant coverage of their individual capabilities, our literature survey sheds some light on the integration and interaction of LLMs and Io...
Gentoo Linux Security Advisory 200506-20
Gentoo Linux Security Advisory 200506-20 - Cacti is vulnerable to several SQL injection, authentication bypass and file inclusion vulnerabilities. Versions less than 0.8.6f are affected...
Gentoo Linux Security Advisory 201908-27
Gentoo Linux Security Advisory 201908-27 - A vulnerability in Nautilus may allow attackers to escape the sandbox. Versions less than 3.30.5-r1 are affected...
Gentoo Linux Security Advisory 201707-12
Gentoo Linux Security Advisory 201707-12 - A vulnerability in MAN DB allows local users to gain root privileges. Versions less than 2.7.6.1-r2 are affected...