6907 matches found
CoTSRF: Utilize Chain of Thought As Stealthy and Robust Fingerprint of Large Language Models
Despite providing superior performance, open-source large language models LLMs are vulnerable to abusive usage. To address this issue, recent works propose LLM fingerprinting methods to identify the specific source LLMs behind suspect applications. However, these methods fail to provide stealthy...
Securing RAG: a Risk Assessment and Mitigation Framework
Retrieval Augmented Generation RAG has emerged as the de facto industry standard for user-facing NLP applications, offering the ability to integrate data without re-training or fine-tuning Large Language Models LLMs. This capability enhances the quality and accuracy of responses but also introduc...
EC-LDA : Label Distribution Inference Attack against Federated Graph Learning with Embedding Compression
Graph Neural Networks GNNs have been widely used for graph analysis. Federated Graph Learning FGL is an emerging learning framework to collaboratively train graph data from various clients. However, since clients are required to upload model parameters to the server in each round, this provides t...
Pura: an Efficient Privacy-Preserving Solution for Face Recognition
Face recognition is an effective technology for identifying a target person by facial images. However, sensitive facial images raises privacy concerns. Although privacy-preserving face recognition is one of potential solutions, this solution neither fully addresses the privacy concerns nor is...
Scalable Defense against In-The-Wild Jailbreaking Attacks with Safety Context Retrieval
Large Language Models LLMs are known to be vulnerable to jailbreaking attacks, wherein adversaries exploit carefully engineered prompts to induce harmful or unethical responses. Such threats have raised critical concerns about the safety and reliability of LLMs in real-world deployment. While...
Model Checking the Security of the Lightning Network
Payment channel networks are an approach to improve the scalability of blockchain-based cryptocurrencies. The Lightning Network is a payment channel network built for Bitcoin that is already used in practice. Because the Lightning Network is used for transfer of financial value, its security in t...
Are Vision-Language Models Safe in the Wild? A Meme-Based Benchmark Study
Rapid deployment of vision-language models VLMs magnifies safety risks, yet most evaluations rely on artificial images. This study asks: How safe are current VLMs when confronted with meme images that ordinary users share? To investigate this question, we introduce MemeSafetyBench, a...
An Efficient Private GPT Never Autoregressively Decodes
The wide deployment of the generative pre-trained transformer GPT has raised privacy concerns for both clients and servers. While cryptographic primitives can be employed for secure GPT inference to protect the privacy of both parties, they introduce considerable performance overhead.To accelerat...
Alignment under Pressure: the Case for Informed Adversaries When Evaluating LLM Defenses
Large language models LLMs are rapidly deployed in real-world applications ranging from chatbots to agentic systems. Alignment is one of the main approaches used to defend against attacks such as prompt injection and jailbreaks. Recent defenses report near-zero Attack Success Rates ASR even again...
Versatile Quantum-Safe Hybrid Key Exchange and Its Application to MACsec
Advancements in quantum computing pose a significant threat to most of the cryptography currently deployed. Fortunately, cryptographic building blocks to mitigate the threat are already available; mostly based on post-quantum and quantum cryptography, but also on symmetric cryptography techniques...
Dynamic Spectrum Sharing Based on the Rentable NFT Standard ERC4907
Centralized Dynamic Spectrum Sharing DSS faces challenges like data security, high management costs, and limited scalability. To address these issues, a blockchain-based DSS scheme has been proposed in this paper. First, we utilize the ERC4907 standard to mint Non-Fungible Spectrum Tokens NFSTs...
Extensible Post Quantum Cryptography Based Authentication
Cryptography underpins the security of modern digital infrastructure, from cloud services to health data. However, many widely deployed systems will become vulnerable after the advent of scalable quantum computing. Although quantum-safe cryptographic primitives have been developed, such as...
AI-Driven Dynamic Firewall Optimization Using Reinforcement Learning for Anomaly Detection and Prevention
The growing complexity of cyber threats has rendered static firewalls increasingly ineffective for dynamic, real-time intrusion prevention. This paper proposes a novel AI-driven dynamic firewall optimization framework that leverages deep reinforcement learning DRL to autonomously adapt and update...
CRAKEN: Cybersecurity LLM Agent with Knowledge-Based Execution
Large Language Model LLM agents can automate cybersecurity tasks and can adapt to the evolving cybersecurity landscape without re-engineering. While LLM agents have demonstrated cybersecurity capabilities on Capture-The-Flag CTF competitions, they have two key limitations: accessing latest...
Zeek 7.0.8
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
Reliable Disentanglement Multi-View Learning against View Adversarial Attacks
Trustworthy multi-view learning has attracted extensive attention because evidence learning can provide reliable uncertainty estimation to enhance the credibility of multi-view predictions. Existing trusted multi-view learning methods implicitly assume that multi-view data is secure. However, in...
PRUNE: a Patching Based Repair Framework for Certifiable Unlearning of Neural Networks
It is often desirable to remove a.k.a. unlearn a specific part of the training data from a trained neural network model. A typical application scenario is to protect the data holder's right to be forgotten, which has been promoted by many recent regulation rules. Existing unlearning methods invol...
GDPRShield: AI-Powered GDPR Support for Software Developers in Small and Medium-Sized Enterprises
With the rapid increase in privacy violations in modern software development, regulatory frameworks such as the General Data Protection Regulation GDPR have been established to enforce strict data protection practices. However, insufficient privacy awareness among SME software developers...
Blind Spot Navigation: Evolutionary Discovery of Sensitive Semantic Concepts for LVLMs
Whitepaper called Blind Spot Navigation: Evolutionary Discovery Of Sensitive Semantic Concepts For LVLMs...
FragFake: a Dataset for Fine-Grained Detection of Edited Images with Vision Language Models
Fine-grained edited image detection of localized edits in images is crucial for assessing content authenticity, especially given that modern diffusion models and image editing methods can produce highly realistic manipulations. However, this domain faces three challenges: 1 Binary classifiers yie...
Mitigating Cyber Risk in the Age of Open-Weight LLMs: Policy Gaps and Technical Realities
Open-weight general-purpose AI GPAI models offer significant benefits but also introduce substantial cybersecurity risks, as demonstrated by the offensive capabilities of models like DeepSeek-R1 in evaluations such as MITRE's OCCULT. These publicly available models empower a wider range of actors...
VoteMate: a Decentralized Application for Scalable Electronic Voting on EVM-Based Blockchain
Voting is a cornerstone of democracy, allowing citizens to express their will and make collective decisions. With advancing technology, online voting is gaining popularity as it enables voting from anywhere with Internet access, eliminating the need for printed ballots or polling stations. Howeve...
Outsourcing SAT-Based Verification Computations in Network Security
The emergence of cloud computing gives huge impact on large computations. Cloud computing platforms offer servers with large computation power to be available for customers. These servers can be used efficiently to solve problems that are complex by nature, for example, satisfiability SAT problem...
Hybrid Audio Detection Using Fine-Tuned Audio Spectrogram Transformers: a Dataset-Driven Evaluation of Mixed AI-Human Speech
The rapid advancement of artificial intelligence AI has enabled sophisticated audio generation and voice cloning technologies, posing significant security risks for applications reliant on voice authentication. While existing datasets and models primarily focus on distinguishing between human and...
Privacy-Preserving Socialized Recommendation Based on Multi-View Clustering in a Cloud Environment
Recommendation as a service has improved the quality of our lives and plays a significant role in variant aspects. However, the preference of users may reveal some sensitive information, so that the protection of privacy is required. In this paper, we propose a privacy-preserving, socialized,...
Quantum-Resilient Blockchain for Secure Transactions in UAV-Assisted Smart Agriculture Networks
The integration of unmanned aerial vehicles UAVs into smart agriculture has enabled real-time monitoring, data collection, and automated farming operations. However, the high mobility, decentralized nature, and low-power communication of UAVs pose significant security challenges, particularly in...
Defining Atomicity (And Integrity) for Snapshots of Storage in Forensic Computing
The acquisition of data from main memory or from hard disk storage is usually one of the first steps in a forensic investigation. We revisit the discussion on quality criteria for "forensically sound" acquisition of such storage and propose a new way to capture the intent to acquire an...
Integrating Robotic Navigation with Blockchain: a Novel PoS-Based Approach for Heterogeneous Robotic Teams
This work explores a novel integration of blockchain methodologies with Wide Area Visual Navigation WAVN to address challenges in visual navigation for a heterogeneous team of mobile robots deployed for unstructured applications in agriculture, forestry, etc. Focusing on overcoming challenges suc...
MAPS: a Multilingual Benchmark for Global Agent Performance and Security
Agentic AI systems, which build on Large Language Models LLMs and interact with tools and memory, have rapidly advanced in capability and scope. Yet, since LLMs have been shown to struggle in multilingual settings, typically resulting in lower performance and reduced safety, agentic systems risk...
Zero-Trust Mobility-Aware Authentication Framework for Secure Vehicular Fog Computing Networks
Vehicular Fog Computing VFC is a promising paradigm to meet the low-latency and high-bandwidth demands of Intelligent Transportation Systems ITS. However, dynamic vehicle mobility and diverse trust boundaries introduce critical security challenges. This paper presents a novel Zero-Trust...
Leveraging Large Language Models for Command Injection Vulnerability Analysis in Python: an Empirical Study on Popular Open-Source Projects
Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large Language ModelsLLMs in code-related tasks, such as testing...
Silent Leaks: Implicit Knowledge Extraction Attack on RAG Systems through Benign Queries
Retrieval-Augmented Generation RAG systems enhance large language models LLMs by incorporating external knowledge bases, but they are vulnerable to privacy risks from data extraction attacks. Existing extraction methods typically rely on malicious inputs such as prompt injection or jailbreaking,...
Real-Time Detection of Insider Threats Using Behavioral Analytics and Deep Evidential Clustering
Insider threats represent one of the most critical challenges in modern cybersecurity. These threats arise from individuals within an organization who misuse their legitimate access to harm the organization's assets, data, or operations. Traditional security mechanisms, primarily designed for...
Federated Learning-Enhanced Blockchain Framework for Privacy-Preserving Intrusion Detection in Industrial IoT
Industrial Internet of Things IIoT systems have become integral to smart manufacturing, yet their growing connectivity has also exposed them to significant cybersecurity threats. Traditional intrusion detection systems IDS often rely on centralized architectures that raise concerns over data...
LAGO: Few-Shot Crosslingual Embedding Inversion Attacks Via Language Similarity-Aware Graph Optimization
We propose LAGO - Language Similarity-Aware Graph Optimization - a novel approach for few-shot cross-lingual embedding inversion attacks, addressing critical privacy vulnerabilities in multilingual NLP systems. Unlike prior work in embedding inversion attacks that treat languages independently,...
BountyBench: Dollar Impact of AI Agent Attackers and Defenders on Real-World Cybersecurity Systems
AI agents have the potential to significantly alter the cybersecurity landscape. To help us understand this change, we introduce the first framework to capture offensive and defensive cyber-capabilities in evolving real-world systems. Instantiating this framework with BountyBench, we set up 25...
SafeKey: Amplifying Aha-Moment Insights for Safety Reasoning
Large Reasoning Models LRMs introduce a new generation paradigm of explicitly reasoning before answering, leading to remarkable improvements in complex tasks. However, they pose great safety risks against harmful queries and adversarial attacks. While recent mainstream safety efforts on LRMs,...
A Survey on Secure Machine Learning
In this survey, we will explore the interaction between secure multiparty computation and the area of machine learning. Recent advances in secure multiparty computation MPC have significantly improved its applicability in the realm of machine learning ML, offering robust solutions for...
Quantum Steganography Using Catalytic and Entanglement-Assisted Quantum Codes
Steganography is the technique for transmitting a secret message by employing subterfuge to conceal it in innocent-looking data, rather than by overt security measures as in cryptography. Typically, non-degenerate quantum error-correcting codes QECCs are used as the cover medium, with the stego...
JULI: Jailbreak Large Language Models by Self-Introspection
Large Language Models LLMs are trained with safety alignment to prevent generating malicious content. Although some attacks have highlighted vulnerabilities in these safety-aligned LLMs, they typically have limitations, such as necessitating access to the model weights or the generation process...
Relational Hoare Logic for Realistically Modelled Machine Code
Many security- and performance-critical domains, such as cryptography, rely on low-level verification to minimize the trusted computing surface and allow code to be written directly in assembly. However, verifying assembly code against a realistic machine model is a challenging task. Furthermore,...
The Hidden Dangers of Outdated Software: a Cyber Security Perspective
Outdated software remains a potent and underappreciated menace in 2025's cybersecurity environment, exposing systems to a broad array of threats, including ransomware, data breaches, and operational outages that can have devastating and far-reaching impacts. This essay explores the unseen threats...
Invisible Entropy: Towards Safe and Efficient Low-Entropy LLM Watermarking
Logit-based LLM watermarking traces and verifies AI-generated content by maintaining green and red token lists and increasing the likelihood of green tokens during generation. However, it fails in low-entropy scenarios, where predictable outputs make green token selection difficult without...
SVAFD: a Secure and Verifiable Co-Aggregation Protocol for Federated Distillation
Secure Aggregation SA is an indispensable component of Federated Learning FL that concentrates on privacy preservation while allowing for robust aggregation. However, most SA designs rely heavily on the unrealistic assumption of homogeneous model architectures. Federated Distillation FD, which...
iOS 18.3 Beta / 18.2.1 Audio File Buffer Overflow
A critical vulnerability exists in AudioConverterService on iOS 18.3 Beta and also affects iOS 18.2.1 that allows a remote attacker to exploit a buffer overflow vulnerability via a malicious audio file sent through iMessage or SMS...
On the Day They Experience: Awakening Self-Sovereign Experiential AI Agents
Drawing on Andrew Parker's "Light Switch" theory-which posits that the emergence of vision ignited a Cambrian explosion of life by driving the evolution of hard parts necessary for survival and fueling an evolutionary arms race between predators and prey-this essay speculates on an analogous...
PsyScam: a Benchmark for Psychological Techniques in Real-World Scams
Online scams have become increasingly prevalent, with scammers using psychological techniques PTs to manipulate victims. While existing research has developed benchmarks to study scammer behaviors, these benchmarks do not adequately reflect the PTs observed in real-world scams. To fill this gap, ...
Sei Giga
We introduce the Sei Giga, a multi-concurrent producer parallelized execution EVM layer one blockchain. In an internal testnet Giga has achieved 5 gigagas/sec throughput and sub 400ms finality. Giga uses Autobahn for consensus with separate DA and consensus layers requiring f+1 votes for a PoA on...
An Empirical Analysis of EOS Blockchain: Architecture, Contract, and Security
With the rapid development of blockchain technology, various blockchain systems are exhibiting vitality and potential. As a representative of Blockchain 3.0, the EOS blockchain has been regarded as a strong competitor to Ethereum. Nevertheless, compared with Bitcoin and Ethereum, academic researc...
Covert Attacks on Machine Learning Training in Passively Secure MPC
Secure multiparty computation MPC allows data owners to train machine learning models on combined data while keeping the underlying training data private. The MPC threat model either considers an adversary who passively corrupts some parties without affecting their overall behavior, or an adversa...