6907 matches found
Fair Play for Individuals, Foul Play for Groups? Auditing Anonymization'S Impact on ML Fairness
Machine learning ML algorithms are heavily based on the availability of training data, which, depending on the domain, often includes sensitive information about data providers. This raises critical privacy concerns. Anonymization techniques have emerged as a practical solution to address these...
Mirror Mirror on the Wall, Have I Forgotten It All? A New Framework for Evaluating Machine Unlearning
Machine unlearning methods take a model trained on a dataset and a forget set, then attempt to produce a model as if it had only been trained on the examples not in the forget set. We empirically show that an adversary is able to distinguish between a mirror model a control model produced by...
LLM-Text Watermarking Based on Lagrange Interpolation
The rapid advancement of LLMs Large Language Models has established them as a foundational technology for many AI and ML-powered human computer interactions. A critical challenge in this context is the attribution of LLM-generated text -- either to the specific language model that produced it or ...
Browser Security Posture Analysis: a Client-Side Security Assessment Framework
Modern web browsers have effectively become the new operating system for business applications, yet their security posture is often under-scrutinized. This paper presents a novel, comprehensive Browser Security Posture Analysis Framework1, a browser-based client-side security assessment toolkit...
ABAC Lab: an Interactive Platform for Attribute-Based Access Control Policy Analysis, Tools, and Datasets
Attribute-Based Access Control ABAC provides expressiveness and flexibility, making it a compelling model for enforcing fine-grained access control policies. To facilitate the transition to ABAC, extensive research has been conducted to develop methodologies, frameworks, and tools that assist...
GDNTT: an Area-Efficient Parallel NTT Accelerator Using Glitch-Driven Near-Memory Computing and Reconfigurable 10T SRAM
With the rapid advancement of quantum computing technology, post-quantum cryptography PQC has emerged as a pivotal direction for next-generation encryption standards. Among these, lattice-based cryptographic schemes rely heavily on the fast Number Theoretic Transform NTT over polynomial rings,...
Zeek 7.0.7
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
Invariant-Based Cryptography: toward a General Framework
We develop a generalized framework for invariant-based cryptography by extending the use of structural identities as core cryptographic mechanisms. Starting from a previously introduced scheme where a secret is encoded via a four-point algebraic invariant over masked functional values, we broaden...
F5 BIG-IP 16.1.4.1 Remote Command Execution
F5 BIG-IP version 16.1.4.1 suffers from a command injection vulnerability via an authenticated user with administrator privileges...
Machine Learning-Based Detection of DDoS Attacks in VANETs for Emergency Vehicle Communication
Vehicular Ad Hoc Networks VANETs play a key role in Intelligent Transportation Systems ITS, particularly in enabling real-time communication for emergency vehicles. However, Distributed Denial of Service DDoS attacks, which interfere with safety-critical communication channels, can severely impai...
Evaluating Explanation Quality in X-IDS Using Feature Alignment Metrics
Explainable artificial intelligence XAI methods have become increasingly important in the context of explainable intrusion detection systems X-IDSs for improving the interpretability and trustworthiness of X-IDSs. However, existing evaluation approaches for XAI focus on model-specific properties...
Private LoRA Fine-Tuning of Open-Source LLMs with Homomorphic Encryption
Preserving data confidentiality during the fine-tuning of open-source Large Language Models LLMs is crucial for sensitive applications. This work introduces an interactive protocol adapting the Low-Rank Adaptation LoRA technique for private fine-tuning. Homomorphic Encryption HE protects the...
Valida ISA Spec, Version 1.0: a Zk-Optimized Instruction Set Architecture
The Valida instruction set architecture is designed for implementation in zkVMs to optimize for fast, efficient execution proving. This specification intends to guide implementors of zkVMs and compiler toolchains for Valida. It provides an unambiguous definition of the semantics of Valida program...
WordPress PDF 2 Post 2.4.0 Shell Upload
WordPress PDF 2 Post plugin versions 2.4.0 and below suffers from a remote shell upload vulnerability via a zip file...
LiteLMGuard: Seamless and Lightweight On-Device Prompt Filtering for Safeguarding Small Language Models against Quantization-Induced Risks and Vulnerabilities
The growing adoption of Large Language Models LLMs has influenced the development of their lighter counterparts-Small Language Models SLMs-to enable on-device deployment across smartphones and edge devices. These SLMs offer enhanced privacy, reduced latency, server-free functionality, and improve...
A Large-Scale Empirical Analysis of Custom GPTs' Vulnerabilities in the OpenAI Ecosystem
Millions of users leverage generative pretrained transformer GPT-based language models developed by leading model providers for a wide range of tasks. To support enhanced user interaction and customization, many platforms-such as OpenAI-now enable developers to create and publish tailored model...
Apple'S Synthetic Defocus Noise Pattern: Characterization and Forensic Applications
iPhone portrait-mode images contain a distinctive pattern in out-of-focus regions simulating the bokeh effect, which we term Apple's Synthetic Defocus Noise Pattern SDNP. If overlooked, this pattern can interfere with blind forensic analyses, especially PRNU-based camera source verification, as...
Securing WiFi Fingerprint-Based Indoor Localization Systems from Malicious Access Points
WiFi fingerprint-based indoor localization schemes deliver highly accurate location data by matching the received signal strength indicator RSSI with an offline database using machine learning ML or deep learning DL models. However, over time, RSSI values degrade due to the malicious behavior of...
WordPress Frontend Login and Registration Blocks 1.0.7 Privilege Escalation
WordPress Frontend Login and Registration Blocks plugin versions 1.0.7 and below are vulnerable to privilege escalation via account takeover. An unauthenticated attacker can change the administrator's email, trigger the Forgot Password process, and reset the admin password, gaining full control...
Self-Supervised Transformer-Based Contrastive Learning for Intrusion Detection Systems
As the digital landscape becomes more interconnected, the frequency and severity of zero-day attacks, have significantly increased, leading to an urgent need for innovative Intrusion Detection Systems IDS. Machine Learning-based IDS that learn from the network traffic characteristics and can...
LLM-Based Threat Detection and Prevention Framework for IoT Ecosystems
The increasing complexity and scale of the Internet of Things IoT have made security a critical concern. This paper presents a novel Large Language Model LLM-based framework for comprehensive threat detection and prevention in IoT environments. The system integrates lightweight LLMs fine-tuned on...
Real-Time Bit-Level Encryption of Full High-Definition Video without Diffusion
Despite the widespread adoption of Shannon's confusion-diffusion architecture in image encryption, the implementation of diffusion to sequentially establish inter-pixel dependencies for attaining plaintext sensitivity constrains algorithmic parallelism, while the execution of multiple rounds of...
Optimizing Mouse Dynamics for User Authentication by Machine Learning: Addressing Data Sufficiency, Accuracy-Practicality Trade-Off, and Model Performance Challenges
User authentication is essential to ensure secure access to computer systems, yet traditional methods face limitations in usability, cost, and security. Mouse dynamics authentication, based on the analysis of users' natural interaction behaviors with mouse devices, offers a cost-effective,...
TokenProber: Jailbreaking Text-To-Image Models Via Fine-Grained Word Impact Analysis
Text-to-image T2I models have significantly advanced in producing high-quality images. However, such models have the ability to generate images containing not-safe-for-work NSFW content, such as pornography, violence, political content, and discrimination. To mitigate the risk of generating NSFW...
Security of Internet of Agents: Attacks and Countermeasures
With the rise of large language and vision-language models, AI agents have evolved into autonomous, interactive systems capable of perception, reasoning, and decision-making. As they proliferate across virtual and physical domains, the Internet of Agents IoA has emerged as a key infrastructure fo...
Source Anonymity for Private Random Walk Decentralized Learning
This paper considers random walk-based decentralized learning, where at each iteration of the learning process, one user updates the model and sends it to a randomly chosen neighbor until a convergence criterion is met. Preserving data privacy is a central concern and open problem in decentralize...
DP-TRAE: a Dual-Phase Merging Transferable Reversible Adversarial Example for Image Privacy Protection
In the field of digital security, Reversible Adversarial Examples RAE combine adversarial attacks with reversible data hiding techniques to effectively protect sensitive data and prevent unauthorized analysis by malicious Deep Neural Networks DNNs. However, existing RAE techniques primarily focus...
Revealing Weaknesses in Text Watermarking through Self-Information Rewrite Attacks
Text watermarking aims to subtly embed statistical signals into text by controlling the Large Language Model LLM's sampling process, enabling watermark detectors to verify that the output was generated by the specified model. The robustness of these watermarking algorithms has become a key factor...
Securing Genomic Data against Inference Attacks in Federated Learning Environments
Federated Learning FL offers a promising framework for collaboratively training machine learning models across decentralized genomic datasets without direct data sharing. While this approach preserves data locality, it remains susceptible to sophisticated inference attacks that can compromise...
Standing Firm in 5G: a Single-Round, Dropout-Resilient Secure Aggregation for Federated Learning
Federated learning FL is well-suited to 5G networks, where many mobile devices generate sensitive edge data. Secure aggregation protocols enhance privacy in FL by ensuring that individual user updates reveal no information about the underlying client data. However, the dynamic and large-scale...
RedTeamLLM: an Agentic AI Framework for Offensive Security
From automated intrusion testing to discovery of zero-day attacks before software launch, agentic AI calls for great promises in security engineering. This strong capability is bound with a similar threat: the security and research community must build up its models before the approach is leverag...
One Trigger Token Is Enough: a Defense Strategy for Balancing Safety and Usability in Large Language Models
Large Language Models LLMs have been extensively used across diverse domains, including virtual assistants, automated code generation, and scientific research. However, they remain vulnerable to jailbreak attacks, which manipulate the models into generating harmful responses despite safety...
DPolicy: Managing Privacy Risks across Multiple Releases with Differential Privacy
Differential Privacy DP has emerged as a robust framework for privacy-preserving data releases and has been successfully applied in high-profile cases, such as the 2020 US Census. However, in organizational settings, the use of DP remains largely confined to isolated data releases. This approach...
A Contrastive Federated Semi-Supervised Learning Intrusion Detection Framework for Internet of Robotic Things
In intelligent industry, autonomous driving and other environments, the Internet of Things IoT highly integrated with robotic to form the Internet of Robotic Things IoRT. However, network intrusion to IoRT can lead to data leakage, service interruption in IoRT and even physical damage by...
Sandcastles in the Storm: Revisiting the (Im)Possibility of Strong Watermarking
Watermarking AI-generated text is critical for combating misuse. Yet recent theoretical work argues that any watermark can be erased via random walk attacks that perturb text while preserving quality. However, such attacks rely on two key assumptions: 1 rapid mixing watermarks dissolve quickly...
POISONCRAFT: Practical Poisoning of Retrieval-Augmented Generation for Large Language Models
Large language models LLMs have achieved remarkable success in various domains, primarily due to their strong capabilities in reasoning and generating human-like text. Despite their impressive performance, LLMs are susceptible to hallucinations, which can lead to incorrect or misleading outputs...
An \Tilde{O}Ptimal Differentially Private Learner for Concept Classes with VC Dimension 1
We present the first nearly optimal differentially private PAC learner for any concept class with VC dimension 1 and Littlestone dimension $d$. Our algorithm achieves the sample complexity of $\tildeO\varepsilon,δ,α,δ\log^ d$, nearly matching the lower bound of $Ω\log^ d$ proved by Alon et al...
ThreatLens: LLM-Guided Threat Modeling and Test Plan Generation for Hardware Security Verification
Current hardware security verification processes predominantly rely on manual threat modeling and test plan generation, which are labor-intensive, error-prone, and struggle to scale with increasing design complexity and evolving attack methodologies. To address these challenges, we propose...
AI-Powered Anomaly Detection with Blockchain for Real-Time Security and Reliability in Autonomous Vehicles
Autonomous Vehicles AV proliferation brings important and pressing security and reliability issues that must be dealt with to guarantee public safety and help their widespread adoption. The contribution of the proposed research is towards achieving more secure, reliable, and trustworthy autonomou...
RuleGenie: SIEM Detection Rule Set Optimization
SIEM systems serve as a critical hub, employing rule-based logic to detect and respond to threats. Redundant or overlapping rules in SIEM systems lead to excessive false alerts, degrading analyst performance due to alert fatigue, and increase computational overhead and response latency for actual...
Centralized Trust in Decentralized Systems: Unveiling Hidden Contradictions in Blockchain and Cryptocurrency
Blockchain technology promises to democratize finance and promote social equity through decentralization, but questions remain about whether current implementations advance or hinder these goals. Through a mixed-methods study combining semi-structured interviews with 13 diverse blockchain...
Practical Reasoning Interruption Attacks on Reasoning Large Language Models
Reasoning large language models RLLMs have demonstrated outstanding performance across a variety of tasks, yet they also expose numerous security vulnerabilities. Most of these vulnerabilities have centered on the generation of unsafe content. However, recent work has identified a distinct...
Privacy-Aware Berrut Approximated Coded Computing Applied to General Distributed Learning
Coded computing is one of the techniques that can be used for privacy protection in Federated Learning. However, most of the constructions used for coded computing work only under the assumption that the computations involved are exact, generally restricted to special classes of functions, and...
Exploring the Susceptibility to Fraud of Monetary Incentive Mechanisms for Strengthening FOSS Projects
Free and open source software FOSS is ubiquitous on modern IT systems, accelerating the speed of software engineering over the past decades. With its increasing importance and historical reliance on uncompensated contributions, questions have been raised regarding the continuous maintenance of FO...
System Prompt Poisoning: Persistent Attacks on Large Language Models beyond User Injection
Large language models LLMs have gained widespread adoption across diverse applications due to their impressive generative capabilities. Their plug-and-play nature enables both developers and end users to interact with these models through simple prompts. However, as LLMs become more integrated in...
Towards Quantum Resilience: Data-Driven Migration Strategy Design
The advancements in quantum computing are a threat to classical cryptographic systems. The traditional cryptographic methods that utilize factorization-based or discrete-logarithm-based algorithms, such as RSA and ECC, are some of these. This paper thoroughly investigates the vulnerabilities of...
Towards AI-Driven Human-Machine Co-Teaming for Adaptive and Agile Cyber Security Operation Centers
Security Operations Centers SOCs face growing challenges in managing cybersecurity threats due to an overwhelming volume of alerts, a shortage of skilled analysts, and poorly integrated tools. Human-AI collaboration offers a promising path to augment the capabilities of SOC analysts while reducin...
Comparing Classical and Quantum Conditional Disclosure of Secrets
The conditional disclosure of secrets CDS setting is among the most basic primitives studied in information-theoretic cryptography. Motivated by a connection to non-local quantum computation and position-based cryptography, CDS with quantum resources has recently been considered. Here, we study t...
On the Price of Differential Privacy for Spectral Clustering over Stochastic Block Models
We investigate privacy-preserving spectral clustering for community detection within stochastic block models SBMs. Specifically, we focus on edge differential privacy DP and propose private algorithms for community recovery. Our work explores the fundamental trade-offs between the privacy budget...
Learning from the Good Ones: Risk Profiling-Based Defenses against Evasion Attacks on DNNs
Safety-critical applications such as healthcare and autonomous vehicles use deep neural networks DNN to make predictions and infer decisions. DNNs are susceptible to evasion attacks, where an adversary crafts a malicious data instance to trick the DNN into making wrong decisions at inference time...