6894 matches found
Self-Supervised Federated GNSS Spoofing Detection with Opportunistic Data
Global navigation satellite systems GNSS are vulnerable to spoofing attacks, with adversarial signals manipulating the location or time information of receivers, potentially causing severe disruptions. The task of discerning the spoofing signals from benign ones is naturally relevant for machine...
Safety Analysis in the NGAC Model
We study the safety problem for the next-generation access control NGAC model. We show that under mild assumptions it is coNP-complete, and under further realistic assumptions we give an algorithm for the safety problem that significantly outperforms naive brute force search. We also show that...
Measuring Security in 5G and Future Networks
In today's increasingly interconnected and fast-paced digital ecosystem, mobile networks, such as 5G and future generations such as 6G, play a pivotal role and must be considered as critical infrastructures. Ensuring their security is paramount to safeguard both individual users and the industrie...
NCorr-FP: a Neighbourhood-Based Correlation-Preserving Fingerprinting Scheme for Intellectual Property Protection of Structured Data
Ensuring data ownership and traceability of unauthorised redistribution are central to safeguarding intellectual property in shared data environments. Data fingerprinting addresses these challenges by embedding recipient-specific marks into the data, typically via content modifications. We propos...
Nuclei 3.4.3
Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...
UK Finfluencers: Exploring Content, Reach, and Responsibility
The rise of social media financial influencers finfluencers has significantly transformed the personal finance landscape, making financial advice and insights more accessible to a broader and younger audience. By leveraging digital platforms, these influencers have contributed to the...
Security Steerability Is All You Need
The adoption of Generative AI GenAI in various applications inevitably comes with expanding the attack surface, combining new security threats along with the traditional ones. Consequently, numerous research and industrial initiatives aim to mitigate these security threats in GenAI by developing...
RiM: Record, Improve and Maintain Physical Well-Being Using Federated Learning
In academic settings, the demanding environment often forces students to prioritize academic performance over their physical well-being. Moreover, privacy concerns and the inherent risk of data breaches hinder the deployment of traditional machine learning techniques for addressing these health...
An Empirical Study of Fuzz Harness Degradation
The purpose of continuous fuzzing platforms is to enable fuzzing for software projects via \emphfuzz harnesses -- but as the projects continue to evolve, are these harnesses updated in lockstep, or do they run out of date? If these harnesses remain unmaintained, will they \emphdegrade over time i...
Apache ActiveMQ 6.1.6 Denial of Service
Apache ActiveMQ version 6.1.6 denial of service proof of concept exploit. This tool sends malicious OpenWire packets to exhaust the JVM heap memory of the target server, potentially crashing the ActiveMQ service on port 61616...
LATENT: LLM-Augmented Trojan Insertion and Evaluation Framework for Analog Netlist Topologies
Analog and mixed-signal A/MS integrated circuits ICs are integral to safety-critical applications. However, the globalization and outsourcing of A/MS ICs to untrusted third-party foundries expose them to security threats, particularly analog Trojans. Unlike digital Trojans which have been...
Engineering Risk-Aware, Security-By-Design Frameworks for Assurance of Large-Scale Autonomous AI Models
As AI models scale to billions of parameters and operate with increasing autonomy, ensuring their safe, reliable operation demands engineering-grade security and assurance frameworks. This paper presents an enterprise-level, risk-aware, security-by-design approach for large-scale autonomous AI...
XNU VM_BEHAVIOR_ZERO_WIRED_PAGES Page Write
There is an issue where XNU VMBEHAVIORZEROWIREDPAGES behavior allows writing to read-only pages...
Large Language Model-Driven Security Assistant for Internet of Things Via Chain-Of-Thought
The rapid development of Internet of Things IoT technology has transformed people's way of life and has a profound impact on both production and daily activities. However, with the rapid advancement of IoT technology, the security of IoT devices has become an unavoidable issue in both research an...
Economic Security of Multiple Shared Security Protocols
Whitepaper called Economic Security Of Multiple Shared Security Protocols...
Vehicular Communication Security: Multi-Channel and Multi-Factor Authentication
Secure and reliable communications are crucial for Intelligent Transportation Systems ITSs, where Vehicle-to-Infrastructure V2I communication plays a key role in enabling mobility-enhancing and safety-critical services. Current V2I authentication relies on credential-based methods over wireless...
Integrating Communication, Sensing, and Security: Progress and Prospects of PLS in ISAC Systems
The sixth generation of wireless networks defined several key performance indicators KPIs for assessing its networks, mainly in terms of reliability, coverage, and sensing. In this regard, remarkable attention has been paid recently to the integrated sensing and communication ISAC paradigm as an...
SoK: a Taxonomy for Distributed-Ledger-Based Identity Management
The intersection of blockchain distributed ledger and identity management lacks a comprehensive framework for classifying distributed-ledger-based identity solutions. This paper introduces a methodologically developed taxonomy derived from the analysis of 390 scientific papers and expert...
Wazuh 4.12.0
Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...
Threat Modeling for AI: the Case for an Asset-Centric Approach
Recent advances in AI are transforming AI's ubiquitous presence in our world from that of standalone AI-applications into deeply integrated AI-agents. These changes have been driven by agents' increasing capability to autonomously make decisions and initiate actions, using existing applications;...
WordPress Depicter Slider and Popup Builder SQL Injection
WordPress Depicter Slider and Popup Builder plugin versions prior to 3.6.2 suffer from a remote SQL injection vulnerability...
Crowding out the Noise: Algorithmic Collective Action under Differential Privacy
The integration of AI into daily life has generated considerable attention and excitement, while also raising concerns about automating algorithmic harms and re-entrenching existing social inequities. While the responsible deployment of trustworthy AI systems is a worthy goal, there are many...
MTL-UE: Learning to Learn Nothing for Multi-Task Learning
Most existing unlearnable strategies focus on preventing unauthorized users from training single-task learning STL models with personal data. Nevertheless, the paradigm has recently shifted towards multi-task data and multi-task learning MTL, targeting generalist and foundation models that can...
Nmap Port Scanner 7.96
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols UDP, TCP, ICMP, etc...
Building Trustworthy Multimodal AI: a Review of Fairness, Transparency, and Ethics in Vision-Language Tasks
Objective: This review explores the trustworthiness of multimodal artificial intelligence AI systems, specifically focusing on vision-language tasks. It addresses critical challenges related to fairness, transparency, and ethical implications in these systems, providing a comparative analysis of...
Efficient Full-Stack Private Federated Deep Learning with Post-Quantum Security
Federated learning FL enables collaborative model training while preserving user data privacy by keeping data local. Despite these advantages, FL remains vulnerable to privacy attacks on user updates and model parameters during training and deployment. Secure aggregation protocols have been...
Privacy-Preserving Transformers: SwiftKey'S Differential Privacy Implementation
In this paper we train a transformer using differential privacy DP for language modeling in SwiftKey. We run multiple experiments to balance the trade-off between the model size, run-time speed and accuracy. We show that we get small and consistent gains in the next-word-prediction and accuracy...
User Behavior Analysis in Privacy Protection with Large Language Models: a Study on Privacy Preferences with Limited Data
With the widespread application of large language models LLMs, user privacy protection has become a significant research topic. Existing privacy preference modeling methods often rely on large-scale user data, making effective privacy preference analysis challenging in data-limited environments...
FedTDP: a Privacy-Preserving and Unified Framework for Trajectory Data Preparation Via Federated Learning
Trajectory data, which capture the movement patterns of people and vehicles over time and space, are crucial for applications like traffic optimization and urban planning. However, issues such as noise and incompleteness often compromise data quality, leading to inaccurate trajectory analyses and...
Botan C++ Crypto Algorithms Library 3.8.1
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...
Optimal Regret of Bernoulli Bandits under Global Differential Privacy
As sequential learning algorithms are increasingly applied to real life, ensuring data privacy while maintaining their utilities emerges as a timely question. In this context, regret minimisation in stochastic bandits under $ε$-global Differential Privacy DP has been widely studied. Unlike bandit...
Enhancing Blockchain Cross Chain Interoperability: a Comprehensive Survey
Blockchain technology, introduced in 2008, has revolutionized data storage and transfer across sectors such as finance, healthcare, intelligent transportation, and the metaverse. However, the proliferation of blockchain systems has led to discrepancies in architectures, consensus mechanisms, and...
Invariant-Based Cryptography
We propose a new symmetric cryptographic scheme based on functional invariants defined over discrete oscillatory functions with hidden parameters. The scheme encodes a secret integer through a four-point algebraic identity preserved under controlled parameterization. Security arises not from...
An Agent-Based Modeling Approach to Free-Text Keyboard Dynamics for Continuous Authentication
Continuous authentication systems leveraging free-text keyboard dynamics offer a promising additional layer of security in a multifactor authentication setup that can be used in a transparent way with no impact on user experience. This study investigates the efficacy of behavioral biometrics by...
Defending against Indirect Prompt Injection by Instruction Detection
The integration of Large Language Models LLMs with external sources is becoming increasingly common, with Retrieval-Augmented Generation RAG being a prominent example. However, this integration introduces vulnerabilities of Indirect Prompt Injection IPI attacks, where hidden instructions embedded...
Bringing Forensic Readiness to Modern Computer Firmware
Today's computer systems come with a pre-installed tiny operating system, which is also known as UEFI. UEFI has slowly displaced the former legacy PC-BIOS while the main task has not changed: It is responsible for booting the actual operating system. However, features like the network stack make ...
QUIC-Exfil: Exploiting QUIC'S Server Preferred Address Feature to Perform Data Exfiltration Attacks
The QUIC protocol is now widely adopted by major tech companies and accounts for a significant fraction of today's Internet traffic. QUIC's multiplexing capabilities, encrypted headers, dynamic IP address changes, and encrypted parameter negotiations make the protocol not only more efficient,...
A Weighted Byzantine Fault Tolerance Consensus Driven Trusted Multiple Large Language Models Network
Large Language Models LLMs have achieved remarkable success across a wide range of applications. However, individual LLMs often produce inconsistent, biased, or hallucinated outputs due to limitations in their training corpora and model architectures. Recently, collaborative frameworks such as th...
OBLIVIATE: Robust and Practical Machine Unlearning for Large Language Models
Large language models LLMs trained over extensive corpora risk memorizing sensitive, copyrighted, or toxic content. To address this, we propose OBLIVIATE, a robust unlearning framework that removes targeted data while preserving model utility. The framework follows a structured process: extractin...
An LLM-Based Self-Evolving Security Framework for 6G Space-Air-Ground Integrated Networks
Recently emerged 6G space-air-ground integrated networks SAGINs, which integrate satellites, aerial networks, and terrestrial communications, offer ubiquitous coverage for various mobile applications. However, the highly dynamic, open, and heterogeneous nature of SAGINs poses severe security...
WordPress CSV Mass Importer 1.2 Shell Upload
WordPress CSV Mass Importer plugin versions 1.2 and below suffer from a remote shell upload vulnerability...
Safeguard-By-Development: a Privacy-Enhanced Development Paradigm for Multi-Agent Collaboration Systems
Multi-agent collaboration systems MACS, powered by large language models LLMs, solve complex problems efficiently by leveraging each agent's specialization and communication between agents. However, the inherent exchange of information between agents and their interaction with external...
CISA: Primary Mitigations to Reduce Cyber Threats to Operational Technology
The Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Environmental Protection Agency EPA, and Department of Energy DOE are aware of cyber incidents affecting the operational technology OT and industrial control systems ICS of critical infrastructure...
A Proposal for Evaluating the Operational Risk for ChatBots Based on Large Language Models
The emergence of Generative AI Gen AI and Large Language Models LLMs has enabled more advanced chatbots capable of human-like interactions. However, these conversational agents introduce a broader set of operational risks that extend beyond traditional cybersecurity considerations. In this work, ...
On the Vulnerability of Underwater Magnetic Induction Communication
Typical magnetic induction MI communication is commonly considered a secure underwater wireless communication UWC technology due to its non-audible and non-visible nature compared to acoustic and optical UWC technologies. However, vulnerabilities in communication systems inevitably exist and may...
Applied Post Quantum Cryptography: a Practical Approach for Generating Certificates in Industrial Environments
The transition to post-quantum cryptography PQC presents significant challenges for certificate-based identity management in industrial environments, where secure onboarding of devices relies on long-lived and interoperable credentials. This work analyzes the integration of PQC into X.509...
Winning at All Cost: a Small Environment for Eliciting Specification Gaming Behaviors in Large Language Models
This study reveals how frontier Large Language Models LLMs can "game the system" when faced with impossible situations, a critical security and alignment concern. Using a novel textual simulation approach, we presented three leading LLMs o1, o3-mini, and r1 with a tic-tac-toe scenario designed to...
ACE: a Security Architecture for LLM-Integrated App Systems
LLM-integrated app systems extend the utility of Large Language Models LLMs with third-party apps that are invoked by a system LLM using interleaved planning and execution phases to answer user queries. These systems introduce new attack vectors where malicious apps can cause integrity violation ...
A Framework to Prevent Biometric Data Leakage in the Immersive Technologies Domain
Doubtlessly, the immersive technologies have potential to ease people's life and uplift economy, however the obvious data privacy risks cannot be ignored. For example, a participant wears a 3D headset device which detects participant's head motion to track the pose of participant's head to match...
A Numerical Gradient Inversion Attack in Variational Quantum Neural-Networks
The loss landscape of Variational Quantum Neural Networks VQNNs is characterized by local minima that grow exponentially with increasing qubits. Because of this, it is more challenging to recover information from model gradients during training compared to classical Neural Networks NNs. In this...