6907 matches found
Privacy-Preserving Transformers: SwiftKey'S Differential Privacy Implementation
In this paper we train a transformer using differential privacy DP for language modeling in SwiftKey. We run multiple experiments to balance the trade-off between the model size, run-time speed and accuracy. We show that we get small and consistent gains in the next-word-prediction and accuracy...
Winning at All Cost: a Small Environment for Eliciting Specification Gaming Behaviors in Large Language Models
This study reveals how frontier Large Language Models LLMs can "game the system" when faced with impossible situations, a critical security and alignment concern. Using a novel textual simulation approach, we presented three leading LLMs o1, o3-mini, and r1 with a tic-tac-toe scenario designed to...
OBLIVIATE: Robust and Practical Machine Unlearning for Large Language Models
Large language models LLMs trained over extensive corpora risk memorizing sensitive, copyrighted, or toxic content. To address this, we propose OBLIVIATE, a robust unlearning framework that removes targeted data while preserving model utility. The framework follows a structured process: extractin...
An LLM-Based Self-Evolving Security Framework for 6G Space-Air-Ground Integrated Networks
Recently emerged 6G space-air-ground integrated networks SAGINs, which integrate satellites, aerial networks, and terrestrial communications, offer ubiquitous coverage for various mobile applications. However, the highly dynamic, open, and heterogeneous nature of SAGINs poses severe security...
Safeguard-By-Development: a Privacy-Enhanced Development Paradigm for Multi-Agent Collaboration Systems
Multi-agent collaboration systems MACS, powered by large language models LLMs, solve complex problems efficiently by leveraging each agent's specialization and communication between agents. However, the inherent exchange of information between agents and their interaction with external...
CISA: Primary Mitigations to Reduce Cyber Threats to Operational Technology
The Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Environmental Protection Agency EPA, and Department of Energy DOE are aware of cyber incidents affecting the operational technology OT and industrial control systems ICS of critical infrastructure...
A Proposal for Evaluating the Operational Risk for ChatBots Based on Large Language Models
The emergence of Generative AI Gen AI and Large Language Models LLMs has enabled more advanced chatbots capable of human-like interactions. However, these conversational agents introduce a broader set of operational risks that extend beyond traditional cybersecurity considerations. In this work, ...
On the Vulnerability of Underwater Magnetic Induction Communication
Typical magnetic induction MI communication is commonly considered a secure underwater wireless communication UWC technology due to its non-audible and non-visible nature compared to acoustic and optical UWC technologies. However, vulnerabilities in communication systems inevitably exist and may...
Applied Post Quantum Cryptography: a Practical Approach for Generating Certificates in Industrial Environments
The transition to post-quantum cryptography PQC presents significant challenges for certificate-based identity management in industrial environments, where secure onboarding of devices relies on long-lived and interoperable credentials. This work analyzes the integration of PQC into X.509...
Federated Learning for Cyber Physical Systems: a Comprehensive Survey
The integration of machine learning ML in cyber physical systems CPS is a complex task due to the challenges that arise in terms of real-time decision making, safety, reliability, device heterogeneity, and data privacy. There are also open research questions that must be addressed in order to ful...
Weaponizing Language Models for Cybersecurity Offensive Operations: Automating Vulnerability Assessment Report Validation; a Review Paper
This, with the ever-increasing sophistication of cyberwar, calls for novel solutions. In this regard, Large Language Models LLMs have emerged as a highly promising tool for defensive and offensive cybersecurity-related strategies. While existing literature has focused much on the defensive use of...
ACE: a Security Architecture for LLM-Integrated App Systems
LLM-integrated app systems extend the utility of Large Language Models LLMs with third-party apps that are invoked by a system LLM using interleaved planning and execution phases to answer user queries. These systems introduce new attack vectors where malicious apps can cause integrity violation ...
A Framework to Prevent Biometric Data Leakage in the Immersive Technologies Domain
Doubtlessly, the immersive technologies have potential to ease people's life and uplift economy, however the obvious data privacy risks cannot be ignored. For example, a participant wears a 3D headset device which detects participant's head motion to track the pose of participant's head to match...
FedRE: Robust and Effective Federated Learning with Privacy Preference
Despite Federated Learning FL employing gradient aggregation at the server for distributed training to prevent the privacy leakage of raw data, private information can still be divulged through the analysis of uploaded gradients from clients. Substantial efforts have been made to integrate local...
Commvault Command Center Innovation Release 11.38 Remote Code Execution
Remote code execution exploit for Commvault Command Center version 11.38. Written in Python. This tool allows testing single targets or scanning multiple hosts in bulk...
WordPress CSV Mass Importer 1.2 Shell Upload
WordPress CSV Mass Importer plugin versions 1.2 and below suffer from a remote shell upload vulnerability...
A Numerical Gradient Inversion Attack in Variational Quantum Neural-Networks
The loss landscape of Variational Quantum Neural Networks VQNNs is characterized by local minima that grow exponentially with increasing qubits. Because of this, it is more challenging to recover information from model gradients during training compared to classical Neural Networks NNs. In this...
Securing Immersive 360 Video Streams through Attribute-Based Selective Encryption
Delivering high-quality, secure 360� video content introduces unique challenges, primarily due to the high bitrates and interactive demands of immersive media. Traditional HTTPS-based methods, although widely used, face limitations in computational efficiency and scalability when securing these...
Privacy Challenges in Image Processing Applications
As image processing systems proliferate, privacy concerns intensify given the sensitive personal information contained in images. This paper examines privacy challenges in image processing and surveys emerging privacy-preserving techniques including differential privacy, secure multiparty...
Memory under Siege: a Comprehensive Survey of Side-Channel Attacks on Memory
Whitepaper called Memory Under Siege: A Comprehensive Survey Of Side-Channel Attacks On Memory...
Botan C++ Crypto Algorithms Library 3.8.0
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...
Guardians of the Web: the Evolution and Future of Website Information Security
Website information security has become a critical concern in the digital age. This article explores the evolution of website information security, examining its historical development, current practices, and future directions. The early beginnings from the 1960s to the 1980s laid the groundwork...
DMRL: Data- and Model-Aware Reward Learning for Data Extraction
Large language models LLMs are inherently vulnerable to unintended privacy breaches. Consequently, systematic red-teaming research is essential for developing robust defense mechanisms. However, current data extraction methods suffer from several limitations: 1 rely on dataset duplicates...
RAP-SM: Robust Adversarial Prompt Via Shadow Models for Copyright Verification of Large Language Models
Recent advances in large language models LLMs have underscored the importance of safeguarding intellectual property rights through robust fingerprinting techniques. Traditional fingerprint verification approaches typically focus on a single model, seeking to improve the robustness of its...
Input-Specific and Universal Adversarial Attack Generation for Spiking Neural Networks in the Spiking Domain
As Spiking Neural Networks SNNs gain traction across various applications, understanding their security vulnerabilities becomes increasingly important. In this work, we focus on the adversarial attacks, which is perhaps the most concerning threat. An adversarial attack aims at finding a subtle...
Preparing for the Post Quantum Era: Quantum Ready Architecture for Security and Risk Management (QUASAR) -- a Strategic Framework for Cybersecurity
As quantum computing progresses, traditional cryptographic systems face the threat of obsolescence due to the capabilities of quantum algorithms. This paper introduces the Quantum-Ready Architecture for Security and Risk Management QUASAR, a novel framework designed to help organizations prepare...
Large Language Models Are Autonomous Cyber Defenders
Fast and effective incident response is essential to prevent adversarial cyberattacks. Autonomous Cyber Defense ACD aims to automate incident response through Artificial Intelligence AI agents that plan and execute actions. Most ACD approaches focus on single-agent scenarios and leverage...
CB-CPIR: Code-Based Computational Private Information Retrieval
A private information retrieval PIR scheme is a protocol that allows a user to retrieve a file from a database without revealing the identity of the desired file to a curious database. Given a distributed data storage system, efficient PIR can be achieved by making assumptions about the colluding...
A Study on Audio Synchronous Steganography Detection and Distributed Guide Inference Model Based on Sliding Spectral Features and Intelligent Inference Drive
With the rise of short video platforms in global communication, embedding steganographic data in audio synchronization streams has emerged as a new covert communication method. To address the limitations of traditional techniques in detecting synchronized steganography, this paper proposes a...
MergeGuard: Efficient Thwarting of Trojan Attacks in Machine Learning Models
This paper proposes MergeGuard, a novel methodology for mitigation of AI Trojan attacks. Trojan attacks on AI models cause inputs embedded with triggers to be misclassified to an adversary's target class, posing a significant threat to model usability trained by an untrusted third party. The core...
Directed Greybox Fuzzing Via Large Language Model
Directed greybox fuzzing DGF focuses on efficiently reaching specific program locations or triggering particular behaviors, making it essential for tasks like vulnerability detection and crash reproduction. However, existing methods often suffer from path explosion and randomness in input mutatio...
CodeBC: a More Secure Large Language Model for Smart Contract Code Generation in Blockchain
Large language models LLMs excel at generating code from natural language instructions, yet they often lack an understanding of security vulnerabilities. This limitation makes it difficult for LLMs to avoid security risks in generated code, particularly in high-security programming tasks such as...
SolPhishHunter: Towards Detecting and Understanding Phishing on Solana
Solana is a rapidly evolving blockchain platform that has attracted an increasing number of users. However, this growth has also drawn the attention of malicious actors, with some phishers extending their reach into the Solana ecosystem. Unlike platforms such as Ethereum, Solana has distinct...
AI-Driven Security in Cloud Computing: Enhancing Threat Detection, Automated Response, and Cyber Resilience
Cloud security concerns have been greatly realized in recent years due to the increase of complicated threats in the computing world. Many traditional solutions do not work well in real-time to detect or prevent more complex threats. Artificial intelligence is today regarded as a revolution in...
Differential Privacy for Network Assortativity
The analysis of network assortativity is of great importance for understanding the structural characteristics of and dynamics upon networks. Often, network assortativity is quantified using the assortativity coefficient that is defined based on the Pearson correlation coefficient between vertex...
BadLingual: a Novel Lingual-Backdoor Attack against Large Language Models
In this paper, we present a new form of backdoor attack against Large Language Models LLMs: lingual-backdoor attacks. The key novelty of lingual-backdoor attacks is that the language itself serves as the trigger to hijack the infected LLMs to generate inflammatory speech. They enable the precise...
LlamaFirewall: an Open Source Guardrail System for Building Secure AI Agents
Large language models LLMs have evolved from simple chatbots into autonomous agents capable of performing complex tasks such as editing production code, orchestrating workflows, and taking higher-stakes actions based on untrusted inputs like webpages and emails. These capabilities introduce new...
Mitigating Backdoor Triggered and Targeted Data Poisoning Attacks in Voice Authentication Systems
Voice authentication systems remain susceptible to two major threats: backdoor triggered attacks and targeted data poisoning attacks. This dual vulnerability is critical because conventional solutions typically address each threat type separately, leaving systems exposed to adversaries who can...
A Chaos Driven Metric for Backdoor Attack Detection
The advancement and adoption of Artificial Intelligence AI models across diverse domains have transformed the way we interact with technology. However, it is essential to recognize that while AI models have introduced remarkable advancements, they also present inherent challenges such as their...
Detecting Quishing Attacks with Machine Learning Techniques through QR Code Analysis
The rise of QR code based phishing "Quishing" poses a growing cybersecurity threat, as attackers increasingly exploit QR codes to bypass traditional phishing defenses. Existing detection methods predominantly focus on URL analysis, which requires the extraction of the QR code payload, and may...
Data-Driven Falsification of Cyber-Physical Systems
Whitepaper called Data-Driven Falsification Of Cyber-Physical Systems...
The Steganographic Potentials of Language Models
The potential for large language models LLMs to hide messages within plain text steganography poses a challenge to detection and thwarting of unaligned AI agents, and undermines faithfulness of LLMs reasoning. We explore the steganographic capabilities of LLMs fine-tuned via reinforcement learnin...
SKALD: Scalable K-Anonymisation for Large Datasets
Data privacy and anonymisation are critical concerns in today's data-driven society, particularly when handling personal and sensitive user data. Regulatory frameworks worldwide recommend privacy-preserving protocols such as k-anonymisation to de-identify releases of tabular data. Available...
Bridging Expertise Gaps: the Role of LLMs in Human-AI Collaboration for Cybersecurity
This study investigates whether large language models LLMs can function as intelligent collaborators to bridge expertise gaps in cybersecurity decision-making. We examine two representative tasks-phishing email detection and intrusion detection-that differ in data modality, cognitive complexity,...
WordPress Flynax Bridge 2.2.0 Privilege Escalation
WordPress Flynax Bridge plugin versions 2.2.0 and below suffer from an unauthenticated privilege escalation vulnerability...
Empc: Effective Path Prioritization for Symbolic Execution with Path Cover
Symbolic execution is a powerful program analysis technique that can formally reason the correctness of program behaviors and detect software bugs. It can systematically explore the execution paths of the tested program. But it suffers from an inherent limitation: path explosion. Path explosion...
Rollbaccine : Herd Immunity against Storage Rollback Attacks in TEEs [Technical Report]
Today, users can "lift-and-shift" unmodified applications into modern, VM-based Trusted Execution Environments TEEs in order to gain hardware-based security guarantees. However, TEEs do not protect applications against disk rollback attacks, where persistent storage can be reverted to an earlier...
LLMs' Suitability for Network Security: a Case Study of STRIDE Threat Modeling
Artificial Intelligence AI is expected to be an integral part of next-generation AI-native 6G networks. With the prevalence of AI, researchers have identified numerous use cases of AI in network security. However, there are almost nonexistent studies that analyze the suitability of Large Language...
Publicly Verifiable Secret Sharing: Generic Constructions and Lattice-Based Instantiations in the Standard Model
Publicly verifiable secret sharing PVSS allows a dealer to share a secret among a set of shareholders so that the secret can be reconstructed later from any set of qualified participants. In addition, any public verifier should be able to check the correctness of the sharing and reconstruction...
Elevating Cyber Threat Intelligence against Disinformation Campaigns with LLM-Based Concept Extraction and the FakeCTI Dataset
The swift spread of fake news and disinformation campaigns poses a significant threat to public trust, political stability, and cybersecurity. Traditional Cyber Threat Intelligence CTI approaches, which rely on low-level indicators such as domain names and social media handles, are easily evaded ...