6864 matches found
How to Backdoor the Knowledge Distillation
Knowledge distillation has become a cornerstone in modern machine learning systems, celebrated for its ability to transfer knowledge from a large, complex teacher model to a more efficient student model. Traditionally, this process is regarded as secure, assuming the teacher model is clean. This...
Protocol Dialects As Formal Patterns: a Composable Theory of Lingos -- Technical Report
Protocol dialects are methods for modifying protocols that provide light-weight security, especially against easy attacks that can lead to more serious ones. A lingo is a dialect's key security component by making attackers unable to "speak" the lingo. A lingo's "talk" changes all the time,...
VDDP: Verifiable Distributed Differential Privacy under the Client-Server-Verifier Setup
Despite differential privacy DP often being considered the de facto standard for data privacy, its realization is vulnerable to unfaithful execution of its mechanisms by servers, especially in distributed settings. Specifically, servers may sample noise from incorrect distributions or generate...
From Ahead-of- to Just-in-Time and Back Again: Static Analysis for Unix Shell Programs
Shell programming is as prevalent as ever. It is also quite complex, due to the structure of shell programs, their use of opaque software components, and their complex interactions with the broader environment. As a result, even when exercising an abundance of care, shell developers discover...
Cert-SSB: toward Certified Sample-Specific Backdoor Defense
Deep neural networks DNNs are vulnerable to backdoor attacks, where an attacker manipulates a small portion of the training data to implant hidden backdoors into the model. The compromised model behaves normally on clean samples but misclassifies backdoored samples into the attacker-specified...
Traceback of Poisoning Attacks to Retrieval-Augmented Generation
Large language models LLMs integrated with retrieval-augmented generation RAG systems improve accuracy by leveraging external knowledge sources. However, recent research has revealed RAG's susceptibility to poisoning attacks, where the attacker injects poisoned texts into the knowledge database,...
Towards Fuzzing Zero-Knowledge Proof Circuits (Short Paper)
Whitepaper called Towards Fuzzing Zero-Knowledge Proof Circuits Short Paper...
Active Light Modulation to Counter Manipulation of Speech Visual Content
High-profile speech videos are prime targets for falsification, owing to their accessibility and influence. This work proposes Spotlight, a low-overhead and unobtrusive system for protecting live speech videos from visual falsification of speaker identity and lip and facial motion. Unlike...
XBreaking: Explainable Artificial Intelligence for Jailbreaking LLMs
Large Language Models are fundamental actors in the modern IT landscape dominated by AI solutions. However, security threats associated with them might prevent their reliable adoption in critical application scenarios such as government organizations and medical institutions. For this reason,...
Graph Privacy: a Heterogeneous Federated GNN for Trans-Border Financial Data Circulation
The sharing of external data has become a strong demand of financial institutions, but the privacy issue has led to the difficulty of interconnecting different platforms and the low degree of data openness. To effectively solve the privacy problem of financial data in trans-border flow and sharin...
Low Latency FPGA Implementation of Twisted Edward Curve Cryptography Hardware Accelerator over Prime Field
The performance of any elliptic curve cryptography hardware accelerator significantly relies on the efficiency of the underlying point multiplication PM architecture. This article presents a hardware implementation of field-programmable gate array FPGA based modular arithmetic, group operation, a...
Bilateral Differentially Private Vertical Federated Boosted Decision Trees
Federated learning is a distributed machine learning paradigm that enables collaborative training across multiple parties while ensuring data privacy. Gradient Boosting Decision Trees GBDT, such as XGBoost, have gained popularity due to their high performance and strong interpretability. Therefor...
A Comprehensive Study of Exploitable Patterns in Smart Contracts: from Vulnerability to Defense
With the rapid advancement of blockchain technology, smart contracts have enabled the implementation of increasingly complex functionalities. However, ensuring the security of smart contracts remains a persistent challenge across the stages of development, compilation, and execution...
Generative AI in Financial Institution: a Global Survey of Opportunities, Threats, and Regulation
Generative Artificial Intelligence GenAI is rapidly reshaping the global financial landscape, offering unprecedented opportunities to enhance customer engagement, automate complex workflows, and extract actionable insights from vast financial data. This survey provides an overview of GenAI adopti...
Enhancing Security and Strengthening Defenses in Automated Short-Answer Grading Systems
This study examines vulnerabilities in transformer-based automated short-answer grading systems used in medical education, with a focus on how these systems can be manipulated through adversarial gaming strategies. Our research identifies three main types of gaming strategies that exploit the...
An Inversion Theorem for Buffered Linear Toeplitz (BLT) Matrices and Applications to Streaming Differential Privacy
Buffered Linear Toeplitz BLT matrices are a family of parameterized lower-triangular matrices that play an important role in streaming differential privacy with correlated noise. Our main result is a BLT inversion theorem: the inverse of a BLT matrix is itself a BLT matrix with different...
Hoist with His Own Petard: Inducing Guardrails to Facilitate Denial-Of-Service Attacks on Retrieval-Augmented Generation of LLMs
Whitepaper called Hoist With His Own Petard: Inducing Guardrails To Facilitate Denial-Of-Service Attacks On Retrieval-Augmented Generation Of LLMs...
Unlocking User-Oriented Pages: Intention-Driven Black-Box Scanner for Real-World Web Applications
Black-box scanners have played a significant role in detecting vulnerabilities for web applications. A key focus in current black-box scanning is increasing test coverage i.e., accessing more web pages. However, since many web applications are user-oriented, some deep pages can only be accessed...
CryptoUNets: Applying Convolutional Networks to Encrypted Data for Biomedical Image Segmentation
In this manuscript, we demonstrate the feasibility of a privacy-preserving U-Net deep learning inference framework, namely, homomorphic encryption-based U-Net inference. That is, U-Net inference can be performed solely using homomorphic encryption techniques. To our knowledge, this is the first...
Security-By-Design at the Telco Edge with OSS: Challenges and Lessons Learned
This paper presents our experience, in the context of an industrial R&D project, on securing GENIO, a platform for edge computing on Passive Optical Network PON infrastructures, and based on Open-Source Software OSS. We identify threats and related mitigations through hardening, vulnerability...
LASHED: LLMs and Static Hardware Analysis for Early Detection of RTL Bugs
While static analysis is useful in detecting early-stage hardware security bugs, its efficacy is limited because it requires information to form checks and is often unable to explain the security impact of a detected vulnerability. Large Language Models can be useful in filling these gaps by...
Whispers of Data: Unveiling Label Distributions in Federated Learning through Virtual Client Simulation
Federated Learning enables collaborative training of a global model across multiple geographically dispersed clients without the need for data sharing. However, it is susceptible to inference attacks, particularly label inference attacks. Existing studies on label distribution inference exhibits...
The Planted Orthogonal Vectors Problem
In the $k$-Orthogonal Vectors $k$-OV problem we are given $k$ sets, each containing $n$ binary vectors of dimension $d=n^o1$, and our goal is to pick one vector from each set so that at each coordinate at least one vector has a zero. It is a central problem in fine-grained complexity, conjectured...
AI-Based Crypto Tokens: the Illusion of Decentralized AI?
The convergence of blockchain and artificial intelligence AI has led to the emergence of AI-based tokens, which are cryptographic assets designed to power decentralized AI platforms and services. This paper provides a comprehensive review of leading AI-token projects, examining their technical...
Enhancing Leakage Attacks on Searchable Symmetric Encryption Using LLM-Based Synthetic Data Generation
Searchable Symmetric Encryption SSE enables efficient search capabilities over encrypted data, allowing users to maintain privacy while utilizing cloud storage. However, SSE schemes are vulnerable to leakage attacks that exploit access patterns, search frequency, and volume information. Existing...
FFCBA: Feature-Based Full-Target Clean-Label Backdoor Attacks
Backdoor attacks pose a significant threat to deep neural networks, as backdoored models would misclassify poisoned samples with specific triggers into target classes while maintaining normal performance on clean samples. Among these, multi-target backdoor attacks can simultaneously target multip...
New Capacity Bounds for PIR on Graph and Multigraph-Based Replicated Storage
In this paper, we study the problem of private information retrieval PIR in both graph-based and multigraph-based replication systems, where each file is stored on exactly two servers, and any pair of servers shares at most $r$ files. We derive upper bounds on the PIR capacity for such systems an...
TriniMark: a Robust Generative Speech Watermarking Method for Trinity-Level Attribution
Whitepaper called TriniMark: A Robust Generative Speech Watermarking Method For Trinity-Level Attribution...
An Algebraic Approach to Asymmetric Delegation and Polymorphic Label Inference (Technical Report)
Language-based information flow control IFC enables reasoning about and enforcing security policies in decentralized applications. While information flow properties are relatively extensional and compositional, designing expressive systems that enforce such properties remains challenging. In...
DICOM Compatible, 3D Multimodality Image Encryption Using Hyperchaotic Signal
Medical image encryption plays an important role in protecting sensitive health information from cyberattacks and unauthorized access. In this paper, we introduce a secure and robust encryption scheme that is multi-modality compatible and works with MRI, CT, X-Ray and Ultrasound images for...
ReCIT: Reconstructing Full Private Data from Gradient in Parameter-Efficient Fine-Tuning of Large Language Models
Parameter-efficient fine-tuning PEFT has emerged as a practical solution for adapting large language models LLMs to custom datasets with significantly reduced computational cost. When carrying out PEFT under collaborative learning scenarios e.g., federated learning, it is often required to exchan...
SoK: Enhancing Privacy-Preserving Software Development from a Developers' Perspective
In software development, privacy preservation has become essential with the rise of privacy concerns and regulations such as GDPR and CCPA. While several tools, guidelines, methods, methodologies, and frameworks have been proposed to support developers embedding privacy into software applications...
Network Attack Traffic Detection with Hybrid Quantum-Enhanced Convolution Neural Network
The emerging paradigm of Quantum Machine Learning QML combines features of quantum computing and machine learning ML. QML enables the generation and recognition of statistical data patterns that classical computers and classical ML methods struggle to effectively execute. QML utilizes quantum...
A Novel Cipher for Enhancing MAVLink Security: Design, Security Analysis, and Performance Evaluation Using a Drone Testbed
We present MAVShield, a novel lightweight cipher designed to secure communications in Unmanned Aerial Vehicles UAVs using the MAVLink protocol, which by default transmits unencrypted messages between UAVs and Ground Control Stations GCS. While existing studies propose encryption for MAVLink, most...
Dual Explanations Via Subgraph Matching for Malware Detection
Interpretable malware detection is crucial for understanding harmful behaviors and building trust in automated security systems. Traditional explainable methods for Graph Neural Networks GNNs often highlight important regions within a graph but fail to associate them with known benign or maliciou...
Data Encryption Battlefield: a Deep Dive into the Dynamic Confrontations in Ransomware Attacks
In the rapidly evolving landscape of cybersecurity threats, ransomware represents a significant challenge. Attackers increasingly employ sophisticated encryption methods, such as entropy reduction through Base64 encoding, and partial or intermittent encryption to evade traditional detection...
SFIBA: Spatial-Based Full-Target Invisible Backdoor Attacks
Multi-target backdoor attacks pose significant security threats to deep neural networks, as they can preset multiple target classes through a single backdoor injection. This allows attackers to control the model to misclassify poisoned samples with triggers into any desired target class during...
CISA: Roadmap to Innovation in the Dams Sector
The Roadmap to Innovation in the Dams Sector outlines Research and Development Focus Areas for the next 3-5 years to enhance the security and resilience of the sector and ensure that dams and related infrastructure can withstand current and emerging risks. The R+D Focus Areas identified in this...
CISA: Dams Sector Personnel Screening Guide
The Dams Sector Personnel Screening Guide 2025 provides information to assist Dams Sector owners and operators in developing and implementing personnel screening protocols appropriate for their facilities. An effective screening protocol for potential employees and contractor support can contribu...
VIMU: Effective Physics-Based Realtime Detection and Recovery against Stealthy Attacks on UAVs
Sensor attacks on robotic vehicles have become pervasive and manipulative. Their latest advancements exploit sensor and detector characteristics to bypass detection. Recent security efforts have leveraged the physics-based model to detect or mitigate sensor attacks. However, these approaches are...
Mutual Information Minimization for Side-Channel Attack Resistance Via Optimal Noise Injection
Side-channel attacks SCAs pose a serious threat to system security by extracting secret keys through physical leakages such as power consumption, timing variations, and electromagnetic emissions. Among existing countermeasures, artificial noise injection is recognized as one of the most effective...
Robustness Via Referencing: Defending against Prompt Injection Attacks by Referencing the Executed Instruction
Large language models LLMs have demonstrated impressive performance and have come to dominate the field of natural language processing NLP across various tasks. However, due to their strong instruction-following capabilities and inability to distinguish between instructions and data content, LLMs...
VApps: Verifiable Applications at Internet Scale
Blockchain technology promises a decentralized, trustless, and interoperable infrastructure. However, widespread adoption remains hindered by issues such as limited scalability, high transaction costs, and the complexity of maintaining coherent verification logic across different blockchain layer...
Starfish: Rebalancing Multi-Party Off-Chain Payment Channels
Blockchain technology has revolutionized the way transactions are executed, but scalability remains a major challenge. Payment Channel Network PCN, as a Layer-2 scaling solution, has been proposed to address this issue. However, skewed payments can deplete the balance of one party within a channe...
Secure Coding with AI, from Creation to Inspection
While prior studies have explored security in code generated by ChatGPT and other Large Language Models, they were conducted in controlled experimental settings and did not use code generated or provided from actual developer interactions. This paper not only examines the security of code generat...
Did:Self a Registry-Less DID Method
We introduce did:self, a Decentralized Identifier DID method that does not depend on any trusted registry for storing the corresponding DID documents. Information for authenticating a did:self subject can be disseminated using any means and without making any security assumption about the deliver...
A Summation-Based Algorithm for Integer Factorization
Whitepaper called A Summation-Based Algorithm For Integer Factorization...
CISA: Dams Sector Waterside Barriers Guide
This guide was developed to assist dam owners and operators in understanding the possible need for waterside barriers as part of their overall security plan. It provides them and security personnel with a cursory level of information on barriers and their use, maintenance considerations, and...
Mitigating the Structural Bias in Graph Adversarial Defenses
In recent years, graph neural networks GNNs have shown great potential in addressing various graph structure-related downstream tasks. However, recent studies have found that current GNNs are susceptible to malicious adversarial attacks. Given the inevitable presence of adversarial attacks in the...
Erased but Not Forgotten: How Backdoors Compromise Concept Erasure
The expansion of large-scale text-to-image diffusion models has raised growing concerns about their potential to generate undesirable or harmful content, ranging from fabricated depictions of public figures to sexually explicit images. To mitigate these risks, prior work has devised machine...