6864 matches found
Erased but Not Forgotten: How Backdoors Compromise Concept Erasure
The expansion of large-scale text-to-image diffusion models has raised growing concerns about their potential to generate undesirable or harmful content, ranging from fabricated depictions of public figures to sexually explicit images. To mitigate these risks, prior work has devised machine...
Building Trust in Healthcare with Privacy Techniques: Blockchain in the Cloud
This study introduces a cutting-edge architecture developed for the NewbornTime project, which uses advanced AI to analyze video data at birth and during newborn resuscitation, with the aim of improving newborn care. The proposed architecture addresses the crucial issues of patient consent, data...
Enhancing Vulnerability Reports with Automated and Augmented Description Summarization
Public vulnerability databases, such as the National Vulnerability Database NVD, document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to...
DP-SMOTE: Integrating Differential Privacy and Oversampling Technique to Preserve Privacy in Smart Homes
Smart homes represent intelligent environments where interconnected devices gather information, enhancing users living experiences by ensuring comfort, safety, and efficient energy management. To enhance the quality of life, companies in the smart device industry collect user data, including...
Quantifying the Noise of Structural Perturbations on Graph Adversarial Attacks
Graph neural networks have been widely utilized to solve graph-related tasks because of their strong learning power in utilizing the local information of neighbors. However, recent studies on graph adversarial attacks have proven that current graph neural networks are not robust against malicious...
SecRepoBench: Benchmarking LLMs for Secure Code Generation in Real-World Repositories
This paper introduces SecRepoBench, a benchmark to evaluate LLMs on secure code generation in real-world repositories. SecRepoBench has 318 code generation tasks in 27 C/C++ repositories, covering 15 CWEs. We evaluate 19 state-of-the-art LLMs using our benchmark and find that the models struggle...
The Hidden Risks of LLM-Generated Web Application Code: a Security-Centric Evaluation of Code Generation Capabilities in Large Language Models
The rapid advancement of Large Language Models LLMs has enhanced software development processes, minimizing the time and effort required for coding and enhancing developer productivity. However, despite their potential benefits, code generated by LLMs has been shown to generate insecure code in...
Sleeping Giants -- Activating Dormant Java Deserialization Gadget Chains through Stealthy Code Changes
Java deserialization gadget chains are a well-researched critical software weakness. The vast majority of known gadget chains rely on gadgets from software dependencies. Furthermore, it has been shown that small code changes in dependencies have enabled these gadget chains. This makes gadget chai...
Bipartite Randomized Response Mechanism for Local Differential Privacy
With the increasing importance of data privacy, Local Differential Privacy LDP has recently become a strong measure of privacy for protecting each user's privacy from data analysts without relying on a trusted third party. In many cases, both data providers and data analysts hope to maximize the...
Efficient Patient-Centric EMR Sharing Block Tree
Flexible sharing of electronic medical records EMRs is an urgent need in healthcare, as fragmented storage creates EMR management complexity for both practitioners and patients. Blockchain has emerged as a promising solution to address the limitations of centralized EMR systems regarding...
DejaVuzz: Disclosing Transient Execution Bugs with Dynamic Swappable Memory and Differential Information Flow Tracking Assisted Processor Fuzzing
Transient execution vulnerabilities have emerged as a critical threat to modern processors. Hardware fuzzing testing techniques have recently shown promising results in discovering transient execution bugs in large-scale out-of-order processor designs. However, their poor microarchitectural...
GiBy: a Giant-Step Baby-Step Classifier for Anomaly Detection in Industrial Control Systems
The continuous monitoring of the interactions between cyber-physical components of any industrial control system ICS is required to secure automation of the system controls, and to guarantee plant processes are fail-safe and remain in an acceptably safe state. Safety is achieved by managing...
Microsoft .library-ms File / NTLM Information Disclosure - Resurrected 2025
It took 7 years, but Microsoft finally realized a vulnerability was severe enough to be addressed and it was not until other researchers also reported it, that the original researcher finally got credited after pointing it out...
Federated One-Shot Learning with Data Privacy and Objective-Hiding
Privacy in federated learning is crucial, encompassing two key aspects: safeguarding the privacy of clients' data and maintaining the privacy of the federator's objective from the clients. While the first aspect has been extensively studied, the second has received much less attention. We present...
CachePrune: Neural-Based Attribution Defense against Indirect Prompt Injection Attacks
Large Language Models LLMs are identified as being susceptible to indirect prompt injection attack, where the model undesirably deviates from user-provided instructions by executing tasks injected in the prompt context. This vulnerability stems from LLMs' inability to distinguish between data and...
Simplified and Secure MCP Gateways for Enterprise AI Integration
The increased adoption of the Model Context Protocol MCP for AI Agents necessitates robust security for Enterprise integrations. This paper introduces the MCP Gateway to simplify self-hosted MCP server integration. The proposed architecture integrates security principles, authentication, intrusio...
SILENT: a New Lens on Statistics in Software Timing Side Channels
Cryptographic research takes software timing side channels seriously. Approaches to mitigate them include constant-time coding and techniques to enforce such practices. However, recent attacks like Meltdown 42, Spectre 37, and Hertzbleed 70 have challenged our understanding of what it means for...
Hybrid Privacy Policy-Code Consistency Check Using Knowledge Graphs and LLMs
The increasing concern in user privacy misuse has accelerated research into checking consistencies between smartphone apps' declared privacy policies and their actual behaviors. Recent advances in Large Language Models LLMs have introduced promising techniques for semantic comparison, but these...
Security Bug Report Prediction within and across Projects: a Comparative Study of BERT and Random Forest
Early detection of security bug reports SBRs is crucial for preventing vulnerabilities and ensuring system reliability. While machine learning models have been developed for SBR prediction, their predictive performance still has room for improvement. In this study, we conduct a comprehensive...
A Virtual Cybersecurity Department for Securing Digital Twins in Water Distribution Systems
Digital twins DTs help improve real-time monitoring and decision-making in water distribution systems. However, their connectivity makes them easy targets for cyberattacks such as scanning, denial-of-service DoS, and unauthorized access. Small and medium-sized enterprises SMEs that manage these...
IWCC 2025 Call for Papers
The 14th International Workshop on Cyber Crime, or IWCC, 2025 call for papers has been announced. It will be held this year in conjunction with the 20th International Conference on Availability, Reliability and Security ARES 2025. It will take place August 11th through the 14th, 2025 in Ghent,...
Trusted Compute Units: a Framework for Chained Verifiable Computations
Blockchain and distributed ledger technologies DLTs facilitate decentralized computations across trust boundaries. However, ensuring complex computations with low gas fees and confidentiality remains challenging. Recent advances in Confidential Computing -- leveraging hardware-based Trusted...
Prompt Injection Attack to Tool Selection in LLM Agents
Whitepaper called Prompt Injection Attack To Tool Selection In LLM Agents...
The Automation Advantage in AI Red Teaming
This paper analyzes Large Language Model LLM security vulnerabilities based on data from Crucible, encompassing 214,271 attack attempts by 1,674 users across 30 LLM challenges. Our findings reveal automated approaches significantly outperform manual techniques 69.5% vs 47.6% success rate, despite...
SoK: a Survey of Mixing Techniques and Mixers for Cryptocurrencies
Blockchain technologies have overturned the digital finance industry by introducing a decentralized pseudonymous means of monetary transfer. The pseudonymous nature introduced privacy concerns, enabling various deanonymization techniques, which in turn spurred development of stronger...
DeeCLIP: a Robust and Generalizable Transformer-Based Framework for Detecting AI-Generated Images
This paper introduces DeeCLIP, a novel framework for detecting AI-generated images using CLIP-ViT and fusion learning. Despite significant advancements in generative models capable of creating highly photorealistic images, existing detection methods often struggle to generalize across different...
From Paper Trails to Trust on Tracks: Adding Public Transparency to Railways Via Zk-SNARKs
Railways provide a critical service and operate under strict regulatory frameworks for implementing changes or upgrades. Despite their impact on the public, these frameworks do not define means or mechanisms for transparency towards the public, leading to reduced trust and complex tracking...
Smart Water Security with AI and Blockchain-Enhanced Digital Twins
Water distribution systems in rural areas face serious challenges such as a lack of real-time monitoring, vulnerability to cyberattacks, and unreliable data handling. This paper presents an integrated framework that combines LoRaWAN-based data acquisition, a machine learning-driven Intrusion...
Inception: Jailbreak the Memory Mechanism of Text-To-Image Generation Systems
Currently, the memory mechanism has been widely and successfully exploited in online text-to-image T2I generation systems e.g., DALL E 3 for alleviating the growing tokenization burden and capturing key information in multi-turn interactions. Despite its practicality, its security analyses have...
Craft CMS 4.x / 5.x Remote Code Execution
Craft CMS proof of concept remote code execution exploit. Versions affected are 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17...
Llama-3.1-FoundationAI-SecurityLLM-Base-8B Technical Report
As transformer-based large language models LLMs increasingly permeate society, they have revolutionized domains such as software engineering, creative writing, and digital arts. However, their adoption in cybersecurity remains limited due to challenges like scarcity of specialized training data a...
A Cryptographic Perspective on Mitigation Vs. Detection in Machine Learning
In this paper, we initiate a cryptographically inspired theoretical study of detection versus mitigation of adversarial inputs produced by attackers of Machine Learning algorithms during inference time. We formally define defense by detection DbD and defense by mitigation DbM. Our definitions com...
SA2FE: a Secure, Anonymous, Auditable, and Fair Edge Computing Service Offloading Framework
The inclusion of pervasive computing devices in a democratized edge computing ecosystem can significantly expand the capability and coverage of near-end computing for large-scale applications. However, offloading user tasks to heterogeneous and decentralized edge devices comes with the dual risk ...
Leveraging LLM to Strengthen ML-Based Cross-Site Scripting Detection
According to the Open Web Application Security Project OWASP, Cross-Site Scripting XSS is a critical security vulnerability. Despite decades of research, XSS remains among the top 10 security vulnerabilities. Researchers have proposed various techniques to protect systems from XSS attacks, with...
Prefill-Based Jailbreak: a Novel Approach of Bypassing LLM Safety Boundary
Large Language Models LLMs are designed to generate helpful and safe content. However, adversarial attacks, commonly referred to as jailbreak, can bypass their safety protocols, prompting LLMs to generate harmful content or reveal sensitive data. Consequently, investigating jailbreak methodologie...
Stegano 1.0.0
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit LSB technique. It is possible to use a more advanced LSB method based on integers sets. The sets Sieve of...
American Fuzzy Lop plus plus 4.32c
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...
A Case Study on the Use of Representativeness Bias As a Defense against Adversarial Cyber Threats
Cyberspace is an ever-evolving battleground involving adversaries seeking to circumvent existing safeguards and defenders aiming to stay one step ahead by predicting and mitigating the next threat. Existing mitigation strategies have focused primarily on solutions that consider software or hardwa...
SAGE: a Generic Framework for LLM Safety Evaluation
Whitepaper called SAGE: A Generic Framework For LLM Safety Evaluation...
BoxBilling 4.22.1.5 Remote Code Execution
BoxBilling versions 4.22.1.5 and below remote code execution exploit that spawns a php reverse shell...
Metadata-Private Messaging without Coordination
For those seeking end-to-end private communication free from pervasive metadata tracking and censorship, the Tor network has been the de-facto choice in practice, despite its susceptibility to traffic analysis attacks. Recently, numerous metadata-private messaging proposals have emerged with the...
Cybersecurity for Autonomous Vehicles
The increasing adoption of autonomous vehicles is bringing a major shift in the automotive industry. However, as these vehicles become more connected, cybersecurity threats have emerged as a serious concern. Protecting the security and integrity of autonomous systems is essential to prevent...
BadMoE: Backdooring Mixture-Of-Experts LLMs Via Optimizing Routing Triggers and Infecting Dormant Experts
Mixture-of-Experts MoE have emerged as a powerful architecture for large language models LLMs, enabling efficient scaling of model capacity while maintaining manageable computational costs. The key advantage lies in their ability to route different tokens to different "expert'' networks within th...
Phishing URL Detection Using Bi-LSTM
Phishing attacks threaten online users, often leading to data breaches, financial losses, and identity theft. Traditional phishing detection systems struggle with high false positive rates and are usually limited by the types of attacks they can identify. This paper proposes a deep learning-based...
The Cost of Performance: Breaking ThreadX with Kernel Object Masquerading Attacks
Microcontroller-based IoT devices often use embedded real-time operating systems RTOSs. Vulnerabilities in these embedded RTOSs can lead to compromises of those IoT devices. Despite the significance of security protections, the absence of standardized security guidelines results in various levels...
Securing GenAI Multi-Agent Systems against Tool Squatting: a Zero Trust Registry-Based Approach
The rise of generative AI GenAI multi-agent systems MAS necessitates standardized protocols enabling agents to discover and interact with external tools. However, these protocols introduce new security challenges, particularly; tool squatting; the deceptive registration or representation of tools...
The Dark Side of Digital Twins: Adversarial Attacks on AI-Driven Water Forecasting
Digital twins DTs are improving water distribution systems by using real-time data, analytics, and prediction models to optimize operations. This paper presents a DT platform designed for a Spanish water supply network, utilizing Long Short-Term Memory LSTM networks to predict water consumption...
Security of a Secret Sharing Protocol on the Qline
Secret sharing is a fundamental primitive in cryptography, and it can be achieved even with perfect security. However, the distribution of shares requires computational assumptions, which can compromise the overall security of the protocol. While traditional Quantum Key Distribution QKD can...
Fast and Robust Speckle Pattern Authentication by Scale Invariant Feature Transform Algorithm in Physical Unclonable Functions
Nowadays, due to the growing phenomenon of forgery in many fields, the interest in developing new anti-counterfeiting device and cryptography keys, based on the Physical Unclonable Functions PUFs paradigm, is widely increased. PUFs are physical hardware with an intrinsic, irreproducible disorder...
Exploring the Role of Large Language Models in Cybersecurity: a Systematic Survey
With the rapid development of technology and the acceleration of digitalisation, the frequency and complexity of cyber security threats are increasing. Traditional cybersecurity approaches, often based on static rules and predefined scenarios, are struggling to adapt to the rapidly evolving natur...