6894 matches found
Proof of Useful Intelligence (PoUI): Blockchain Consensus beyond Energy Waste
Blockchain technology enables secure, transparent data management in decentralized systems, supporting applications from cryptocurrencies like Bitcoin to tokenizing real-world assets like property. Its scalability and sustainability hinge on consensus mechanisms balancing security and efficiency...
A Systematic Study on the Design of Odd-Sized Highly Nonlinear Boolean Functions Via Evolutionary Algorithms
This paper focuses on the problem of evolving Boolean functions of odd sizes with high nonlinearity, a property of cryptographic relevance. Despite its simple formulation, this problem turns out to be remarkably difficult. We perform a systematic evaluation by considering three solution encodings...
Differential Privacy-Driven Framework for Enhancing Heart Disease Prediction
With the rapid digitalization of healthcare systems, there has been a substantial increase in the generation and sharing of private health data. Safeguarding patient information is essential for maintaining consumer trust and ensuring compliance with legal data protection regulations. Machine...
Optimizing the Privacy-Utility Balance Using Synthetic Data and Configurable Perturbation Pipelines
This paper explores the strategic use of modern synthetic data generation and advanced data perturbation techniques to enhance security, maintain analytical utility, and improve operational efficiency when managing large datasets, with a particular focus on the Banking, Financial Services, and...
From Randomized Response to Randomized Index: Answering Subset Counting Queries with Local Differential Privacy
Local Differential Privacy LDP is the predominant privacy model for safeguarding individual data privacy. Existing perturbation mechanisms typically require perturbing the original values to ensure acceptable privacy, which inevitably results in value distortion and utility deterioration. In this...
Give LLMs a Security Course: Securing Retrieval-Augmented Code Generation Via Knowledge Injection
Retrieval-Augmented Code Generation RACG leverages external knowledge to enhance Large Language Models LLMs in code synthesis, improving the functional correctness of the generated code. However, existing RACG systems largely overlook security, leading to substantial risks. Especially, the...
Enhancing Variational Autoencoders with Smooth Robust Latent Encoding
Variational Autoencoders VAEs have played a key role in scaling up diffusion-based generative models, as in Stable Diffusion, yet questions regarding their robustness remain largely underexplored. Although adversarial training has been an established technique for enhancing robustness in predicti...
Case Study: Fine-Tuning Small Language Models for Accurate and Private CWE Detection in Python Code
Large Language Models LLMs have demonstrated significant capabilities in understanding and analyzing code for security vulnerabilities, such as Common Weakness Enumerations CWEs. However, their reliance on cloud infrastructure and substantial computational requirements pose challenges for analyzi...
Implementing AI Bill of Materials (AI BOM) with SPDX 3.0: a Comprehensive Guide to Creating AI and Dataset Bill of Materials
A Software Bill of Materials SBOM is becoming an increasingly important tool in regulatory and technical spaces to introduce more transparency and security into a project's software supply chain. Artificial intelligence AI projects face unique challenges beyond the security of their software, and...
Breaking the Flow and the Bank: Stealthy Cyberattacks on Water Network Hydraulics
As water distribution networks WDNs become increasingly connected with digital infrastructures, they face greater exposure to cyberattacks that threaten their operational integrity. Stealthy False Data Injection Attacks SFDIAs are particularly concerning, as they manipulate sensor data to...
AiXamine: Simplified LLM Safety and Security
Evaluating Large Language Models LLMs for safety and security remains a complex task, often requiring users to navigate a fragmented landscape of ad hoc benchmarks, datasets, metrics, and reporting formats. To address this challenge, we present aiXamine, a comprehensive black-box evaluation...
Automatically Generating Rules of Malicious Software Packages Via Large Language Model
Today's security tools predominantly rely on predefined rules crafted by experts, making them poorly adapted to the emergence of software supply chain attacks. To tackle this limitation, we propose a novel tool, RuleLLM, which leverages large language models LLMs to automate rule generation for O...
Public-Key Quantum Fire and Key-Fire from Classical Oracles
Quantum fire was recently formalized by Bostanci, Nehoran and Zhandry STOC 25. This notion considers a distribution of quantum states that can be efficiently cloned, but cannot be converted into a classical string. Previously, work of Nehoran and Zhandry ITCS 24 showed how to construct quantum fi...
Seeking Flat Minima over Diverse Surrogates for Improved Adversarial Transferability: a Theoretical Framework and Algorithmic Instantiation
Whitepaper called Seeking Flat Minima Over Diverse Surrogates For Improved Adversarial Transferability: A Theoretical Framework And Algorithmic Instantiation...
Firewall Regulatory Networks for Autonomous Cyber Defense
In this paper, we present the principles of designing new self-organising and autonomous management protocol to govern the dynamics of bio-inspired decentralized firewall architecture based on Biological Regularity Networks. The new architecture called Firewall Regulatory Networks FRN exhibits th...
Developing a Blockchain-Based Secure Digital Contents Distribution System
As digital content distribution expands rapidly through online platforms, securing digital media and protecting intellectual property has become increasingly complex. Traditional centralized systems, while widely adopted, suffer from vulnerabilities such as single points of failure and limited...
Automated Static Vulnerability Detection Via a Holistic Neuro-Symbolic Approach
Static vulnerability detection is still a challenging problem and demands excessive human efforts, e.g., manual curation of good vulnerability patterns. None of prior works, including classic program analysis or Large Language Model LLM-based approaches, have fully automated such vulnerability...
CAIBA: Multicast Source Authentication for CAN through Reactive Bit Flipping
Controller Area Networks CANs are the backbone for reliable intra-vehicular communication. Recent cyberattacks have, however, exposed the weaknesses of CAN, which was designed without any security considerations in the 1980s. Current efforts to retrofit security via intrusion detection or message...
Resource Reduction in Multiparty Quantum Secret Sharing of Both Classical and Quantum Information under Noisy Scenario
Quantum secret sharing QSS enables secure distribution of information among multiple parties but remains vulnerable to noise. We analyze the effects of bit-flip, phase-flip, and amplitude damping noise on the multiparty QSS for classical message QSSCM and secret sharing of quantum information SSQ...
Quantum Technologies for beyond 5G and 6G Networks: Applications, Opportunities, and Challenges
As the world prepares for the advent of 6G networks, quantum technologies are becoming critical enablers of the next generation of communication systems. This survey paper investigates the convergence of quantum technologies and 6G networks, focusing on their applications, opportunities and...
CheatAgent: Attacking LLM-Empowered Recommender Systems Via LLM Agent
Recently, Large Language Model LLM-empowered recommender systems RecSys have brought significant advances in personalized user experience and have attracted considerable attention. Despite the impressive progress, the research question regarding the safety vulnerability of LLM-empowered RecSys...
Integrating Graph Theoretical Approaches in Cybersecurity Education CSCI-RTED
As cybersecurity threats continue to evolve, the need for advanced tools to analyze and understand complex cyber environments has become increasingly critical. Graph theory offers a powerful framework for modeling relationships within cyber ecosystems, making it highly applicable to cybersecurity...
Evaluating Argon2 Adoption and Effectiveness in Real-World Software
Modern password hashing remains a critical defense against credential cracking, yet the transition from theoretically secure algorithms to robust real-world implementations remains fraught with challenges. This paper presents a dual analysis of Argon2, the Password Hashing Competition winner,...
WordPress WP Remote Thumbnail 1.3.2 Shell Upload
WordPress WP Remote Thumbnail plugin versions 1.3.2 and below suffer from a remote shell upload vulnerability...
A Collaborative Intrusion Detection System Using Snort IDS Nodes
Intrusion Detection Systems IDSs are integral to safeguarding networks by detecting and responding to threats from malicious traffic or compromised devices. However, standalone IDS deployments often fall short when addressing the increasing complexity and scale of modern cyberattacks. This paper...
Security Science (SecSci), Basic Concepts and Mathematical Foundations
This textbook compiles the lecture notes from security courses taught at Oxford in the 2000s, at Royal Holloway in the 2010s, and currently in Hawaii. The early chapters are suitable for a first course in security. The middle chapters have been used in advanced courses. Towards the end there are...
Linux Kernel 6.6.75 Vsock Use-After-Free
Linux kernel version 6.6.75 vsock use-after free proof of concept exploit...
Snorkeling in Dark Waters: a Longitudinal Surface Exploration of Unique Tor Hidden Services (Extended Version)
The Onion Router Tor is a controversial network whose utility is constantly under scrutiny. On the one hand, it allows for anonymous interaction and cooperation of users seeking untraceable navigation on the Internet. This freedom also attracts criminals who aim to thwart law enforcement...
Amplified Vulnerabilities: Structured Jailbreak Attacks on LLM-Based Multi-Agent Debate
Multi-Agent Debate MAD, leveraging collaborative interactions among Large Language Models LLMs, aim to enhance reasoning capabilities in complex tasks. However, the security implications of their iterative dialogues and role-playing characteristics, particularly susceptibility to jailbreak attack...
Private Federated Learning Using Preference-Optimized Synthetic Data
In practical settings, differentially private Federated learning DP-FL is the dominant method for training models from private, on-device client data. Recent work has suggested that DP-FL may be enhanced or outperformed by methods that use DP synthetic data Wu et al., 2024; Hou et al., 2024. The...
Apache Parquet 2.9.0 Remote Code Execution
Apache Parquet versions 2.9.0 and below educational simulation of CVE-2025-30065, a critical remote code execution vulnerability in Apache Parquet files. The tool demonstrates how attackers exploit this flaw to gain full system control, while providing mitigation guidance...
Performance Analysis of MDI-QKD in Thermal-Loss and Phase Noise Channels
Measurement-device-independent quantum key distribution MDI-QKD, enhances quantum cryptography by mitigating detector-side vulnerabilities. This study analyzes MDI-QKD performance in thermal-loss and phase noise channels, modeled as depolarizing and dephasing channels to capture thermal and phase...
CLPSTNet: a Progressive Multi-Scale Convolutional Steganography Model Integrating Curriculum Learning
In recent years, a large number of works have introduced Convolutional Neural Networks CNNs into image steganography, which transform traditional steganography methods such as hand-crafted features and prior knowledge design into steganography methods that neural networks autonomically learn...
On the Price of Differential Privacy for Hierarchical Clustering
Hierarchical clustering is a fundamental unsupervised machine learning task with the aim of organizing data into a hierarchy of clusters. Many applications of hierarchical clustering involve sensitive user information, therefore motivating recent studies on differentially private hierarchical...
SolarWinds Web Help Desk Hardcoded Credential
SolarWinds Web Help Desk proof of concept hardcoded credential exploit that retrieves the 25 most recent tickets...
Trustworthy Decentralized Autonomous Machines: a New Paradigm in Automation Economy
Decentralized Autonomous Machines DAMs represent a transformative paradigm in automation economy, integrating artificial intelligence AI, blockchain technology, and Internet of Things IoT devices to create self-governing economic agents participating in Decentralized Physical Infrastructure...
EFFACT: a Highly Efficient Full-Stack FHE Acceleration Platform
Fully Homomorphic Encryption FHE is a set of powerful cryptographic schemes that allows computation to be performed directly on encrypted data with an unlimited depth. Despite FHE's promising in privacy-preserving computing, yet in most FHE schemes, ciphertext generally blows up thousands of time...
TrojanDam: Detection-Free Backdoor Defense in Federated Learning through Proactive Model Robustification Utilizing OOD Data
Federated learning FL systems allow decentralized data-owning clients to jointly train a global model through uploading their locally trained updates to a centralized server. The property of decentralization enables adversaries to craft carefully designed backdoor updates to make the global model...
How Private Is Your Attention? Bridging Privacy with In-Context Learning
In-context learning ICL-the ability of transformer-based models to perform new tasks from examples provided at inference time-has emerged as a hallmark of modern language models. While recent works have investigated the mechanisms underlying ICL, its feasibility under formal privacy constraints...
Decentralised Collaborative Action: Cryptoeconomics in Space
Blockchains and peer-to-peer systems are part of a trend towards computer systems that are "radically decentralised", by which we mean that they 1 run across many participants, 2 without central control, and 3 are such that qualities 1 and 2 are essential to the system's intended use cases. We...
Intelligent Detection of Non-Essential IoT Traffic on the Home Gateway
The rapid expansion of Internet of Things IoT devices, particularly in smart home environments, has introduced considerable security and privacy concerns due to their persistent connectivity and interaction with cloud services. Despite advancements in IoT security, effective privacy measures rema...
Charting the Uncharted: the Landscape of Monero Peer-To-Peer Network
The Monero blockchain enables anonymous transactions through advanced cryptography in its peer-to-peer network, which underpins decentralization, security, and trustless interactions. However, privacy measures obscure peer connections, complicating network analysis. This study proposes a method t...
Property-Preserving Hashing for $\Ell_1$-Distance Predicates: Applications to Countering Adversarial Input Attacks
Perceptual hashing is used to detect whether an input image is similar to a reference image with a variety of security applications. Recently, they have been shown to succumb to adversarial input attacks which make small imperceptible changes to the input image yet the hashing algorithm does not...
Defending against Intelligent Attackers at Large Scales
We investigate the scale of attack and defense mathematically in the context of AI's possible effect on cybersecurity. For a given target today, highly scaled cyber attacks such as from worms or botnets typically all fail or all succeed. Here, we consider the effect of scale if those attack agent...
RRC Signaling Storm Detection in O-RAN
The Open Radio Access Network O-RAN marks a significant shift in the mobile network industry. By transforming a traditionally vertically integrated architecture into an open, data-driven one, O-RAN promises to enhance operational flexibility and drive innovation. In this paper, we harness O-RAN's...
Blockchain Meets Adaptive Honeypots: a Trust-Aware Approach to Next-Gen IoT Security
Edge computing-based Next-Generation Wireless Networks NGWN-IoT offer enhanced bandwidth capacity for large-scale service provisioning but remain vulnerable to evolving cyber threats. Existing intrusion detection and prevention methods provide limited security as adversaries continually adapt the...
On the Consistency of GNN Explanations for Malware Detection
Control Flow Graphs CFGs are critical for analyzing program execution and characterizing malware behavior. With the growing adoption of Graph Neural Networks GNNs, CFG-based representations have proven highly effective for malware detection. This study proposes a novel framework that dynamically...
A Time Series Analysis of Malware Uploads to Programming Language Ecosystems
Software ecosystems built around programming languages have greatly facilitated software development. At the same time, their security has increasingly been acknowledged as a problem. To this end, the paper examines the previously overlooked longitudinal aspects of software ecosystem security,...
Quantifying Source Speaker Leakage in One-To-One Voice Conversion
Using a multi-accented corpus of parallel utterances for use with commercial speech devices, we present a case study to show that it is possible to quantify a degree of confidence about a source speaker's identity in the case of one-to-one voice conversion. Following voice conversion using a...
Residual-Evasive Attacks on ADMM in Distributed Optimization
This paper presents two attack strategies designed to evade detection in ADMM-based systems by preventing significant changes to the residual during the attacked iteration. While many detection algorithms focus on identifying false data injection through residual changes, we show that our attacks...