6825 matches found
GNUnet P2P Framework 0.25.0
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...
Beyond Classification: Evaluating LLMs for Fine-Grained Automatic Malware Behavior Auditing
Automated malware classification has achieved strong detection performance. Yet, malware behavior auditing seeks causal and verifiable explanations of malicious activities -- essential not only to reveal what malware does but also to substantiate such claims with evidence. This task is challengin...
Invisible Ears at Your Fingertips: Acoustic Eavesdropping Via Mouse Sensors
Modern optical mouse sensors, with their advanced precision and high responsiveness, possess an often overlooked vulnerability: they can be exploited for side-channel attacks. This paper introduces Mic-E-Mouse, the first-ever side-channel attack that targets high-performance optical mouse sensors...
Bridging Threat Models and Detections: Formal Verification Via CADP
Threat detection systems rely on rule-based logic to identify adversarial behaviors, yet the conformance of these rules to high-level threat models is rarely verified formally. We present a formal verification framework that models both detection logic and attack trees as labeled transition syste...
OpenSSL Toolkit 3.5.3
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.5 release...
GitHub's Copilot Code Review: Can AI Spot Security Flaws Before You Commit?
As software development practices increasingly adopt AI-powered tools, ensuring that such tools can support secure coding has become critical. This study evaluates the effectiveness of GitHub Copilot's recently introduced code review feature in detecting security vulnerabilities. Using a curated...
A Systematic Evaluation of Parameter-Efficient Fine-Tuning Methods for the Security of Code LLMs
Code-generating Large Language Models LLMs significantly accelerate software development. However, their frequent generation of insecure code presents serious risks. We present a comprehensive evaluation of seven parameter-efficient fine-tuning PEFT techniques, demonstrating substantial gains in...
A Graph-Based Approach to Alert Contextualisation in Security Operations Centres
Interpreting the massive volume of security alerts is a significant challenge in Security Operations Centres SOCs. Effective contextualisation is important, enabling quick distinction between genuine threats and benign activity to prioritise what needs further analysis.This paper proposes a...
Hierarchical Deep Fusion Framework for Multi-Dimensional Facial Forgery Detection - the 2024 Global Deepfake Image Detection Challenge
The proliferation of sophisticated deepfake technology poses significant challenges to digital security and authenticity. Detecting these forgeries, especially across a wide spectrum of manipulation techniques, requires robust and generalized models. This paper introduces the Hierarchical Deep...
Characterizing Phishing Pages by JavaScript Capabilities
In 2024, the Anti-Phishing Work Group identified over one million phishing pages. Phishers achieve this scale by using phishing kits -- ready-to-deploy phishing websites -- to rapidly deploy phishing campaigns with specific data exfiltration, evasion, or mimicry techniques. In contrast, researche...
XOffense: an AI-Driven Autonomous Penetration Testing Framework with Offensive Knowledge-Enhanced LLMs and Multi Agent Systems
This work introduces xOffense, an AI-driven, multi-agent penetration testing framework that shifts the process from labor-intensive, expert-driven manual efforts to fully automated, machine-executable workflows capable of scaling seamlessly with computational infrastructure. At its core, xOffense...
Digital Sovereignty Control Framework for Military AI-Based Cyber Security
In today's evolving threat landscape, ensuring digital sovereignty has become mandatory for military organizations, especially given their increased development and investment in AI-driven cyber security solutions. To this end, a multi-angled framework is proposed in this article in order to defi...
SLasH-DSA: Breaking SLH-DSA Using an Extensible End-To-End Rowhammer Framework
As quantum computing advances, PQC schemes are adopted to replace classical algorithms. Among them is the SLH-DSA that was recently standardized by NIST and is favored for its conservative security foundations. In this work, we present the first software-only universal forgery attack on SLH-DSA,...
Suricata IDPE 7.0.12
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and...
A Practical Adversarial Attack against Sequence-Based Deep Learning Malware Classifiers
Sequence-based deep learning models e.g., RNNs, can detect malware by analyzing its behavioral sequences. Meanwhile, these models are susceptible to adversarial attacks. Attackers can create adversarial samples that alter the sequence characteristics of behavior sequences to deceive malware...
An Unsupervised Learning Approach for a Reliable Profiling of Cyber Threat Actors Reported Globally Based on Complete Contextual Information of Cyber Attacks
Cyber attacks are rapidly increasing with the advancement of technology and there is no protection for our information. To prevent future cyberattacks it is critical to promptly recognize cyberattacks and establish strong defense mechanisms against them. To respond to cybersecurity threats...
Cyber Threat Hunting: Non-Parametric Mining of Attack Patterns from Cyber Threat Intelligence for Precise Threats Attribution
With the ever-changing landscape of cyber threats, identifying their origin has become paramount, surpassing the simple task of attack classification. Cyber threat attribution gives security analysts the insights they need to device effective threat mitigation strategies. Such strategies empower...
Cyber Attack Mitigation Framework for Denial of Service (DoS) Attacks in Fog Computing
Innovative solutions to cyber security issues are shaped by the ever-changing landscape of cyber threats. Automating the mitigation of these threats can be achieved through a new methodology that addresses the domain of mitigation automation, which is often overlooked. This literature overview...
Ensembling Large Language Models for Code Vulnerability Detection: an Empirical Evaluation
Code vulnerability detection is crucial for ensuring the security and reliability of modern software systems. Recently, Large Language Models LLMs have shown promising capabilities in this domain. However, notable discrepancies in detection results often arise when analyzing identical code segmen...
Time-Constrained Intelligent Adversaries for Automation Vulnerability Testing: a Multi-Robot Patrol Case Study
Simulating hostile attacks of physical autonomous systems can be a useful tool to examine their robustness to attack and inform vulnerability-aware design. In this work, we examine this through the lens of multi-robot patrol, by presenting a machine learning-based adversary model that observes...
Anomaly Detection in Industrial Control Systems Based on Cross-Domain Representation Learning
Industrial control systems ICSs are widely used in industry, and their security and stability are very important. Once the ICS is attacked, it may cause serious damage. Therefore, it is very important to detect anomalies in ICSs. ICS can monitor and manage physical devices remotely using...
Collaborative P4-SDN DDoS Detection and Mitigation with Early-Exit Neural Networks
Distributed Denial of Service DDoS attacks pose a persistent threat to network security, requiring timely and scalable mitigation strategies. In this paper, we propose a novel collaborative architecture that integrates a P4-programmable data plane with an SDN control plane to enable real-time DDo...
LOKI: Proactively Discovering Online Scam Websites by Mining Toxic Search Queries
Online e-commerce scams, ranging from shopping scams to pet scams, globally cause millions of dollars in financial damage every year. In response, the security community has developed highly accurate detection systems able to determine if a website is fraudulent. However, finding candidate scam...
Early Approaches to Adversarial Fine-Tuning for Prompt Injection Defense: a 2022 Study of GPT-3 and Contemporary Models
This paper documents early research conducted in 2022 on defending against prompt injection attacks in large language models, providing historical context for the evolution of this critical security domain. This research focuses on two adversarial attacks against Large Language Models LLMs: promp...
Exploiting Timing Side-Channels in Quantum Circuits Simulation Via ML-Based Methods
As quantum computing advances, quantum circuit simulators serve as critical tools to bridge the current gap caused by limited quantum hardware availability. These simulators are typically deployed on cloud platforms, where users submit proprietary circuit designs for simulation. In this work, we...
Thunderhammer: Rowhammer Bitflips Via PCIe and Thunderbolt (USB-C)
In recent years, Rowhammer has attracted significant attention from academia and industry alike. This technique, first published in 2014, flips bits in memory by repeatedly accessing neighbouring memory locations. Since its discovery, researchers have developed a substantial body of work exploiti...
From Firewalls to Frontiers: AI Red-Teaming Is a Domain-Specific Evolution of Cyber Red-Teaming
A red team simulates adversary attacks to help defenders find effective strategies to defend their systems in a real-world operational setting. As more enterprise systems adopt AI, red-teaming will need to evolve to address the unique vulnerabilities and risks posed by AI systems. We take the...
DMLDroid: Deep Multimodal Fusion Framework for Android Malware Detection with Resilience to Code Obfuscation and Adversarial Perturbations
In recent years, learning-based Android malware detection has seen significant advancements, with detectors generally falling into three categories: string-based, image-based, and graph-based approaches. While these methods have shown strong detection performance, they often struggle to sustain...
Realistic Environmental Injection Attacks on GUI Agents
GUI agents built on LVLMs are increasingly used to interact with websites. However, their exposure to open-world content makes them vulnerable to Environmental Injection Attacks EIAs that hijack agent behavior via webpage elements. Many recent studies assume the attacker to be a regular user who...
ENJ: Optimizing Noise with Genetic Algorithms to Jailbreak LSMs
The widespread application of Large Speech Models LSMs has made their security risks increasingly prominent. Traditional speech adversarial attack methods face challenges in balancing effectiveness and stealth. This paper proposes Evolutionary Noise Jailbreak ENJ, which utilizes a genetic algorit...
Your Compiler Is Backdooring Your Model: Understanding and Exploiting Compilation Inconsistency Vulnerabilities in Deep Learning Compilers
Deep learning DL compilers are core infrastructure in modern DL systems, offering flexibility and scalability beyond vendor-specific libraries. This work uncovers a fundamental vulnerability in their design: can an official, unmodified compiler alter a model's semantics during compilation and...
Securing AI Agents: Implementing Role-Based Access Control for Industrial Applications
The emergence of Large Language Models LLMs has significantly advanced solutions across various domains, from political science to software development. However, these models are constrained by their training data, which is static and limited to information available up to a specific date...
VulAgent: Hypothesis-Validation Based Multi-Agent Vulnerability Detection
The application of language models to project-level vulnerability detection remains challenging, owing to the dual requirement of accurately localizing security-sensitive code and correctly correlating and reasoning over complex program context. We present VulAgent, a multi-agent vulnerability...
Exploring and Exploiting the Resource Isolation Attack Surface of WebAssembly Containers
Recently, the WebAssembly or Wasm technology has been rapidly evolving, with many runtimes actively under development, providing cross-platform secure sandboxes for Wasm modules to run as portable containers. Compared with Docker, which isolates applications at the operating system level, Wasm...
Weakly Supervised Vulnerability Localization Via Multiple Instance Learning
Software vulnerability detection has emerged as a significant concern in the field of software security recently, capturing the attention of numerous researchers and developers. Most previous approaches focus on coarse-grained vulnerability detection, such as at the function or file level. Howeve...
ODoQ: Oblivious DNS-Over-QUIC
The Domain Name System DNS, which converts domain names to their respective IP addresses, has advanced enhancements aimed at safeguarding DNS data and users' identity from attackers. The recent privacy-focused advancements have enabled the IETF to standardize several protocols. Nevertheless, thes...
SoK: How Sensor Attacks Disrupt Autonomous Vehicles: an End-To-End Analysis, Challenges, and Missed Threats
Autonomous vehicles, including self-driving cars, robotic ground vehicles, and drones, rely on complex sensor pipelines to ensure safe and reliable operation. However, these safety-critical systems remain vulnerable to adversarial sensor attacks that can compromise their performance and mission...
A Comparison of Selected Image Transformation Techniques for Malware Classification
Recently, a considerable amount of malware research has focused on the use of powerful image-based machine learning techniques, which generally yield impressive results. However, before image-based techniques can be applied to malware, the samples must be converted to images, and there is no...
TPSQLi: Test Prioritization for SQL Injection Vulnerability Detection in Web Applications
The rapid proliferation of network applications has led to a significant increase in network attacks. According to the OWASP Top 10 Projects report released in 2021, injection attacks rank among the top three vulnerabilities in software projects. This growing threat landscape has increased the...
Finding SSH Strict Key Exchange Violations by State Learning
SSH is an important protocol for secure remote shell access to servers on the Internet. At USENIX 2024, B�umer et al. presented the Terrapin attack on SSH, which relies on the attacker injecting optional messages during the key exchange. To mitigate this attack, SSH vendors adopted an extension...
Large Language Models for Security Operations Centers: a Comprehensive Survey
Large Language Models LLMs have emerged as powerful tools capable of understanding and generating human-like text, offering transformative potential across diverse domains. The Security Operations Center SOC, responsible for safeguarding digital infrastructure, represents one of these domains. SO...
URL2Graph++: Unified Semantic-Structural-Character Learning for Malicious URL Detection
Malicious URL detection remains a major challenge in cybersecurity, primarily due to two factors: 1 the exponential growth of the Internet has led to an immense diversity of URLs, making generalized detection increasingly difficult; and 2 attackers are increasingly employing sophisticated...
Feature-Centric Approaches to Android Malware Analysis: a Survey
Sophisticated malware families exploit the openness of the Android platform to infiltrate IoT networks, enabling large-scale disruption, data exfiltration, and denial-of-service attacks. This systematic literature review SLR examines cutting-edge approaches to Android malware analysis with direct...
Five Minutes of DDoS Brings Down Tor: DDoS Attacks on the Tor Directory Protocol and Mitigations
The Tor network offers network anonymity to its users by routing their traffic through a sequence of relays. A group of nine directory authorities maintains information about all available relay nodes using a distributed directory protocol. We observe that the current protocol makes a steep...
Automated Testing of Broken Authentication Vulnerabilities in Web APIs with AuthREST
We present AuthREST, an open-source security testing tool targeting broken authentication, one of the most prevalent API security risks in the wild. AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and unchecked token authenticity. Empirical results show that...
Side-Channel Inference of User Activities in AR/VR Using GPU Profiling
Over the past decade, AR/VR devices have drastically changed how we interact with the digital world. Users often share sensitive information, such as their location, browsing history, and even financial data, within third-party apps installed on these devices, assuming a secure environment...
[Extended] Ethics in Computer Security Research: a Data-Driven Assessment of the Past, the Present, and the Possible Future
Ethical questions are discussed regularly in computer security. Still, researchers in computer security lack clear guidance on how to make, document, and assess ethical decisions in research when what is morally right or acceptable is not clear-cut. In this work, we give an overview of the...
What You Code Is What We Prove: Translating BLE App Logic into Formal Models with LLMs for Vulnerability Detection
The application layer of Bluetooth Low Energy BLE is a growing source of security vulnerabilities, as developers often neglect to implement critical protections such as encryption, authentication, and freshness. While formal verification offers a principled way to check these properties, the manu...
CryptoGuard: an AI-Based Cryptojacking Detection Dashboard Prototype
With the widespread adoption of cryptocurrencies, cryptojacking has become a significant security threat to crypto wallet users. This paper presents a front-end prototype of an AI-powered security dashboard, namely, CryptoGuard. Developed through a user-centered design process, the prototype was...
CISA Strategic Focus: CVE Quality for a Cyber Secure Future
The Cybersecurity and Infrastructure Security Agency CISA released CISA Strategic Focus: CVE Quality for a Cyber Secure Future. This detailed roadmap identifies priorities that will elevate the program to meet the needs of the global cybersecurity community. The roadmap and priorities are informe...