6864 matches found
Repairing Vulnerabilities without Invisible Hands. a Differentiated Replication Study on LLMs
Background: Automated Vulnerability Repair AVR is a fast-growing branch of program repair. Recent studies show that large language models LLMs outperform traditional techniques, extending their success beyond code generation and fault detection. Hypothesis: These gains may be driven by hidden...
Enhanced Deep Learning DeepFake Detection Integrating Handcrafted Features
The rapid advancement of deepfake and face swap technologies has raised significant concerns in digital security, particularly in identity verification and onboarding processes. Conventional detection methods often struggle to generalize against sophisticated facial manipulations. This study...
A Novel Post-Quantum Secure Digital Signature Scheme Based on Neural Network
Digital signatures are fundamental cryptographic primitives that ensure the authenticity and integrity of digital documents. In the post-quantum era, classical public key-based signature schemes become vulnerable to brute-force and key-recovery attacks due to the computational power of quantum...
Cascading and Proxy Membership Inference Attacks
A Membership Inference Attack MIA assesses how much a trained machine learning model reveals about its training data by determining whether specific query instances were included in the dataset. We classify existing MIAs into adaptive or non-adaptive, depending on whether the adversary is allowed...
On Post-Quantum Cryptography Authentication for Quantum Key Distribution
The traditional way for a Quantum Key Distribution QKD user to join a quantum network is by authenticating themselves using pre-shared key material. While this approach is sufficient for small-scale networks, it becomes impractical as the network grows, due to the total quadratic increase in the...
Characterizing the Sensitivity to Individual Bit Flips in Client-Side Operations of the CKKS Scheme
Homomorphic Encryption HE enables computation on encrypted data without decryption, making it a cornerstone of privacy-preserving computation in untrusted environments. As HE sees growing adoption in sensitive applications such as secure machine learning and confidential data analysis ensuring it...
URLCrazy Domain Name Typo Tool 0.8.2
URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo ...
Two Views, One Truth: Spectral and Self-Supervised Features Fusion for Robust Speech Deepfake Detection
Recent advances in synthetic speech have made audio deepfakes increasingly realistic, posing significant security risks. Existing detection methods that rely on a single modality, either raw waveform embeddings or spectral based features, are vulnerable to non spoof disturbances and often overfit...
Is Crunching Public Data the Right Approach to Detect BGP Hijacks?
The Border Gateway Protocol BGP remains a fragile pillar of Internet routing. BGP hijacks still occurr daily. While full deployment of Route Origin Validation ROV is ongoing, attackers have already adapted, launching post-ROV attacks such as forged-origin hijacks. To detect these, recent approach...
EdgeAgentX-DT: Integrating Digital Twins and Generative AI for Resilient Edge Intelligence in Tactical Networks
We introduce EdgeAgentX-DT, an advanced extension of the EdgeAgentX framework that integrates digital twin simulations and generative AI-driven scenario training to significantly enhance edge intelligence in military networks. EdgeAgentX-DT utilizes network digital twins, virtual replicas...
Sparse Regression Codes for Secret Key Agreement: Achieving Strong Secrecy and Near-Optimal Rates for Gaussian Sources
Secret key agreement from correlated physical layer observations is a cornerstone of information-theoretic security. This paper proposes and rigorously analyzes a complete, constructive protocol for secret key agreement from Gaussian sources using Sparse Regression Codes SPARCs. Our protocol...
Measuring and Explaining the Effects of Android App Transformations in Online Malware Detection
It is well known that antivirus engines are vulnerable to evasion techniques e.g., obfuscation that transform malware into its variants. However, it cannot be necessarily attributed to the effectiveness of these evasions, and the limits of engines may also make this unsatisfactory result. In this...
Interpretable Anomaly-Based DDoS Detection in AI-RAN with XAI and LLMs
Next generation Radio Access Networks RANs introduce programmability, intelligence, and near real-time control through intelligent controllers, enabling enhanced security within the RAN and across broader 5G/6G infrastructures. This paper presents a comprehensive survey highlighting opportunities...
WBHT: a Generative Attention Architecture for Detecting Black Hole Anomalies in Backbone Networks
We propose the Wasserstein Black Hole Transformer WBHT framework for detecting black hole BH anomalies in communication networks. These anomalies cause packet loss without failure notifications, disrupting connectivity and leading to financial losses. WBHT combines generative modeling, sequential...
ConSeg: Contextual Backdoor Attack against Semantic Segmentation
Despite significant advancements in computer vision, semantic segmentation models may be susceptible to backdoor attacks. These attacks, involving hidden triggers, aim to cause the models to misclassify instances of the victim class as the target class when triggers are present, posing serious...
Cryptographic Data Exchange for Nuclear Warheads
Nuclear arms control treaties have historically focused on strategic nuclear delivery systems, leaving nuclear warheads outside formal verification frameworks. This paper presents a cryptographic protocol for secure and verifiable warhead tracking, addressing challenges in nuclear warhead...
HumanSAM: Classifying Human-Centric Forgery Videos in Human Spatial, Appearance, and Motion Anomaly
Numerous synthesized videos from generative models, especially human-centric ones that simulate realistic human actions, pose significant threats to human information security and authenticity. While progress has been made in binary forgery video detection, the lack of fine-grained understanding ...
FedBAP: Backdoor Defense Via Benign Adversarial Perturbation in Federated Learning
Federated Learning FL enables collaborative model training while preserving data privacy, but it is highly vulnerable to backdoor attacks. Most existing defense methods in FL have limited effectiveness due to their neglect of the model's over-reliance on backdoor triggers, particularly as the...
Trivial Trojans: How Minimal MCP Servers Enable Cross-Tool Exfiltration of Sensitive Data
The Model Context Protocol MCP represents a significant advancement in AI-tool integration, enabling seamless communication between AI agents and external services. However, this connectivity introduces novel attack vectors that remain largely unexplored. This paper demonstrates how unsophisticat...
ModShift: Model Privacy Via Designed Shifts
In this paper, shifts are introduced to preserve model privacy against an eavesdropper in federated learning. Model learning is treated as a parameter estimation problem. This perspective allows us to derive the Fisher Information matrix of the model updates from the shifted updates and drive the...
SDD: Self-Degraded Defense against Malicious Fine-Tuning
Open-source Large Language Models LLMs often employ safety alignment methods to resist harmful instructions. However, recent research shows that maliciously fine-tuning these LLMs on harmful data can easily bypass these safeguards. To counter this, we theoretically uncover why malicious fine-tuni...
URLCrazy Domain Name Typo Tool 0.8.1
URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo ...
Virtual Local Area Network over HTTP for Launching an Insider Attack
Computers and computer networks have become integral to virtually every aspect of modern life, with the Internet playing an indispensable role. Organizations, businesses, and individuals now store vast amounts of proprietary, confidential, and personal data digitally. As such, ensuring the securi...
Generating Adversarial Point Clouds Using Diffusion Model
Adversarial attack methods for 3D point cloud classification reveal the vulnerabilities of point cloud recognition models. This vulnerability could lead to safety risks in critical applications that use deep learning models, such as autonomous vehicles. To uncover the deficiencies of these models...
PAM Environment Variable Injection
PAM pamenv.so module allows environment variable injection via /.pamenvironment leading to privilege escalation through SystemD session manipulation. This scripts gauges exploitability...
Securing the Internet of Medical Things (IoMT): Real-World Attack Taxonomy and Practical Security Measures
The Internet of Medical Things IoMT has the potential to radically improve healthcare by enabling real-time monitoring, remote diagnostics, and AI-driven decision making. However, the connectivity, embedded intelligence, and inclusion of a wide variety of novel sensors expose medical devices to...
Transcript Franking for Encrypted Messaging
Message franking is an indispensable abuse mitigation tool for end-to-end encrypted E2EE messaging platforms. With it, users who receive harmful content can securely report that content to platform moderators. However, while real-world deployments of reporting require the disclosure of multiple...
PurpCode: Reasoning for Safer Code Generation
We introduce PurpCode, the first post-training recipe for training safe code reasoning models towards generating secure code and defending against malicious cyberactivities. PurpCode trains a reasoning model in two stages: i Rule Learning, which explicitly teaches the model to reference cybersafe...
OneShield -- the Next Generation of LLM Guardrails
The rise of Large Language Models has created a general excitement about the great potential for a myriad of applications. While LLMs offer many possibilities, questions about safety, privacy, and ethics have emerged, and all the key actors are working to address these issues with protective...
PrompTrend: Continuous Community-Driven Vulnerability Discovery and Assessment for Large Language Models
Static benchmarks fail to capture LLM vulnerabilities emerging through community experimentation in online forums. We present PrompTrend, a system that collects vulnerability data across platforms and evaluates them using multidimensional scoring, with an architecture designed for scalable...
Running in CIRCLE? A Simple Benchmark for LLM Code Interpreter Security
As large language models LLMs increasingly integrate native code interpreters, they enable powerful real-time execution capabilities, substantially expanding their utility. However, such integrations introduce potential system-level cybersecurity threats, fundamentally different from prompt-based...
Clean Code in Practice: Challenges and Opportunities
Reliability prediction is crucial for ensuring the safety and security of software systems, especially in the context of industry practices. While various metrics and measurements are employed to assess software reliability, the complexity of modern systems necessitates a deeper understanding of...
How to Copy-Protect Malleable-Puncturable Cryptographic Functionalities under Arbitrary Challenge Distributions
A quantum copy-protection scheme Aaronson, CCC 2009 encodes a functionality into a quantum state such that given this state, no efficient adversary can create two possibly entangled quantum states that are both capable of running the functionality. There has been a recent line of works on...
Jailbreaking Large Language Diffusion Models: Revealing Hidden Safety Flaws in Diffusion-Based Text Generation
Large Language Diffusion Models LLDMs exhibit comparable performance to LLMs while offering distinct advantages in inference speed and mathematical reasoning tasks.The precise and rapid generation capabilities of LLDMs amplify concerns of harmful generations, while existing jailbreak methodologie...
Enhancing IoT Intrusion Detection Systems through Adversarial Training
The augmentation of Internet of Things IoT devices transformed both automation and connectivity but revealed major security vulnerabilities in networks. We address these challenges by designing a robust intrusion detection system IDS to detect complex attacks by learning patterns from the...
MOCHA: Are Code Language Models Robust against Multi-Turn Malicious Coding Prompts?
Recent advancements in Large Language Models LLMs have significantly enhanced their code generation capabilities. However, their robustness against adversarial misuse, particularly through multi-turn malicious coding prompts, remains underexplored. In this work, we introduce code decomposition...
On Anti-Collusion Codes for Averaging Attack in Multimedia Fingerprinting
Multimedia fingerprinting is a technique to protect the copyrighted contents against being illegally redistributed under various collusion attack models. Averaging attack is the most fair choice for each colluder to avoid detection, and also makes the pirate copy have better perceptional quality...
KD-GAT: Combining Knowledge Distillation and Graph Attention Transformer for a Controller Area Network Intrusion Detection System
The Controller Area Network CAN protocol is widely adopted for in-vehicle communication but lacks inherent security mechanisms, making it vulnerable to cyberattacks. This paper introduces KD-GAT, an intrusion detection framework that combines Graph Attention Networks GATs with knowledge...
On the Security of a Code-Based PIR Scheme
Private Information Retrieval PIR schemes allow clients to retrieve files from a database without disclosing the requested file's identity to the server. In the pursuit of post-quantum security, most recent PIR schemes rely on hard lattice problems. In contrast, the so called CB-cPIR scheme stand...
Secure One-Sided Device-Independent Quantum Key Distribution under Collective Attacks with Enhanced Robustness
We study the security of a quantum key distribution QKD protocol under the one-sided device-independent 1sDI setting, which assumes trust in only one party's measurement device. This approach effectively provides a balance between the experimental viability of device-dependent DD-QKD and the...
Information Security Based on LLM Approaches: a Review
Information security is facing increasingly severe challenges, and traditional protection means are difficult to cope with complex and changing threats. In recent years, as an emerging intelligent technology, large language models LLMs have shown a broad application prospect in the field of...
PRACtical: Subarray-Level Counter Update and Bank-Level Recovery Isolation for Efficient PRAC Rowhammer Mitigation
As DRAM density increases, Rowhammer becomes more severe due to heightened charge leakage, reducing the number of activations needed to induce bit flips. The DDR5 standard addresses this threat with in-DRAM per-row activation counters PRAC and the Alert Back-Off ABO signal to trigger mitigation...
Regression-Aware Continual Learning for Android Malware Detection
Malware evolves rapidly, forcing machine learning ML-based detectors to adapt continuously. With antivirus vendors processing hundreds of thousands of new samples daily, datasets can grow to billions of examples, making full retraining impractical. Continual learning CL has emerged as a scalable...
Thermal-Aware 3D Design for Side-Channel Information Leakage
Side-channel attacks are important security challenges as they reveal sensitive information about on-chip activities. Among such attacks, the thermal side-channel has been shown to disclose the activities of key functional blocks and even encryption keys. This paper proposes a novel approach to...
An Improved ChaCha Algorithm Based on Quantum Random Number
Due to the merits of high efficiency and strong security against timing and side-channel attacks, ChaCha has been widely applied in real-time communication and data streaming scenarios. However, with the rapid development of AI-assisted cryptanalysis and quantum computing technologies, there are...
Assessment of Quantitative Cyber-Physical Reliability of SCADA Systems in Autonomous Vehicle to Grid (V2G) Capable Smart Grids
The integration of electric vehicles EVs into power grids via Vehicle-to-Grid V2G system technology is increasing day by day, but these phenomena present both advantages and disadvantages. V2G can increase grid reliability by providing distributed energy storage and ancillary services. However, o...
LoRA-Leak: Membership Inference Attacks against LoRA Fine-Tuned Language Models
Language Models LMs typically adhere to a "pre-training and fine-tuning" paradigm, where a universal pre-trained model can be fine-tuned to cater to various specialized domains. Low-Rank Adaptation LoRA has gained the most widespread use in LM fine-tuning due to its lightweight computational cost...
Scout: Leveraging Large Language Models for Rapid Digital Evidence Discovery
Recent technological advancements and the prevalence of technology in day to day activities have caused a major increase in the likelihood of the involvement of digital evidence in more and more legal investigations. Consumer-grade hardware is growing more powerful, with expanding memory and...
Evaluating Ensemble and Deep Learning Models for Static Malware Detection with Dimensionality Reduction Using the EMBER Dataset
This study investigates the effectiveness of several machine learning algorithms for static malware detection using the EMBER dataset, which contains feature representations of Portable Executable PE files. We evaluate eight classification models: LightGBM, XGBoost, CatBoost, Random Forest, Extra...
Unmasking Synthetic Realities in Generative AI: a Comprehensive Review of Adversarially Robust Deepfake Detection Systems
The rapid advancement of Generative Artificial Intelligence has fueled deepfake proliferation-synthetic media encompassing fully generated content and subtly edited authentic material-posing challenges to digital security, misinformation mitigation, and identity preservation. This systematic revi...