6864 matches found
Auto-SGCR: Automated Generation of Smart Grid Cyber Range Using IEC 61850 Standard Models
Digitalization of power grids have made them increasingly susceptible to cyber-attacks in the past decade. Iterative cybersecurity testing is indispensable to counter emerging attack vectors and to ensure dependability of critical infrastructure. Furthermore, these can be used to evaluate...
Exploring the Jupyter Ecosystem: an Empirical Study of Bugs and Vulnerabilities
Background. Jupyter notebooks are one of the main tools used by data scientists. Notebooks include features configuration scripts, markdown, images, etc. that make them challenging to analyze compared to traditional software. As a result, existing software engineering models, tools, and studies d...
Learning to Locate: GNN-Powered Vulnerability Path Discovery in Open Source Code
Detecting security vulnerabilities in open-source software is a critical task that is highly regarded in the related research communities. Several approaches have been proposed in the literature for detecting vulnerable codes and identifying the classes of vulnerabilities. However, there is still...
C-AAE: Compressively Anonymizing Autoencoders for Privacy-Preserving Activity Recognition in Healthcare Sensor Streams
Wearable accelerometers and gyroscopes encode fine-grained behavioural signatures that can be exploited to re-identify users, making privacy protection essential for healthcare applications. We introduce C-AAE, a compressive anonymizing autoencoder that marries an Anonymizing AutoEncoder AAE with...
Learning-Based Privacy-Preserving Graph Publishing against Sensitive Link Inference Attacks
Publishing graph data is widely desired to enable a variety of structural analyses and downstream tasks. However, it also potentially poses severe privacy leakage, as attackers may leverage the released graph data to launch attacks and precisely infer private information such as the existence of...
Quantum Software Security Challenges within Shared Quantum Computing Environments
The number of qubits in quantum computers keeps growing, but most quantum programs remain relatively small because of the noisy nature of the underlying quantum hardware. This might lead quantum cloud providers to explore increased hardware utilization, and thus profitability through means such a...
Rethinking HSM and TPM Security in the Cloud: Real-World Attacks and Next-Gen Defenses
As organizations rapidly migrate to the cloud, the security of cryptographic key management has become a growing concern. Hardware Security Modules HSMs and Trusted Platform Modules TPMs, traditionally seen as the gold standard for securing encryption keys and digital trust, are increasingly...
CASCADE: LLM-Powered JavaScript Deobfuscator at Google
Software obfuscation, particularly prevalent in JavaScript, hinders code comprehension and analysis, posing significant challenges to software testing, static analysis, and malware detection. This paper introduces CASCADE, a novel hybrid approach that integrates the advanced coding capabilities o...
Tab-MIA: a Benchmark Dataset for Membership Inference Attacks on Tabular Data in LLMs
Large language models LLMs are increasingly trained on tabular data, which, unlike unstructured text, often contains personally identifiable information PII in a highly structured and explicit format. As a result, privacy risks arise, since sensitive records can be inadvertently retained by the...
Removing Box-Free Watermarks for Image-To-Image Models Via Query-Based Reverse Engineering
The intellectual property of deep generative networks GNets can be protected using a cascaded hiding network HNet which embeds watermarks or marks into GNet outputs, known as box-free watermarking. Although both GNet and HNet are encapsulated in a black box called operation network, or ONet, with...
Trusted Data Fusion, Multi-Agent Autonomy, Autonomous Vehicles
Multi-agent collaboration enhances situational awareness in intelligence, surveillance, and reconnaissance ISR missions. Ad hoc networks of unmanned aerial vehicles UAVs allow for real-time data sharing, but they face security challenges due to their decentralized nature, making them vulnerable t...
Towards Unifying Quantitative Security Benchmarking for Multi Agent Systems
Evolving AI systems increasingly deploy multi-agent architectures where autonomous agents collaborate, share information, and delegate tasks through developing protocols. This connectivity, while powerful, introduces novel security risks. One such risk is a cascading risk: a breach in one agent c...
NIST Post-Quantum Cryptography Standard Algorithms Based on Quantum Random Number Generators
In recent years, the advancement of quantum computing technology has posed potential security threats to RSA cryptography and elliptic curve cryptography. In response, the National Institute of Standards and Technology NIST published several Federal Information Processing Standards FIPS of...
MeAJOR Corpus: a Multi-Source Dataset for Phishing Email Detection
Phishing emails continue to pose a significant threat to cybersecurity by exploiting human vulnerabilities through deceptive content and malicious payloads. While Machine Learning ML models are effective at detecting phishing threats, their performance largely relies on the quality and diversity ...
Joint Resource Optimization over Licensed and Unlicensed Spectrum in Spectrum Sharing UAV Networks against Jamming Attacks
Unmanned aerial vehicle UAV communication is of crucial importance in realizing heterogeneous practical wireless application scenarios. However, the densely populated users and diverse services with high data rate demands has triggered an increasing scarcity of UAV spectrum utilization. To tackle...
Quantifying the ROI of Cyber Threat Intelligence: a Data-Driven Approach
The valuation of Cyber Threat Intelligence CTI remains a persistent challenge due to the problem of negative evidence: successful threat prevention results in non-events that generate minimal observable financial impact, making CTI expenditures difficult to justify within traditional cost-benefit...
LLM Meets the Sky: Heuristic Multi-Agent Reinforcement Learning for Secure Heterogeneous UAV Networks
This work tackles the physical layer security PLS problem of maximizing the secrecy rate in heterogeneous UAV networks HetUAVNs under propulsion energy constraints. Unlike prior studies that assume uniform UAV capabilities or overlook energy-security trade-offs, we consider a realistic scenario...
CHAMP: a Configurable, Hot-Swappable Edge Architecture for Adaptive Biometric Tasks
What if you could piece together your own custom biometrics and AI analysis system, a bit like LEGO blocks? We aim to bring that technology to field operators in the field who require flexible, high-performance edge AI system that can be adapted on a moment's notice. This paper introduces CHAMP...
Development of a Standardized Testing Environment for QRNGs Based on Semiconductor Laser Phase Noise
Quantum random number generators QRNGs based on semiconductor laser phase noise are an inexpensive and efficient resource for true random numbers. Commercially available technology allows for designing QRNG setups tailored to specific use cases. However, it is important to constantly monitor...
Enabling Cyber Security Education through Digital Twins and Generative AI
Digital Twins DTs are gaining prominence in cybersecurity for their ability to replicate complex IT Information Technology, OT Operational Technology, and IoT Internet of Things infrastructures, allowing for real time monitoring, threat analysis, and system simulation. This study investigates how...
WaveVerify: a Novel Audio Watermarking Framework for Media Authentication and Combatting Deepfakes
The rapid advancement of voice generation technologies has enabled the synthesis of speech that is perceptually indistinguishable from genuine human voices. While these innovations facilitate beneficial applications such as personalized text-to-speech systems and voice preservation, they have als...
On One-Shot Signatures, Quantum Vs Classical Binding, and Obfuscating Permutations
One-shot signatures OSS were defined by Amos, Georgiou, Kiayias, and Zhandry STOC'20. These allow for signing exactly one message, after which the signing key self-destructs, preventing a second message from ever being signed. While such an object is impossible classically, Amos et al observe tha...
Leveraging Trustworthy AI for Automotive Security in Multi-Domain Operations: Towards a Responsive Human-AI Multi-Domain Task Force for Cyber Social Security
Multi-Domain Operations MDOs emphasize cross-domain defense against complex and synergistic threats, with civilian infrastructures like smart cities and Connected Autonomous Vehicles CAVs emerging as primary targets. As dual-use assets, CAVs are vulnerable to Multi-Surface Threats MSTs,...
An Empirical Study on Virtual Reality Software Security Weaknesses
Virtual Reality VR has emerged as a transformative technology across industries, yet its security weaknesses, including vulnerabilities, are underinvestigated. This study investigates 334 VR projects hosted on GitHub, examining 1,681 software security weaknesses to understand: what types of...
Restricted Boltzmann Machine As a Probabilistic Enigma
We theoretically propose a symmetric encryption scheme based on Restricted Boltzmann Machines that functions as a probabilistic Enigma device, encoding information in the marginal distributions of visible states while utilizing bias permutations as cryptographic keys. Theoretical analysis reveals...
form-data Insufficient Randomness
form-data uses Math.random to select a boundary value for multipart form-encoded data. This can lead to a security issue if an attacker can observe other values produced by Math.random in the target application and can control one field of a request made using form-data...
PyPitfall: Dependency Chaos and Software Supply Chain Vulnerabilities in Python
Python software development heavily relies on third-party packages. Direct and transitive dependencies create a labyrinth of software supply chains. While it is convenient to reuse code, vulnerabilities within these dependency chains can propagate through dependencies, potentially affecting...
Performance Evaluation and Threat Mitigation in Large-Scale 5G Core Deployment
The deployment of large-scale software-based 5G core functions presents significant challenges due to their reliance on optimized and intelligent resource provisioning for their services. Many studies have focused on analyzing the impact of resource allocation for complex deployments using...
Android dng_sdk DeltaPerRow Out-Of-Bounds Read
Android's dng suffers from a DeltaPerRow out-of-bounds read vulnerability...
DREAM: Scalable Red Teaming for Text-To-Image Generative Systems Via Distribution Modeling
Despite the integration of safety alignment and external filters, text-to-image T2I generative models are still susceptible to producing harmful content, such as sexual or violent imagery. This raises serious concerns about unintended exposure and potential misuse. Red teaming, which aims to...
EX-NIDS: a Framework for Explainable Network Intrusion Detection Leveraging Large Language Models
This paper introduces eX-NIDS, a framework designed to enhance interpretability in flow-based Network Intrusion Detection Systems NIDS by leveraging Large Language Models LLMs. In our proposed framework, flows labelled as malicious by NIDS are initially processed through a module called the Promp...
SoK: Securing the Final Frontier for Cybersecurity in Space-Based Infrastructure
With the advent of modern technology, critical infrastructure, communications, and national security depend increasingly on space-based assets. These assets, along with associated assets like data relay systems and ground stations, are, therefore, in serious danger of cyberattacks. Strong securit...
Logwatch 7.13
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems...
Analysis of Post-Quantum Cryptography in User Equipment in 5G and Beyond
The advent of quantum computing threatens the security of classical public-key cryptographic systems, prompting the transition to post-quantum cryptography PQC. While PQC has been analyzed in theory, its performance in practical wireless communication environments remains underexplored. This pape...
Talking like a Phisher: LLM-Based Attacks on Voice Phishing Classifiers
Voice phishing vishing remains a persistent threat in cybersecurity, exploiting human trust through persuasive speech. While machine learning ML-based classifiers have shown promise in detecting malicious call transcripts, they remain vulnerable to adversarial manipulations that preserve semantic...
LENS-DF: Deepfake Detection and Temporal Localization for Long-Form Noisy Speech
This study introduces LENS-DF, a novel and comprehensive recipe for training and evaluating audio deepfake detection and temporal localization under complicated and realistic audio conditions. The generation part of the recipe outputs audios from the input dataset with several critical...
Revisiting Pre-Trained Language Models for Vulnerability Detection
The rapid advancement of pre-trained language models PLMs has demonstrated promising results for various code-related tasks. However, their effectiveness in detecting real-world vulnerabilities remains a critical challenge. % for the security community. While existing empirical studies evaluate...
GATEBLEED: Exploiting On-Core Accelerator Power Gating for High Performance and Stealthy Attacks on AI
As power consumption from AI training and inference continues to increase, AI accelerators are being integrated directly into the CPU. Intel's Advanced Matrix Extensions AMX is one such example, debuting on the 4th generation Intel Xeon Scalable CPU. We discover a timing side and covert channel,...
Faraday 5.15.2
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...
The Postman: a Journey of Ethical Hacking in PosteID/SPID Borderland
This paper presents a vulnerability assessment activity that we carried out on PosteID, the implementation of the Italian Public Digital Identity System SPID by Poste Italiane. The activity led to the discovery of a critical privilege escalation vulnerability, which was eventually patched. The...
ShrinkBox: Backdoor Attack on Object Detection to Disrupt Collision Avoidance in Machine Learning-Based Advanced Driver Assistance Systems
Advanced Driver Assistance Systems ADAS significantly enhance road safety by detecting potential collisions and alerting drivers. However, their reliance on expensive sensor technologies such as LiDAR and radar limits accessibility, particularly in low- and middle-income countries. Machine...
LLMxCPG: Context-Aware Vulnerability Detection through Code Property Graph-Guided Large Language Models
Software vulnerabilities present a persistent security challenge, with over 25,000 new vulnerabilities reported in the Common Vulnerabilities and Exposures CVE database in 2024 alone. While deep learning based approaches show promise for vulnerability detection, recent studies reveal critical...
LLM4MEA: Data-Free Model Extraction Attacks on Sequential Recommenders Via Large Language Models
Recent studies have demonstrated the vulnerability of sequential recommender systems to Model Extraction Attacks MEAs. MEAs collect responses from recommender systems to replicate their functionality, enabling unauthorized deployments and posing critical privacy and security risks. Black-box...
CompLeak: Deep Learning Model Compression Exacerbates Privacy Leakage
Model compression is crucial for minimizing memory storage and accelerating inference in deep learning DL models, including recent foundation models like large language models LLMs. Users can access different compressed model versions according to their resources and budget. However, while existi...
Secure Wireless Communication Via Polarforming
Polarforming is a promising technique that enables dynamic adjustment of antenna polarization to mitigate depolarization effects commonly encountered during electromagnetic EM wave propagation. In this letter, we investigate the polarforming design for secure wireless communication systems, where...
Building a Robust OAuth Token Based API Security: a High Level Overview
APIs Application Programming Interfaces or Web Services are the foundational building blocks that enable interconnected systems. However this proliferation of APIs has also introduced security challenges that require systematic and scalable solutions for secure authentication and authorization...
Analysis of Threat-Based Manipulation in Large Language Models: a Dual Perspective on Vulnerabilities and Performance Enhancement Opportunities
Large Language Models LLMs demonstrate complex responses to threat-based manipulations, revealing both vulnerabilities and unexpected performance enhancement opportunities. This study presents a comprehensive analysis of 3,390 experimental responses from three major LLMs Claude, GPT-4, Gemini...
When LLMs Copy to Think: Uncovering Copy-Guided Attacks in Reasoning LLMs
Large Language Models LLMs have become integral to automated code analysis, enabling tasks such as vulnerability detection and code comprehension. However, their integration introduces novel attack surfaces. In this paper, we identify and investigate a new class of prompt-based attacks, termed...
Zeek 7.0.9
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
Towards Trustworthy AI: Secure Deepfake Detection Using CNNs and Zero-Knowledge Proofs
In the era of synthetic media, deepfake manipulations pose a significant threat to information integrity. To address this challenge, we propose TrustDefender, a two-stage framework comprising i a lightweight convolutional neural network CNN that detects deepfake imagery in real-time extended...