Academic papers, new techniques, benchmarks, and theoretical findings in AI/LLM security.
Researchers created Fraud-RLA, an adversarial attack (a method to trick AI systems by finding weaknesses) that uses reinforcement learning (a technique where AI learns by trial and error to maximize rewards) to evade credit card fraud detection systems. The attack is designed to steal maximum amounts of money while requiring less background knowledge about the system than other attack methods. Tests showed the attack worked effectively against realistic fraud detection systems.
This research addresses the challenge of detecting deepfakes (synthetic videos or images created by AI to manipulate someone's appearance) by proposing a new detection method called a triple-branch network. The method analyzes images using both spatial features (visual patterns) and frequency features (patterns that emerge when you break down images into their component wavelengths), combined with a mathematical approach based on mutual information theory (a concept measuring how much information one variable reveals about another) to improve detection accuracy across different types of forgeries.
MSDT is a blockchain-based protocol (a system using distributed ledger technology) designed to let people safely buy and sell data without needing a trusted middleman. The main challenge it addresses is ensuring that both the data buyer receives what they paid for and the seller gets paid simultaneously (called atomicity), while also verifying the data is actually good quality. MSDT solves this by using state channels (off-chain transactions that reduce costs) for trading contracts and adding a staking mechanism (where participants lock up funds as a security deposit) to discourage sellers from behaving dishonestly.
Researchers developed SMInject, a new type of attack that tricks multimodal AI models (systems that process both text and images together) by injecting deceptive instructions that exploit how different data types relate to each other. The attack is designed to be harder to detect than previous methods and achieves higher success rates while still keeping the model appearing to work normally.
EBFT is a new consensus framework for permissioned blockchains (private blockchain networks where participants are known) that improves security by having nodes randomly propose blocks instead of relying on a single leader node. It combines ideas from Nakamoto consensus (the longest-chain rule used in Bitcoin) with classical BFT (Byzantine fault tolerance, a method for systems to reach agreement even when some nodes are faulty or malicious), achieving strong safety guarantees while remaining simple to implement.
This research proposes CP-A²2BE, a security system for sharing data in Industrial Internet of Things (IIoT, or connected devices in factories). The system uses ciphertext-policy attribute-based encryption (a method that encrypts data so only users with specific characteristics can decrypt it) with three improvements: faster decryption through edge computing (processing at local factory nodes instead of distant servers), privacy protection for device and worker attributes, and a verifiable revocation mechanism (a way to instantly revoke access while proving the operation is legitimate).
This paper presents EPRU, a reputation-based authentication system designed to help vehicles in platoons (groups of cars traveling together) communicate securely and trustworthily. Unlike existing systems that only verify message integrity, EPRU also evaluates whether the content of messages is credible by tracking vehicle behavior in real time, using encryption (mathematical techniques that scramble data) to protect vehicle identities and feedback data.
Researchers are correcting their previous work on Local Information Privacy (LIP, a method for protecting individual data when collecting information from groups of people). They discovered their original claim about how well their privacy-protecting mechanism works was not completely accurate, so they are now providing the correct range of parameters and proposing new algorithms to improve it.
Cross-silo federated learning (FL, a method where organizations train AI models together by sharing only local gradients instead of raw data) has privacy risks because gradients can leak sensitive information. FreeFL is a new approach that eliminates the need for a trusted third party and a centralized aggregator by using decentralized symmetric encryption with additive homomorphism (a type of encryption that allows computation on encrypted data), achieving better efficiency in both computation and communication than existing methods.
This paper presents C-GAN, a method for medical image steganography (hiding secret messages inside medical images in a way that is undetectable to observers) using GANs (generative adversarial networks, a type of AI system where two neural networks compete to improve each other). The researchers improved previous steganography approaches by using a special measurement called Zero-centered Wasserstein distance to make training more stable and by adding local regularization to increase how much data can be hidden while keeping images looking natural.
This research paper presents a new method called FoVB (Forgery-aware Audio-Visual Adaptation with Variational Bayes) to detect deepfakes (AI-generated fake videos that manipulate both audio and video). The method works by analyzing the relationship between audio and video to find mismatches, such as when lip movements don't match the sound, which are telltale signs of deepfakes.
This research paper explores vulnerabilities in Pedestrian Attribute Recognition (PAR), a computer vision task that identifies characteristics of people in images using AI models. The authors developed both adversarial attacks (methods to fool the system with manipulated images) and a defense strategy called semantic offset defense to protect PAR systems, testing their approach on multiple datasets.
Fix: The paper proposes a semantic offset defense strategy to suppress the influence of adversarial attacks on pedestrian attribute recognition systems. Source code is made available at https://github.com/Event-AHU/OpenPAR.
IEEE Xplore (Security & AI Journals)Co-Boosting++ is a framework for one-shot federated learning (OFL, a method where multiple devices train a shared model with only one communication round), which improves how synthetic data and model ensembles work together. The framework alternates between generating challenging synthetic data samples to test the model and adjusting the ensemble weights using a Mixture of Experts mechanism (a technique that dynamically selects which component models to trust based on the task), resulting in better overall model performance.
Modern vehicles use ECUs (electronic control units, specialized computers that control vehicle functions) connected through CAN-bus networks (a communication system that lets these computers talk to each other), but this setup is vulnerable to cyberattacks like DOS (denial of service, overwhelming a system with requests) and fuzzing (sending random data to find weaknesses). This paper presents HAVEN, a hybrid anomaly detection system that combines rule-based checks with machine learning (teaching computers to recognize patterns) and neural networks (algorithms inspired by how brains process information) to identify suspicious activity on vehicle networks, achieving high accuracy while running quickly.
Nappa is a framework that protects data privacy during deep neural network (DNN, a type of AI model) training while working with specialized hardware accelerators (NNAs, custom chips that speed up neural networks). The framework uses vector decomposition (breaking down mathematical operations into simpler parts) to split computations across different hardware types, and includes an automatic compiler that converts AI models into encrypted computation graphs (mathematical instructions that run on encrypted data) that work on both trusted and untrusted hardware without losing speed or accuracy.
Voice authentication on smartphones is vulnerable to spoofing attacks, where attackers replay recorded voice samples through loudspeakers to trick the system. MagLive is a new security method that detects whether a voice is from a real person or a loudspeaker by analyzing magnetic pattern changes (detected by the smartphone's built-in magnetometer) using a machine learning model called TF-CNN-SAF (a type of neural network designed to extract useful patterns from data).
Researchers found a critical security flaw in APFed, a method designed to protect federated learning (a system where multiple computers train an AI model together without sharing raw data) by using additive homomorphic encryption (a math technique that lets computers do calculations on encrypted data without decrypting it). The flaw means APFed cannot actually prevent poisoning attacks (attempts to corrupt the training process by inserting bad data), despite the original authors' claims.
This research proposes TCroS, a system for securely sharing sensitive data across different manufacturer domains in Internet of Vehicles (IoV, connected vehicles that communicate over the internet) while allowing users to search for specific information using keywords. The system uses proxy re-encryption (a technique that transforms encrypted data so it can be decrypted by different authorized parties) and embeds requester identities into decryption keys so that if an encryption key is leaked, the source can be traced. The authors also created an extended version called TCroSS that adds privacy-preserving keyword search with Boolean queries (AND, OR, NOT operations) to find authorized data efficiently while protecting against keyword guessing attacks.
NiIas is a security protocol designed for Multi-access Edge Computing (MEC, a system where computing resources are placed closer to users at the network edge) that allows devices to authenticate and send data immediately without the usual setup delays required by traditional protocols. The protocol uses identity-based cryptography (a method where users' public keys are derived from their identity rather than certificates) and an authenticate-before-decryption mechanism to filter out unauthorized traffic and protect against denial-of-service attacks (attempts to overwhelm a system with traffic to make it unavailable).
Researchers tested code generated by five different LLM (large language model, AI systems that write text) families across four programming languages and found significant security weaknesses, especially in C and C++ where memory safety issues (bugs that let attackers access or corrupt memory) and hard-coded secrets (passwords or keys written directly in code) were common. The study revealed that LLMs often fail to use modern security features available in newer versions of programming tools and tend to rely on outdated, less secure methods. The researchers conclude that LLMs need to be improved to generate code that follows current security best practices.