Academic papers, new techniques, benchmarks, and theoretical findings in AI/LLM security.
This research proposes a new privacy-preserving method for key generation in ABE (attribute-based encryption, a system that lets users control access to data based on their personal attributes). The method follows a principle called Minimal Disclosure, where users only reveal the specific attributes they need to prove, rather than exposing all their attributes. The protocol separates attribute verification from key generation into two steps, uses batch verification to improve performance, and introduces metrics to measure how well it resists attacks that try to infer hidden user attributes.
Researchers developed PPOM-Attack, a method to fool face recognition (FR) systems by generating adversarial images (slightly altered photos that trick AI into misidentifying someone). Unlike earlier attacks that used substitute models (simpler AI systems trained to mimic the target system), PPOM-Attack directly queries the real face recognition system to learn how to create effective perturbations (tiny pixel changes), achieving 21.7% higher success rates while keeping the altered images looking natural.
This paper presents SIMix, a training framework for systems where multiple users learn AI models together over wireless networks while protecting their private data. The system uses Over-the-Air Mixup (OAM, a technique that combines data from multiple users through wireless transmission to hide sensitive information) and groups users strategically to reduce communication needs by up to 25% while defending against model inversion attacks (attempts to reconstruct private training data from a trained model) and label inference attacks (guessing what category a user's data belongs to).
Fix: The paper proposes integrating Over-the-Air Mixup with label-aware user grouping, including a closed-form Tx-Rx scaling optimization that minimizes mean square error under channel noise, and an extended max-clique algorithm that dynamically partitions users into groups with minimal intra-label similarity to reduce model inversion attack success rates.
IEEE Xplore (Security & AI Journals)Prompt injection attacks (tricking an AI by hiding malicious instructions in its input) pose a serious security risk to Large Language Models, as attackers can overwrite a model's original instructions to manipulate its responses. Researchers developed PromptFuzz, a testing framework that uses fuzzing techniques (automatically generating many variations of input data to find weaknesses) to systematically evaluate how well LLMs resist these attacks. Testing showed that PromptFuzz was highly effective at finding vulnerabilities, ranking in the top 0.14% of attackers in a real competition and successfully exploiting 92% of popular LLM-integrated applications tested.
Researchers discovered a new attack called HijackFL that can hijack machine learning models in federated learning systems (where multiple computers train a shared model without sharing raw data). The attack works by adding tiny pixel-level changes to input samples so the model misclassifies them as something else, while appearing normal to the server and other participants, achieving much higher success rates than previous methods.
This paper presents LLMBA, a framework that uses Large Language Models (LLMs, AI systems trained on vast amounts of text) to detect unusual or malicious behavior in Zero Trust networks (security systems that continuously verify every user and device). The system uses self-supervised learning (training without requiring humans to manually label all the data) and knowledge distillation (a technique that compresses an AI model to use fewer resources while keeping it accurate) to efficiently identify both known and previously unseen threats in user activity logs.
Graph neural networks (GNN, a type of AI that learns from data organized as interconnected nodes and edges) are vulnerable to adversarial topology perturbation, which means attackers can fool them by slightly changing the graph structure. This paper proposes AT-GSE, a new adversarial training method (a technique that strengthens AI models by training them on intentionally corrupted inputs) that uses graph subspace energy, a measure of how stable a graph is, to improve GNN robustness against these attacks.
Researchers discovered a new attack called federated unlearning inversion attack (FUIA) that can extract private data from federated unlearning (FU, a process designed to remove a specific person's data influence from shared machine learning models across multiple computers). The attack works by having a malicious server observe the model's parameter changes during the unlearning process and reconstruct the forgotten data, undermining the privacy protection that FU is supposed to provide.
Fix: The source mentions that 'two potential defense strategies that introduce a trade-off between privacy protection and model performance' were explored, but no specific details, names, or implementations of these defense strategies are provided in the text.
IEEE Xplore (Security & AI Journals)This article discusses how AI (artificial intelligence) can improve the process of finding natural resources like minerals and energy sources that haven't been discovered yet. AI uses techniques such as machine learning (systems that improve through experience), computer vision (technology that helps machines understand images), and generative models (AI that can create new content) combined with remote sensing tools to make resource exploration faster, safer, and less damaging to the environment.
SDkA is a new privacy protection method that combines synthetic data (artificially generated data that mimics real data patterns) with k-anonymity (a technique that makes individuals unidentifiable by ensuring each person's data looks like at least k other people's data). The method uses a conditional generative adversarial network (a type of AI that learns to create realistic synthetic data) to improve data quality and quantity while keeping data useful, and adds selective generalization to k-anonymity to avoid over-hiding information.
This research examines how ISO/IEC 25059 (an international standard for evaluating AI system quality) can be applied in practice, using an AI system that analyzes images of oil platform decks as a test case. The study highlights that when checking if AI systems work correctly, teams need to carefully define what counts as acceptable performance, especially for safety-critical applications (systems where failures could cause serious harm), and they should choose test cases (examples used to verify the system works) that realistically represent how the system will be used in the real world.
Modern cloud applications use many small services (microservices) that are complex to manage, so service meshes help control and coordinate them. Event meshes improve on this by allowing services to communicate asynchronously (services don't wait for immediate responses) using events (messages triggered when something happens), which makes distributed systems (applications spread across multiple locations) more reliable and easier to observe and secure.
Modern companies increasingly depend on AI and emerging technologies, making nearly every business a technology company in some way. Business leaders need to understand how these technologies work at a basic level to successfully guide their companies through digital transformation (the shift to using digital tools and processes). Without this knowledge, executives cannot predict how AI and other technologies will affect their organizations.
This research paper describes a method called CLEF (Cost-efficient LandscapE Flattening) that improves adversarial transferability, which is the ability of adversarial examples (inputs deliberately crafted to fool AI models) to fool different models beyond the one they were designed for. The method works by flattening the input loss landscape (the mathematical surface showing how wrong a model's predictions are) by optimizing adversarial perturbations (small changes added to inputs) at both high-loss and low-loss points. The researchers show their approach can improve how well these adversarial examples transfer across different models while using fewer computations than previous methods.
This paper describes a new method for detecting AI-generated images (images created by GANs, which are machine learning models that generate synthetic images, or diffusion models, which gradually refine noise into images) by analyzing images in multiple frequency domains (different ways of breaking down an image into mathematical components) using attention mechanisms (techniques that help AI focus on important parts of data). The approach achieved better detection accuracy than previous methods when tested on images from 65 different generative models.
Website fingerprinting (WF) attacks are methods used to identify which websites a person visits even when they use Tor encryption (a privacy tool that hides browsing activity). Existing attacks work well when someone visits one website at a time, but struggle when multiple website tabs are open simultaneously. This research presents STMWF, a new attack that combines spatial-temporal sequence analysis (examining the order and timing of data packets sent between a user's computer and websites) with machine learning techniques to better identify websites even when multiple tabs are open, showing significant improvements over previous methods.
Website fingerprinting (WF) attacks are methods that monitor user traffic patterns to identify which websites they visit, threatening privacy even on protected networks. Existing defenses slow down these attacks but can be defeated when attackers retrain their models, and they also add significant slowness to network traffic. TrapFlow, a new defense technique, uses backdoor learning (injecting hidden trigger patterns into website traffic) to trick attackers' AI models into making wrong predictions, either by memorizing false patterns during training or by being confused at inference time (when making predictions on new data).
Fix: The source describes TrapFlow as the proposed defense method itself, which works by injecting crafted trigger sequences into targeted website traffic and optimizing these triggers using Fast Levenshtein-like distance metrics. However, no explicit patch, software update, configuration change, or deployment procedure is provided in the text. N/A -- no implementation mitigation discussed in source.
IEEE Xplore (Security & AI Journals)This research studies how small and medium-sized companies decide whether to build their own digital platform or join an existing one, using Resource Dependence Theory (a framework explaining how organizations manage their needed resources). The study found that companies worry more about becoming dependent on platforms than about lacking resources, and that data dependence (reliance on information controlled by platforms) is a new and important factor that traditional theories didn't account for.
This research examines why individuals do not widely adopt personal cyber insurance, which covers remaining risks that preventive security measures cannot stop. Using survey data from 301 U.S. residents and analyzing cognitive factors through fsQCA (fuzzy-set qualitative comparative analysis, a method that identifies different combinations of conditions leading to the same outcome), the study finds that different psychological and behavioral factors lead people to either adopt or reject cyber insurance in ways that differ from previous research.
ADVersa is a framework that uses AI to understand and explain traffic accidents by analyzing video and text together. It can recover what happened before a crash, predict what will happen during a crash, and generate explanations for why accidents occur by learning from a new dataset (MM-AU) containing nearly 12,000 accident videos with detailed descriptions and object annotations.