Academic papers, new techniques, benchmarks, and theoretical findings in AI/LLM security.
This paper addresses how to map out the structure of autonomous systems (ASes, which are large networks controlled by single organizations) using path identifiers in path-aware networking (PAN, a system where packets carry information about which networks they travel through). The researchers propose an algorithm called AEC (Alternating Expanding and Checking) that reconstructs the AS-level topology by examining these path identifiers in packets, achieving 99.6% accuracy in tests.
Privacy-preserving federated learning (PPFL, a method where multiple computers train AI models together while keeping their data secret) is vulnerable to data poisoning attacks (where attackers intentionally corrupt training data to sabotage the model). This paper proposes PPFPL, a framework that uses prototypes (simplified representations of model updates) and homomorphic encryption (a technique allowing calculations on encrypted data without decrypting it) to protect against poisoning attacks while maintaining privacy in distributed learning scenarios.
This paper presents Mimi, a new system for searching encrypted data (searchable encryption, where users can find information in coded databases without revealing what they're looking for) that uses two-factor verification to confirm results are correct. Mimi addresses problems in existing systems by using a special tree structure to speed up result verification, supporting fast searches even with large datasets, and protecting encryption keys from being stolen. The system also allows multiple users to search the same encrypted data and handles changes to user permissions and data over time.
Researchers demonstrated a new attack method called ASBA (APK-Specific Backdoor Attack) that can compromise Android malware detection systems by injecting poisoned training data. Unlike previous attacks that use the same trigger across many malware samples, ASBA uses a generative adversarial network (GAN, an AI technique that learns to create realistic fake data) to generate unique triggers for each malware sample, making it harder for security tools to detect and block multiple instances of malware at once.
M&M is a framework that improves secure two-party machine learning (where two parties compute on data without revealing it to each other) by using an efficient modulus conversion protocol (a technique that converts numbers between different mathematical domains used by different encryption methods). The framework integrates various cryptographic tools more efficiently, achieving 6–100 times faster approximated truncations (rounding operations) and 4–5 times faster communication and runtime for machine learning tasks.
This research addresses the problem that deepfake detection systems (AI trained to identify manipulated images created by generative models like GANs and diffusion models) often fail when encountering new or unfamiliar types of forgeries. The authors propose RSG-DA, a framework that improves detection by generating diverse fake samples and using a dual augmentation strategy (data transformation techniques applied in two different ways) to help the AI learn to recognize a wider range of forgery patterns, along with a lightweight module to make these learned patterns work better across different datasets.
This research presents DIST (disentangled spatiotemporal graph neural networks), a new AI framework designed to make traffic prediction more reliable when real-world conditions change unexpectedly. The system separates stable, unchanging traffic patterns from dynamic ones, and uses graph perturbation (intentionally introducing variations during training) to help the model learn which features are robust enough to work across different traffic scenarios.
This research proposes PPFPS, a privacy-preserving system for managing vehicle platoons (groups of trucks traveling together) in urban freight delivery. The scheme uses encrypted Manhattan distance calculation (a method for measuring distances along city streets rather than straight lines) combined with reputation tracking to let delivery vehicles flexibly join and leave groups while keeping their locations private. The system reduces computational work on central authorities by 66-78% compared to existing approaches.
This research proposes FKLM-PDA, a lightweight system for collecting power consumption data in smart grids while protecting users' privacy. The system uses an efficient encryption method (combining random masking with secret-sharing based key separation, which splits encryption keys so no single leaked key fully exposes data) to replace expensive encryption algorithms, and it can tolerate transmission failures and handle users joining or leaving the system.
XSS attacks (malicious code injected into websites to steal user data) are hard to detect because attackers can create adversarial samples that trick detection models into missing threats. This paper proposes a new detection model using two-stage AST (abstract syntax tree, a structural representation of code) analysis combined with LSTM (long short-term memory, a type of neural network good at processing sequences) to better identify malicious code while resisting adversarial tricks, achieving over 98.2% detection accuracy even against adversarial attacks.
This research proposes a new system that combines blockchain (a decentralized ledger that records transactions) with zero-knowledge proofs (cryptographic methods that prove something is true without revealing the underlying data) to make AI model inference more trustworthy and private. The system verifies both where the input data comes from and where the AI model weights (the learned parameters that control how an AI makes decisions) come from, while keeping user information confidential. The authors demonstrate their approach with a privacy-preserving transaction system that can detect suspicious activity without exposing private data.
This research paper studies the challenge of balancing two competing goals in decentralized learning (where multiple computers train an AI model together without a central server): keeping each computer's data private while protecting against Byzantine attacks (when some computers deliberately send false information to sabotage the learning process). The authors found that using Gaussian noise (random mathematical noise added to messages) to protect privacy actually makes it harder to defend against Byzantine attacks, creating a fundamental tradeoff between these two security goals.
WiFi-based sensing systems that use deep learning (AI models trained on large amounts of data) are vulnerable to adversarial perturbation attacks, where attackers subtly manipulate wireless signals to fool the system into making wrong predictions. Researchers developed WiIntruder, a new attack method that can work across different applications and evade detection, reducing the accuracy of WiFi sensing services by an average of 72.9%, highlighting a significant security gap in these systems.
This research proposes a Fairly Proportional Noise Mechanism (FPNM) to address a problem in differential privacy (DP, a technique that adds random noise to data to protect individual privacy while allowing statistical analysis). Traditional DP methods add noise uniformly without considering fairness, which can unfairly affect different groups of people differently, especially in decision-making and learning tasks. The new FPNM approach adjusts noise based on both its direction and size relative to the actual data values, reducing unfairness by about 17-19% in experiments while maintaining privacy protections.
This research proposes a new method for assessing security risks in large corporate networks by using Bayesian attack graphs (mathematical models that show how attackers might chain together vulnerabilities to breach a system) built from system audit logs (records of activities on computers). The method addresses limitations of traditional security approaches by capturing real-time changes in network configurations and identifying the most dangerous attack paths while reducing computational complexity.
OWASP has released a Top 10 list of security risks specifically for agentic AI applications, which are autonomous AI systems that can use tools and take actions on their own. This framework was built from real incidents and industry experience to help organizations secure these advanced AI systems as they become more common.
The OWASP GenAI Security Project (an open-source community focused on AI safety) has released a list of the top 10 security risks for agentic AI (AI systems that can take actions independently). This guidance was created with input from over 100 industry experts and is meant to help organizations understand and address threats to AI systems.
This academic paper proposes a new authentication scheme for vehicle-to-grid (V2G) systems, which allow electric vehicles to exchange power with electrical grids. The scheme uses conditional anonymous authentication (a method that hides vehicle identity while allowing identification of bad actors) with a multi-level architecture combining group signatures (cryptographic signatures that hide individual identity within a group) and proxy signatures (where one party can create signatures on behalf of another), making it more efficient than existing approaches.
Deep learning attacks have successfully cracked CAPTCHAs (automated tests that distinguish humans from bots) that use large character sets, especially those with alphabets from languages like Chinese. This paper proposes ACG (Adversarial Large Character Set CAPTCHA Generation), a framework that makes CAPTCHAs harder to attack by adding adversarial perturbations (intentional distortions that confuse AI recognition systems) through two modules: one that prevents character recognition and another that adds global visual noise, reducing attack success rates from 51.52% to 2.56%.
Fix: The paper proposes ACG (Adversarial Large Character Set CAPTCHA Generation) as a defense framework. According to the source, ACG uses 'a Fine-grained Generation Module, combining three novel strategies to prevent attackers from recognizing characters, and an Ensemble Generation Module to generate global perturbations in CAPTCHAs' to strengthen defense against recognition attacks and improve robustness against diverse detection architectures.
IEEE Xplore (Security & AI Journals)This paper proposes Verifiable Data Capsule (VDC), a method for secure data sharing in cloud computing where data owners encrypt their data and upload it with access policies to a cloud server, allowing only authorized users to process the data in a TEE (Trusted Execution Environment, a secure zone on a computer where data stays protected). The system addresses a problem with existing approaches: malicious servers could trick users by providing outdated or corrupted data, so the researchers designed a lightweight verification method called Locally Verifiable Chameleon Tag (LVCT) that lets users confirm data hasn't been tampered with or replaced.