Academic papers, new techniques, benchmarks, and theoretical findings in AI/LLM security.
Federated learning (a system where decentralized devices train a shared AI model together while keeping their data local) is vulnerable to poisoning attacks, where malicious participants inject false data to corrupt the final model. This paper proposes AdaptiveShield, a defense system that uses dynamic detection strategies to identify attackers, automatically adjusts its sensitivity thresholds to handle different attack types, reduces damage from missed attackers by adjusting hyperparameters (settings that control how the model learns), and hides user identities through a shuffling mechanism to protect privacy.
Fix: AdaptiveShield employs: (1) dynamic detection strategies that assess maliciousness and dynamically adjust detection thresholds to adapt to various attack scenarios; (2) dynamic hyperparameter adjustment to minimize negative impact from missed attackers and enhance robustness; and (3) a hierarchical shuffle mechanism to dissociate user identities from their uploaded local models, providing privacy protection.
IEEE Xplore (Security & AI Journals)Advanced Persistent Threats (APTs, which are long-term targeted attacks by sophisticated adversaries) are becoming harder to detect early. This paper introduces Warning-Graph, a framework that uses threat intelligence modeling (analyzing data about known attack patterns and infrastructure) to identify ongoing APT attacks by examining IoCs (indicators of compromise, or digital clues that show an attack happened) without needing lots of labeled training data. The framework uses graph-based machine learning techniques to improve detection accuracy by 3-5 percentage points compared to existing methods.
One-Time Passwords (OTPs, temporary codes used in two-factor authentication to verify your identity) like HOTP and TOTP have vulnerabilities that let attackers bypass security if they steal the secret key stored on a device or server. This paper proposes HP-OTP, a new OTP scheme that combines your password with the device's unique identifier to make it harder for attackers to forge codes even if they compromise either the device or server.
This research proposes an AI-based system that uses deep learning and reinforcement learning (RL, a machine learning approach where an AI learns by receiving rewards for good decisions) to detect disease markers in exhaled breath by analyzing volatile organic compounds (VOCs, small carbon-based chemicals produced by the body). The system is designed to work well even with small datasets and aims to improve early disease detection, particularly for chronic kidney disease, through a noninvasive and cost-effective diagnostic method.
This research paper describes a method to improve emotion recognition using EEG (electroencephalography, a technology that measures electrical activity in the brain) by generating synthetic EEG data through a diffusion model (a type of AI that creates new data by gradually removing noise from random data). The proposed approach achieved up to 5.6% better accuracy in identifying emotions compared to traditional methods, helping address the problem of not having enough real EEG data for training these systems.
AI systems are valuable for cybersecurity because they can detect patterns and anomalies in large amounts of data, but attackers can exploit these same AI capabilities to launch sophisticated attacks. Adversarial learning (using AI to trick or attack other AI systems) works in two ways: attackers use techniques like data poisoning (corrupting training data) and test time evasion (fooling a trained model with specially crafted inputs) to compromise security systems, while defenders use adversarial training (teaching AI to resist such attacks) to protect against these threats. The source identifies gaps in current research, including a lack of real-world attack data and limited evaluation of AI solutions for network traffic analysis.
Spiking federated learning (FL, a distributed training method where multiple devices collaborate without sharing their private data) typically uses random selection to choose which devices contribute to the final model, but this ignores statistical heterogeneity (differences in data distribution across devices). This paper proposes SFedCA, a new strategy that assigns credits to devices based on their firing intensity (activity level in spiking neural networks, which use brain-inspired neurons that only activate when needed) before and after training, allowing better selection of devices whose data distributions match the overall model needs.
This paper presents Test-Time Correction (TTC), a system that helps autonomous vehicles fix detection errors while driving, rather than waiting for retraining. TTC uses an Online Adapter module with visual prompts (image-based descriptions of objects derived from feedback like mismatches or user clicks) to continuously correct mistakes in real-time, allowing vehicles to adapt to new situations and improve safety without stopping to retrain the system.
This research paper addresses generalized out-of-distribution detection (OOD detection, where an AI system identifies inputs that are very different from its training data), which is important for AI systems used in safety-critical applications. Rather than focusing on designing better scoring functions, the authors propose a new decision rule called the generalized Benjamini Hochberg procedure that uses hypothesis testing (a statistical method for making decisions about data) to determine whether an input is out-of-distribution, and they prove this method controls false positive rates better than traditional threshold-based approaches.
Researchers developed a new method for backdoor attacks (techniques that manipulate AI systems to behave in specific ways when exposed to hidden trigger patterns) that works better in real-world physical scenarios. The method, called VSSC triggers (Visible, Semantic, Sample-specific, and Compatible), uses large language models, generative models, and vision-language models in an automated pipeline to create stealthy triggers that can survive visual distortions and be deployed using real objects, making physical backdoor attacks more practical and systematic than manual methods.
This research paper presents KGEES, a system designed to reduce energy consumption in multi-access edge computing (MEC, a technology that brings servers closer to users for faster processing) while protecting user privacy. The system uses k-anonymity geo-obfuscation (a technique that hides exact user locations by grouping them with others) to keep user locations private, while using a greedy algorithm (an approach that makes quick decisions based on immediate benefits) to decide how to allocate computing resources efficiently.
Kubernetes (K8s, a system that manages containerized applications across multiple computers) has a vulnerability in how it handles container image downloads through the CRI-API (the interface between Kubernetes and container runtimes). Because Kubernetes cannot monitor the status of these downloads, attackers can exploit this to launch denial-of-service attacks that consume up to 95% of CPU usage and exhaust network and storage resources on worker nodes indefinitely.
Fix: The source proposes MAGI, an eBPF-based (a technology that allows low-level monitoring within the Linux kernel) proof-of-concept mitigation that detects and terminates potential attacks. However, the source notes that a permanent fix would require fundamental architectural changes to how Kubernetes and the CRI-API interact, which is not feasible in the short term.
IEEE Xplore (Security & AI Journals)Remote attestation (RA, the process of verifying that software running on a trusted computer processor is genuine and hasn't been tampered with) traditionally relies on a single central authority to verify trust, which creates security vulnerabilities. This paper introduces Janus, a new RA system that spreads trust across multiple parties using physical hardware features (PUF, or physically unclonable function, unique identifiers built into computer chips) and smart contracts (automated programs running on blockchain networks) to make the verification process more secure, flexible, and resistant to attacks.
This research proposes a new framework for side-channel analysis (SCA, a type of attack that exploits physical information like power consumption or timing to break cryptography) by combining multiple different leakage models (ways of measuring how a cryptographic device leaks secrets) using ensemble learning (combining many weaker models into one stronger one). The framework improves how well attackers can recover secret keys by using deep learning with complementary information from different measurement approaches, and the authors prove mathematically that their ensemble model gets closer to the true secret distribution.
AI can now create extremely realistic fake images using generative adversarial networks (GANs, which generate images by having two competing neural networks work against each other) and diffusion models (AI systems that create images by gradually removing noise). While this technology has legitimate uses, it poses serious risks like spreading misinformation and creating fake profiles, and existing detection methods struggle to identify images from new, unseen generation models. This research proposes a detection method using language-guided contrastive learning (a technique where an AI learns to distinguish real from fake images by comparing them against text descriptions, helping it recognize synthetic images it hasn't encountered before).
SAGA is a tool that creates synthetic audit logs (detailed records of system activities) containing hidden Advanced Persistent Threats (APTs, which are long-term targeted cyberattacks) to help train and test detection systems. The tool mixes normal system activity logs with malicious activity based on known attack patterns from the MITRE ATT&CK framework (a database of real-world attack techniques), and researchers showed that machine learning models trained on these synthetic logs can identify new, previously unseen attack techniques.
This article reviews AI-based methods for automatically identifying and outlining the prostate gland in medical images from multiple sources (CT scans, MRI, and ultrasound). The review explains that prostate segmentation, the process of precisely marking the prostate's boundaries in images, is difficult because medical images are imperfect and the prostate has complex internal structure, but machine learning tools are being developed to improve early detection of prostate cancer.
Graph Neural Networks (GNNs, machine learning models that work with interconnected data) perform poorly at detecting anomalies in graphs because of high Class Homophily Variance (CHV), meaning some node types cluster together while others scatter. The researchers propose HEAug, a new GNN model that creates additional connections between nodes that are similar in features but not originally linked, and adjusts its training process to avoid generating unwanted connections.
Fix: The proposed mitigation is the HEAug (Homophily Edge Augment Graph Neural Network) model itself. According to the source, it works by: (1) sampling new homophily adjacency matrices (connection patterns) from scratch using self-attention mechanisms, (2) leveraging nodes that are relevant in feature space but not directly connected in the original graph, and (3) modifying the loss function to punish the generation of unnecessary heterophilic edges by the model.
IEEE Xplore (Security & AI Journals)This academic paper proposes WTAC (weighted threshold anonymous credentials with redactable fine-grained blind signature), a new privacy system designed for blockchain platforms that need to balance user anonymity with regulatory oversight. The system uses advanced cryptographic techniques (like functional encryption and secret-sharing) to let credential issuers verify certain information about users without seeing their actual data, while keeping the issuer's identity hidden from both users and verifiers. The researchers demonstrate how their system could work in a privacy-preserving lending platform on blockchains and claim their approach is both secure and efficient.
This paper presents MAD-ODE, a method for detecting anomalies (unusual behavior) in multivariate time series data (multiple measurements changing over time) from IoT (Internet of Things) devices using Graph Neural Networks (GNNs, which are AI models that process data organized as connected nodes and relationships). The method combines two types of graph structures—one built from prior knowledge about sensor relationships and one learned automatically—along with a special type of neural network that can capture long-range patterns in data over time.