Academic papers, new techniques, benchmarks, and theoretical findings in AI/LLM security.
Deep neural networks can be fooled by adversarial attacks (small, carefully crafted changes to input data that cause incorrect predictions), but training them to resist these attacks usually requires large amounts of labeled data. This paper proposes margin-based interpolation, a technique that adjusts how strongly to attack training data based on each example's difficulty and reliability, and uses global epsilon scheduling (gradually increasing perturbation strength during training) to help models become robust while maintaining accuracy, even with limited labeled data.
This research studies how deep neuro-fuzzy systems (DNFS, a type of AI that combines deep learning with fuzzy logic, which handles uncertain or imprecise information) perform on medical images that contain noise (unwanted degradation that makes images unclear). The researchers tested the DNFS on seven different medical imaging datasets with six types of noise and adversarial attacks (deliberate perturbations designed to fool AI models), and found that the DNFS maintained better accuracy on noisy images compared to other state-of-the-art models, though both approaches remained vulnerable to adversarial attacks.
This paper presents mathematical approaches to solve Shape-from-Template (SfT, reconstructing a 3D object's shape from a single image using a known template) and Non-Rigid Structure-from-Motion (NRSfM, figuring out how a flexible object moves and its 3D structure from video). The researchers use Semi-Definite Programming (SDP, a mathematical optimization technique for solving certain types of problems) to find solutions that work with different types of object deformation models, requiring only point correspondences (matching points between images) rather than additional impractical assumptions.
Scene Graph Generation (SGG, a method that identifies objects and their relationships in images) is limited by long-tailed bias, where the AI model performs well on common relationships but poorly on rare ones. This paper proposes a Grounded Cognition Method (GCM) that mimics human thinking by using techniques like Out Domain Knowledge Injection to broaden visual understanding, a Semantic Group Aware Synthesizer to organize relationship categories, modality erasure (removing one type of input at a time) to improve robustness, and a Shapley Enhanced Multimodal Counterfactual module to handle diverse contexts.
This research addresses the problem of recognizing shapes that have been rotated at different angles in computer vision (the field of teaching computers to understand images). The authors propose a new method that focuses on analyzing the outline or contour points of shapes rather than individual pixels, and they use a special neural network module to identify geometric patterns in these contours while ignoring rotation. Their approach shows better results than previous methods, especially for complex shapes, and it works even when the contour data is slightly noisy or imperfect.
This research introduces TGDIP, a machine learning model that uses graph neural networks (GNNs, which are AI systems that learn patterns from data organized as connected networks) to predict how different drugs interact with each other. The model addresses two main problems: drug features becoming too similar to each other during processing, and irrelevant information being included when predicting interactions between drug pairs. TGDIP solves these issues using two techniques: contrastive learning (training the model by comparing similar and different examples) to keep drug features distinct, and an information bottleneck method (a process that filters out unnecessary data) to remove irrelevant information between drug pairs.
This research addresses challenges in federated learning (FL, a method where multiple institutions train an AI model together without sharing private data) by introducing FedDPO, which uses reinforcement learning (a type of AI that learns through trial and error feedback) to automatically adjust regularization terms (mathematical penalties that stabilize training) for each participant based on their unique data and system conditions. The approach also uses local batch normalization (a technique that normalizes data within each institution) to handle differences in how data is distributed across institutions, and testing on medical image classification tasks shows it outperforms existing methods.
This research addresses a problem where image de-raining AI models (systems that remove rain from photos) perform poorly on real-world rainy images because they are trained on limited datasets. The researchers propose a framework inspired by how human brains learn and remember, using generative adversarial networks (GANs, AI systems that generate synthetic images) to capture features of new rainy data and then train the de-raining model with both real and synthetic data, similar to how the brain replays memories to strengthen learning.
Researchers developed DIC-GAN, a generative adversarial network (GAN, an AI model that learns to create realistic data by having two competing neural networks) that reconstructs weather radar images from satellite data in regions where ground-based radar doesn't exist, such as deserts and oceans. The system uses dynamic identity convolution modules (specialized neural network layers that adjust their behavior based on input data) and a mixed loss function (a measure of how wrong the AI's predictions are, combining three different error metrics) to improve accuracy, especially for strong storm signals. Testing showed the model works better than existing methods and can generate radar images for areas without physical radar coverage.
HPE-Li++ is a new system that estimates human pose (the position and angles of body parts) using both Wi-Fi signals and camera data together, rather than relying only on camera images. The system uses a specialized neural network (a type of AI model) with adaptive kernel selection (a technique that automatically adjusts how the AI processes different parts of the input) to achieve accurate 3D skeletal pose detection while using very little computing power, making it practical for devices with limited resources.
This research proposes FGE-GAN (fuzzy graph evolutionary generative adversarial network, a deep learning model that uses fuzzy graphs to handle uncertainty in disease data) to predict Alzheimer's disease risk and identify disease pathways. The model treats Alzheimer's progression as the spread of fuzzy entropy (uncertain information) through interconnected disease factors, and experiments show it outperforms existing methods at predicting disease risk.
This research addresses the problem of incomplete knowledge graphs (databases of connected facts about entities) by proposing a new model called TEDD that predicts missing relationships between entities. The model combines both structural information from the graph and text information, and uses a specialized transformer technique (BERT, a language processing model) to reduce computational costs and handle entities that change over time in dynamic knowledge graphs.
This research paper argues that the real problem with machine learning classifiers isn't that robustness (resistance to adversarial attacks, where small malicious changes trick the AI) and accuracy are fundamentally opposed, but rather that continuous functions (smooth mathematical functions without jumps or breaks) cannot achieve both properties simultaneously. The authors propose that effective robust and accurate classifiers should use discontinuous functions (functions with breaks or sudden changes) instead, and show that understanding this continuity property is crucial for building, analyzing, and testing modern machine learning models.
This research presents ABAE-RTN, a deep learning framework that improves security in wireless radio networks by using adaptive beamforming (technology that focuses radio signals toward intended receivers) and autoencoders (neural networks that learn to compress and reconstruct data) to protect against eavesdropping. The system adds artificial noise to disrupt attackers while maintaining communication quality, and adjusts its signal patterns in real time to handle changing channel conditions. Testing shows it outperforms other AI approaches like LSTM (long short-term memory, a type of neural network good at processing sequences) in protecting wireless communications.
ATLAS Data v5.1.0 is an updated framework that documents security threats and defenses related to AI systems, now containing 16 tactics, 84 techniques, and 32 mitigations. The update adds new attack methods targeting AI, such as prompt injection (tricking an AI by hiding instructions in its input), deepfake generation, and data theft from AI services, along with new defensive measures like human oversight of AI agent actions and restricted permissions for AI tools. It also includes 42 real-world case studies showing how these attacks and defenses apply in practice.
Researchers discovered a new attack called FUBA (federated unlearning backdoor attack) that exploits a privacy feature in federated learning (a technique where multiple parties train an AI model together without sharing their raw data). The attack uses malicious unlearning requests, which are supposed to let participants remove their data from a trained model, to secretly inject backdoors (hidden harmful behaviors) into the model instead. The attack is difficult to detect because it hides from existing security defenses.
This research proposes FedFFTNet, a system for identifying which camera model took a photo by using federated learning (a technique where AI models train on data kept private across multiple devices rather than sharing raw data centrally). The system uses a lightweight deep learning architecture and a Laplacian-based patch selection strategy (focusing on sharp, detailed areas of images) to identify cameras while maintaining privacy, achieving very high accuracy rates on standard benchmark datasets.
This article presents MaxDiv, a technique for machine unlearning, which is the process of removing specific knowledge from an AI model after training to protect privacy, even when the original training data is no longer available. MaxDiv works by creating special synthetic data samples that have opposite characteristics to the data being forgotten, and it uses knowledge distillation (a technique where a model learns to replicate another model's behavior) to ensure important information isn't accidentally lost during the unlearning process.
This article reviews prompt engineering (the practice of designing inputs like questions or instructions to guide AI systems toward better responses) and analyzes its strengths, weaknesses, opportunities, and threats using a SWOT framework. The review covers how prompt engineering can improve interactions with large language models (advanced AI systems trained on vast amounts of text) across industries like healthcare and education, while also identifying challenges around maintaining accuracy and efficiency.
This paper presents RINNs (reparameterizable integral neural networks), a new type of AI model designed to run efficiently on mobile devices with limited computing power. The key innovation is a reparameterization strategy that converts the complex mathematical structure used during training into a simpler feed-forward structure (a straightforward sequence of processing steps) at inference time, allowing these models to achieve high accuracy (79.1%) while running very fast (0.87 milliseconds) on mobile hardware.