Academic papers, new techniques, benchmarks, and theoretical findings in AI/LLM security.
This research study examines how immersive experiences in the metaverse (virtual shared digital spaces accessed through VR or similar technology) affect user emotions and behavior. The researchers found that when users experience focused immersion, enjoyment, and telepresence (the feeling of being physically present in a digital environment), they develop stronger feelings of awe and attachment to virtual places, which in turn increases how engaged they become with the platform.
This academic paper argues that companies should view cybersecurity not just as a defensive cost (like insurance to prevent losses), but as a strategic investment that creates business value and competitive advantages. The paper offers guidance to information systems leaders on how organizations can benefit financially and operationally by practicing strong cybersecurity.
This source describes a three-layer model for digital transformation in organizations, based on a case study of automotive supplier Continental AG. The model emphasizes that successful digital transformation requires simultaneous changes across IT systems, work practices (how employees actually do their jobs), and mindset evolution (how people think about their work), with these layers reinforcing each other.
Many companies find it difficult to scale AI systems (machine learning models that learn patterns from data) globally because these systems make existing technology management problems worse and introduce new challenges. Based on a study of how industrial company Siemens AG handles this, the source identifies five critical risks in managing AI technology and offers recommendations for successfully deploying AI systems across an entire organization.
This research presents CAGE, a system that adds support for confidential accelerators (specialized processing hardware like GPUs and FPGAs) to Arm CCA (Confidential Computing Architecture, which creates isolated execution regions called realms for protecting sensitive data). The system uses a novel shadow task mechanism and memory isolation to protect data confidentiality and integrity without requiring hardware changes, achieving this with only moderate performance overhead.
This research addresses how organizations should communicate security decisions for cyber-physical systems (CPS, which are machines that combine computing and physical operations like power plants or medical devices). Instead of just listing security requirements, the authors propose "Cyber Decision Diagrams," a visual tool that explains the reasoning behind security choices so that users, auditors, and manufacturers can better understand and collaborate on system security.
This research presents a method to classify encrypted internet traffic (HTTPS, a protocol that scrambles data sent over the internet) by reconstructing the original application data sizes hidden beneath encryption layers. The researchers developed an algorithm called LC-MRNN (Length-Correction Multiple Regression Neural Network, a type of machine learning model) to accurately restore these hidden data lengths, which helps network administrators and security teams identify what applications users are running, even when the actual data is encrypted.
This paper presents EdFROST, a new threshold EdDSA (a cryptographic signature scheme used in distributed systems) protocol that detects malicious behavior more efficiently than previous methods while reducing computational overhead from zero-knowledge proofs (mathematical techniques that prove something is true without revealing how). The authors also propose a weighted threshold signature system that prevents powerful participants from dominating decisions and uses game theory (the study of strategic decision-making) with blockchain incentives to encourage honest behavior and resist DDoS attacks (attempts to overwhelm a system with traffic).
Fix: The source proposes EdFROST as the solution, which is described as being "unforgeable and supports identifiable aborts under a chosen-message attack." The paper also states that they "design a game-theoretic incentive model, implemented via tamper-proof chaincode, achieving rational identifiable aborts with a unique sequential equilibrium" to incentivize honest behavior, ensure efficient abort handling, and resist DDoS attacks. The authors note that "experimental results demonstrate that the EdFROST and chaincode are efficient and lightweight, making them well-suited for large-scale distributed systems."
IEEE Xplore (Security & AI Journals)This research presents SEOMA, a new system for searchable encryption (SE, a method that lets users store encrypted data on servers while still being able to search it by keywords without revealing the data's contents). The system improves on existing approaches by supporting multiple users accessing the same data while also verifying that the data owner is legitimate and preventing malicious owners from uploading fake encrypted files. SEOMA uses attribute encryption (a technique that controls who can decrypt data based on their characteristics) and access control policies to manage which users can access what data, while using less computing power and bandwidth than previous solutions.
Deep neural networks (DNNs, machine learning models with many layers that learn patterns from data) are vulnerable to adversarial attacks, where small, carefully crafted changes to input data trick the AI into making wrong predictions, especially in critical areas like self-driving cars. This paper presents AI-Shielder, a method that intentionally embeds backdoors (hidden pathways that alter how the model behaves) into neural networks to detect and block adversarial attacks while keeping the AI's normal performance intact. Testing shows AI-Shielder reduces successful attacks from 91.8% to 3.8% with only minor slowdowns.
Fix: AI-Shielder is the proposed solution presented in the paper. According to the results, it 'reduces the attack success rate from 91.8% to 3.8%, which outperforms the state-of-the-art works by 37.2%, with only a 0.6% decline in the clean data accuracy' and 'introduces only 1.43% overhead to the model prediction time, almost negligible in most cases.' The approach works by leveraging intentionally embedded backdoors to fail adversarial perturbations while maintaining original task performance.
IEEE Xplore (Security & AI Journals)Healthcare organizations are collecting more patient data than ever, which creates privacy risks. This research proposes GFKMC (Generalization First k-Member Clustering), a new privacy method that protects patient identities by grouping similar records together while keeping the data useful for analysis, and it works better than older methods by losing less information when privacy protection is increased.
Machine unlearning (the process of removing a user's data from a trained AI model) needs verification to confirm that genuine user data was actually deleted, but current methods using backdoors (hidden triggers added to test if data is gone) can't properly verify removal of real user samples. This paper proposes SMS, or Self-Supervised Model Seeding, which embeds user-specific identifiers into the model's internal representation to directly link users' actual data with the model, enabling better verification that genuine samples were truly unlearned.
This research presents a method for detecting moving objects in encrypted video without decrypting it, protecting privacy when video processing is done in the cloud. The approach uses selective encryption (encrypting only certain parts of compressed video) and extracts motion information from encrypted video data, then applies deep learning with attention mechanisms (a technique that helps the AI focus on important regions) to identify moving objects even with incomplete information.
This paper presents ASGA, a method for creating adversarial attacks (small, crafted changes meant to trick AI models) on video action recognition systems (AI models that identify what actions people are performing in videos). The key innovation is that attackers can compute perturbations (the malicious changes) just once on important keyframes (selected frames that represent the video's content), then replicate these changes across the entire video, making the attack work even when the model samples frames differently and reducing computational cost.
This research studies federated learning (FL, a method where multiple devices collaboratively train an AI model without sending their data to a central server) on real IoT and edge devices (small computing devices like phones and sensors) rather than in simulated environments. The study examines how FL performs in realistic conditions, focusing on heterogeneous scenarios (situations where devices have different computing power, network speeds, and data types), and provides insights to help researchers and practitioners build more practical FL systems.
Hecate is a framework for anonymous credentials (a system allowing users to prove they have certain attributes without revealing their identity) that adds protection for verifiers, the entities checking credentials, while maintaining threshold issuance (requiring multiple parties to approve a credential) and issuer-hiding (hiding which organization issued the credential). The system uses a dual-credential design to let both verifiers and users set policies about who can access information, and testing shows it can verify credentials quickly, in about 37-60 milliseconds.
Silent Data Corruption (SDC, where a computer system produces wrong outputs without alerting anyone) is a growing problem in modern chip designs, but current detection methods are inefficient or inaccurate. Researchers proposed VP-HPKG, a new approach that uses a knowledge graph (a map of how instructions relate to each other) combined with neural network techniques to predict which instructions are vulnerable to SDC and detect error propagation paths more efficiently than existing methods.
RDSAD is an AI-based security system designed to detect cyberattacks on Cyber-Physical Systems (CPSs, which are machines that combine physical equipment with software to automate industrial processes). The system works without manual labeling and uses two techniques: one to understand how the system normally behaves, and another to adapt when patterns change, helping it catch attacks while avoiding false alarms.
Researchers discovered a side-channel attack (a method of extracting secret information by analyzing physical properties like power usage rather than breaking encryption directly) called PrivateCharger that can infer what a user is doing on their laptop by analyzing magnetic field signals from the laptop charger from a distance. The attack works with commercially available equipment, requires no physical access to the laptop, and achieved 84.6% accuracy at certain battery levels, revealing that everyday peripherals can leak private information in ways previously not considered.
This research proposes 2PCAutoDL, a system for automatically designing deep neural networks (DNNs, which are AI models with many layers) while keeping data and model designs private by splitting computations between two separate cloud servers. The system balances security and speed by using specialized protocols (step-by-step procedures) for different types of network layers, achieving significant speedups compared to existing approaches while maintaining similar model accuracy.