Research

Large language models (LLMs, AI systems trained on huge amounts of text to generate human-like responses) can now mimic not just general human language but also unusual, individual-specific human behaviors. This ability could lead to LLMs being used more widely in research studies and potentially reduce the role of actual humans, which raises concerns about AI alignment (ensuring AI systems behave in ways humans intend and approve of) and how this technology affects society.

Elderly people are increasingly using digital technology for communication and information access, but their limited cybersecurity knowledge makes them attractive targets for cybercriminals. The article examines common cybercrimes targeting seniors, the specific vulnerabilities that put them at risk, and existing approaches to reduce these dangers.

Generative AI (systems that create new text, images, or other content) is transforming many industries but raises ethical concerns like data privacy (protecting personal information), bias (unfair treatment of certain groups), transparency (being open about how the AI works), and accountability (responsibility for the AI's actions). Researchers propose a trust framework based on transparency, fairness, accountability, and privacy to help ensure generative AI is developed and used responsibly.

This research addresses a problem in federated learning (a method where multiple computers train an AI model together without sharing raw data) combined with adversarial training (a technique that makes AI models resistant to intentionally tricky inputs). The authors found that simply combining these two approaches causes the model's accuracy to drop because adversarial training increases differences in the data across different computers, making the federated learning less effective. They propose SFAT (Slack Federated Adversarial Training), which uses a relaxation mechanism to adjust how the computers combine their learning results, reducing the harmful effects of data differences and improving overall performance.

Federated Learning (FL, a method where multiple computers train an AI model together without sharing raw data) can leak private information through gradient inversion attacks (GIA, techniques that reconstruct sensitive data from the mathematical updates used in training). This paper reviews three types of GIA methods and finds that while optimization-based GIA is most practical, generation-based and analytics-based GIA have significant limitations, and proposes a three-stage defense pipeline for FL frameworks.

This research proposes SIAMD, a framework for detecting social media bots (automated accounts that spread misinformation) before they cause harm. The system analyzes patterns in how user accounts interact with messages, uses structural entropy (a measure of uncertainty in data patterns) to identify bot-like behavior, and generates synthetic bot messages with large language models (AI systems trained on text data) to test and improve detection systems.

The AIBOM Generator, an open-source tool that creates an AI Software Bill of Materials (AIBOM, a structured document listing key information about an AI model like its data sources and configurations), has been moved to OWASP (a nonprofit focused on software security) to enable broader community collaboration and development. The tool helps organizations understand what's inside AI models, where they came from, and how trustworthy their documentation is, addressing a gap between rapid AI adoption and lagging transparency practices. The project is now part of the OWASP GenAI Security Project and will continue improving AI supply chain visibility through community-driven enhancements.

ChargerWhisper is a side-channel attack (a method that steals information by observing physical properties rather than breaking encryption) that uses high-frequency inaudible sounds produced by fast chargers to infer private user information. The attack works because electronic components in chargers vibrate at frequencies correlated with power output, which changes based on what activities users perform on their devices, allowing attackers to identify websites being visited or unlock PINs through acoustic analysis.

Researchers have developed a steganographic method (hiding secret data inside another medium) that embeds hidden messages into compressed neural network models (AI systems made smaller through techniques like quantization, pruning, or distillation). The approach allows a receiver with the correct extraction network to recover the hidden data while ordinary users remain unaware it exists, and the method maintains the model's performance in size, speed, and accuracy.

This paper presents Srchpa, a privacy-preserving method for computing the shortest path (the most efficient route between two locations) between a user and a destination. Unlike traditional navigation systems where users must share their location with a server, Srchpa protects both the user's location data and the server's route information while requiring only a single round of communication (one back-and-forth exchange) instead of multiple interactions. The scheme is designed to work efficiently even on resource-limited devices like smartphones.

This research addresses backdoor attacks, where poisoned training data (maliciously altered samples inserted into a dataset) causes neural networks to behave incorrectly on specific inputs. The authors propose a defense method called Trap that detects poisoned samples early in training by recognizing they cluster separately from legitimate data, then removes the backdoor by retraining part of the model on relabeled poisoned samples, achieving very high attack detection rates with minimal accuracy loss.

Researchers found that text-to-image diffusion models (AI systems that generate images from text descriptions) can be attacked using backdoors, which are hidden triggers in text that make the model produce unwanted outputs. This paper proposes Dynamic Attention Analysis (DAA), a new detection method that tracks how the model's attention mechanisms (the parts of the AI that focus on relevant information) change over time, since backdoor attacks create different patterns than normal operation. The method achieved strong detection results, correctly identifying backdoored samples about 79% of the time.

Researchers studied an AI-driven metaverse prototype (a 3D virtual environment enhanced with multi-agent systems, or software that can act independently) designed to train cybersecurity professionals, gathering feedback from 53 experts. The study found that this technology could create personalized, scalable training experiences but identified implementation challenges and proposed six recommendations for organizations considering adopting it.

This editorial introduces a special issue examining how evolving information technology and society will shape the future of work, jobs, and professional roles. It calls for research that projects multiple possible futures, evaluates which outcomes are most valuable, and identifies steps organizations can take now to work toward their preferred future states.

This research paper addresses a problem in differentially private federated learning (DP-FL, a technique that trains AI models across multiple devices while adding mathematical noise to protect privacy). The paper proposes a new control framework that dynamically adjusts both the amount of noise added and how many communication rounds occur during training, rather than using fixed or randomly adjusted noise levels. Experiments show this approach achieves faster convergence (reaching a good solution quicker) and better accuracy while maintaining the same privacy guarantees.

This research addresses the problem that deepfake detection systems (AI trained to identify manipulated images created by generative models like GANs and diffusion models) often fail when encountering new or unfamiliar types of forgeries. The authors propose RSG-DA, a framework that improves detection by generating diverse fake samples and using a dual augmentation strategy (data transformation techniques applied in two different ways) to help the AI learn to recognize a wider range of forgery patterns, along with a lightweight module to make these learned patterns work better across different datasets.

Researchers demonstrated a new attack method called ASBA (APK-Specific Backdoor Attack) that can compromise Android malware detection systems by injecting poisoned training data. Unlike previous attacks that use the same trigger across many malware samples, ASBA uses a generative adversarial network (GAN, an AI technique that learns to create realistic fake data) to generate unique triggers for each malware sample, making it harder for security tools to detect and block multiple instances of malware at once.

This research paper studies the challenge of balancing two competing goals in decentralized learning (where multiple computers train an AI model together without a central server): keeping each computer's data private while protecting against Byzantine attacks (when some computers deliberately send false information to sabotage the learning process). The authors found that using Gaussian noise (random mathematical noise added to messages) to protect privacy actually makes it harder to defend against Byzantine attacks, creating a fundamental tradeoff between these two security goals.

XSS attacks (malicious code injected into websites to steal user data) are hard to detect because attackers can create adversarial samples that trick detection models into missing threats. This paper proposes a new detection model using two-stage AST (abstract syntax tree, a structural representation of code) analysis combined with LSTM (long short-term memory, a type of neural network good at processing sequences) to better identify malicious code while resisting adversarial tricks, achieving over 98.2% detection accuracy even against adversarial attacks.