Search Results (2,351)

The integrity of global elections is increasingly under threat from artificial intelligence (AI) technologies. As AI continues to permeate various aspects of society, its influence on political processes and elections has become a critical area of concern. This is because AI language models are far from neutral or objective; they inherit biases from their training data and the individuals who design and utilize them, which can sway voter decisions and affect global elections and democracy. In this research paper, we explore how AI can directly impact election outcomes through various techniques. These include the use of generative AI for disseminating false political information, favoring certain parties over others, and creating fake narratives, content, images, videos, and voice clones to undermine opposition. We highlight how AI threats can influence voter behavior and election outcomes, focusing on critical areas, including political polarization, deepfakes, disinformation, propaganda, and biased campaigns. In response to these challenges, we propose a Blockchain-based Deepfake Authenticity Verification Framework (B-DAVF) designed to detect and authenticate deepfake content in real time. It leverages the transparency of blockchain technology to reinforce electoral integrity. Finally, we also propose comprehensive countermeasures, including enhanced legislation, technological solutions, and public education initiatives, to mitigate the risks associated with AI in electoral contexts, proactively safeguard democracy, and promote fair elections. Full article

Degraded underwater images decrease the accuracy of underwater object detection. Existing research uses image enhancement methods to improve the visual quality of images, which may not be beneficial in underwater image detection and lead to serious degradation in detector performance. To alleviate this problem, we proposed a bidirectional guided method for underwater object detection, referred to as BG-YOLO. In the proposed method, a network is organized by constructing an image enhancement branch and an object detection branch in a parallel manner. The image enhancement branch consists of a cascade of an image enhancement subnet and object detection subnet. The object detection branch only consists of a detection subnet. A feature-guided module connects the shallow convolution layers of the two branches. When training the image enhancement branch, the object detection subnet in the enhancement branch guides the image enhancement subnet to be optimized towards the direction that is most conducive to the detection task. The shallow feature map of the trained image enhancement branch is output to the feature-guided module, constraining the optimization of the object detection branch through consistency loss and prompting the object detection branch to learn more detailed information about the objects. This enhances the detection performance. During the detection tasks, only the object detection branch is reserved so that no additional computational cost is introduced. Extensive experiments demonstrate that the proposed method significantly improves the detection performance of the YOLOv5s object detection network (the mAP is increased by up to 2.9%) and maintains the same inference speed as YOLOv5s (132 fps). Full article

The widespread reuse of code in the open-source community has led to the proliferation of homologous vulnerabilities, which are security flaws propagated across diverse software systems through the reuse of vulnerable code. Such vulnerabilities pose serious cybersecurity risks, as attackers can exploit the same weaknesses across multiple platforms. Deep learning has emerged as a promising approach for detecting homologous vulnerabilities in binary code due to their automated feature extraction and high efficiency. However, existing deep learning methods often struggle to capture deep semantic features in binary code, limiting their effectiveness. To address this limitation, this paper presents GMN+, which is a novel graph matching neural network with enhanced attention for detecting homologous vulnerabilities. This method comprehensively considers the information contained in instructions and incorporates types of input instruction. Masked Language Modeling and Instruction Type Prediction are developed as pre-training tasks to enhance the ability of GMN+ in extracting semantic information from basic blocks. GMN+ utilizes an attention mechanism to focus concurrently on the critical semantic information within functions and differences between them, generating robust function embeddings. Experimental results indicate that GMN+ outperforms state-of-the-art methods in various tasks and achieves notable performance in real-world vulnerability detection scenarios. Full article

The development and testing of a virtual assistant (VA) designed to enhance information retrieval and support in an academic environment are presented in this paper, with the Retrieval-Augmented Generation (RAG) approach being utilized alongside Google’s VERTEX AI Palm-2 model. A novel integration of RAG with contextual learning is introduced in this study, specifically for applications in university contact centers, where accuracy and relevance are considered paramount. The effectiveness of the VA was evaluated through user testing, focusing on two primary hypotheses: first, that the VA can achieve accurate interpretation and response to queries with context-based information, and second, that the VA minimizes potential harm from erroneous responses. In total, 187 participants were involved in the testing, and a diverse set of inquiries was utilized, resulting in 561 query–response interactions that were analyzed. It was shown that contextual data significantly reduced hallucinations and increased response accuracy, thereby underscoring the value of the RAG method in applications requiring high levels of specificity. Furthermore, the study provides empirical insights into the impact of AI-generated hallucinations and response inconsistencies, particularly about structured or procedural data. A framework for mitigating these challenges in future implementations is also offered. The scalability and adaptability of the RAG method in specialized academic contexts are demonstrated in this work, with broader implications for integrating AI-driven VAs across educational and professional domains being highlighted. Full article

In network security, intrusion detection systems (IDSs) are essential for maintaining network integrity. Traditional IDSs primarily use supervised learning, relying on extensive datasets for effective training, which limits their ability to address rapidly evolving cyber threats, especially with limited data samples. To overcome this, prior research has applied meta-learning methods to distinguish between normal and malicious network traffic, showing promising results mainly in binary classification scenarios. However, challenges remain in model information acquisition within few-shot learning (FSL) frameworks. This study introduces a metric-based meta-learning strategy that constructs prototypes for each sample category, improving the model’s ability to manage multi-class scenarios. Additionally, we propose an Adaptive Feature Fusion (AFF) mechanism that dynamically integrates statistical features and binary data streams to extract meaningful insights from limited datasets, thereby enhancing the effectiveness of IDSs in few-shot learning contexts. By introducing a metric-based meta-learning method and the Adaptive Feature Fusion mechanism, this study provides a feasible solution for developing a high-accuracy, multi-class few-shot intrusion detection system. A series of experiments show that this approach significantly improves the effectiveness of the intrusion detection system, achieving an impressive accuracy of 97.78% in multi-class tasks, even when the sample size is reduced to just one. Full article

Despite considerable advancements in integrating the Internet of Things (IoT) and artificial intelligence (AI) within the industrial maintenance framework, the increasing reliance on these innovative technologies introduces significant vulnerabilities due to cybersecurity risks, potentially compromising the integrity of decision-making processes. Accordingly, this study aims to offer comprehensive insights into the cybersecurity challenges associated with predictive maintenance, proposing a novel methodology that leverages generative AI for data augmentation, enhancing threat detection capabilities. Experimental evaluations conducted using the NASA Commercial Modular Aero-Propulsion System Simulation (N-CMAPSS) dataset affirm the viability of this approach leveraging the state-of-the-art TimeGAN model for temporal-aware data generation and building a recurrent classifier for attack discrimination in a balanced dataset. The classifier’s results demonstrate the satisfactory and robust performance achieved in terms of accuracy (between 80% and 90%) and how the strategic generation of data can effectively bolster the resilience of intelligent maintenance systems against cyber threats. Full article

This study explores the application of artificial intelligence, specifically ChatGPT-4o, in constructing and managing a portfolio of cybersecurity stocks over the period from Q1 2018 to Q1 2024. Leveraging advanced machine learning models, fundamental analysis, sentiment analysis, and optimization techniques, the AI-driven portfolio significantly outperformed leading cybersecurity ETFs, as well as broader market indices such as the Nasdaq 100 (QQQ) and S&P 500 (SPY). The methodology employed included data collection, stock filtering, predictive modeling using Random Forests and Support Vector Machines (SVMs), sentiment analysis through natural language processing (NLP), and portfolio optimization using Mean-Variance Optimization (MVO), with quarterly rebalancing to ensure responsiveness to evolving market conditions. The AI-selected portfolio achieved a total return of 273%, with strong risk-adjusted performance as demonstrated by key metrics such as the Sharpe ratio, highlighting the effectiveness of an AI-based approach in navigating market complexities and generating superior returns. The results of this study indicate that AI-driven portfolio management can uncover investment opportunities that traditional methods may overlook, offering a competitive edge in the cybersecurity sector and promising enhanced predictive accuracy, efficiency, and overall investment success as AI technologies continue to evolve. Full article

In a fuzzy graph $\mathbb{G}$, a fuzzy coalition is formed by two disjoint vertex sets ${\mathbb{V}}_{\mathtt{1}}$ and ${\mathbb{V}}_{\mathtt{2}}$, neither of which is a strongly dominating set, but the union ${\mathbb{V}}_{\mathtt{1}}\cup {\mathbb{V}}_{\mathtt{2}}$ forms a strongly dominating set. A fuzzy coalition partition of $\mathbb{G}$ is defined as $\Pi =\{{\mathbb{V}}_{\mathtt{1}},{\mathbb{V}}_{\mathtt{2}},\cdots ,{\mathbb{V}}_{\mathbb{k}}\}$, where each set ${\mathbb{V}}_{\mathbb{i}}$ either forms a singleton strongly dominating set or is not a strongly dominating set but forms a fuzzy coalition with another non-strongly dominating set in $\Pi$. A fuzzy graph with such a fuzzy coalition partition $\Pi$ is called a fuzzy coalition graph, denoted as $\mathbb{FG}(\mathbb{G},\Pi )$. The vertex set of the fuzzy coalition graph consists of $\{{\mathbb{V}}_{\mathtt{1}},{\mathbb{V}}_{\mathtt{2}},\cdots ,{\mathbb{V}}_{\mathbb{k}}\}$, corresponding one-to-one with the sets of $\Pi$, and the two vertices are adjacent in $\mathbb{FG}(\mathbb{G},\Pi )$ if and only if ${\mathbb{V}}_{\mathbb{i}}$ and ${\mathbb{V}}_{\mathbb{j}}$ are fuzzy coalition partners in $\Pi$. This study demonstrates how fuzzy coalition graphs can model and optimize cybersecurity collaborations across critical infrastructures in smart cities, ensuring comprehensive protection against cyber threats. This study concludes that fuzzy coalition graphs offer a robust framework for optimizing collaboration and decision-making in interconnected systems like smart cities. Full article

This article delves into Microsoft Azure’s cyber forensic capabilities, focusing on the unique challenges in cloud security incident investigation. Cloud services are growing in popularity, and Azure’s shared responsibility model, multi-tenant nature, and dynamically scalable resources offer unique advantages and complexities for digital forensics. These factors complicate forensic evidence collection, preservation, and analysis. Data collection, logging, and virtual machine analysis are covered, considering physical infrastructure restrictions and cloud data transience. It evaluates Azure-native and third-party forensic tools and recommends methods that ensure effective investigations while adhering to legal and regulatory standards. It also describes how AI and machine learning automate data analysis in forensic investigations, improving speed and accuracy. This integration advances cyber forensic methods and sets new standards for future innovations. Unified Audit Logs (UALs) in Azure are examined, focusing on how Azure Data Explorer and Kusto Query Language (KQL) can effectively parse and query large datasets and unstructured data to detect sophisticated cyber threats. The findings provide a framework for other organizations to improve forensic analysis, advancing cloud cyber forensics while bridging theoretical practices and practical applications, enhancing organizations’ ability to combat increasingly sophisticated cybercrime. Full article

Flexibility markets are crucial for balancing the decentralised and renewable-driven energy landscape. This paper presents a security evaluation of a flexibility market system using a threat modelling approach. A reference architecture for a typical flexibility market system is proposed, and attack graph-driven simulations are performed to analyse potential attack pathways where malicious actors might infiltrate the system and the vulnerabilities they might exploit. Key findings include the identification of high-risk areas, such as the Internet links between market actors. To mitigate these risks, the paper proposes and evaluates multiple protection scenarios in reducing the identified attack vectors. The findings underline the importance of multi-layered security strategies to safeguard flexibility markets from increasingly sophisticated cyber threats. Full article

Today, there are many security problems at the technological level, especially in telecommunications. Cybercriminals invade and steal data from any system using vector attacks such as phishing through scam mail, fake websites and phone calls. This latter form of phishing is called vishing (phishing using voice). Through vishing and using social engineering techniques, attackers can impersonate family members or friends of potential victims and obtain information or money or a specific target objective. Traditionally, to carry out vishing attacks, attackers imitated the vocabulary, voice and tone of a person known to the victim. However, with current artificial intelligence (AI) tools, obtaining synthetic voices similar or identical to the person to be impersonated is more straightforward and precise. In this regard, this paper, using ChatGPT and three AI-enabled applications for voice synthesis presents a practical approach for deploying vishing attacks in an academic environment to identify the limitations, implications and possible countermeasures to mitigate the effects on Internet users. Results demonstrate the effectiveness of vishing attacks, and the maturity level of the employed AI tools. Full article

The field of digital forensics relies on expertise from multiple domains, including computer science, criminology, and law. It also relies on different toolsets and an analyst’s expertise to parse enormous amounts of user-generated data to find clues that help crack a case. This process of investigative analysis is often done manually. Artificial Intelligence (AI) can provide practical solutions to efficiently mine enormous amounts of data to find useful patterns that can be leveraged to investigate crimes. Natural Language Processing (NLP) is a subdomain of research under AI that deals with problems involving unstructured data, specifically language. The domain of NLP includes several tools to parse text, including topic modeling, pairwise correlation, word vector cosine distance measurement, and sentiment analysis. In this research, we propose a digital forensic investigative technique that uses an ensemble of NLP tools to identify a person of interest list based on a corpus of text. Our proposed method serves as a type of human feature reduction, where a total pool of suspects is filtered down to a short list of candidates who possess a higher correlation with the crime being investigated. Full article

Due to the widespread acceptance of ChatGPT, implementing large language models (LLMs) in real-world applications has become an important research area. Such productisation of technologies allows the public to use AI without technical knowledge. LLMs can revolutionise and automate various healthcare processes, but security is critical. If implemented in critical sectors such as healthcare, adversaries can manipulate the vulnerabilities present in such systems to perform malicious activities such as data exfiltration and manipulation, and the results can be devastating. While LLM implementation in healthcare has been discussed in numerous studies, threats and vulnerabilities identification in LLMs and their safe implementation in healthcare remain largely unexplored. Based on a comprehensive review, this study provides new findings which do not exist in the current literature. This research has proposed a taxonomy to explore LLM applications in healthcare, a threat model considering the vulnerabilities of LLMs which may affect their implementation in healthcare, and a security framework for the implementation of LLMs in healthcare and has identified future avenues of research in LLMs, cybersecurity, and healthcare. Full article

Modern organizations have migrated from localized physical offices to work-from-home environments. This surge in remote work culture has exponentially increased the demand for and usage of Virtual Private Networks (VPNs), which permit remote employees to access corporate offices effectively. However, the technology raises concerns, including security threats, latency, throughput, and scalability, among others. These newer-generation threats are more complex and frequent, which makes the legacy approach to security ineffective. This research paper gives an overview of contemporary technologies used across enterprises, including the VPNs, Zero Trust Network Access (ZTNA), proxy servers, Secure Shell (SSH) tunnels, the software-defined wide area network (SD-WAN), and Secure Access Service Edge (SASE). This paper also presents a comprehensive cybersecurity framework named Zero Trust VPN (ZT-VPN), which is a VPN solution based on Zero Trust principles. The proposed framework aims to enhance IT security and privacy for modern enterprises in remote work environments and address concerns of latency, throughput, scalability, and security. Finally, this paper demonstrates the effectiveness of the proposed framework in various enterprise scenarios, highlighting its ability to prevent data leaks, manage access permissions, and provide seamless security transitions. The findings underscore the importance of adopting ZT-VPN to fortify cybersecurity frameworks, offering an effective protection tool against contemporary cyber threats. This research serves as a valuable reference for organizations aiming to enhance their security posture in an increasingly hostile threat landscape. Full article

The increasing use of the Internet of Things (IoT) in homes and industry brings significant security and privacy challenges, while also considering trade-off for performance, energy consumption, and processing capabilities. Few explicit and specific guidelines exist to help architects in considering these trade-offs while designing secure IoT systems. This article proposes to address this situation by extending the well-known architectural tactics taxonomies with IoT-specific trade-offs; to preserving auditability, the trade-offs address the quality characteristics of the ISO 25010:2023 standard. The proposed technique and catalog are illustrated with the design of the Nunatak environmental monitoring system. The proposal was empirically validated with a controlled experiment, where a balanced mix of 12 novice and expert practitioners had to design a secure IoT Environmental Monitoring System; they used similar architectural tactics catalogs, with versus without trade-off information. Results suggest that having this information yield significant improvements in decision-making effectiveness (Precision) and usefulness (F1-Score), particularly benefiting less experienced designers. Wider adoption of trade-off-aware catalogs of architectural tactics will allow systematic, auditable design of secure IoT systems, and especially so by novice architects. Full article