Search Results (734)

This work presents a mathematical solution to data privacy and integrity issues in Split Learning which uses Homomorphic Encryption (HE) and Zero-Knowledge Proofs (ZKP). It allows calculations to be conducted on encrypted data, keeping the data private, while ZKP ensures the correctness of these calculations without revealing the underlying data. Our proposed system, HavenSL, combines HE and ZKP to provide strong protection against attacks. It uses Discrete Cosine Transform (DCT) to analyze model updates in the frequency domain to detect unusual changes in parameters. HavenSL also has a rollback feature that brings the system back to a verified state if harmful changes are detected. Experiments on CIFAR-10, MNIST, and Fashion-MNIST datasets show that using Homomorphic Encryption and Zero-Knowledge Proofs during training is feasible and accuracy is maintained. This mathematical-based approach shows how crypto-graphic can protect decentralized learning systems. It also proves the practical use of HE and ZKP in secure, privacy-aware collaborative AI. Full article

The rapid proliferation of Large Language Models (LLMs) across industries such as healthcare, finance, and legal services has revolutionized modern applications. However, their increasing adoption exposes critical vulnerabilities, particularly through adversarial prompt attacks that compromise LLM security. These prompt-based attacks exploit weaknesses in LLMs to manipulate outputs, leading to breaches of confidentiality, corruption of integrity, and disruption of availability. Despite their significance, existing research lacks a comprehensive framework to systematically understand and mitigate these threats. This paper addresses this gap by introducing a taxonomy of prompt attacks based on the Confidentiality, Integrity, and Availability (CIA) triad, an important cornerstone of cybersecurity. This structured taxonomy lays the foundation for a unique framework of prompt security engineering, which is essential for identifying risks, understanding their mechanisms, and devising targeted security protocols. By bridging this critical knowledge gap, the present study provides actionable insights that can enhance the resilience of LLM to ensure their secure deployment in high-stakes and real-world environments. Full article

Targeting the autonomous decision-making problem of unmanned combat aerial vehicles (UCAVs) in a two-versus-one (2v1) within-visual-range (WVR) air combat scenario, this paper proposes a maneuver decision-making method based on tactical coordination. First, a coordinated situation assessment model is designed, which subdivides the air combat situation into optimization-driven and tactical coordinated situations. The former combines missile attack zone calculation and trajectory prediction to optimize the control quantity of a single aircraft, while the latter uses fuzzy logic to analyze the overall situation of the three aircraft to drive tactical selection. Second, a decision-making model based on a hierarchical expert system is constructed, establishing a hierarchical decision-making framework with a UCAV-coordinated combat knowledge base. The coordinated situation assessment results are used to match corresponding tactics and maneuver control quantities. Finally, an improved particle swarm optimization algorithm (I-PSO) is proposed, which enhances the optimization ability and real-time performance through the design of local social factor iterative components and adaptive adjustment of inertia weights. Air combat simulations in four different scenarios verify the effectiveness and superiority of the proposed decision-making method. The results show that the method can achieve autonomous decision making in dynamic air combat. Compared with decision-making methods based on optimization algorithms and differential games, the win rate is increased by about 17% and 18%, respectively, and the single-step decision-making time is less than 0.02 s, demonstrating high real-time performance and win rate. This research provides new ideas and methods for the autonomous decision making of UCAVs in complex air combat scenarios. Full article

The increasing complexity and frequency of malware attacks pose significant challenges to cybersecurity, as traditional methods struggle to keep pace with the evolving threat landscape. Current malware classification techniques often fail to account for the heterogeneity of malware data and models across different clients, limiting their effectiveness. In this chapter, we propose a distributed model enhancement-based malware classification method that leverages federated learning to address these limitations. Our approach employs generative adversarial networks to generate synthetic malware data, transforming non-independent datasets into approximately independent ones to mitigate data heterogeneity. Additionally, we utilize knowledge distillation to facilitate the transfer of knowledge between client-specific models and a global classification model, promoting effective collaboration among diverse systems. Inspired by active defense theory, our method identifies suboptimal models during training and replaces them on a central server, ensuring all clients operate with optimal classification capabilities. We conducted extensive experimentation on the Malimg dataset and the Microsoft Malware Classification Challenge (MMCC) dataset. In scenarios characterized by both model heterogeneity and data heterogeneity, our proposed method demonstrated its effectiveness by improving the global malware classification model’s accuracy to 96.80%. Overall, our research presents a robust framework for improving malware classification while maintaining data privacy across distributed environments, highlighting its potential to strengthen cybersecurity defenses against increasingly sophisticated malware threats. Full article

Scientific dispute and scholarly debate have traditionally served as mechanisms for arbitrating between competing scientific categorizations. However, current AI technologies lack both the ethical framework and technical capabilities to handle the adversarial reasoning inherent in scientific discourse effectively. This creates a ‘categorization conundrum’ where new knowledge emerges from opaque black-box systems while simultaneously introducing unresolved vulnerabilities to errors and adversarial attacks. Our research addresses this challenge by examining how to preserve and enhance human dispute’s vital role in the creation, development, and resolution of knowledge categorization, supported by traceable AI assistance. Building on our previous work, which introduced GRAPHYP—a multiverse hypergraph representation of adversarial opinion profiles derived from multimodal web-based documentary traces—we present three key findings. First, we demonstrate that standardizing concepts and methods through ‘Dispute Learning’ not only expands the range of adversarial pathways in scientific categorization but also enables the identification of GRAPHYP model extensions. These extensions accommodate additional forms of human reasoning in adversarial contexts, guided by novel philosophical and methodological frameworks. Second, GRAPHYP’s support for human reasoning through graph-based visualization provides access to a broad spectrum of practical applications in decidable challenging categorizations, which we illustrate through selected case studies. Third, we introduce a hybrid analytical approach combining probabilistic and possibilistic methods, applicable to diverse classical research data types. We identify analytical by-products of GRAPHYP and examine their epistemological implications. Our discussion of standardized representations of documented adversarial uses highlights the enhanced value that structured dispute brings to elicit differential categorizations in the scientific discourse. Full article

False data injection attacks (FDIAs) targeting AC state estimation pose significant challenges, especially when only power measurements are available, and voltage measurements are absent. Current machine learning-based approaches struggle to effectively control state estimation errors and are confined to the data distribution of training sets. To address these limitations, we propose the physics-informed extrapolative adversarial variational autoencoder (PI-ExAVAE) for generating controllable and stealthy false data injections. By incorporating physically consistent priors derived from the AC power flow equations, which enforce both the physical laws of power systems and the stealth requirements to evade bad data detection mechanisms, the model learns to generate attack vectors that are physically plausible and stealthy while inducing significant and controllable deviations in state estimation. Experimental results on IEEE-14 and IEEE-118 systems show that the model achieves a 90% success rate in bypassing detection tests for most attack configurations and outperforms methods like SAGAN by generating smoother, more realistic deviations. Furthermore, the use of physical priors enables the model to extrapolate beyond the training data distribution, effectively targeting unseen operational scenarios. This highlights the importance of integrating physics knowledge into data-driven approaches to enhance adaptability and robustness against evolving detection mechanisms. Full article

The .NET framework is widely used for software development, making it a target for a significant number of malware attacks by developing malicious executables. Previous studies on malware detection often relied on developing generic detection methods for Windows malware that were not tailored to the unique characteristics of .NET executables. As a result, there remains a significant knowledge gap regarding the development of effective detection methods tailored to .NET malware. This work introduces a novel framework for detecting malicious .NET executables using statically extracted method names. To address the lack of datasets focused exclusively on .NET malware, a new dataset consisting of both malicious and benign .NET executable features was created. Our approach involves decompiling .NET executables, parsing the resulting code, and extracting standard .NET method names. Subsequently, feature selection techniques were applied to filter out less relevant method names. The performance of six machine learning models—XGBoost, random forest, K-nearest neighbor (KNN), support vector machine (SVM), logistic regression, and naïve Bayes—was compared. The results indicate that XGBoost outperforms the other models, achieving an accuracy of 96.16% and an F1-score of 96.15%. The experimental results show that standard .NET method names are reliable features for detecting .NET malware. Full article

A review of the violent knife crime literature suggests that the experiential perspective is one which has not been addressed in academic study. The research presented hereafter aims to address this literary gap and generate transferable knowledge relevant to the lived experience of violent knife crime. The experiential study of the single case within psychological research involves detailed examination of a particular event. Participant ‘J’ is the survivor of an extremely violent attack, involving the use of a knife, in his own home. J’s experience was analysed using Interpretative Phenomenological Analysis with reference to elements of the lifeworld: temporality, spatiality, intersubjectivity, and embodiment. Three themes were identified: 1. switching from past to present tense when relaying traumatic experience; 2. The presence of redemption sequences; and 3. making sense as a temporal process, which included an additional two subthemes—‘The long journey’ and ‘Seeking belongingness’. This case emphasises that the traumatic event is conceptualised as one part of a longer journey towards recovery, and that recovery itself is central to the experience of violent knife crime. Finally, the need to understand recovery as temporal process highlights the need to provide victims with appropriate support in order to avoid negative outcomes. Full article

Adversarial attacks deliberately modify deep learning inputs, mislead models, and cause incorrect results. Previous adversarial attacks on sentiment analysis models have demonstrated success in misleading these models. However, most existing attacks in sentiment analysis have applied a generalized approach to input modifications, without considering the characteristics and objectives of the different analysis levels. Specifically, for aspect-based sentiment analysis, there is a lack of attack methods that modify inputs in accordance with the evaluated aspects. Consequently, unnecessary modifications are made, compromising the input semantics, making the changes more detectable, and avoiding the identification of new vulnerabilities. In previous work, we proposed a model to generate adversarial examples in particular for aspect-based sentiment analysis. In this paper, we assess the effectiveness of our adversarial example model in negatively impacting aspect-based model results while maintaining high levels of semantic inputs. To conduct this evaluation, we propose diverse adversarial attacks across different dataset domains, target architectures, and consider distinct levels of victim model knowledge, thus obtaining a comprehensive evaluation. The obtained results demonstrate that our approach outperforms existing attack methods in terms of accuracy reduction and semantic similarity, achieving a 65.30% reduction in model accuracy with a low perturbation ratio of 7.79%. These findings highlight the importance of considering task-specific characteristics when designing adversarial examples, as even simple modifications to elements that support task classification can successfully mislead models. Full article

In recent years, cyberattacks have increased in sophistication, using a variety of tools to exploit vulnerabilities across the global digital landscapes. Among the most commonly used tools at an attacker’s disposal are Google dorks, Shodan, and Censys, which offer unprecedented access to exposed systems, devices, and sensitive data on the World Wide Web. While these tools can be leveraged by professional hackers, they have also empowered “Script Kiddies”, who are low-skill, inexperienced attackers who use readily available exploits and scanning tools without deep technical knowledge. Consequently, cyberattacks targeting critical infrastructure are growing at a rapid rate, driven by the ease with which these solutions can be operated with minimal expertise. This paper explores the potential for cyberattacks enabled by these tools, presenting use cases where these platforms have been used for both offensive and defensive purposes. By examining notable incidents and analyzing potential threats, we outline proactive measures to protect against these emerging risks. In this study, we delve into how these tools have been used offensively by attackers and how they serve defensive functions within cybersecurity. Additionally, we also introduce an automated all-in-one tool designed to consolidate the functionalities of Google dorks, Shodan, and Censys, offering a streamlined solution for vulnerability detection and analysis. Lastly, we propose proactive defense strategies to mitigate exploitation risks associated with such tools, aiming to enhance the resilience of critical digital infrastructure against evolving cyber threats. Full article

Peru constituted the most important Viceroyalty of the Spanish Empire in South America, with the Port of Callao controlling the South Pacific trade routes. Although it was safe in its infancy, Callao suffered coastal attacks leading to its fortification. However, on 28 October 1746, an earthquake and tidal wave devastated the port, leading to its relocation and the construction of the Real Felipe Fortress of Callao, the South Pacific’s most significant fortification. The fortress was based on 18th century military conceptions adapted to the specific conditions of the coastal lands of the Peruvian Viceroyalty, such as the lack of stone, the use of adobe, and the frequent earthquakes. This research sought to identify the architectural theories influencing its design, the adaptations necessary for its coastal location, and the underlying mathematical and military concepts. Photogrammetry based techniques and a geographic information system (GIS) were used for georeferencing historical planimetry, along with the analysis of historical documents. This allowed us to reconstruct the original design and make evident how European ideas were adjusted to the particularities of the American territory, thus contributing to the improvement of knowledge about Spanish military architecture in America. Full article

Neural networks have become pivotal in advancing applications across various domains, including healthcare, finance, surveillance, and autonomous systems. To achieve low latency and high efficiency, field-programmable gate arrays (FPGAs) are increasingly being employed as accelerators for neural network inference in cloud and edge devices. However, the rising costs and complexity of neural network training have led to the widespread use of outsourcing of training, pre-trained models, and machine learning services, raising significant concerns about security and trust. Specifically, malicious actors may embed neural Trojans within NNs, exploiting them to leak sensitive data through side-channel analysis. This paper builds upon our prior work, where we demonstrated the feasibility of embedding Trojan side-channels in neural network weights, enabling the extraction of classification results via remote power side-channel attacks. In this expanded study, we introduced a broader range of experiments to evaluate the robustness and effectiveness of this attack vector. We detail a novel training methodology that enhanced the correlation between power consumption and network output, achieving up to a 33% improvement in reconstruction accuracy over benign models. Our approach eliminates the need for additional hardware, making it stealthier and more resistant to conventional hardware Trojan detection methods. We provide comprehensive analyses of attack scenarios in both controlled and variable environmental conditions, demonstrating the scalability and adaptability of our technique across diverse neural network architectures, such as MLPs and CNNs. Additionally, we explore countermeasures and discuss their implications for the design of secure neural network accelerators. To the best of our knowledge, this work is the first to present a passive output recovery attack on neural network accelerators, without explicit trigger mechanisms. The findings emphasize the urgent need to integrate hardware-aware security protocols in the development and deployment of neural network accelerators. Full article

Deep learning models have been widely applied to synthetic aperture radar (SAR) target recognition, offering end-to-end feature extraction that significantly enhances recognition performance. However, recent studies show that optical image recognition models are widely vulnerable to adversarial examples, which fool the models by adding imperceptible perturbation to the input. Although the targeted adversarial attack (TAA) has been realized in the white box setup with full access to the SAR model’s knowledge, it is less practical in real-world scenarios where white box access to the target model is not allowed. To the best of our knowledge, our work is the first to explore transferable TAA on SAR models. Since contrastive learning (CL) is commonly applied to enhance a model’s generalization, we utilize it to improve the generalization of adversarial examples generated on a source model to unseen target models in the black box scenario. Thus, we propose the contrastive learning-based targeted adversarial attack, termed CL-TAA. Extensive experiments demonstrated that our proposed CL-TAA can significantly improve the transferability of adversarial examples to fool the SAR models in the black box scenario. Full article

Deep neural network-based synthetic aperture radar (SAR) automatic target recognition (ATR) systems are susceptible to attack by adversarial examples, which leads to misclassification by the SAR ATR system, resulting in theoretical model robustness problems and security problems in practice. Inspired by optical images, current SAR ATR adversarial example generation is performed in the image domain. However, the imaging principle of SAR images is based on the imaging of the echo signals interacting between the SAR and objects. Generating adversarial examples only in the image domain cannot change the physical world to achieve adversarial attacks. To solve these problems, this article proposes a framework for generating SAR adversarial examples in a 3D physical scene. First, adversarial attacks are implemented in the 2D image space, and the perturbation in the image space is converted into simulated rays that constitute SAR images through backpropagation optimization methods. The mapping between the simulated rays constituting SAR images and the 3D model is established through coordinate transformation, and point correspondence to triangular faces and intensity values to texture parameters are established. Thus, the simulated rays constituting SAR images are mapped to the 3D model, and the perturbation in the 2D image space is converted back to the 3D physical space to obtain the position and intensity of the perturbation in the 3D physical space, thereby achieving physical adversarial attacks. The experimental results show that our attack method can effectively perform SAR adversarial attacks in the physical world. In the digital world, we achieved an average fooling rate of up to 99.02% for three objects in six classification networks. In the physical world, we achieved an average fooling rate of up to 97.87% for these objects, with a certain degree of transferability across the six different network architectures. To the best of our knowledge, this is the first work to implement physical attacks in a full physical simulation condition. Our research establishes a theoretical foundation for the future concealment of SAR targets in practical settings and offers valuable insights for enhancing the attack and defense capabilities of subsequent DNNs in SAR ATR systems. Full article

In the era of widespread digital image sharing on social media platforms, deep-learning-based watermarking has shown great potential in copyright protection. To address the fundamental trade-off between the visual quality of the watermarked image and the robustness of watermark extraction, we explore the role of structural features and propose a novel edge-aware watermarking framework. Our primary innovation lies in the edge-aware secret hiding module (EASHM), which achieves adaptive watermark embedding by aligning watermarks with image structural features. To realize this, the EASHM leverages knowledge distillation from an edge detection teacher and employs a dual-task encoder that simultaneously performs edge detection and watermark embedding through maximal parameter sharing. The framework is further equipped with a social network noise simulator (SNNS) and a secret recovery module (SRM) to enhance robustness against common image noise attacks. Extensive experiments on three public datasets demonstrate that our framework achieves superior watermark imperceptibility, with PSNR and SSIM values exceeding 40.82 dB and 0.9867, respectively, while maintaining an over 99% decoding accuracy under various noise attacks, outperforming existing methods by significant margins. Full article