1972 papers
This paper proposes a novel "agnostic inference attack" in vertical federated learning where an active party infers passive party features using an independently trained model, and introduces adjustable privacy-preserving schemes that distort passive parameters to mitigate this attack while balancing privacy and model interpretability.
This paper introduces "Poisoning with A Pill," a three-stage augmentation framework that enhances the stealth and effectiveness of federated learning poisoning attacks by strategically injecting malicious updates into a tiny, novel subnet structure, thereby bypassing existing detection defenses and significantly increasing model error rates across diverse FL scenarios.
This paper introduces a privacy-preserving federated framework using threshold CKKS homomorphic encryption to enable multi-institutional Kaplan-Meier survival analysis that achieves high-fidelity results comparable to centralized data while preventing the reconstruction of sensitive individual records through encrypted aggregation and threshold decryption.
This paper proposes Module Switching Defense (MSD), a novel post-training strategy that disrupts backdoor attacks by selectively fusing model modules via an evolutionary algorithm, demonstrating superior robustness and utility preservation compared to weight averaging, particularly in scenarios with limited models or collusive backdoors.
This paper introduces the first property-preserving hashing construction for -distance predicates, offering a highly efficient and robust method to detect perceptually similar images under adversarial attacks by forcing attackers to introduce significant noise that degrades image quality to evade detection.
This paper introduces AttnTrace, an efficient and accurate method for tracing prompt injection and knowledge corruption in long-context LLMs by leveraging attention weights, which outperforms existing state-of-the-art solutions in both speed and effectiveness while enabling improved detection of injected instructions.
This paper introduces "parallel spooky pebble games," a technique combining parallelism and Hadamard basis measurements to significantly reduce the multiplication depth required for Regev's factoring algorithm, demonstrating that 4096-bit integers can be factored with a depth of 193 compared to previous variants requiring 444 or 680.
This paper introduces Rational Localized Adversarial Anonymization (RLAA), a fully localized and training-free framework that employs an Attacker-Arbitrator-Anonymizer architecture to overcome the privacy paradox of remote APIs and the utility collapse of local models by replacing greedy adversarial strategies with a rationality-gated mechanism that optimizes the trade-off between privacy gain and utility cost.
The paper introduces EZ-MIA, a training-free membership inference attack that leverages the "Error Zone" score to detect memorization in fine-tuned autoregressive language models with significantly higher detection rates and lower false positives than existing state-of-the-art methods.
HearthNet is an edge-based multi-agent orchestration system that deploys persistent, role-specialized LLM agents on home hubs to enable robust, natural language control of smart devices through decentralized coordination, shared state management, and strict authorization boundaries.
This paper proves that for a specific family of Reed-Solomon codes over prime fields, the Proximity Gaps Conjecture fails at radii within of the code's capacity rate, thereby formalizing a sketch by Krachun and Kazanin.
This paper introduces ADAM, a novel privacy attack that leverages data distribution estimation and entropy-guided querying to systematically extract sensitive information from LLM agent memory, achieving significantly higher success rates than existing methods and highlighting critical vulnerabilities in current agent designs.
This paper introduces a novel backdoor attack on Reinforcement Learning with Verifiable Rewards (RLVR) frameworks, demonstrating that injecting a small amount of poisoned training data with asymmetric reward signals can effectively implant a trigger that forces large language models to generate harmful responses while maintaining benign task performance.
This paper demonstrates that Large Reasoning Models become significantly more vulnerable to harmful attacks when faced with internal value conflicts or dilemmas, a vulnerability caused by the overlap and interference of safety and functional representations at the neuron level.
This paper demonstrates that in-domain pretraining of BERT models significantly enhances subdomain-level DNS exfiltration detection at low false positive rates, with performance gains being most pronounced when larger labeled datasets are available for fine-tuning.
This mixed-methods study analyzes Reddit discussions to reveal that while cybersecurity practitioners increasingly adopt large language models for productivity and efficiency, their autonomy remains constrained by persistent concerns regarding reliability, verification overhead, and security risks.
This paper classifies subsets of encrypted-clone storage registers into authorized, non-informative, and partially informative categories, revealing that intermediate unauthorized subsets can leak parity-dependent information about the input state, thereby exposing a structural confidentiality limitation in quantum encrypted cloning.
This paper addresses the scarcity of high-quality datasets for detecting in-game toxicity by introducing the L2DTnH dataset created with expert League of Legends players, which enables the development of a specialized NLP-based detector that outperforms general-purpose models and is deployed via a privacy-preserving browser extension.
This paper introduces a non-stationary queueing framework that accurately estimates an organization's dynamic cyber resources and workforce capacity by analyzing vulnerability and patch timestamps, offering a significant improvement over static attack-surface metrics for predictive risk management.
This paper proposes using homoglyphic substitution, which replaces standard characters with visually similar alternatives from different scripts, as an adversarial technique to degrade stylometric analysis and protect personal information from being inferred from written text.