283 papers
This paper introduces a novel inference-time backdoor attack that exploits maliciously modified chat templates to compromise open-weight language models without altering weights or training data, demonstrating high success rates in degrading factual accuracy and inducing harmful outputs while evading current security scans.
This paper proposes FedORA, a primal-dual optimization framework that enables efficient and theoretically certified sample and label unlearning in Vertical Federated Learning by introducing a novel uncertainty-promoting loss function and adaptive strategies to minimize computational overhead while preserving model utility.
This paper presents a differentially private scheme for estimating black-box statistics that effectively trades off between statistical efficiency and oracle efficiency, accompanied by lower bounds demonstrating the near-optimality of this approach.
This paper evaluates the security and quality of code generated by Large Language Models across multiple programming languages using a 200-task dataset, revealing that while LLMs can automate coding, they often fail to adopt modern security features and rely on outdated practices, particularly in languages like C++ and Java 17.
The paper proposes "Latent Sculpting," a hierarchical two-stage architecture that combines a Transformer-based encoder with a Binary Latent Sculpting loss and a Masked Autoregressive Flow to enforce explicit geometric boundaries on benign data, achieving robust zero-shot generalization and high detection rates for out-of-distribution cyberattacks on the CIC-IDS-2017 benchmark.
This paper proposes efficient data reduction strategies for semi-supervised adversarial training that utilize latent clustering techniques to select or generate critical boundary-adjacent samples, significantly reducing data requirements and computational costs while maintaining state-of-the-art robustness.
This paper re-evaluates the state-of-the-art LiRA membership inference attack under realistic conditions, demonstrating that its effectiveness is significantly overestimated in prior studies due to overconfident models, improper threshold calibration, and unrealistic priors, thereby revealing that reliable privacy auditing requires protocols that reflect practical training practices and reproducibility constraints.
The paper introduces AFTUNE, a framework that ensures the integrity of cloud-based large language model fine-tuning and inference by employing a lightweight recording and spot-check mechanism to generate verifiable execution traces, thereby enabling clients to practically audit proprietary AI processes without prohibitive overhead.
This paper proposes and validates a hardware-efficient, explainable Convolutional Tsetlin Machine (CTM) for real-time 5G jamming detection that achieves comparable accuracy to convolutional neural networks while significantly reducing training time, memory usage, and enabling deterministic FPGA deployment.
This study demonstrates that the choice of graph construction technique significantly impacts IoT botnet detection performance, revealing that Gabriel graphs combined with Variational Autoencoders and Graph Attention Networks achieve the highest accuracy (97.56%) on the N-BaIoT dataset compared to other methods like k-NN and Shared Nearest Neighbor.
This paper proposes a leakage-safe, time-respecting graph feature extraction protocol for temporal transaction networks that, when combined with transaction attributes, significantly enhances the interpretability and performance of illicit entity classification while preventing look-ahead bias.
This paper introduces an enhanced post-quantum key agreement protocol that achieves provable, information-theoretic security against quantum adversaries through Rényi entropy-based techniques, distributed polynomial commitments, and quantum-resistant commitments, offering $2^{128}$ security guarantees without relying on computational hardness assumptions.
This paper introduces a generic framework to elevate single-copy security to multi-copy security in quantum cryptography, demonstrating that under mild assumptions, single-copy pseudorandom states and unitaries imply their multi-copy counterparts and enabling the construction of identical-copy secure unclonable primitives like public-key quantum money and copy-protection.
Assuming the hardness of the Learning with Errors (LWE) problem, the paper proves that no quantum algorithm can weakly automate proof search in the -Frege propositional proof system, marking the first established connection between quantum computation and the limitations of automated propositional proof search.
The paper proposes a bipartite quantum key distribution protocol that leverages indefinite causal order, specifically utilizing a process matrix resource to achieve an 85.35% raw bit-matching probability between Alice and Bob, which is sufficient for standard error correction and practical implementation.
The paper presents Lattice (LAT), a post-quantum peer-to-peer electronic cash system designed as a settlement layer for the quantum era by integrating RandomX CPU-only proof-of-work, LWMA-1 difficulty adjustment, and NIST-standard ML-DSA-44 lattice-based digital signatures with a specific emission schedule and block weight scaling mechanism.
This paper introduces "Kraken," a novel higher-order electromagnetic side-channel attack that successfully extracts DNN parameters from specialized GPU Tensor Cores in the near field and demonstrates significant weight leakage from Large Language Models at a distance of 100 cm, marking the first time such specialized hardware has been compromised via physical side channels.
This paper introduces the first systematic evaluation of cluster-aware attacks on graph watermarking, demonstrating that adversaries leveraging community structure to strategically modify edges can significantly reduce attribution accuracy with comparable structural distortion, thereby exposing the vulnerability of current schemes that rely solely on random perturbation defenses.
This paper proposes TCBS-Attack, a novel black-box jailbreaking method that employs token-level evolutionary search guided by decision boundaries to efficiently bypass full-chain defenses in text-to-image models, significantly outperforming existing state-of-the-art attacks.
This paper challenges the reliability of backdoor-based dataset ownership verification by demonstrating that attackers can forge statistically indistinguishable watermarks using a lightweight variational autoencoder, thereby undermining the validity of current watermarking schemes as standalone evidence for copyright infringement claims.