292 papers
The paper proposes AttriGuard, a novel runtime defense that mitigates Indirect Prompt Injection in LLM agents by employing parallel counterfactual tests to causally attribute tool invocations to user intent rather than untrusted external observations, thereby achieving near-perfect attack success rate reduction with minimal utility loss.
This paper proposes a method to protect intellectual property in neural network models by binding their weights to unique hardware properties using Physically Unclonable Functions (PUFs), thereby preventing accurate execution on cloned hardware.
This study proposes and evaluates incremental federated learning strategies, specifically utilizing LSTM models on the CICIoMT2024 dataset, to enhance the long-term resilience and resource efficiency of intrusion detection systems in IoT networks against evolving threats and concept drift.
This paper challenges the optimistic narrative of fully automated AI auditing by demonstrating that EVMbench's results are compromised by data contamination and narrow evaluation, revealing that current AI agents lack the stability and end-to-end exploitation capabilities to replace human auditors in smart contract security.
This paper investigates backdoor attacks in Vision Transformers by identifying a causal "trigger direction" in model activations, revealing distinct processing mechanisms for different trigger types, and proposing a data-free detection scheme based on mechanistic interpretability.
The paper introduces MAD, a novel memory allocation diversity system that combines spatial diversification techniques with software diversity principles to effectively deter RowHammer attacks with negligible performance overhead and hardware agnosticism.
This paper introduces TOSSS, a CVE-based benchmark designed to evaluate the ability of Large Language Models to distinguish between secure and vulnerable code snippets in C/C++ and Java, revealing that current models achieve security scores ranging from 0.48 to 0.89.
This paper presents a laboratory study analyzing the performance impact of traditional, hybrid, and pure post-quantum TLS 1.3 key exchange algorithms across multiple layers of stateful HTTP transactions, utilizing a load-balanced architecture to statistically evaluate latency and throughput variations under different response sizes.
This paper resolves an open question by demonstrating the first explicit separation between oblivious and adaptive differential privacy in the continual observation model, showing that while an oblivious algorithm can remain accurate for exponentially many time steps, any adaptive algorithm fails after only a constant number of steps.
This paper investigates the adversarial robustness of partitioned quantum classifiers by demonstrating that perturbations targeting circuit partitioning techniques, such as wire cutting or teleportation, are equivalent to implementing adversarial gates within intermediate layers, a relationship analyzed through both theoretical and experimental perspectives.
This paper introduces HVAC-EAR, a novel system that reconstructs intelligible human speech from low-resolution, noisy pressure data in HVAC systems using a complex-valued conformer, demonstrating significant privacy risks by achieving clear eavesdropping up to 1.2 meters in real-world deployments.
This paper introduces SPARK, a jailbreak framework that exploits cross-modal associations in text-to-video models by combining neutral scene anchors, latent auditory triggers, and stylistic modulators to generate semantically unsafe videos that bypass safety guardrails while maintaining a benign appearance.
This paper identifies and systematically studies "Tools Orchestration Privacy Risk" (TOP-R), a novel vulnerability where autonomous agents inadvertently synthesize sensitive information from non-sensitive tool fragments, and addresses it by introducing the TOP-Bench benchmark, the H-Score metric, and effective mitigation strategies that significantly improve the safety-utility trade-off.
This paper introduces WBC (Window-Based Comparison), a novel membership inference attack that significantly outperforms existing global-averaging methods against fine-tuned Large Language Models by exploiting localized memorization signals through a sliding window approach with sign-based aggregation.
This paper addresses the failure of weighted-average methods in detecting multi-turn prompt injection attacks by proposing a novel "Peak + Accumulation" proxy-level scoring formula that combines peak risk, persistence, and diversity, achieving 90.8% recall at a 1.20% false positive rate without requiring an LLM.
The paper introduces Scrambler, an e-graph-based tool that utilizes Equality Expansion to efficiently generate complex and diverse Mixed Boolean Arithmetic obfuscation expressions with guaranteed equivalence, demonstrating superior expressiveness and complexity compared to existing solutions.
This paper proposes "Traversal-as-Policy," a framework that distills sandboxed execution logs into verifiable Gated Behavior Trees to replace implicit LLM policies with explicit, state-conditioned macro traversals, thereby significantly improving success rates, eliminating safety violations, and reducing computational costs across diverse autonomous agent benchmarks.
This paper addresses the risk of amplified privacy leakage in sequential multi-agent LLM systems by formalizing compositional leakage through mutual information, deriving a theoretical bound on its propagation, and proposing a privacy-regularized training framework that enforces system-level privacy guarantees rather than relying on local agent constraints alone.
This paper introduces "ecosystem trust profiles" as a method for digital ecosystems to autonomously define and advertise trusted credentials, demonstrating how this framework enables cross-ecosystem interoperability while preserving sovereignty, though it reveals that such trust remains fragile without additional external governance mechanisms.
This paper introduces PPCMI-SF, a privacy-preserving collaborative framework that utilizes client-specific latent transforms and server-side mapping to achieve high-accuracy, real-time medical image segmentation across heterogeneous institutions while effectively resisting inversion and membership inference attacks without sharing raw data.