cs.CR
Auto Added by WPeMatico
-
arXiv:2412.16190v1 Announce Type: new Abstract: Automated, secure software development is an important task of digitalization, which is solved with the DevSecOps approach. An important part of the DevSecOps approach is continuous risk assessment, which is necessary to identify and evaluate risk factors. Combining the development cycle with continuous risk assessment creates synergies in software development…
-
arXiv:2412.16246v1 Announce Type: new Abstract: The collapse of social contexts has been amplified by digital infrastructures but surprisingly received insufficient attention from Web privacy scholars. Users are persistently identified within and across distinct web contexts, in varying degrees, through and by different websites and trackers, losing the ability to maintain a fragmented identity. To systematically…
-
arXiv:2412.16254v1 Announce Type: new Abstract: Adversarial attacks pose a significant threat to the reliability of pre-trained language models (PLMs) such as GPT, BERT, RoBERTa, and T5. This paper presents Adversarial Robustness through Dynamic Ensemble Learning (ARDEL), a novel scheme designed to enhance the robustness of PLMs against such attacks. ARDEL leverages the diversity of multiple…
-
arXiv:2412.16264v1 Announce Type: new Abstract: Intrusion Detection Systems (IDS) are crucial for safeguarding digital infrastructure. In dynamic network environments, both threat landscapes and normal operational behaviors are constantly changing, resulting in concept drift. While continuous learning mitigates the adverse effects of concept drift, insufficient attention to drift patterns and excessive preservation of outdated knowledge can…
-
arXiv:2412.16343v1 Announce Type: new Abstract: Stack canaries and shadow stacks are widely deployed mitigations to memory-safety vulnerabilities. While stack canaries are introduced by the compiler and rely on sentry values placed between variables and control data, shadow stack implementations protect return addresses explicitly and rely on hardware features available in modern processor designs for efficiency.…
-
arXiv:2412.16349v1 Announce Type: new Abstract: Censorship and censorship circumvention are closely connected, and each is constantly making decisions in reaction to the other. When censors deploy a new Internet censorship technique, the anti-censorship community scrambles to find and develop circumvention strategies against the censor’s new strategy, i.e., by targeting and exploiting specific vulnerabilities in the…
-
arXiv:2412.16430v1 Announce Type: new Abstract: Deception is being increasingly explored as a cyberdefense strategy to protect operational systems. We are studying implementation of deception-in-depth strategies with initially three logical layers: network, host, and data. We draw ideas from military deception, network orchestration, software deception, file deception, fake honeypots, and moving-target defenses. We are building a…
-
arXiv:2412.16484v1 Announce Type: new Abstract: The vast majority of cybersecurity information is unstructured text, including critical data within databases such as CVE, NVD, CWE, CAPEC, and the MITRE ATT&CK Framework. These databases are invaluable for analyzing attack patterns and understanding attacker behaviors. Creating a knowledge graph by integrating this information could unlock significant insights. However,…
-
arXiv:2412.16595v1 Announce Type: new Abstract: As cyber threats continue to evolve and diversify, it has become increasingly challenging to identify the root causes of security breaches that occur between periodic security assessments. This paper explores the fundamental importance of system fingerprinting as a proactive and effective approach to addressing this issue. By capturing a comprehensive…
-
arXiv:2412.16607v1 Announce Type: new Abstract: Software vulnerabilities are commonly exploited as attack vectors in cyberattacks. Hence, it is crucial to identify vulnerable software configurations early to apply preventive measures. Effective vulnerability detection relies on identifying software vulnerabilities through standardized identifiers such as Common Platform Enumeration (CPE) strings. However, non-standardized CPE strings issued by software vendors…
-
arXiv:2412.16614v1 Announce Type: new Abstract: The rise in cybercrime and the complexity of multilingual and code-mixed complaints present significant challenges for law enforcement and cybersecurity agencies. These organizations need automated, scalable methods to identify crime types, enabling efficient processing and prioritization of large complaint volumes. Manual triaging is inefficient, and traditional machine learning methods fail…
-
arXiv:2412.15228v1 Announce Type: new Abstract: Images serve as a crucial medium for communication, presenting information in a visually engaging format that facilitates rapid comprehension of key points. Meanwhile, during transmission and storage, they contain significant sensitive information. If not managed properly, this information may be vulnerable to exploitation for personal gain, potentially infringing on privacy…
-
arXiv:2412.15237v1 Announce Type: new Abstract: The increasing integration of artificial intelligence (AI) within cybersecurity has necessitated stronger encryption methods to ensure data security. This paper presents a comparative analysis of symmetric (SE) and asymmetric encryption (AE) algorithms, focusing on their role in securing sensitive information in AI-driven environments. Through an in-depth study of various encryption…
-
arXiv:2412.15267v1 Announce Type: new Abstract: Toxicity detection is crucial for maintaining the peace of the society. While existing methods perform well on normal toxic contents or those generated by specific perturbation methods, they are vulnerable to evolving perturbation patterns. However, in real-world scenarios, malicious users tend to create new perturbation patterns for fooling the detectors.…
-
Fooling LLM graders into giving better grades through neural activity guided adversarial prompting
·
arXiv:2412.15275v1 Announce Type: new Abstract: The deployment of artificial intelligence (AI) in critical decision-making and evaluation processes raises concerns about inherent biases that malicious actors could exploit to distort decision outcomes. We propose a systematic method to reveal such biases in AI evaluation systems and apply it to automated essay grading as an example. Our…
-
arXiv:2412.15276v1 Announce Type: new Abstract: Data-free model stealing involves replicating the functionality of a target model into a substitute model without accessing the target model’s structure, parameters, or training data. The adversary can only access the target model’s predictions for generated samples. Once the substitute model closely approximates the behavior of the target model, attackers…
-
arXiv:2412.15289v1 Announce Type: new Abstract: Large language models (LLMs) have made significant advancements across various tasks, but their safety alignment remain a major concern. Exploring jailbreak prompts can expose LLMs’ vulnerabilities and guide efforts to secure them. Existing methods primarily design sophisticated instructions for the LLM to follow, or rely on multiple iterations, which could…
-
arXiv:2412.15306v1 Announce Type: new Abstract: Network traffic includes data transmitted across a network, such as web browsing and file transfers, and is organized into packets (small units of data) and flows (sequences of packets exchanged between two endpoints). Classifying encrypted traffic is essential for detecting security threats and optimizing network management. Recent advancements have highlighted…