Similar Journals
|
IEEE Transactions on Information Forensics and Security
Journal Prestige (SJR): 1.274  Citation Impact (citeScore): 7 Number of Followers: 27  Hybrid journal (It can contain Open Access articles)ISSN (Print) 1556-6013 Published by IEEE  [228 journals]
|
- Handwritten Signature Verification via Multimodal Consistency Learning
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Zhaosen Shi;Fagen Li;Dong Hao;Qinshuo Sun;
Pages: 3995 - 4007
Abstract: Multimodal handwritten signatures usually involve offline images and online sequences. Since in real-world scenarios, different modalities of the same signature are generated simultaneously, most research hypothesizes that the different modalities are consistent. However, attacks launched on a partial modality (e.g., only tampering on the image modality) of signature data are commonly seen, and will cause the inter-modal inconsistency. In this paper, we propose and analyze the multimodal security and attack levels for handwritten signatures, and provide a multimodal consistency learning method to detect different levels of attacks of signatures. The modalities include not only traditional offline and online data, but also videos capturing hand movements. We collect a number of triple modal signatures to address the scarcity of public handwritten video datasets. Then, we extract hand joint sequences from videos and utilize them to analyze subtle multimodal consistency with the online modality. We provide extensive experiments for the consistency between online and offline signatures, as well as between online signatures and movement videos. The verification involves distance-based and classification-based fusion models, showing the most effective discriminative networks for attack detection and the superiority of consistency learning.
PubDate: MON, 07 APR 2025 09:17:46 -04
Issue No: Vol. 20, No. null (2025)
-
- Statistical Analysis of Non-Profiling Higher-Order Distinguishers Against
Inner Product Masking-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Qianmei Wu;Wei Cheng;Fan Zhang;Sylvain Guilley;
Pages: 4008 - 4023
Abstract: Inner Product Masking (IPM) is one representative masking scheme, which captivates by so-called Security Order Amplification (SOA) property. It is commonly recognized that SOA holds under linear leakages. In this paper, we revisit SOA from a non-profiling attack perspective. Specifically, we conduct statistical analyses on three non-profiling distinguishers, including Pearson Coefficient Distinguisher (PCD), Spearman Coefficient Distinguisher (SCD) and Kruskal-Wallis Distinguisher (KWD). We find a fundamental connection between SCD and KWD such that SCD is a more generic distinguisher which encompasses KWD. Theoretical explanations for why KWD outperforms SCD under non-linear leakages are provided. We also propose a new adjusted SCD and present its optimal form, which bridges the efficiency gap with KWD. Grounded on this, SOA is extensively assessed and the observations are two-fold. On the one hand, we confirm again the effectiveness of SOA under Hamming weight leakage through the statistical analysis of PCD. On the other hand, we show that SOA can not resist rank-based distinguishers even under linear leakages, which has never been revealed before (to the best of our knowledge). At last, we verify the theoretical findings through both simulated and real-world measurements. Our results demonstrate the advantage of rank-based distinguishers in uncovering non-linear relationships hidden in leakage, enriching the tool-set for non-profiling class of side-channel attacks. Remarkably, we provide an adversary perspective to investigate SOA, highlighting that the side-channel resistance promised by SOA is vulnerable even considering the ideal linear leakage models.
PubDate: MON, 07 APR 2025 09:17:46 -04
Issue No: Vol. 20, No. null (2025)
-
- Adaptive Security Response Strategies Through Conjectural Online Learning
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Kim Hammar;Tao Li;Rolf Stadler;Quanyan Zhu;
Pages: 4055 - 4070
Abstract: We study the problem of learning adaptive security response strategies for an IT infrastructure. We formulate the interaction between an attacker and a defender as a partially observed, non-stationary game. We relax the standard assumption that the game model is correctly specified and consider that each player has a probabilistic conjecture about the model, which may be misspecified in the sense that the true model has probability 0. This formulation allows us to capture uncertainty and misconception about the infrastructure and the intents of the players. To learn effective game strategies online, we design Conjectural Online Learning (COL), a novel method where a player iteratively adapts its conjecture using Bayesian learning and updates its strategy through rollout. We prove that the conjectures converge to best fits, and we provide a bound on the performance improvement that rollout enables with a conjectured model. To characterize the steady state of the game, we propose a variant of the Berk-Nash equilibrium. We present COL through an intrusion response use case. Testbed evaluations show that COL produces effective security strategies that adapt to a changing environment. We also find that COL enables faster convergence than current reinforcement learning techniques.
PubDate: TUE, 08 APR 2025 09:18:24 -04
Issue No: Vol. 20, No. null (2025)
-
- Enhancing Networked Control Systems Resilience Against DoS Attacks: A
Data-Driven Approach With Adaptive Sampled-Data and Compression-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Xiao Cai;Yanbin Sun;Xiangpeng Xie;Nan Wei;Kaibo Shi;Huaicheng Yan;Zhihong Tian;
Pages: 4100 - 4109
Abstract: This paper addresses the critical challenge of achieving asymptotic stability in networked control systems (NCSs) under denial-of-service (DoS) attacks, focusing on maintaining security and stability within bandwidth-constrained environments. First, we construct a practical attack model using the NSL-KDD dataset to provide a realistic representation of DoS attack dynamics, capturing key attributes such as attack duration and frequency. Then, an iterative shrinkage-thresholding algorithm (ISTA) is introduced to supervise the adaptive sampled-data controller (ADSC), dynamically optimizing the sampling period to enhance control performance while minimizing communication overhead. To further mitigate the impact of DoS attacks, we propose a novel data compression mechanism that adapts to varying network conditions, ensuring efficient bandwidth utilization and preserving critical control data fidelity. In addition, the stability of the NCSs is rigorously verified through Lyapunov-Krasovskii functions (LKFs), demonstrating robust system behavior even under adverse network conditions. Finally, the effectiveness and practicality of the proposed approach are validated through experimental studies on a 2-degree-of-freedom (2-DoF) helicopter system, confirming its capability to ensure stability, optimize communication efficiency, and mitigate the effects of DoS attacks in real-world scenarios.
PubDate: WED, 09 APR 2025 09:17:53 -04
Issue No: Vol. 20, No. null (2025)
-
- Charge Your Clients: Payable Secure Computation and Its Applications
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Cong Zhang;Liqiang Peng;Weiran Liu;Shuaishuai Li;Meng Hao;Lei Zhang;Dongdai Lin;
Pages: 4183 - 4195
Abstract: The online realm has witnessed a surge in the buying and selling of data, prompting the emergence of dedicated data marketplaces. These platforms cater to servers (sellers), enabling them to set prices for access to their data, and clients (buyers), who can subsequently purchase these data, thereby streamlining and facilitating such transactions. However, the current data market is primarily confronted with the following issues. Firstly, they fail to protect client privacy, presupposing that clients submit their queries in plaintext. Secondly, these models are susceptible to being impacted by malicious client behavior, for example, enabling clients to potentially engage in arbitrage activities. To address the aforementioned issues, we propose payable secure computation, a novel secure computation paradigm specifically designed for data pricing scenarios. It grants the server the ability to securely procure essential pricing information while protecting the privacy of client queries. Additionally, it fortifies the server’s privacy against potential malicious client activities. As specific applications, we have devised customized payable protocols for two distinct secure computation scenarios: Keyword Private Information Retrieval (KPIR) and Private Set Intersection (PSI). We implement our two payable protocols and compare them with the state-of-the-art related protocols that do not support pricing as a baseline. Since our payable protocols are more powerful in the data pricing setting, the experiment results show that they do not introduce much overhead over the baseline protocols. Our payable KPIR achieves the same online cost as baseline, while the setup is about $1.3-1.6\times $ slower than it. Our payable PSI needs about $2\times $ more communication cost than that of baseline protocol, while the runtime is $1.5-3.2\times $ slower than it depending on the network setting.
PubDate: WED, 09 APR 2025 09:17:53 -04
Issue No: Vol. 20, No. null (2025)
-
- LightGBM-Based Audio Watermarking Robust to Recapturing and Hybrid Attacks
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Zhaopin Su;Zhaofang Weng;Guofu Zhang;Chensi Lian;Niansong Wang;
Pages: 4212 - 4227
Abstract: Digital audio watermarking is a critical technology widely used for copyright protection, content authentication, and broadcast monitoring. However, its robustness is significantly challenged by recapturing and hybrid attacks, which can easily remove watermarks. To address this issue, this work proposes a novel scheme based on the light gradient boosting machine (LightGBM), named LRAW (LightGBM-based Robust Audio Watermarking), which is designed to increase the robustness of audio watermarking against various attacks. Specifically, the scheme begins by analysing coefficients derived from the discrete wavelet transform (DWT), graph-based transform (GBT), and singular value decomposition (SVD). The extracted singular values consistently maintain a stable descending order even under recapturing attacks at a slightly greater distance. Leveraging this stability, the watermark information is implicitly embedded into the audio signal using a quantization rule. To simulate a hybrid attack scenario, a comprehensive feature dataset comprising 396,000 pieces of DWT-GBT-SVD feature data is constructed based on 60 original recordings and 9 types of attack. Furthermore, considering the distinct influences of embedding watermark bits 0 and 1 on the quantization of singular values, the watermark extraction process is formulated as a binary classification problem. LightGBM is trained using Bayesian optimization and the feature dataset to classify the watermark bits accurately. Finally, the complete watermark is recovered using a watermark sequence matching algorithm. Theoretical analysis and experimental results demonstrate that the proposed LRAW scheme outperforms state-of-the-art watermarking methods in robustness against various recapturing and hybrid attacks, even when the distance between the acoustic source and the receiver is considerable.
PubDate: WED, 09 APR 2025 09:17:53 -04
Issue No: Vol. 20, No. null (2025)
-
- Robust Detection of Malicious Encrypted Traffic via Contrastive Learning
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Meng Shen;Jinhe Wu;Ke Ye;Ke Xu;Gang Xiong;Liehuang Zhu;
Pages: 4228 - 4242
Abstract: Traffic encryption is widely used to protect communication privacy but is increasingly exploited by attackers to conceal malicious activities. Existing malicious encrypted traffic detection methods rely on large amounts of labeled samples for training, limiting their ability to quickly respond to new attacks. These methods also are vulnerable to traffic obfuscation strategies, such as injecting dummy packets. In this paper, we propose SmartDetector, a robust malicious encrypted traffic detection method via contrastive learning. We first propose a novel traffic representation named Semantic Attribute Matrix (SAM), which can effectively distinguish between malicious and benign traffic. We also design a data augmentation method to generate diverse traffic samples, which makes the detection model more robust against different traffic obfuscation strategies. We propose a malicious encrypted traffic classifier that first pre-trains a model via contrastive learning to learn deep representations from unlabeled data, then fine-tunes the model with a supervised classifier to achieve accurate detection even with only a few labeled samples. We conduct extensive experiments with five public datasets to evaluate the performance of SmartDetector. The results demonstrate that it outperforms the state-of-the-art (SOTA) methods in three typical scenarios. Specifically, in the evasion attack detection scenario, SmartDetector achieves an F1 score and AUC above 93%, with average improvements of 19.84% and 18.17% over the SOTA method, respectively.
PubDate: TUE, 15 APR 2025 09:16:56 -04
Issue No: Vol. 20, No. null (2025)
-
- A Random-Binding-Based Bio-Hashing Template Protection Method for Palm
Vein Recognition-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Tianming Xie;Wenxiong Kang;
Pages: 4243 - 4255
Abstract: To mitigate the risk of data breaches, an increasing number of biometric recognition systems are introducing encryption biometric template protection methods and directly matching in the encrypted domain. Depending on the approach to key management, prevailing biometric template protection strategies can be categorized into declarative and distributive methods. The former are challenged by complexities and vulnerabilities linked to key loss, while the latter are compromised by fixed mapping rules that may expose personal information. We present a biometric template protection method that combines random-fixed factors to handle these challenges, thereby protecting the user’s biometric privacy. Firstly, we introduce a random activation factor generation module that extracts scaling and offset factors from the user’s biometric data. This module randomly binds factors to different positions in each authentication process, rendering distance-dependent bitwise cracking algorithms ineffective. Secondly, we propose a fixed multi-branch mapping module that enhances feature expression and minimizes information loss post-encryption. We also develop a trainable min-max hash method, optimized using an improved approximate contrastive loss. Employing palm veins as a case study, we conducted experiments across five datasets, where our method outperformed other encrypted domain methods and showed competitive advantages over mainstream non-encrypted methods. Moreover, we have demonstrated that our method ensures robust performance while meeting essential security requirements of irreversibility, unlinkability, and revocability.
PubDate: MON, 21 APR 2025 09:17:37 -04
Issue No: Vol. 20, No. null (2025)
-
- A Multi-Granularity Deep Signal Shrinkage Network for Noise-Robust
Specific Emitter Identification-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Guangjie Han;Weitao Wang;Zhengwei Xu;
Pages: 4256 - 4264
Abstract: Wireless network security is a significant issue in wireless communication systems. Specific emitter identification (SEI) technology, as an effective physical layer authentication method, has been extensively studied. Methods based on deep learning (DL) for SEI have emerged as the predominant approach, attributed to their end-to-end recognition framework and enhanced capability for feature extraction. However, the training of DL models relies on high-quality data, and the data collection in real-world scenarios is often in low signal-to-noise ratio (SNR) environments, leading to poor model training performance. This paper presents a novel solution, the Multi-Granularity Deep Signal Shrinkage Network (MGDSSN), for the challenging task of SEI in low SNR environments. To this end, the proposed MGDSSN incorporates soft thresholding processing and employs subnetworks for adaptive thresholding, effectively eliminating noise-related features and achieving robust SEI in low SNR environments. Additionally, MGDSSN incorporates a multi-granularity deep signal network architecture that improves the recognition accuracy and stability of the model. This is achieved by capturing the interrelated attributes of in-phase/quadrature-phase (I/Q) signals and features at multiple levels of granularity. Experiments conducted with real-world dataset reveal that the proposed MGDSSN surpasses the current state-of-the-art SEI methods in low SNR environments, demonstrating robust SEI and verifying the superiority of the proposed method.
PubDate: TUE, 15 APR 2025 09:16:56 -04
Issue No: Vol. 20, No. null (2025)
-
- What Makes a Good Exchange' Privacy-Preserving and Fair Contract
Agreement in Data Trading-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Xinyu He;Yuan Zhang;Yaqing Song;Weidong Qiu;Hongwei Li;Qiang Tang;
Pages: 4265 - 4279
Abstract: Exchange-assisted data trading (EADT) has become an essential paradigm in current data marketplaces. With data exchanges, sellers and buyers can trade data in an efficient and convenient way. However, existing EADT systems are vulnerable to privacy violations. Sensitive information about the data owned by sellers (manifested as attributes of the data) and the purchasing requirements of buyers (manifested as interests) are highly susceptible to leakage. On the one hand, buyers and sellers have direct access to the type of data supplied or desired before the data transaction is established. On the other hand, the information about transactions between the seller and buyer is transparent to the exchange, including the content of the transaction contract. In addition, the participants are likely to repudiate the content of previously accepted contracts or trigger a bidding war by contract first authorized by others, which raises threats towards authenticity and fairness. In this paper, we investigate the contract agreement in actual EADT systems, enumerate the inherent requirements of secrecy and fairness, and formally define them. Then we propose a privacy-preserving and fair contract agreement framework, dubbed PFCA, which consists of order-matching, negotiation, and authorization. We further propose a practical instantiation of PFCA, dubbed BestPFCA, utilizing efficient private set intersection (PSI), secure messaging (SM), and three-party signature (TPS). In addition, we also implement a BestPFCA prototype and conduct a comprehensive performance evaluation, which demonstrates the efficiency and practicality of BestPFCA.
PubDate: MON, 07 APR 2025 09:17:46 -04
Issue No: Vol. 20, No. null (2025)
-
- RaSA: Robust and Adaptive Secure Aggregation for Edge-Assisted
Hierarchical Federated Learning-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Lingling Wang;Mei Huang;Zhengyin Zhang;Meng Li;Jingjing Wang;Keke Gai;
Pages: 4280 - 4295
Abstract: Secure Aggregation (SA), in the Federated Learning (FL) setting, enables distributed clients to collaboratively learn a shared global model while keeping their raw data and local gradients private. However, when SA is implemented in edge-intelligence-driven FL, the open and heterogeneous environments will hinder model aggregation, slow down model convergence speed, and decrease model generalization ability. To address these issues, we present a Robust and adaptive Secure Aggregation (RaSA) protocol to guarantee robustness and privacy in the presence of non-IID data, heterogeneous system, and malicious edge servers. Specifically, we first design an adaptive weights updating strategy to address the non-IID data issue by considering the impact of both gradient similarity and gradient diversity on the model aggregation. Meanwhile, we enhance privacy protection by preventing privacy leakage from both gradients and aggregation weights. Different from previous work, we address system heterogeneity in the case of malicious attacks, and the malicious behavior from edge servers can be detected by the proposed verifiable approach. Moreover, we eliminate the influence of straggling communication links and dropouts on the model convergence by combining efficient product-coded computing with repetition-based secret sharing. Finally, we perform a theoretical analysis that proves the security of RaSA. Extensive experimental results show that RaSA can ensure model convergence without affecting the generalization ability under non-IID scenarios. Moreover, the decoding efficiency of RaSA achieves $1.33\times $ and $6.4\times $ faster than the state-of-the-art product-coded and one-dimensional coded computing schemes.
PubDate: WED, 09 APR 2025 09:17:53 -04
Issue No: Vol. 20, No. null (2025)
-
- Looking Clearer With Text: A Hierarchical Context Blending Network for
Occluded Person Re-Identification-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Changshuo Wang;Xingyu Gao;Meiqing Wu;Siew-Kei Lam;Shuting He;Prayag Tiwari;
Pages: 4296 - 4307
Abstract: Existing occluded person re-identification (re-ID) methods mainly learn limited visual information for occluded pedestrians from images. However, textual information, which can describe various human appearance attributes, is rarely fully utilized in the task. To address this issue, we propose a Text-guided Hierarchical Context Blending Network (THCB-Net) for occluded person re-ID. Specifically, at the data level, informative multi-modal inputs are first generated to make full use of the auxiliary role of textual information and make image data have a strong inductive bias for occluded environments. At the feature expression level, we design a novel Hierarchical Context Blending (HCB) module that can adaptively integrate shallow appearance features obtained by CNNs and multi-scale semantic features from visual transformer encoder. At the model optimization level, a Multi-modal Feature Interaction (MFI) module is proposed to learn the multi-modal information of pedestrians from texts and images, then guide the visual transformer encoder and HCB module to further learn discriminative identity information for occluded pedestrians through Image-Multimodal Contrastive (IMC) learning. Extensive experiments on standard occluded person re-ID benchmarks demonstrate that the proposed THCB-Net outperforms state-of-the-art methods. The code will be available soon.
PubDate: MON, 07 APR 2025 09:17:46 -04
Issue No: Vol. 20, No. null (2025)
-
- Hierarchical Cross-Modal Image Generation for Multimodal Biometric
Recognition With Missing Modality-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Zaiyu Pan;Shuangtian Jiang;Xiao Yang;Hai Yuan;Jun Wang;
Pages: 4308 - 4321
Abstract: Multimodal biometric recognition has shown great potential in identity authentication tasks and has attracted increasing interest recently. Currently, most existing multimodal biometric recognition algorithms require test samples with complete multimodal data. However, it often encounters the problem of missing modality data and thus suffers severe performance degradation in practical scenarios. To this end, we proposed a hierarchical cross-modal image generation for palmprint and palmvein based multimodal biometric recognition with missing modality. First, a hierarchical cross-modal image generation model is designed to achieve the pixel alignment of different modalities and reconstruct the image information of missing modality. Specifically, a cross-modal texture transfer network is utilized to implement the texture style transformation between different modalities, and then a cross-modal structure generation network is proposed to establish the correlation mapping of structural information between different modalities. Second, multimodal dynamic sparse feature fusion model is presented to obtain more discriminative and reliable representations, which can also enhance the robustness of our proposed model to dynamic changes in image quality of different modalities. The proposed model is evaluated on three multimodal biometric benchmark datasets, and experimental results demonstrate that our proposed model outperforms recent mainstream incomplete multimodal learning models.
PubDate: THU, 10 APR 2025 09:17:33 -04
Issue No: Vol. 20, No. null (2025)
-
- Towards Unsupervised Time-Series Anomaly Detection for Virtual Cloud
Networks-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Zixuan Ma;Chen Li;Kun Zhang;Bibo Tu;
Pages: 4322 - 4337
Abstract: Virtual cloud network (VCN) is a fundamental cloud resource for endpoints (VMs or containers) to communicate with each other and with the outside. Anomaly detection, a key security approach for VCNs, faces serious challenges: 1) Current feature models are difficult to apply to VCNs with significant differences from traditional networks. 2) Current anomaly detection models lack the adaptability to learn multiple normal patterns simultaneously. The need to train a dedicated model for each endpoint causes serious scalability problems in VCNs. 3) Current anomaly detection models have difficulty addressing the complex temporal dependency and non-stationarity of VCNs. To address these challenges, we propose a new multilevel feature model MFM and a new unsupervised time-series anomaly detection model GTGmVAE. By combining the basic features with the topology features specifically designed for VCNs, MFM effectively characterizes the patterns of VCNs. GTGmVAE combines the new local-global feature extractor with the latent space following a Gaussian mixture distribution to achieve the strong adaptability to learn multiple normal patterns simultaneously, and achieves the strong temporal modeling capability to effectively address the complex temporal dependency and non-stationarity of VCNs by adequately modeling the global temporal dependencies of the input samples and latent variables. Extensive experiments on the VCN anomaly detection dataset CIC-IDS2018 and the time-series anomaly detection benchmark dataset SMD show that GTGmVAE with MFM achieves the desirable performance, and GTGmVAE outperforms all nine representative state-of-the-art detection models.
PubDate: WED, 16 APR 2025 09:17:04 -04
Issue No: Vol. 20, No. null (2025)
-
- Gupacker: Generalized Unpacking Framework for Android Malware
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Tao Zheng;Qiyu Hou;Xingshu Chen;Hao Ren;Meng Li;Hongwei Li;Changxiang Shen;
Pages: 4338 - 4352
Abstract: Android malware authors often use packers to evade analysis. Although many unpacking tools have been proposed, they face two significant challenges: 1) They are easily impeded by anti-analysis techniques employed by packers, preventing efficient collection of hidden Dex data. 2) They are typically designed to unpack a specific packer and cannot handle malware packed with mixed packers. Consequently, many packed malware samples evade detection. To bridge this gap, we propose $\textsf {Gupacker}$ , a novel generalized unpacking framework. $\textsf {Gupacker}$ offers a generic solution for first-generation holistic packer by customizing the Android system source code. It identifies the type of packer and selects an appropriate unpacking function, constructs a deeper active call chain to achieve generic unpacking of second-generation function extraction packers, and uses JNI function and instruction monitoring to handle third-generation virtual obfuscation packer. On this basis, we counteract a diverse array of anti-analysis techniques. We conduct extensive experiments on 5K packed Android malware samples, comparing $\textsf {Gupacker}$ with 2 commercial and 4 state-of-the-art academic unpacking tools. The results demonstrate that $\textsf {Gupacker}$ significantly improves the efficiency of Android malware unpacking with acceptable system overhead. We analyze real packed applications based on $\textsf {Gupacker}$ and found several are second-packed by attackers, including WPS for Android, with tens of millions of users. We receive and responsibly report 13 0day vulnerabilities and also assist in the remediation of all vulnerabilities.
PubDate: MON, 07 APR 2025 09:17:46 -04
Issue No: Vol. 20, No. null (2025)
-
- Invariant Correlation of Representation With Label
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Gaojie Jin;Ronghui Mu;Xinping Yi;Xiaowei Huang;Lijun Zhang;
Pages: 4369 - 4381
Abstract: The Invariant Risk Minimization (IRM) approach aims to address the security challenge of out-of-distribution robustness (domain generalization) by training a feature representation that remains invariant across multiple environments. However, in noisy environments, noise can distort invariant features, leading to different environment-specific losses. Current IRM-related methods such as IRMv1 and VREx underperform in these settings because they enforce uniform losses across environments. While environmental noise causes environment-specific losses, it does not alter the fundamental correlation between invariant representations and labels. Based on this observation, we propose ICorr (Invariant Correlation), which leverages this correlation to extract invariant representations in noisy settings. Unlike existing approaches, ICorr accommodates different environment-specific inherent losses while maintaining a necessary condition for identifying IRM classifiers. We present a detailed case study demonstrating why previous methods may lose ground while ICorr can succeed. Through a theoretical lens, particularly from a causality perspective, we illustrate that the invariant correlation of representation with label is a necessary condition for the optimal invariant predictor in noisy environments, where as the optimization motivations for other methods may not be. Furthermore, we empirically demonstrate the effectiveness of ICorr by comparing it with other domain generalization methods on various noisy datasets.
PubDate: THU, 17 APR 2025 09:17:23 -04
Issue No: Vol. 20, No. null (2025)
-
- Privacy-Preserving Statistical Analysis With Low Redundancy Over
Task-Relevant Microdata-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Jingcheng Zhao;Kaiping Xue;Yingjie Xue;Meng Li;Bin Zhu;Shaoxian Yuan;
Pages: 4382 - 4395
Abstract: Privacy-preserving statistical analysis enables the data center to analyze datasets from multiple data owners, extracting valuable insights while safeguarding privacy. However, the observation of microdata involvement in various analysis tasks within the data center can indirectly lead to privacy breaches. For instance, when the data center observes microdata involved in a disease-related task, it may reveal information about the corresponding user’s disease. Existing schemes process the entire dataset for each analysis task to prevent privacy breaches, resulting in significant redundancy overhead due to the large amount of task-irrelevant data involved in processing. In this paper, we propose FDC, which can protect privacy and effectively reduce the redundancy overhead. It frees the data center from huge redundancy overhead. Specifically, we propose a co-design of local differential privacy and multiparty computation with preprocessing by the data owner. This design enables the data center to process only task-relevant and LDP noise-induced microdata instead of the entire dataset while maintaining analysis results without accuracy loss. In some scenarios where preprocessing by the data owner is unfeasible, we present a data center-assisted method to complete preprocessing within the data center. Additionally, we design and optimize a secure shuffle protocol within this method. Finally, we implement and evaluate FDC using the aggregation task as a baseline. With different proportions of task-relevant microdata, experimental results show that the runtime of FDC is $2\sim 11$ x faster than existing schemes on LAN and $2\sim 22$ x on WAN, and the communication overhead is up to $3\sim 153$ x lower.
PubDate: TUE, 08 APR 2025 09:18:24 -04
Issue No: Vol. 20, No. null (2025)
-
- Revisiting Location Privacy in MEC-Enabled Computation Offloading
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Jingyi Li;Wenzhong Ou;Bei Ouyang;Shengyuan Ye;Liekang Zeng;Lin Chen;Xu Chen;
Pages: 4396 - 4407
Abstract: Mobile Edge Computing (MEC) revolutionizes real-time applications by extending cloud capabilities to network edges, enabling efficient computation offloading from mobile devices. In recent years, the location privacy concern within MEC offloading has been recognized, prompting the proposal of various methodologies to mitigate this concern. However, this paper demonstrates that the prevailing privacy protection methods exhibit vulnerabilities. First, we analyze the shortcomings of current methodologies through both system modeling and evaluation metrics. Then, we introduce a Learning-based Trajectory Reconstruction Attack (LTRA) to expose the weaknesses, achieving up to 91.2% reconstruction accuracy against the state-of-the-art protection method. Further, based on w-event differential privacy, we propose an $\ell $ -trajectory differentially private mechanism, i.e., OffloadingBD. Compared to the existing works, OffloadingBD provides more flexible and enhanced protection with sound privacy theoretical guarantee. Lastly, we conduct extensive experiments to evaluate LTRA and OffloadingBD. The experiment results show that LTRA has good generalization ability and OffloadingBD showcases a superior balance between privacy and utility compared with baselines.
PubDate: THU, 10 APR 2025 09:17:33 -04
Issue No: Vol. 20, No. null (2025)
-
- Three-in-One: Robust Enhanced Universal Transferable Anti-Facial Retrieval
in Online Social Networks-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Yunna Lv;Long Tang;Dengpan Ye;Caiyun Xie;Jiacheng Deng;Yiheng He;Sipeng Shen;
Pages: 4408 - 4421
Abstract: Deep hash-based retrieval techniques are widely used in facial retrieval systems to improve the efficiency of facial matching. However, it also carries the danger of exposing private information. Deep hash models are easily influenced by adversarial examples, which can be leveraged to protect private images from malicious retrieval. The existing adversarial example methods against deep hash models focus on universality and transferability, lacking the research on its robustness in online social networks (OSNs), which leads to their failure in anti-retrieval after post-processing. Therefore, we provide the first in-depth discussion on robustness in universal transferable anti-facial retrieval and propose Three-in-One Adversarial Perturbation (TOAP). Specifically, we construct a local and global Compression Generator (CG) to simulate complex post-processing scenarios, which can be used to mitigate perturbation. Then, we propose robust optimization objectives based on the discovery of the variation patterns of model’s distribution after post-processing, and generate adversarial examples using these objectives and meta-learning. Finally, we iteratively optimize perturbation by alternately generating adversarial examples and fine-tuning the CG, balancing the performance of perturbation while enhancing CG’s ability to mitigate them. Numerous experiments demonstrate that, in addition to its advantages in universality and transferability, TOAP significantly outperforms current state-of-the-art methods in multiple robustness metrics. It further improves universality and transferability by 5% to 28%, and achieves up to about 33% significant improvement in several simulated post-processing scenarios as well as mainstream OSNs, demonstrating that TOAP can effectively protect private images from malicious retrieval in real-world scenarios.
PubDate: THU, 03 APR 2025 09:17:17 -04
Issue No: Vol. 20, No. null (2025)
-
- Image Provenance Analysis via Graph Encoding With Vision Transformer
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Keyang Zhang;Chenqi Kong;Shiqi Wang;Anderson Rocha;Haoliang Li;
Pages: 4422 - 4437
Abstract: Recent advances in AI-powered image editing tools have significantly lowered the barrier to image modification, raising pressing security concerns those related to spreading misinformation and disinformation on social platforms. Image provenance analysis is crucial in this context, as it identifies relevant images within a database and constructs a relationship graph by mining hidden manipulation and transformation cues, thereby providing concrete evidence chains. This paper introduces a novel end-to-end deep learning framework designed to explore the structural information of provenance graphs. Our proposed method distinguishes from previous approaches in two main ways. First, unlike earlier methods that rely on prior knowledge and have limited generalizability, our framework relies upon a patch attention mechanism to capture image provenance clues for local manipulations and global transformations, thereby enhancing graph construction performance. Second, while previous methods primarily focus on identifying tampering traces only between image pairs, they often overlook the hidden information embedded in the topology of the provenance graph. Our approach aligns the model training objectives with the final graph construction task, incorporating the overall structural information of the graph into the training process. We integrate graph structure information with the attention mechanism, enabling precise determination of the direction of transformation. Experimental results show the superiority of the proposed method over previous approaches, underscoring its effectiveness in addressing the challenges of image provenance analysis.
PubDate: FRI, 18 APR 2025 09:17:23 -04
Issue No: Vol. 20, No. null (2025)
-
- From Static Dense to Dynamic Sparse: Vision-Radar Fusion-Based UAV
Detection-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Yiyao Wan;Jiahuan Ji;Fuhui Zhou;Qihui Wu;Tony Q. S. Quek;
Pages: 4454 - 4468
Abstract: Precise uncrewed aerial vehicle (UAV) detection over long distances is of crucial importance for guaranteeing the airspace security. Although deep learning-based vision detectors have been developed, they still rely on a large amount of hand-crafted fixed feature priors. The existing static dense-based detectors suffer from the severe mismatch and imbalance between the small size and the high mobility of UAVs. To solve the problem, a novel multimodal fusion-based dynamic sparse UAV detection framework is proposed. The framework reformulates the feature priors in a completely dynamic sparse paradigm by using the radar data. Based on the framework, a vision-radar fusion-based dynamic sparse network (Vira-DSNet) is proposed for more balanced and robust UAV detection. The Vira-DSNet exploits our designed dynamic sparse candidate generator and radar-guided semantic feature transform to generate a small set of customized high-quality object candidates and semantic features based on the radar data. Moreover, based on Hungarian bisection matching, our Vira-DSNet eliminates the post-processing and is completely end-to-end differentiable. Furthermore, the Vira-DSNet is deployed in our developed actual vision-radar fusion-based UAV detection system to evaluate the performance in the practical applications. Experimental results demonstrate that our Vira-DSNet achieves an average precision $\rm {AP_{50}}$ of 88.2%. It is also shown that the average recall $\rm {AR_{1}}$ of Vira-DSNet is higher than the state-of-the-art scheme by 10.1%, while maintaining the real-time performance.
PubDate: MON, 14 APR 2025 09:17:30 -04
Issue No: Vol. 20, No. null (2025)
-
- TrapNet: Model Inversion Defense via Trapdoor
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Wanlun Ma;Derui Wang;Yiliao Song;Minhui Xue;Sheng Wen;Zhengdao Li;Yang Xiang;
Pages: 4469 - 4483
Abstract: Model inversion (MI) attacks, for which effective defense strategies are still lacking, pose significant risks to privacy by reconstructing private training data through access to well-trained classifiers. Addressing this concern, this study introduces TrapNet, designed to defend against advanced MI attacks while maintaining good model utility. TrapNet intentionally injects trapdoors into the classification manifold of the protected target model. In this way, TrapNet can effectively mislead MI attack optimization. Specifically, TrapNet leverages a conditional GAN (cGAN) trained on the private dataset to generate diverse and realistic trapdoor samples. In addition, we propose a graph-matching self-obfuscation strategy and an entropy regularization technique to optimize trapdoor injection while preserving model utility. Compared to the existing defense, TrapNet can provide universal protection to all target classes without access to any auxiliary public data. Extensive experiments on CelebA, VGG-Face, and VGG-Face2 datasets demonstrate TrapNet’s superior performance over existing defenses, including the most advanced NetGuard and BiDO, against state-of-the-art model inversion attacks, i.e., PLG-MI, LOMMA, and Plug&Play.
PubDate: MON, 14 APR 2025 09:17:30 -04
Issue No: Vol. 20, No. null (2025)
-
- SoFi: Spoofing OS Fingerprints Against Network Reconnaissance
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Xu Han;Haocong Li;Wei Wang;Haining Wang;Xiaobo Ma;Shouling Ji;Qiang Li;
Pages: 4484 - 4497
Abstract: Fingerprinting is a network reconnaissance technique utilized for gathering information about online computing systems, including operation systems and applications. Unfortunately, attackers typically leverage fingerprinting techniques to locate, enumerate, and subsequently target vulnerable systems, which is the first primary stage of a cyber attack. In this work, we explore the susceptibility of machine learning (ML)-based classifiers to misclassification, where a slight perturbation in the packet is included to spoof OS fingerprints. We propose SoFi (Spoof OS Fingerprints), an adversarial example generation algorithm under TCP/IP specification constraints, to create effective perturbations in a packet for deceiving an OS fingerprint. Specifically, SoFi has three major technical innovations: (1) it is the first to utilize adversarial examples to automatically perturb fingerprinting techniques; (2) it complies with constraints and integrity of network packets; (3) it achieves a high success rate in spoofing OS fingerprints. We validate the effectiveness of adversarial packets against active and passive OS fingerprints, verifying the transferability and robustness of SoFi. Comprehensive experimental results demonstrate that SoFi automatically identifies applicable and available OS fingerprint features, unlike existing tools relying on expert knowledge.
PubDate: FRI, 18 APR 2025 09:17:23 -04
Issue No: Vol. 20, No. null (2025)
-
- DC-SGD: Differentially Private SGD With Dynamic Clipping Through Gradient
Norm Distribution Estimation-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Chengkun Wei;Weixian Li;Chen Gong;Wenzhi Chen;
Pages: 4498 - 4511
Abstract: Differentially Private Stochastic Gradient Descent (DP-SGD) is a widely adopted technique for privacy-preserving deep learning. A critical challenge in DP-SGD is selecting the optimal clipping threshold C, which involves balancing the trade-off between clipping bias and noise magnitude, incurring substantial privacy and computing overhead during hyperparameter tuning. In this paper, we propose Dynamic Clipping DP-SGD (DC-SGD), a framework that leverages differentially private histograms to estimate gradient norm distributions and dynamically adjust the clipping threshold C. Our framework includes two novel mechanisms: DC-SGD-P and DC-SGD-E. DC-SGD-P adjusts the clipping threshold based on a percentile of gradient norms, while DC-SGD-E minimizes the expected squared error of gradients to optimize C. These dynamic adjustments significantly reduce the burden of hyperparameter tuning C. The extensive experiments on various deep learning tasks, including image classification and natural language processing, show that our proposed dynamic algorithms achieve up to 9 times acceleration on hyperparameter tuning than DP-SGD. And DC-SGD-E can achieve an accuracy improvement of 10.62% on CIFAR10 than DP-SGD under the same privacy budget of hyperparameter tuning. We conduct rigorous theoretical privacy and convergence analyses, showing that our methods seamlessly integrate with the Adam optimizer. Our results highlight the robust performance and efficiency of DC-SGD, offering a practical solution for differentially private deep learning with reduced computational overhead and enhanced privacy guarantees.
PubDate: FRI, 18 APR 2025 09:17:23 -04
Issue No: Vol. 20, No. null (2025)
-
- Extracting Private Training Data in Federated Learning From Clients
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Jiaheng Wei;Yanjun Zhang;Leo Yu Zhang;Chao Chen;Shirui Pan;Kok-Leong Ong;Jun Zhang;Yang Xiang;
Pages: 4525 - 4540
Abstract: The utilization of machine learning algorithms in distributed web applications is experiencing significant growth. One notable approach is Federated Learning (FL) Recent research has brought attention to the vulnerability of FL to gradient inversion attacks, which seek to reconstruct the original training samples, posing a substantial threat to client privacy. Most existing gradient inversion attacks, however, require control over the central server and rely on substantial prior knowledge, including information about batch normalization and data distribution. In this study, we introduce Poisoning Gradient Leakage from Client (PGLC), a novel attack method that operates from the clients’ side. For the first time, we demonstrate the feasibility of a client-side adversary with limited knowledge successfully recovering training samples from the aggregated global model. Our approach enables the adversary to employ a malicious model that increases the loss of a specific targeted class of interest. When honest clients employ the poisoned global model, the gradients of samples become distinct in the aggregated update. This allows the adversary to effectively reconstruct private inputs from other clients using the aggregated update. Furthermore, our PGLC attack exhibits stealthiness against Byzantine-robust aggregation rules (AGRs). Through the optimization of malicious updates and the blending of benign updates with a malicious replacement vector, our method remains undetected by these defense mechanisms. We conducted experiments across various benchmark datasets, considering representative Byzantine-robust AGRs and exploring different FL settings with varying levels of adversary knowledge about the data. Our results consistently demonstrate the ability of PGLC to extract training data in all tested scenarios.
PubDate: TUE, 08 APR 2025 09:18:24 -04
Issue No: Vol. 20, No. null (2025)
-
- Stealthy Attacks With Historical Data on Distributed State Estimation
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Jitao Xing;Dan Ye;Pengyu Li;
Pages: 4541 - 4550
Abstract: This paper addresses the problem of designing stealthy attacks on distributed estimation using historical data. The distributed sensors transmit innovations to remote state estimators and neighboring nodes, which attackers can intercept and tamper with. To bypass the configured false data detectors, the attack parameters must satisfy the stealthiness constraints. The determination of the optimal stealthy attack strategy is reformulated as a series of convex optimization problems. Additionally, a lower bound on the compromised estimation error covariance is derived, and analytical solutions for the suboptimal stealthy attack strategy that maximizes the bound are provided. These solutions are proven to be piecewise constant with smaller computational complexity. Finally, numerical simulations validate the theoretical results.
PubDate: THU, 24 APR 2025 09:17:01 -04
Issue No: Vol. 20, No. null (2025)
-
- FHECAP: An Encrypted Control System With Piecewise Continuous Actuation
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Song Bian;Yunhao Fu;Dong Zhao;Haowen Pan;Yuexiang Jin;Jiayue Sun;Hui Qiao;Zhenyu Guan;
Pages: 4551 - 4566
Abstract: We propose an encrypted controller framework for linear time-invariant systems with actuator non-linearity based on fully homomorphic encryption (FHE). While some existing works explore the use of partially homomorphic encryption (PHE) in implementing linear controller systems, the impacts of the non-linear behaviors of the actuators on the systems are often left unconcerned. In particular, when the inputs to the controller become too small or too large, actuators may burn out due to unstable system state oscillations. To solve this dilemma, we design and implement FHECAP, an FHE-based controller framework that can homomorphically apply non-linear functions to the actuators to rectify the system inputs. In FHECAP, we first design a novel data encoding scheme tailored for efficient gain matrix evaluation. Then, we propose a high-precision homomorphic algorithm to apply non-arithmetic piecewise function to realize the actuator normalization. In the experiments, compared with the existing state-of-the-art encrypted controllers, FHECAP achieves $4\times $ – $1000\times $ reduction in computational latency. We evaluate the effectiveness of FHECAP in the real-world application of encrypted control for spacecraft rendezvous. The simulation results show that the FHECAP achieves real-time spacecraft rendezvous with negligible accuracy loss.
PubDate: MON, 07 APR 2025 09:17:46 -04
Issue No: Vol. 20, No. null (2025)
-
- Structurally-Encrypted Databases Combined With Filters: Enhanced Security
and Rich Queries-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Feng Liu;Jinjiang Yang;Jingcheng Zhao;Yingjie Xue;Kaiping Xue;
Pages: 4567 - 4580
Abstract: Building encrypted databases has been a long-standing challenge in the field of database security. In recent years, Structured Encryption (STE) has emerged as a promising approach to constructing encrypted databases, striking a balance between security and efficiency. Although existing STE-based encrypted database systems achieve high efficiency in query processing, all these schemes struggle to support rich queries with minimal information leakage. In this paper, we present a new STE-based encrypted database system, named Filter-integrated Encrypted Database (FinEDB), which supports exact-match and range queries, conjunctive queries and join operations, while maintaining limited information leakage. We first design a novel secure inverted index to avoid storage overhead blow-up when extending to support rich query capabilities. Then, we integrate Binary Fuse filters into our proposed inverted index to enable efficient query processing. By leveraging the homomorphic property of Binary Fuse filters, our approach leaks less information than existing STE-based solutions. Besides, we provide rigorous proof for our proposed scheme under the simulation paradigm. To evaluate the performance, we implement the prototype of FinEDB and compare it with the baseline STE-based scheme. Experiment results demonstrate that FinEDB is practical and can support rich queries on real-world databases.
PubDate: WED, 16 APR 2025 09:17:04 -04
Issue No: Vol. 20, No. null (2025)
-
- GIFDL: Generated Image Fluctuation Distortion Learning for Enhancing
Steganographic Security-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Xiangkun Wang;Kejiang Chen;Yuang Qi;Ruiheng Liu;Weiming Zhang;Nenghai Yu;
Pages: 4581 - 4594
Abstract: Minimum distortion steganography is currently the mainstream method for modification-based steganography. A key issue in this method is how to define steganographic distortion. With the rapid development of deep learning technology, the definition of distortion has evolved from manual design to deep learning design. Concurrently, rapid advancements in image generation have made generated images viable as cover media. However, existing distortion design methods based on machine learning do not fully leverage the advantages of generated cover media, resulting in suboptimal security performance. To address this issue, we propose GIFDL (Generated Image Fluctuation Distortion Learning), a steganographic distortion learning method based on the fluctuations in generated images. Inspired by the idea of natural steganography, we take a series of highly similar fluctuation images as the input to the steganographic distortion generator and introduce a new GAN training strategy to disguise stego images as fluctuation images. Experimental results demonstrate that GIFDL, compared with state-of-the-art GAN-based distortion learning methods, exhibits superior resistance to steganalysis, increasing the detection error rates by an average of 3.30% across three steganalysis.
PubDate: WED, 23 APR 2025 09:17:31 -04
Issue No: Vol. 20, No. null (2025)
-
- Improving Transferable Targeted Adversarial Attack via Normalized Logit
Calibration and Truncated Feature Mixing-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Juanjuan Weng;Zhiming Luo;Shaozi Li;
Pages: 4595 - 4609
Abstract: This paper aims to enhance the transferability of adversarial samples in targeted attacks, where attack success rates remain comparatively low. To achieve this objective, we propose two distinct techniques for improving the targeted transferability from the loss and feature aspects. First, in previous approaches, logit calibrations used in targeted attacks primarily focus on the logit margin between the targeted class and the untargeted classes among samples, neglecting the standard deviation of the logit. In contrast, we introduce a new normalized logit calibration method that jointly considers the logit margin and the standard deviation of logits. This approach effectively calibrates the logits, enhancing the targeted transferability. Second, previous studies have demonstrated that mixing the features of clean samples during optimization can significantly increase transferability. Building upon this, we further investigate a truncated feature mixing method to reduce the impact of the source training model, resulting in additional improvements. The truncated feature is determined by removing the Rank-1 feature associated with the largest singular value decomposed from the high-level convolutional layers of the clean sample. Extensive experiments conducted on the ImageNet-Compatible, CIFAR-10 and ImageNet-1k datasets demonstrate the individual and mutual benefits of our proposed two components, which outperform the state-of-the-art methods by a large margin in black-box targeted attacks.
PubDate: WED, 23 APR 2025 09:17:31 -04
Issue No: Vol. 20, No. null (2025)
-
- Flexible Secure Biometrics: A Protected Modality-Invariant Face-Periocular
Recognition System-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Tiong-Sik Ng;Jihyeon Kim;Andrew Beng Jin Teoh;
Pages: 4610 - 4621
Abstract: This paper introduces Flexible Secure Biometrics (FSB), a novel learning framework that protects biometric templates across face-periocular modalities in intra- and cross-modality recognition tasks. The increasing flexibility of biometric recognition systems, which can match multiple template modalities, also escalates the security risks of tampering and misuse. To address these challenges, we propose the FSB-HashNet architecture, which integrates two key components: a periocular-face feature extractor and an adversarial hash generator. The feature extractor identifies and emphasizes shared prominent features between periocular and face modalities, creating modality-invariant representations. Meanwhile, the adversarial network simultaneously generates secure hash codes and ensures alignment across different modalities, preserving modality-invariant characteristics. The FSB-HashNet employs a two-factor protection mechanism using a subject’s biometric data and a user-specific key, resulting in robust, protected hash codes that offer image-level security without compromising recognition performance. Our comprehensive experiments on diverse, in-the-wild datasets under open-set conditions demonstrate the framework’s ability to maintain key security properties—unlinkability, revocability, and non-invertibility while preserving decent recognition accuracy. Codes are publicly available at https://github.com/tiongsikng/fsb_hashnet
PubDate: THU, 10 APR 2025 09:17:33 -04
Issue No: Vol. 20, No. null (2025)
-
- Throughput Improvement for RIS-Empowered Wireless Powered Anti-Jamming
Communication Networks (WPAJCN)-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Zheng Chu;David Chieng;Chiew Foong Kwong;Huan Jin;Zhengyu Zhu;Chongwen Huang;Chau Yuen;
Pages: 4622 - 4637
Abstract: In this paper, we propose a reconfigurable intelligent surface (RIS)-aided wireless powered anti-jamming communication network (WPAJCN), where the RIS is utilized to participate in downlink wireless power transfer (WPT), as well as uplink anti-jamming wireless information transfer (AJ-WIT). To evaluate the network anti-jamming performance, we maximize a sum anti-jamming throughput, with the constraints of downlink WPT and uplink AJ-WIT time scheduling, and unit-modulus RIS phase shifts. The formulated problem is not convex in terms of these two types of coupled variables, which cannot be directly solved. To address this problem, the Lagrange dual method and Karush-Kuhn-Tucker conditions are presented to transform its sum-of-logarithmic objective function into the logarithmically fractional counterpart, which reformulate the original problem into that with respect to RIS phase shift vectors and WPT time scheduling. Next, we propose to apply the Dinkelback algorithm to solve a non-linear fractional programming with respect to the downlink WPT and uplink AJ-WIT RIS phase shifts in an alternating fashion, each of which is derived into a semi-closed solution by utilizing the Riemannian Manifold Optimization (RMO). In addition, the optimal WPT time scheduling is obtained by numerical search. Finally, the numerical results are demonstrated to confirm the improved performance of the proposed approach compared to the benchmark counterparts, which highlights the that RIS can effectively enhance the uplink anti-jamming WIT capability as well as the downlink WPT efficiency.
PubDate: WED, 23 APR 2025 09:17:32 -04
Issue No: Vol. 20, No. null (2025)
-
- Unlocking Generative Priors: A New Membership Inference Framework for
Diffusion Models-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Xiaomeng Fu;Xi Wang;Qiao Li;Jin Liu;Jiao Dai;Jizhong Han;Xingyu Gao;
Pages: 4638 - 4650
Abstract: Diffusion models pose risks of privacy breaches and copyright disputes, primarily stemming from the potential utilization of unauthorized data during the training phase. Membership inference is aimed to determine whether a specific sample has been used in the training process of a target model, representing a critical tool for privacy violation verification. However, the increased model complexity and stochasticity inherent in diffusion renders traditional shadow-model-based or metric-based methods ineffective when applied to diffusion models. Moreover, existing methods only yield binary classification labels which lack necessary comprehensibility in practical applications. In this paper, we explore a novel perspective for membership inference by leveraging the intrinsic generative priors within the diffusion model. Compared with unseen samples, training samples exhibit stronger generative priors within the diffusion model, enabling the successful reconstruction of substantially degraded training images. Consequently, we propose the Degrade Restore Compare (DRC) framework. In this framework, an image undergoes sequential degradation and restoration, and its membership is determined by comparing it with the restored counterpart. Experimental results verify that our approach not only significantly outperforms existing methods in terms of accuracy but also provides comprehensible decision criteria, offering evidence for potential privacy violations.
PubDate: TUE, 15 APR 2025 09:16:56 -04
Issue No: Vol. 20, No. null (2025)
-
- CAMeL: Cross-Modality Adaptive Meta-Learning for Text-Based Person
Retrieval-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Hang Yu;Jiahao Wen;Zhedong Zheng;
Pages: 4651 - 4663
Abstract: Text-based person retrieval aims to identify specific individuals within an image database using textual descriptions. Due to the high cost of annotation and privacy protection, researchers resort to synthesized data for the paradigm of pretraining and fine-tuning. However, these generated data often exhibit domain biases in both images and textual annotations, which largely compromise the scalability of the pre-trained model. Therefore, we introduce a domain-agnostic pretraining framework based on Cross-modality Adaptive Meta-Learning (CAMeL) to enhance the model generalization capability during pretraining to facilitate the subsequent downstream tasks. In particular, we develop a series of tasks that reflect the diversity and complexity of real-world scenarios, and introduce a dynamic error sample memory unit to memorize the history for errors encountered within multiple tasks. To further ensure multi-task adaptation, we also adopt an adaptive dual-speed update strategy, balancing fast adaptation to new tasks and slow weight updates for historical tasks. Albeit simple, our proposed model not only surpasses existing state-of-the-art methods on real-world benchmarks, including CUHK-PEDES, ICFG-PEDES, and RSTPReid, but also showcases robustness and scalability in handling biased synthetic images and noisy text annotations. Our code is available at https://github.com/Jahawn-Wen/CAMeL-reID
PubDate: TUE, 29 APR 2025 09:17:19 -04
Issue No: Vol. 20, No. null (2025)
-
- BAST: Blockchain-Assisted Secure and Traceable Data Sharing Scheme for
Vehicular Networks-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Xinzhong Liu;Jie Cui;Jing Zhang;Rongwang Yin;Hong Zhong;Lu Wei;Irina Bolodurina;Debiao He;
Pages: 4664 - 4678
Abstract: In vehicular networks, caching service content on edge servers (ESs) is a widely accepted strategy for promptly responding to vehicle requests, reducing communication overhead, and improving service experience. However, implementing such an architecture requires addressing the challenges associated with ES response data reliability and communication security. In this study, to tackle the ES response data reliability issue, a blockchain-assisted threshold signature scheme for cache-based vehicular networks is proposed. The scheme utilizes a threshold mechanism to sign the data broadcast by the ES, incorporates blockchain to trace malicious signers, and avoids the shortcomings and limitations associated with idealized assumptions for the ES in existing data-sharing schemes. Moreover, considering the communication security and high-speed mobility of vehicles, using the non-interactive signatures of knowledge based on the $\Sigma $ -protocol, a secure and efficient message authentication scheme for vehicles and ESs is provided. Through rigorous security proofs and comprehensive analyses, our scheme satisfies the communication security requirements of vehicular networks. By leveraging the JPBC library for performance analysis, the proposed scheme demonstrates advantages as concerns both computation and communication overheads compared to related schemes. Moreover, we implemented the proposed scheme on an Ethereum test network (i.e., Goerli) to validate its feasibility.
PubDate: TUE, 29 APR 2025 09:17:19 -04
Issue No: Vol. 20, No. null (2025)
-
- Grey-Box Adversarial Attack on Communication in Communicative Multi-Agent
Reinforcement Learning-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Xiao Ma;Wu-Jun Li;
Pages: 4679 - 4693
Abstract: Effective communication is a necessary condition for intelligent agents to collaborate in multi-agent environments. Although increasing attention has been paid to communicative multi-agent reinforcement learning (CMARL), the vulnerability of the communication mechanism in CMARL has not been well investigated, especially when there exist malicious agents that send adversarial communication messages to other regular agents. Existing works about adversarial communication in CMARL focus on black-box attacks where the attacker cannot access any model within the multi-agent system (MAS). However, grey-box attacks are a type of more practical attack, where the attacker has access to the models of its controlled agents. To the best of our knowledge, no research has been conducted to investigate grey-box attacks on communication in CMARL. In this paper, we propose the first grey-box attack method on communication in CMARL, which is called victim-simulation based adversarial attack (VSAA). At each timestep, the attacker simulates a victim attacked by other regular agents’ communication messages and generates adversarial perturbations on its received communication messages. The attacker then sends the aggregation of these perturbations to the regular agents through communication messages, which will induce non-optimal actions of the regular agents and subsequently degrade the performance of the MAS. Experimental results on multiple tasks show that VSAA can effectively degrade the performance of the MAS. The findings in this paper will make researchers aware of the grey-box attack in CMARL.
PubDate: FRI, 11 APR 2025 09:17:27 -04
Issue No: Vol. 20, No. null (2025)
-
- Loop-Back Mechanism-Based Physical-Layer Secret Key Generation in FDD
System Under Hardware Impairments-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Xuan Yang;Dongming Li;
Pages: 4694 - 4709
Abstract: In physical-layer secret key generation, key generation performance is susceptible to hardware impairments (HIs), which can degrade channel reciprocity. Additionally, the security of loop-back mechanism based schemes in frequency division duplex (FDD) systems requires further enhancement. To address these challenges, this paper proposes a secure key generation scheme based on a loop-back mechanism for FDD systems. By transmitting signals across different frequency bands in a loop-back fashion, the proposed scheme mitigates the adverse effects of HI variations across frequency bands and enhances system security. Theoretical analyses are conducted on the normalized mean square error and the secret key rate of the loop-back mechanism in both FDD and time division duplex (TDD) systems, providing a clear security assessment of the proposed scheme. Simulation and experimental results demonstrate that by accounting for HI differences in the frequency domain, the proposed scheme improves channel reciprocity, enhances the secret key rate, achieves a higher key generation rate (KGR), and reduces the key disagreement ratio (KDR) compared to state-of-the-art methods.
PubDate: THU, 24 APR 2025 09:17:01 -04
Issue No: Vol. 20, No. null (2025)
-
- RandFlash: Breaking the Quadratic Barrier in Large-Scale Distributed
Randomness Beacons-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Yang Yang;Bingyu Li;Qianhong Wu;Bo Qin;Qin Wang;Shihong Xiong;Willy Susilo;
Pages: 4710 - 4725
Abstract: Random beacons are of paramount importance in distributed systems (e.g., blockchain, electronic voting, governance). The sheer scale of nodes inherent in distributed environments necessitates minimizing communication overhead per node while ensuring protocol availability, particularly under adversarial conditions. Existing solutions have managed to reduce the optimistic overhead to a minimum of $O(n^{2})$ , where n represents the node count of the system. In this paper, we step further by proposing and implementing RandFlash, a leaderless random beacon protocol that achieves an optimistic communication complexity of $O(n\log n)$ . Evaluation results demonstrate that RandFlash outperforms existing constructions, RandPiper (CCS’21) and OptRand (NDSS’23), in terms of the number of random beacons generated within large-scale networks comprising 64 nodes or more (e.g., in sizes of 80 and 128). Furthermore, RandFlash exhibits resilience, capable of withstanding up to one-third of the nodes acting maliciously, all without the need for strongly trusted setups (i.e., embedding a secret trapdoor by trusted third parties). We also provide formal security proofs validating all properties upheld by this lineage.
PubDate: MON, 28 APR 2025 09:17:16 -04
Issue No: Vol. 20, No. null (2025)
-
- De-Anonymizing Monero: A Maximum Weighted Matching-Based Approach
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Xingyu Yang;Lei Xu;Liehuang Zhu;
Pages: 4726 - 4738
Abstract: As the leading privacy coin, Monero is widely recognized for its high level of anonymity. Monero utilizes linkable ring signature to hide the sender of a transaction. Although the anonymity is preferred by users, it poses challenges for authorities seeking to regulate financial activities. Researchers are actively engaged in studying methods to de-anonymize Monero. Previous methods usually relied on a specific type of ring called zero-mixin ring. However, these methods have become ineffective after Monero enforced the minimum ringsize. In this paper, we propose a novel approach based on maximum weighted matching to de-anonymize Monero. The proposed approach does not rely on the existence of zero-mixin rings. Specifically, we construct a weighted bipartite graph to represent the relationship between rings and transaction outputs. Based on the empirical probability distribution derived from users’ spending patterns, three weighting methods are proposed. Accordingly, we transform the de-anonymization problem into a maximum weight matching (MWM) problem. Due to the scale of the graph, traditional algorithms for solving the MWM problem are not applicable. Instead, we propose a deep reinforcement learning-based algorithm that achieves near-optimal results. Experimental results on both real-world dataset and synthetic dataset demonstrate the effectiveness of the proposed approach.
PubDate: FRI, 11 APR 2025 09:17:27 -04
Issue No: Vol. 20, No. null (2025)
-
- WF-A2D: Enhancing Privacy With Asymmetric Adversarial Defense Against
Website Fingerprinting-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Jianan Huang;Weiwei Liu;Guangjie Liu;Bo Gao;Fengyuan Nie;
Pages: 4739 - 4754
Abstract: Despite the end-to-end encryption capabilities provided by network protocols such as QUIC in HTTP/3 and the additional tunneling functions offered by proxy tools like virtual private networks (VPNs) and the onion router (Tor), website fingerprinting (WF) techniques can still identify specific network services by exploiting the spatio-temporal characteristics of network traffic. Therefore, defending against WF attacks is crucial for ensuring comprehensive privacy protection for network services. Existing WF defenses typically rely on proxy-based solutions that require coordinated packet manipulations between the client and the proxy node to counteract WF attacks. These symmetric architectures cannot protect network traffic between proxy nodes and web servers from WF attacks. Furthermore, the ability to counter more powerful traffic analysis tools remains a challenging issue. In this paper, we propose WF-A2D, an asymmetric adversarial defense method against website fingerprinting for HTTP/3. WF-A2D employs a two-stage cascading adversarial learning strategy, leveraging packet direction and length patterns to enhance defense performance. Position-based perturbation vectors representing packet operations are generated for packet-by-packet manipulations to achieve real-time WF defense. Experimental results on a real-world HTTP/3-QUIC website browsing traffic dataset demonstrate that WF-A2D can achieve a defense success rate of 97.10% on average against seven state-of-the-art traffic analysis tools, while incurring less than 2% bandwidth overhead. More importantly, WF-A2D can operate independently on the client side and ensure end-to-end protection to web servers.
PubDate: WED, 30 APR 2025 09:16:54 -04
Issue No: Vol. 20, No. null (2025)
-
- Defending Against Model Inversion Attack via Feature Purification
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Shenhao Shi;Yan Wo;
Pages: 4755 - 4768
Abstract: The Model Inversion Attack (MIA) aims to reconstruct the privacy data used to train the target model, raising significant public concerns about the privacy of machine learning models. Therefore, proposing effective methods to defend against MIA has become crucial. The relationship between MIA and defense is a typical adversarial process. If the upper bound of the attacker’s capability can be estimated through theoretical analysis, a more robust defense method can be achieved by weakening this upper bound. To achieve this goal, we simplify MIA to a problem of reconstructing estimates, and analyze the lower bound of the reconstruction error obtained by the attacker, from which we infer the theoretical upper bound of the attacker’s capability, providing a foundation for designing the defense mechanism. We find that the lower bound of reconstruction error is inversely proportional to the Fisher information. This means that smaller Fisher information can lead to a larger reconstruction error. If the attacker cannot obtain second-order information during the reconstruction estimation, the corresponding Fisher information will be reduced. Consequently, we propose a defense against model inversion attacks via feature purification (DMIAFP). To reduce the Fisher information, DMIAFP hides the private data contained within the features and its second-order information (the relationships between private data) by minimizing the first-order and second-order correlations between private data and output features. Additionally, we introduce Principal Inertia Components (PIC) for the correlation metric, and infer the theoretical upper bound of the attacker’s reconstruction ability through PIC, thereby avoiding the issue of poor defensive performance caused by data-driven instability in defense methods that train by adversarially inverse models. Experimental results show that our method achieves good performance in defense and exhibits significant advantages in removing redundant information contained in features.
PubDate: WED, 30 APR 2025 09:16:54 -04
Issue No: Vol. 20, No. null (2025)
-
- Trinity: A Scalable and Forward-Secure DSSE for Spatio-Temporal Range
Query-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Zhijun Li;Kuizhi Liu;Minghui Xu;Xiangyu Wang;Yinbin Miao;Jianfeng Ma;Xiuzhen Cheng;
Pages: 4769 - 4782
Abstract: Cloud-based outsourced Location-based services significantly impact various aspects of daily life but also raise security concerns. Existing secure retrieval schemes for spatio-temporal data exhibit significant shortcomings regarding dynamic updates; they either compromise privacy through information leakage during updates (lacking forward security) or incur excessively high update costs, hindering practical application. To address these limitations, we first propose a basic filter-based spatio-temporal range query scheme Trinity-I that supports low-cost dynamic updates and automatic expansion. Furthermore, to improve security, reduce storage cost, and false positives, we propose a forward secure and verifiable scheme Trinity-II that simultaneously minimizes storage overhead. Formal security analysis demonstrates that both Trinity-I and Trinity-II achieve Indistinguishability under Selective Chosen-Plaintext Attack (IND-SCPA). Finally, extensive experiments demonstrate that our design Trinity-II significantly reduces storage requirements by 80%, enables data retrieval at the 1 million-record level in just 0.01 seconds, and achieves $10\times $ update efficiency than state-of-art.
PubDate: FRI, 02 MAY 2025 09:17:12 -04
Issue No: Vol. 20, No. null (2025)
-
- Across-Platform Detection of Malicious Cryptocurrency Accounts via
Interaction Feature Learning-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Zheng Che;Meng Shen;Zhehui Tan;Hanbiao Du;Wei Wang;Ting Chen;Qinglin Zhao;Yong Xie;Liehuang Zhu;
Pages: 4783 - 4798
Abstract: With the rapid evolution of Web3.0, cryptocurrency has become a cornerstone of decentralized finance. While these digital assets enable efficient and borderless financial transactions, their pseudonymous nature has also attracted malicious activities such as money laundering, fraud, and other financial crimes. Effective detection of malicious accounts is crucial to maintaining the security and integrity of the Web 3.0 ecosystem. Existing malicious account detection methods rely on large amounts of labeled data and suffer from low generalization. Label-efficient and generalizable malicious account detection remains a challenging task. In this paper, we propose ShadowEyes, a framework for detecting malicious accounts by leveraging interaction feature learning with only a small labeled dataset. Specifically, We first propose a generalized account representation named TxGraph, which captures the universal interaction features of Ethereum and Bitcoin. Then we carefully design an account representation augmentation method tailored to simulate the evolution of malicious accounts to generate positive pairs. We conduct extensive experiments using public datasets to evaluate the performance of ShadowEyes. The results demonstrate that it outperforms state-of-the-art (SOTA) methods in four typical scenarios. Specifically, in the scenario of across-platform malicious account detection, ShadowEyes maintains an F1 score of around 90%, which is 10% higher than the SOTA method. In the zero-shot learning scenario, it can achieve an F1 score of 79.56% for detecting gambling accounts, surpassing the SOTA method by 10.44%.
PubDate: MON, 28 APR 2025 09:17:16 -04
Issue No: Vol. 20, No. null (2025)
-
- Threshold Password-Hardening Updatable Oblivious Key Management
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Changsong Jiang;Chunxiang Xu;Zhen Liu;Xinfeng Dong;Wenzheng Zhang;
Pages: 4799 - 4814
Abstract: We propose a threshold password-hardening updatable oblivious key management system dubbed TPH-UOKM for cloud storage. In TPH-UOKM, a group of key servers share a user-specific secret key for a user, and assist the user in producing her/his password-derived private key in a threshold and oblivious way, where the password is hardened to resist offline dictionary guessing attacks. Anyone can outsource data protected with the user’s password-derived public key to the cloud server, and merely the user holding the correct password can recover the password-derived private key for data access. TPH-UOKM can accomplish decryption of N ciphertexts with the complexity $O(1)$ of communication between a user and the key servers, which outperforms existing schemes. TPH-UOKM supports password update. The cloud server can update all protected data of a user with an update token to be accessible only with the new password, which resists password leakage. We present a two-level proactivization mechanism to periodically update user-specific secret key shares and the key servers to thwart perpetual compromise of them, where the renewal of user-specific secret key shares reduces computation and communication costs compared to existing approaches. Provable security and high efficiency of TPH-UOKM are demonstrated by comprehensive analyses and performance evaluations.
PubDate: TUE, 29 APR 2025 09:17:19 -04
Issue No: Vol. 20, No. null (2025)
-
- More Efficient, Privacy-Enhanced, and Powerful Privacy-Preserving Feature
Retrieval Private Set Intersection-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Guowei Ling;Peng Tang;Jinyong Shan;Fei Tang;Weidong Qiu;
Pages: 4815 - 4827
Abstract: Private Set Intersection (PSI) allows two parties, the sender and the receiver, each possessing a private set, to compute the intersection of their sets, with only the receiver learning the intersection and without revealing any additional information. Privacy-Preserving Feature Retrieval PSI ( $\mathsf {P^{2}FRPSI}$ ) is a variant of PSI. In $\mathsf {P^{2}FRPSI}$ , the receiver designs a predicate and obtains the intersection of private sets that satisfy this predicate, while the sender learns nothing about the predicate. However, the existing two $\textsf {PRFPSI}$ protocols ( $\textsf {TIFS 2024}$ ), based respectively on the DH key agreement and Oblivious Pseudo-Random Function (OPRF), are not highly efficient due to their reliance on expensive homomorphic encryption. Moreover, the existing DH-based $\mathsf {P^{2}FRPSI}$ protocol reveals the output size and the original intersection size to the sender. We also observed that the existing $\mathsf {P^{2}FRPSI}$ protocols do not support threshold retrieval and the logical connective $\textsf {OR}$ and can only work when feature values of the sender have very low dimensionality. This paper also proposes two new $\mathsf {P^{2}FRPSI}$ protocols, one based on DH key agreement and the other based on OPRF, to fully address the issues present in existing $\mathsf {P^{2}FRPSI}$ protocols. Our DH-based $\mathsf {P^{2}FRPSI}$ is $30 \times $ faster than the existing DH-based protocol, with only a 36% increase in communication overhead. Furthermore, our OPRF-based $\mathsf {P^{2}FRPSI}$ protocol is $2 \times $ as fast as existing OPRF-based protocol and reduces communication overhead by a factor of 4.6. Our DH-based $\mathsf {P^{2}FRPSI}$ protocol completely eliminates the leakage of the original intersection size and the output size. Meanwhile, our protocols support the logical connective $\textsf {OR}$ for linking sub-predicates and also enable threshold-based retrieval. They are proven to be secure in the semi-honest model. Our open-source implementations can be found at https://github.com/ShallMate/pfrpsi, which can help readers understand our protocols and reproduce the experiments.
PubDate: MON, 21 APR 2025 09:17:37 -04
Issue No: Vol. 20, No. null (2025)
-
- VFLMonitor: Defending One-Party Hijacking Attacks in Vertical Federated
Learning-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Xiangrui Xu;Yiwen Zhao;Yufei Han;Yongsheng Zhu;Zhen Han;Guangquan Xu;Bin Wang;Shouling Ji;Wei Wang;
Pages: 4828 - 4843
Abstract: Vertical Federated Learning (VFL) is susceptible to various one-party hijacking attacks, such as Replay and Generation attacks, where a single malicious client can manipulate the model to produce attacker-specified results, thereby compromising its reliability in real-world deployments. In this paper, we first uncover the underlying mechanisms of these attacks and observe that successful attacks induce significant discrepancies in the embedding-label associations across different clients. We establish a theoretical framework demonstrating how these discrepancies can serve as reliable indicators for detecting hijacking attempts. Building upon this insight, we propose VFLMonitor, a robust defense mechanism that leverages these embedding-label discrepancies to detect and mitigate hijacking attacks. Specifically, VFLMonitor identifies suspicious queries by analyzing differences in label estimations from multiple clients and applies a majority voting rule to correct or filter out these malicious queries. Moreover, VFLMonitor introduces a novel regularization strategy during training to reduce intra-class variance in embeddings, thereby enhancing their discriminative power and improving defense effectiveness. Extensive experiments were conducted on 5 real-world datasets against 2 different attack types under 3 attack scenarios. The results demonstrate that VFLMonitor can effectively identify and exclude potential hijacked requests in all types of one-party hijacking attacks, while maintaining a meager false positive rate for legitimate queries.
PubDate: TUE, 06 MAY 2025 09:17:12 -04
Issue No: Vol. 20, No. null (2025)
-
- TruVRF: Toward Triple-Granularity Verification on Machine Unlearning
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Chunyi Zhou;Yansong Gao;Anmin Fu;Kai Chen;Zhi Zhang;Minhui Xue;Zhiyang Dai;Shouling Ji;Yuqing Zhang;
Pages: 4844 - 4859
Abstract: The right to be forgotten has incentivized machine unlearning, but a key challenge persists: the lack of reliable methods to verify unlearning conducted by model providers. This gap facilitates dishonest model providers to deceive data contributors. Current approaches often rely on invasive methods like backdoor injection. However, it poses security concerns and is also inapplicable to legacy data—already released data. To tackle this challenge, this work initializes the first non-invasive unlearning verification framework which operates at triple-granularity (class-, volume-, sample-level) to assess the data facticity and volume integrity of machine unlearning. In this paper, we propose a framework, named TruVRF, encompasses three Unlearning-Metrics, each tailored to counter different types of dishonest model providers or servers (Neglecting Server, Lazy Server, Deceiving Server). TruVRF leverages non-invasive model sensitivity to enable multi-granularity verification of unlearning. Specifically, Unlearning-Metric-I checks if the removed class matches the data contributor’s unlearning request, Unlearning-Metric-II measures the amount of unlearned data, and Unlearning-Metric-III validates the correspondence of a specific unlearned sample with the requested deletion. We conducted extensive evaluations of TruVRF efficacy across three datasets, and notably, we also evaluated the effectiveness and computational overhead of TruVRF in real-world applications for the face recognition dataset. Our experimental results demonstrate that TruVRF achieves robust verification performance: Unlearning-Metric-I and -III achieve over 90% verification accuracy on average against dishonest servers, while Unlearning-Metric-II maintains an inference deviation within 4.8% to 8.2%. Additionally, TruVRF demonstrates generalizability across diverse conditions, including varying numbers of unlearned classes and sample volumes. Significantly, TruVRF is applied to two state-of-the-art unlearning frameworks: SISA (presented at Oakland’21) and Amnesiac Unlearning, representing exact and approximate unlearning methods, respectively, which affirm TruVRF’s practicality. In addition, we conducted extensive evaluations around TruVRF, including ablation experiments, trade-offs in computational overhead, and the robustness of model sensitivity, among others.
PubDate: WED, 30 APR 2025 09:16:54 -04
Issue No: Vol. 20, No. null (2025)
-
- Unveiling the Superiority of Unsupervised Learning on GPU Cryptojacking
Detection: Practice on Magnetic Side Channel-Based Mechanism-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Hangcheng Cao;Guowen Xu;Ziyang He;Shaoqing Shi;Shengmin Xu;Cong Wu;Jianting Ning;
Pages: 4874 - 4889
Abstract: Ample profits of GPU cryptojacking attract hackers to recklessly invade victims’ devices, for completing specific cryptocurrency mining tasks. Such malicious invasion undoubtedly obstructs normal device usage and wastes computation resources. To resist the threat of GPU cryptojacking, existing works aim to timely detect and clear away it, by distinguishing the dissimilitude between it and legitimate applications. However, these detection mechanisms inappropriately rely on two conflict cornerstones, manifested in leveraging mutable samples of illegitimate cryptojacking to design supervision-based detection models requiring samples with stable patterns. This limitation compromises the practicability of existing detection mechanisms in the face of mutable cryptojacking samples. To fill the gap, we explore the superiority of unsupervised learning in handling this issue and further propose an unsupervised manner-enabled detection mechanism named MagInspector, only using legitimate applications’ magnetic signatures from GPU side channels for model construction. MagInspector innovates in training an unsupervised autoencoder network by an adversarial mode that well learns the stable signature patterns of legitimate applications, while incompatible with mutable cryptojacking ones. In the process of model training, we elaborately extract mutual energy cumulation distribution features to represent legitimate applications to overcome the impact of their inter-type differences. Meanwhile, a locality sensitive hashing-driven outlier removal algorithm is designed to enhance MagInspector’s robustness to the noise samples. Finally, extensive experiments are conducted on GPUs covering four generations of common NVIDIA architectures and two generations of AMD architectures; the results show that applying MagInspector to mutable cryptojacking signature detection achieves a significant average accuracy improvement of 25.5% and 17.8%, respectively.
PubDate: MON, 21 APR 2025 09:17:37 -04
Issue No: Vol. 20, No. null (2025)
-
- Challenge-Response to Authenticate Drone Communications: A Game Theoretic
Approach-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Mattia Piana;Francesco Ardizzon;Stefano Tomasin;
Pages: 4890 - 4903
Abstract: As drones are increasingly used in various civilian applications, the security of drone communications is a growing concern. In this context, we propose novel strategies for challenge-response physical layer authentication (CR-PLA) of drone messages. The ground receiver (verifier) requests the drone to move to a defined position (challenge), and authenticity is verified by checking whether the corresponding measured channel gain (response) matches the expected statistic. In particular, the challenge is derived from a mixed strategy obtained by solving a zero-sum game against the intruder, which in turn decides its own positions. In addition, we derive the optimal strategy for multi-round authentication, where the CR-PLA procedure is iterated over several rounds. We also consider the energy minimization problem, where legitimate users want to minimize the energy consumption without compromising the security performance of the protocol. The performance of the proposed scheme is tested in terms of both security and energy consumption through numerical simulations, considering different protocol parameters, different scenarios (urban and rural), different drone altitudes, and also in the context of drone swarms.
PubDate: FRI, 02 MAY 2025 09:17:15 -04
Issue No: Vol. 20, No. null (2025)
-
- Semantic Token Transformer for Face Forgery Detection
-
Free pre-print version: Loading...Rate this result: What is this?Please help us test our new pre-print finding feature by giving the pre-print link a rating.
A 5 star rating indicates the linked pre-print has the exact same content as the published article.
Authors: Chunlei Peng;Xiaoyi Luo;Decheng Liu;Nannan Wang;Ruimin Hu;Xinbo Gao;
Pages: 4904 - 4914
Abstract: In the era of digital media, the proliferation of forged images and videos poses a significant threat to societal stability. With the rapid advancement of deep learning, the generation of realistic fake images has become increasingly simple, presenting unprecedented challenges in discerning the authenticity of images. While some existing methods have shown promising results in forgery detection, they often underutilize facial semantic information. To address this issue, this paper introduces the Semantic Token Transformer for Face Forgery Detection. By incorporating facial semantic information with a transformer network, the input tokens of the transformer are transformed into tokens of varying shapes and sizes based on their importance, thereby enhancing the accuracy of the detector. To achieve this objective, we first employ an image processing stage to manipulate the image based on facial semantic information. Subsequently, we introduce a scoring network, guided by prior knowledge, which adaptively categorizes tokens into different clusters based on their importance and relevance to the results of the preprocessing stage. Finally, we merge the tokens within the clusters using an attention mechanism and input them into the detector for forgery detection. Through experiments conducted on multiple datasets and cross-dataset evaluations, we demonstrate that our approach outperforms state-of-the-art detection methods.
PubDate: MON, 05 MAY 2025 09:18:47 -04
Issue No: Vol. 20, No. null (2025)
-
