检索结果-内蒙古大学图书馆

arXiv 2024年

作者： Zhao, Yanjie Hou, Xinyi Wang, Shenao Wang, Haoyu Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology China Huazhong University of Science and Technology Wuhan China

The rapid growth and popularity of large language model (LLM) app stores have created new opportunities and challenges for researchers, developers, users, and app store managers. As the LLM app ecosystem continues to evolve, it is crucial to understand the current landscape and identify potential areas for future research and development. This paper presents a forward-looking analysis of LLM app stores, focusing on key aspects such as data mining, security risk identification, development assistance, and market dynamics. Our comprehensive examination extends to the intricate relationships between various stakeholders and the technological advancements driving the ecosystem's growth. We explore the ethical considerations and potential societal impacts of widespread LLM app adoption, highlighting the need for responsible innovation and governance frameworks. By examining these aspects, we aim to provide a vision for future research directions and highlight the importance of collaboration among stakeholders to address the challenges and opportunities within the LLM app ecosystem. The insights and recommendations provided in this paper serve as a foundation for driving innovation, ensuring responsible development, and creating a thriving, user-centric LLM app landscape. Copyright © 2024, The Authors. All rights reserved.

关键词： Ecosystems

来源：评论

学校读者我要写书评

暂无评论

Mining User–Item Interactions via Knowledge Graph for Recommendation

引用

ACM Transactions on Recommender systems 2025年第3期3卷 1-19页

作者： Shenghao Liu Lingyun Lu Bang Wang Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Hubei Key Laboratory of Smart Internet Technology School of Electronic Information and Communications Huazhong University of Science and Technology (HUST) Wuhan China

Introducing a Knowledge Graph (KG) to facilitate a recommender system has become a tendency in recent years. Many existing methods leverage KGs to obtain side information of items to promote item representation learning for enhancing recommendation performance. However, they ignore that KGs also may contribute to better user representation learning. To solve this issue, we propose a novel algorithm, the KIGR (Knowledge-aware Interaction Graph for Recommendation), to mine user–item interactions via KGs for assisting user representation learning. Specifically, a user–item interaction is encoded by attentively summing up the relation embedding about the item in the KG. Then, an unsupervised learning method is used to group the user–item interactions into different latent types. Further, a user–item interaction graph is divided into several subgraphs, which is referred to as a Knowledge-aware Interaction Graph, making each subgraph only contain one latent type of interaction. Finally, user representation is the fusion of user interest embedding, which is learned on the knowledge-aware interaction graph, whereas item representation is learned on the KG. Experimental results on MovieLens, LastFM and Amazon-Book validate that the proposed KIGR has a superior performance compared with the state-of-the-art algorithms.

关键词： Recommendation system knowledge graph graph neural network

来源：评论

学校读者我要写书评

暂无评论

Leaky Autofill: An Empirical Study on the Privacy Threat of Password Managers’ Autofill Functionality

Leaky Autofill: An Empirical Study on the Privacy Threat of ...

引用

Annual Computer security Applications Conference

作者： Yanduo Fu Ding Wang College of Cyber Science Nankai University Tianjin China Key Laboratory of Data and Intelligent System Security (NKU) Ministry of Education Tianjin China Tianjin Key Laboratory of Network and Data Security Technology Nankai University Tianjin China

ISBN: (数字)9798331520885

ISBN: (纸本)9798331520892

Password managers (PMs) provide users with convenient and robust functionalities to manage their credentials, highly recommended by security experts and major standard bodies. One of the most popular features is the autofill functionality, with which users need a single click or a few clicks to fill in every field in web forms, facilitating the process of completing web forms. However, such indiscriminate autofill brings severe privacy threats. PMs may inadvertently fill data into wrong fields in web forms, even hidden fields, potentially leading to privacy leaks and credential *** this paper, we conduct an empirical study evaluating the effectiveness of 30 popular PMs in identifying and handling hidden fields. We focus on the privacy threats posed by the autofill functionality, which fills data into hidden fields. We develop a semi-automated autofill testing tool and explore whether PMs autofill sensitive data into hidden fields across 15 concealment techniques and three web forms, including personal information, credit card, and login forms. Experimental results reveal that every PM autofills data into hidden fields in at least one web form, with an overall filled probability of 58.7% in 1032 scenarios. Further analysis reveals that login forms are the most vulnerable, with a 65.7% probability of hidden fields autofill. Hidden fields concealed by clip-path and content-visibility are filled with passwords by all PMs. Besides, built-in-browser PMs exhibit a 4.07 times higher likelihood of filling data into hidden fields than separately-installed PMs. Even more concerning, built-in-browser PMs, except Safari, autofill passwords into hidden fields under any concealment technique. 37.7% of autofill scenarios with insufficient user interaction pose heightened privacy threats, as users are unaware of autofill content. These privacy threats have been confirmed by popular PMs like *** mitigate the threats brought by the autofill functionality, we present two a

关键词： Privacy data privacy Visualization Standards organizations Passwords Credit cards Filling data models Usability Testing

来源：评论

学校读者我要写书评

暂无评论

A security Analysis of Honey Vaults

A Security Analysis of Honey Vaults

引用

IEEE Symposium on security and Privacy

作者： Fei Duan Ding Wang Chunfu Jia College of Cyber Science Nankai University Tianjin China Key Laboratory of Data and Intelligent System Security (NKU) Ministry of Education Tianjin China Tianjin Key Laboratory of Network and Data Security Technology Nankai University Tianjin China

ISBN: (数字)9798350331301

ISBN: (纸本)9798350331318

Honey encryption (HE) protected password vaults (called honey vaults) are promising tools that allow a user to store multiple passwords (called a password vault) and encrypt them with a master password using HE. In case password vaults are somehow leaked and the attackers launch offline password guessing, honey vaults can yield decoy password vaults for incorrect guesses, forcing an offline guessing attacker to interact with the authentication server to identify whether passwords in decrypted vaults are correct or not. Therefore, honey vaults transform the offline guessing attacker into an online guessing attacker, i.e., honey vault distinguishing *** online guessing, attackers can adopt various attacks to perform multiple guesses against multiple vaults, but the existing theoretical message recovery (MR) security for HE only focuses on the advantage of one-time guess against a single vault, which cannot accurately model realistic attackers and thus can not provide practical advice for users’ vault security. To address this issue, we propose a theoretically-grounded optimal strategy for distinguishing attackers, and manage to derive a much tighter upper bound on the advantage against MR security. Particularly, we provide much tighter upper/lower bounds for advantage against HE-related cryptographic security games, i.e., the security of distribution transforming encoder (DTE), known message attack, and known side information attack. This provides a better understanding of the actual security of honey *** better understand the security of honey vault systems, we instantiate our optimal strategy into three practical attacks and propose an encoding attack. Extensive experiments against two major honey vault systems demonstrate that our four attacks can improve the attack success rate by 1.15-4.35 times compared with their counterparts. For the intersection attack, we propose a feature attack against Cheng et al.’s incremental update mechanism (at USENI

关键词： Privacy Upper bound Authentication Passwords Games Transforms Encoding

来源：评论

学校读者我要写书评

暂无评论

Differential-Trust-Mechanism Based Trade-off Method Between Privacy and Accuracy in Recommender systems

引用

IEEE Transactions on Information Forensics and security 2025年 20卷 5054-5068页

作者： Xu, Guangquan Feng, Shicheng Xi, Hao Yan, Qingyang Li, Wenshan Wang, Cong Wang, Wei Liu, Shaoying Tian, Zhihong Zheng, Xi Qingdao Huanghai University School of Big Data Qingdao China Tianjin University College of Intelligence and Computing Tianjin300350 China KLISS and School of Software Beijing100084 China Sichuan University School of Cyber Science and Engineering Chengdu610207 China Xi’an Jiaotong University School of Cyber Science and Engineering Xi’an710049 China East China Normal University Shanghai200062 China Hiroshima University School of Informatics and Data Science Higashihiroshima739-8511 Japan Guangzhou University Cyberspace Institute of Advanced Technology Guangdong Key Laboratory of Industrial Control System Security Huangpu Research School of Guangzhou University China Macquarie University School of Computing SydneyNSW2109 Australia

In the era where Web3.0 values data security and privacy, adopting groundbreaking methods to enhance privacy in recommender systems is crucial. Recommender systems need to balance privacy and accuracy, while also having the ability to overcome cold start problems. The Differential Trust Mechanism (DTM) introduced in this paper is such an approach. The DTM provides a unique use of Gaussian distributions in modeling trust relationships within data, offering a novel way to balance recommendation accuracy with user privacy. This mechanism innovatively applies differential privacy principles, using Gaussian noise addition to protect individual user data from inference attacks, while maintaining the integrity and utility of the overall dataset. Unlike traditional anonymization techniques that often compromise data utility or vulnerability to reverse engineering, DTM provides a robust solution by dynamically adjusting privacy levels based on the trustworthiness of data requests. By combining DTM with existing mainstream recommendation algorithms, the prediction accuracy of MAE and RMSE increases by at least 6.60% and 2.69%, respectively. This dual benefit positions DTM as a significant advancement in secure data processing, especially relevant for online businesses and platforms where personalized recommendations are crucial yet privacy concerns are paramount. © 2005-2012 IEEE.

关键词： Sensitive data

来源：评论

学校读者我要写书评

暂无评论

A Virtual Network Mapping Method Based on Compound Particle Swarm Optimization 7

A Virtual Network Mapping Method Based on Compound Particle ...

引用

7th International Conference on Cyber security and Information Engineering, ICCSIE 2022

作者： Huang, Jianhua Tang, Yunlong Wei, Yongjun Wang, Huan Zhang, Haifeng Zhang, Bing School of Computer Science and Technology School of Software Guangxi University of Science and Technology Liuzhou Key Laboratory of Big Data Intelligent Processing and Security Guangxi Education System Network Security Monitoring Center Liuzhou China Liuzhou Railway Vocational Technical College Liuzhou China

ISBN: (纸本)9781665455749

Aiming at problems of low credibility of results and low accuracy of the scheme in the mapping process of virtual networks. It is suggested to use a composite particle swarm optimization approach for virtual network mapping. Firstly, to derive the maximum number of virtual cyberspaces, we construct the virtual network model and the physical network model;secondly, resource limitations are used to build the node mapping and link mapping models, and once more, the mapping scheme of the virtual network on the physical network is solved using the composite particle swarm algorithm to improve the acceptance rate of virtual network requests. In simulation experiments, we compare our established algorithm with two algorithms, D-ViNE-SP and VNE-R-PSO, in two dimensions, and the results show that our proposed VNE-MM-PSO mapping method improves the acceptance rate of network requests by 8% and also improves on the benefit-cost ratio. © 2022 IEEE.

关键词： Particle swarm optimization (PSO)

来源：评论

学校读者我要写书评

暂无评论

Attribute-Based data Sharing Scheme with Flexible Search Functionality for Cloud-Assisted Autonomous Transportation system

引用

IEEE Transactions on Industrial Informatics 2023年第11期19卷 10977-10986页

作者： Xiong, Hu Wang, Hanxiao Meng, Weizhi Yeh, Kuo-Hui University of Electronic Science and Technology of China School of Information and Software Engineering Network and Data Security Key Laboratory of Sichuan Province Chengdu610054 China Advanced Cryptography and System Security Key Laboratory of Sichuan Province Chengdu610025 China Technical University of Denmark Department of Applied Mathematics and Computer Science Kongens Lyngby2800 Denmark National Dong Hwa University Department of Information Management Hualien97401 Taiwan National Sun Yat-sen University Department of Computer Science and Engineering Kaohsiung804201 Taiwan

The existing group public key encryption with equality test schemes could only support one-to-one data sharing and are not suitable for cloud-assisted autonomous transportation systems, which demand one-to-many data sharing. To tackle this problem efficiently, in this article, we put forward the group-attribute-based encryption with equality test (G-ABEET) scheme. The presented G-ABEET allows sensors equipped in vehicles to encrypt traffic data with an expressive access policy before sharing it. Only users with attributes required by the access policy ought to access the shared ciphertexts, thus achieving selective one-to-many data sharing. Meanwhile, the authorized cloud server could provide group users with equality tests over the ciphertexts, realizing ciphertext search ability. Furthermore, with the group mechanism, the G-ABEET scheme could resist offline message recovery attacks. Besides, in the standard model, we give rigorous security proof of the G-ABEET construction. The feasibility and efficiency of G-ABEET are demonstrated by experimental simulations. © 2005-2012 IEEE.

关键词： Cloud computing

来源：评论

学校读者我要写书评

暂无评论

Unlearnable 3D Point Clouds: Class-wise Transformation Is All You Need

arXiv

引用

arXiv 2024年

作者： Wang, Xianlong Li, Minghui Liu, Wei Zhang, Hangtao Hu, Shengshan Zhang, Yechao Zhou, Ziqi Jin, Hai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Cluster and Grid Computing Lab Hubei Engineering Research Center on Big Data Security Hubei Key Laboratory of Distributed System Security School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China

Traditional unlearnable strategies have been proposed to prevent unauthorized users from training on the 2D image data. With more 3D point cloud data containing sensitivity information, unauthorized usage of this new type data has also become a serious concern. To address this, we propose the first integral unlearnable framework for 3D point clouds including two processes: (i) we propose an unlearnable data protection scheme, involving a class-wise setting established by a category-adaptive allocation strategy and multi-transformations assigned to samples;(ii) we propose a data restoration scheme that utilizes class-wise inverse matrix transformation, thus enabling authorized-only training for unlearnable data. This restoration process is a practical issue overlooked in most existing unlearnable literature, i.e., even authorized users struggle to gain knowledge from 3D unlearnable data. Both theoretical and empirical results (including 6 datasets, 16 models, and 2 tasks) demonstrate the effectiveness of our proposed unlearnable framework. Our code is available at https://***/CGCL-codes/UnlearnablePC Copyright © 2024, The Authors. All rights reserved.

关键词：

来源：评论

学校读者我要写书评

暂无评论

BadToken: Token-level Backdoor Attacks to Multi-modal Large Language Models

arXiv

引用

arXiv 2025年

作者： Yuan, Zenghui Shi, Jiawen Zhou, Pan Gong, Neil Zhenqiang Sun, Lichao Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology China Duke University United States Lehigh University United States

Multi-modal large language models (MLLMs) extend large language models (LLMs) to process multi-modal information, enabling them to generate responses to image-text inputs. MLLMs have been incorporated into diverse multimodal applications, such as autonomous driving and medical diagnosis, via plug-and-play without fine-tuning. This deployment paradigm increases the vulnerability of MLLMs to backdoor attacks. However, existing backdoor attacks against MLLMs achieve limited effectiveness and stealthiness. In this work, we propose BadToken, the first token-level backdoor attack to MLLMs. BadToken introduces two novel backdoor behaviors: Token-substitution and Token-addition, which enable flexible and stealthy attacks by making token-level modifications to the original output for backdoored inputs. We formulate a general optimization problem that considers the two backdoor behaviors to maximize the attack effectiveness. We evaluate BadToken on two open-source MLLMs and various tasks. Our results show that our attack maintains the model’s utility while achieving high attack success rates and stealthiness. We also show the real-world threats of BadToken in two scenarios, i.e., autonomous driving and medical diagnosis. Furthermore, we consider defenses including fine-tuning and input purification. Our results highlight the threat of our attack. Copyright © 2025, The Authors. All rights reserved.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Why Does Little Robustness Help? A Further Step Towards Understanding Adversarial Transferability

Why Does Little Robustness Help? A Further Step Towards Unde...

引用

IEEE Symposium on security and Privacy

作者： Yechao Zhang Shengshan Hu Leo Yu Zhang Junyu Shi Minghui Li Xiaogeng Liu Wei Wan Hai Jin National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Engineering Research Center on Big Data Security Hubei Key Laboratory of Distributed System Security School of Cyber Science and Engineering Huazhong University of Science and Technology School of Information and Communication Technology Griffith University School of Software Engineering Huazhong University of Science and Technology Cluster and Grid Computing Lab School of Computer Science and Technology Huazhong University of Science and Technology

ISBN: (数字)9798350331301

ISBN: (纸本)9798350331318

Adversarial examples for deep neural networks (DNNs) are transferable: examples that successfully fool one white-box surrogate model can also deceive other black-box models with different architectures. Although a bunch of empirical studies have provided guidance on generating highly transferable adversarial examples, many of these findings fail to be well explained and even lead to confusing or inconsistent advice for practical *** this paper, we take a further step towards understanding adversarial transferability, with a particular focus on surrogate aspects. Starting from the intriguing "little robustness" phenomenon, where models adversarially trained with mildly perturbed adversarial samples can serve as better surrogates for transfer attacks, we attribute it to a trade-off between two dominant factors: model smoothness and gradient similarity. Our research focuses on their joint effects on transferability, rather than demonstrating the separate relationships alone. Through a combination of theoretical and empirical analyses, we hypothesize that the data distribution shift induced by off-manifold samples in adversarial training is the reason that impairs gradient *** on these insights, we further explore the impacts of prevalent data augmentation and gradient regularization on transferability and analyze how the trade-off manifests in various training methods, thus building a comprehensive blueprint for the regulation mechanisms behind transferability. Finally, we provide a general route for constructing superior surrogates to boost transferability, which optimizes both model smoothness and gradient similarity simultaneously, e.g., the combination of input gradient regularization and sharpness-aware minimization (SAM), validated by extensive experiments. In summary, we call for attention to the united impacts of these two factors for launching effective transfer attacks, rather than optimizing one while ignoring the other, and emphasize the

关键词： Training Privacy Buildings Closed box Minimization data augmentation Robustness

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：