检索结果-内蒙古大学图书馆

Counter-Samples: A Stateless Strategy to Neutralize Black Box Adversarial Attacks

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Bokobza, Roey Mirsky, Yisroel Ben-Gurion University Department of Software and Information Systems Engineering Offensive AI Research Lab Israel

Our paper presents a novel defence against black box attacks, where attackers use the victim model as an oracle to craft their adversarial examples. Unlike traditional preprocessing defences that rely on sanitizing input samples, our stateless strategy counters the attack process itself. For every query we evaluate a counter-sample instead, where the counter-sample is the original sample optimized against the attacker’s objective. By countering every black box query with a targeted white box optimization, our strategy effectively introduces an asymmetry to the game to the defender’s advantage. This defence not only effectively misleads the attacker’s search for an adversarial example, it also preserves the model’s accuracy on legitimate inputs and is generic to multiple types of attacks. We demonstrate that our approach is remarkably effective against state-of-the-art black box attacks and outperforms existing defences for both the CIFAR-10 and ImageNet datasets. Additionally, we also show that the proposed defence is robust against strong adversaries as well. © 2024, CC BY-NC-ND.

关键词：

What Was Your Prompt? A Remote Keylogging Attack on AI Assistants

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Weiss, Roy Ayzenshteyn, Daniel Amit, Guy Mirsky, Yisroel Ben-Gurion University Israel Department of Software and Information Systems Engineering Offensive AI Research Lab

AI assistants are becoming an integral part of society, used for asking advice or help in personal and confidential issues. In this paper, we unveil a novel side-channel that can be used to read encrypted responses from AI Assistants over the web: the token-length side-channel. We found that many vendors, including OpenAI and Microsoft, have this side-channel. However, inferring the content of a response from a token-length sequence alone proves challenging. This is because tokens are akin to words, and responses can be several sentences long leading to millions of grammatically correct sentences. In this paper, we show how this can be overcome by (1) utilizing the power of a large language model (LLM) to translate these sequences, (2) providing the LLM with inter-sentence context to narrow the search space and (3) performing a known-plaintext attack by fine-tuning the model on the target model’s writing style. Using these methods, we were able to accurately reconstruct 29% of an AI assistant’s responses and successfully infer the topic from 55% of them. To demonstrate the threat, we performed the attack on OpenAI’s ChatGPT-4 and Microsoft’s Copilot on both browser and API traffic. © 2024, CC BY.

关键词： Side channel attack

TPTO: A Transformer-PPO based Task Offloading Solution for Edge Computing Environments 29

学校读者我要写书评

暂无评论

TPTO: A Transformer-PPO based Task Offloading Solution for E...

29th IEEE International Conference on Parallel and Distributed systems, ICPADS 2023

作者： Gholipour, Niloofar De Assuncao, Marcos Dias Agarwal, Pranav Gascon-Samson, Julien Buyya, Rajkumar Univ. of Quebec Dept. of Software Engineering and IT École de Technologie Supérieure Montreal Canada The Univ. of Melbourne CLOUDS Lab School of Computing and Information Systems Australia

ISBN: (纸本)9798350330717

Emerging applications in healthcare, autonomous vehicles, and wearable assistance require interactive and low-latency data analysis services. Unfortunately, cloud-centric architectures cannot fulfill the low-latency demands of these applications, as user devices are often distant from cloud data centers. Edge computing aims to reduce the latency by enabling processing tasks to be offloaded to resources located at the network's edge. However, determining which tasks must be offloaded to edge servers to reduce the latency of application requests is not trivial, especially if the tasks present dependencies. This paper proposes a Deep Reinforcement Learning (DRL) approach called TPTO, which leverages Transformer Networks and Proximal Policy Optimization (PPO) to offload dependent tasks of IoT applications in edge computing. We consider users with various preferences, where devices can offload computation to an edge server via wireless channels. Performance evaluation results demonstrate that under fat application graphs, TPTO is more effective than state-of-the-art methods, such as Greedy, HEFT, and MRLCO, by reducing latency by 30.24%, 29.61%, and 12.41%, respectively. In addition, TPTO presents a training time approximately 2.5 times faster than an existing DRL approach. © 2023 IEEE.

关键词： Edge computing reinforcement learning task offloading Transformers

A Unified Information Diffusion Prediction Model Based on Multi-task Learning 9th

学校读者我要写书评

暂无评论

A Unified Information Diffusion Prediction Model Based on M...

19th International Conference on Advanced Data Mining and Applications, ADMA 2023

作者： Shang, Yingdan Zhou, Bin Zeng, Xiang Chen, Kai College of Computer Science and Technology National University of Defense Technology Changsha China Key Lab of Software Engineering for Complex Systems School of Computer National University of Defense Technology Changsha China

ISBN: (纸本)9783031466731

The prediction of online information diffusion trends on social networks is crucial for understanding people’s interests and concerns, and has many real-world applications in fields such as business, politics and social security. Existing research on information diffusion prediction has predominantly focused on either macro level prediction of the future popularity of online information or micro level user activation prediction. However, information diffusion prediction on micro or macro level only may lead to one-sided prediction results, and there is a lack of research on implementing micro and macro level diffusion prediction tasks at the same time. Since micro and macro level diffusion prediction tasks are related to each other, we propose a unified information diffusion model which can jointly predicting the micro level user activation probability and macro level information popularity based on multi-task learning framework. We utilize graph neural network to learn user representation from both the information cascades and social network structure. Comparing with micro and macro level baseline methods separately, the prediction results of our proposed model outperform all baseline methods and proves the effectiveness of the proposed method. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.

关键词： Forecasting

PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels’

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Guri, Mordechai Ben-Gurion University of the Negev Department of Software and Information Systems Engineering Air-Gap Research Lab Israel

Air-gapped systems are disconnected from the Internet and other networks because they contain or process sensitive data. However, it is known that attackers can use computer speakers to leak data via sound to circumvent the air-gap defense. To cope with this threat, when highly sensitive data is involved, the prohibition of loudspeakers or audio hardware might be enforced. This measure is known as an ‘audio gap’. In this paper, we present PIXHELL, a new type of covert channel attack allowing hackers to leak information via noise generated by the pixels on the screen. No audio hardware or loudspeakers is required. Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 - 22 kHz. The malicious code exploits the sound generated by coils and capacitors to control the frequencies emanating from the screen. Acoustic signals can encode and transmit sensitive information. We present the adversarial attack model, cover related work, and provide technical background. We discuss bitmap generation and correlated acoustic signals and provide implementation details on the modulation and demodulation process. We evaluated the covert channel on various screens and tested it with different types of information. We also discuss evasion and stealth using low-brightness patterns that appear like black, turned-off screens. Finally, we propose a set of countermeasures. Our test shows that with a PIXHELL attack, textual and binary data can be exfiltrated from air-gapped, audio-gapped computers at a distance of 2m via sound modulated from LCD screens. Copyright © 2024, The Authors. All rights reserved.

关键词： Loudspeakers

PIXHELL Attack: Leaking Sensitive Information from Air-Gap Computers via ‘Singing Pixels’

学校读者我要写书评

暂无评论

PIXHELL Attack: Leaking Sensitive Information from Air-Gap C...

IEEE Annual International Computer software and Applications Conference (COMPSAC)

作者： Mordechai Guri Department of Software and Information Systems Engineering Air-Gap Research Lab Ben-Gurion University of the Negev Israel

ISBN: (数字)9798350376968

ISBN: (纸本)9798350376975

Air-gapped systems are disconnected from the Internet and other networks because they contain or process sensitive data. However, it is known that attackers can use computer speakers to leak data via sound to circumvent the air-gap defense. To cope with this threat, when highly sensitive data is involved, the prohibition of loudspeakers or audio hardware might be enforced. This measure is known as an ‘audio gap’. In this paper, we present PIXHELL, a new type of covert channel attack allowing hackers to leak information via noise generated by the pixels on the screen. No audio hardware or loudspeakers is required. Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 - 22 kHz. The malicious code exploits the sound generated by coils and capacitors to control the frequencies emanating from the screen. Acoustic signals can encode and transmit sensitive information. We present the adversarial attack model, cover related work, and provide technical background. We discuss bitmap generation and correlated acoustic signals and provide implementation details on the modulation and de-modulation process. We evaluated the covert channel on various screens and tested it with different types of information. We also discuss evasion and stealth using low-brightness patterns that appear like black, turned-off screens. Finally, we propose a set of countermeasures. Our test shows that with a PIXHELL attack, textual and binary data can be exfiltrated from air-gapped, audio-gapped computers at a distance of 2m via sound modulated from LCD screens.

关键词： Loudspeakers Portable computers OFDM Computational modeling Air gaps Noise Acoustics

A Dynamic Selective Parameter Sharing Mechanism Embedded with Multi-Level Reasoning Abstractions 26

学校读者我要写书评

暂无评论

A Dynamic Selective Parameter Sharing Mechanism Embedded wit...

26th European Conference on Artificial Intelligence, ECAI 2023

作者： Liu, Yan He, Ying Ming, Zhong Yu, F. Richard Shenzhen Key Lab of Digital & Intelligent Technologies & Systems College of Computer Science and Software Engineering Shenzhen University China State Key Laboratory of Integrated Services Networks Xidian University China Shenzhen China

ISBN: (纸本)9781643684369

Cooperative multi-agent reinforcement learning (Co-MARL) commonly employs different parameter sharing mechanisms, such as full and partial sharing. However, imprudent application of these mechanisms can potentially constrain policy diversity and limit cooperation flexibility. Recent methods that group agents into distinct sharing categories often exhibit poor performance due to challenges in precisely differentiating agents and neglecting the issue of promoting cooperation among these categories. To address these issues, we introduce a dynamic selective parameter sharing mechanism embedded with multi-level reasoning abstractions (DSPS-MA). Our approach uses self-comparison sequences to infer agents' abstract concepts, defining the differences between agents and allowing them to dynamically select partners to share parameters based on these abstract concepts. We also design an intrinsic reward to offer comprehensive collaboration guidance for agents, and introduce a policy cosine similarity regularization term to ensure sufficient policy diversity. Empirical evaluations demonstrate that our approach yields higher returns and faster convergence than state-of-the-art methods. © 2023 The Authors.

关键词： Dynamics

Ppt4j: Patch Presence Test for Java Binaries 24

学校读者我要写书评

暂无评论

Ppt4j: Patch Presence Test for Java Binaries

44th ACM/IEEE International Conference on software engineering, ICSE 2024

作者： Pan, Zhiyuan Hu, Xing Xia, Xin Zhan, Xian Lo, David Yang, Xiaohu Zhejiang University The State Key Laboratory of Blockchain and Data Security Hangzhou China Huawei Software Engineering Application Technology Lab Hangzhou China The Hong Kong Polytechnic University Hong Kong School of Computing and Information Systems Singapore Management University Singapore

ISBN: (纸本)9798400702174

The number of vulnerabilities reported in open source software has increased substantially in recent years. Security patches provide the necessary measures to protect software from attacks and vulnerabilities. In practice, it is difficult to identify whether patches have been integrated into software, especially if we only have binary files. Therefore, the ability to test whether a patch is applied to the target binary, a.k.a. patch presence test, is crucial for practitioners. However, it is challenging to obtain accurate semantic information from patches, which could lead to incorrect results. In this paper, we propose a new patch presence test framework named Ppt4j (Patch Presence Test forJava Binaries). Ppt4j is designed for open-source Java libraries. It takes Java binaries (i.e. bytecode files) as input, extracts semantic information from patches, and uses feature-based techniques to identify patch lines in the binaries. To evaluate the effectiveness of our proposed approach Ppt4j, we construct a dataset with binaries that include 110 vulnerabilities. The results show that Ppt4j achieves an F1 score of 98.5% with reasonable efficiency, improving the baseline by 14.2%. Furthermore, we conduct an in-the-wild evaluation of Ppt4j on JetBrains IntelliJ IDEA. The results suggest that a third-party library included in the software is not patched for two CVEs, and we have reported this potential security problem to the vendor. © 2024 ACM.

关键词： Open source software

Mind The Gap: Can Air-Gaps Keep Your Private Data Secure?

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Guri, Mordechai Ben-Gurion University of the Negev Israel Department of Software and Information Systems Engineering Air-Gap Research Lab United States

Personal data has become one of the most valuable assets and lucrative targets for attackers in the modern digital world. This includes personal identification information (PII), medical records, legal information, biometric data, and private communications. To protect it from hackers, 'air-gap' measures might be employed. This protective strategy keeps sensitive data in networks entirely isolated (physically and logically) from the Internet. Creating a physical 'air gap' between internal networks and the outside world safeguards sensitive data from theft and online threats. Air-gap networks are relevant today to governmental organizations, healthcare industries, finance sectors, intellectual property and legal firms, and others. In this paper, we dive deep into air-gap security in light of modern cyberattacks and data privacy. Despite this level of protection, publicized incidents from the last decade show that even air-gap networks are not immune to breaches. Motivated and capable adversaries can use sophisticated attack vectors to penetrate the air-gapped networks, leaking sensitive data *** focus on different aspects of air gap security. First, we overview cyber incidents that target air-gap networks, including infamous ones such as ***. Second, we introduce the adversarial attack model and different attack vectors attackers may use to compromise air-gap networks. Third, we present the techniques attackers can apply to leak data out of air-gap networks and introduce more innovative ones based on our recent research. We demonstrate that despite the disconnection from the Internet, attackers can exploit special types of covert channels to exfiltrate confidential data. We present the different types of covert channels, including electromagnetic, electrical, optical, thermal, and acoustic techniques. We show how attackers can use them stealthily. Our paper shows how advanced persistent threats (APTs) can leak private and confidential information using t

关键词： Information leakage