Decentralized finance(DeFi)has revolutionized traditional financial paradigms by enabling innovative,permissionless financial transactions.Among these,flash loans represent a significant breakthrough,offering rapid li...Decentralized finance(DeFi)has revolutionized traditional financial paradigms by enabling innovative,permissionless financial transactions.Among these,flash loans represent a significant breakthrough,offering rapid liquidity without collateral requirements.However,the very features that make flash loans appealing also expose DeFi ecosystems to severe security threats.This paper presents a systematic analysis of flash loan attack methodologies,their implications,and potential countermeasures.We formalize the problem via a game-theoretic model,delineating the interactions between malicious actors and security mechanisms.Through detailed case studies of major flash loan attacks,we illustrate common exploit strategies and vulnerabilities within smart contracts.Furthermore,we propose a comprehensive,multilayered security framework that integrates real-time anomaly detection,enhanced smart contract verification,decentralized governance improvements,and cross-platform intelligence sharing.Empirical analysis leveraging blockchain security datasets underscores the viability of these mitigative measures.Our findings contribute to the broader discourse on DeFi security by providing a structured approach to mitigating the systemic risks associated with flash loans,thereby enhancing the resilience of decentralized financial systems.展开更多
In this paper,two new guidance laws based on differential game theory are proposed and investigated for the attacker in an attacker-defender-target scenario.The conditions for the attacker winning the game are analyze...In this paper,two new guidance laws based on differential game theory are proposed and investigated for the attacker in an attacker-defender-target scenario.The conditions for the attacker winning the game are analyzed when the target and defender using the differential game guidance law based on the linear model.The core ideas underlying the two guidance laws are the attacker evading to a critical safe boundary from the defender,and then maintaining a critical miss distance.The guidance law more appropriate for the attacker to win the game differs according to the initial parameters.Unlike other guidance laws,when using the derived guidance laws there is no need to know the target and the defender’s control efforts.The results of numerical simulations show that the attacker can evade the defender and hit the target successfully by using the proposed derived guidance laws.展开更多
Objective: To observe the clinical effect of Rebixiao granule (热痹消颗粒剂, RBXG) in treating repeatedly attacking acute gouty arthritis and through experimental study on blood uric acid to explore RBXG's therape...Objective: To observe the clinical effect of Rebixiao granule (热痹消颗粒剂, RBXG) in treating repeatedly attacking acute gouty arthritis and through experimental study on blood uric acid to explore RBXG's therapeutic mechanism. Methods: Ninety repeatedly attacking acute gouty arthritis patients were divided into the treated group ( n =60) and control group ( n =30). The treated group was treated with RBXG, and the control group was treated with Futalin tablets (diclofenac sodium). The baseline treatment including good rest, low purine diet, sufficient water drinking and urine alkalization, etc. was then given to both groups. Hypoxanthine 600 mg/kg and niacin 100 mg/kg was applied to hyperuricemic mice by gastrogavage to establish the animal models. Results: The clinical effective rate of the treated group was 95.0% and that of the control 90.0%. Good therapeutic effects were won, insignificant difference ( P >0.05)was shown between the two groups. However, the cure rate of the treated group was 26.7% while that of the control group was 10.0%, with significant difference ( P <0.01) shown between them. The treated group had its blood uric acid lowered, which was significantly different ( P <0.05) from that of the control group. The animal experiment indicated that all the three groups treated with different dosages of RBXG, as well as the Ash bark and Smilax glabra rhizome groups had their blood uric acid content reduced in the hyperuricemic mice. Conclusion: RBXG has a quicker initiation and better treatment effects than sole anti-inflammatory and analgesic agents on the treatment of repeatedly attacking acute gouty arthritis, showing no obvious toxic or adverse reactions and therefore good for long-term administration and likely to be a safe TCM preparation to control the symptoms and reduce the onsets of repeatedly attacking of acute gouty arthritis. The animal experiment shows that both the compound preparation and part of the single ingredients in the recipe have the function of reducing blood uric acid. However, the compound recipe has better therapeutic effects, proving to be superior to single drugs.展开更多
Here we propose a new concept of"molecule aging":with some special treatment,a molecule could be"aged"by losing some unknown tiny particles or pieces from atoms in the molecule,Such"aging"...Here we propose a new concept of"molecule aging":with some special treatment,a molecule could be"aged"by losing some unknown tiny particles or pieces from atoms in the molecule,Such"aging"or loss of unknown tiny particles does not change apparently its molecular structure or chemical composition,but some physicochemical properties could be changed irreversibly.We further confirm such"molecule aging"via a long-term electron attacking to age water(H_(2)O)molecules.The IR spectra show no structural difference between the fresh water and the aged one,while the NMR spectra show that the electron attacking can decrease the size of water clusters.Such facts indicate that the electron attacking indeed can"affect"the structure of water molecule slightly but without damaging to its basic molecule frame.Further exploration reveals that the hydrogen evolution reaction(HER)activity of the aged water molecule is lower than the fresh water on the same Pt/C electrocatalyst.The density functional theory calculations indicate that the shortened O-H bond in H_(2)O indeed can present lower HER activity,so the observed size decrease of water clusters from NMR probably could be attributed to the shortening of O-H bond in water molecules.Such results indicate significantly that the molecule aging can produce materials with new functions for new possible applications.展开更多
Unmanned combat system is one of the important means to capture information superiority,carry out precision strike and accomplish special combat tasks in information war.Unmanned attack strategy plays a crucial role i...Unmanned combat system is one of the important means to capture information superiority,carry out precision strike and accomplish special combat tasks in information war.Unmanned attack strategy plays a crucial role in unmanned combat system,which has to ensure the attack by unmanned surface vehicles(USVs)from failure.To meet the challenge,we propose a task allocation algorithm called distributed auction mechanism task allocation with grey wolf optimization(DAGWO).The traditional grey wolf optimization(GWO)algorithm is improved with a distributed auction mechanism(DAM)to constrain the initialization of wolves,which improves the optimization process according to the actual situation.In addition,one unmanned aerial vehicle(UAV)is employed as the central control system to establish task allocation model and construct fitness function for the multiple constraints of USV attack problem.The proposed DAGWO algorithm can not only ensure the diversity of wolves,but also avoid the local optimum problem.Simulation results show that the proposed DAGWO algorithm can effectively solve the problem of attack task allocation among multiple USVs.展开更多
Deep learning networks are widely used in various systems that require classification.However,deep learning networks are vulnerable to adversarial attacks.The study on adversarial attacks plays an important role in de...Deep learning networks are widely used in various systems that require classification.However,deep learning networks are vulnerable to adversarial attacks.The study on adversarial attacks plays an important role in defense.Black-box attacks require less knowledge about target models than white-box attacks do,which means black-box attacks are easier to launch and more valuable.However,the state-of-arts black-box attacks still suffer in low success rates and large visual distances between generative adversarial images and original images.This paper proposes a kind of fast black-box attack based on the cross-correlation(FBACC)method.The attack is carried out in two stages.In the first stage,an adversarial image,which would be missclassified as the target label,is generated by using gradient descending learning.By far the image may look a lot different than the original one.Then,in the second stage,visual quality keeps getting improved on the condition that the label keeps being missclassified.By using the cross-correlation method,the error of the smooth region is ignored,and the number of iterations is reduced.Compared with the proposed black-box adversarial attack methods,FBACC achieves a better fooling rate and fewer iterations.When attacking LeNet5 and AlexNet respectively,the fooling rates are 100%and 89.56%.When attacking them at the same time,the fooling rate is 69.78%.FBACC method also provides a new adversarial attack method for the study of defense against adversarial attacks.展开更多
The unconditional security of quantum key distribution(QKD) can be guaranteed by the nature of quantum physics.Compared with the traditional two-dimensional BB84 QKD protocol, high-dimensional quantum key distribution...The unconditional security of quantum key distribution(QKD) can be guaranteed by the nature of quantum physics.Compared with the traditional two-dimensional BB84 QKD protocol, high-dimensional quantum key distribution(HDQKD) can be applied to generate much more secret key.Nonetheless, practical imperfections in realistic systems can be exploited by the third party to eavesdrop the secret key.The practical beam splitter has a correlation with wavelength,where different wavelengths have different coupling ratios.Using this property, we propose a wavelength-dependent attack towards time-bin high-dimensional QKD system.What is more, we demonstrate that this attacking protocol can be applied to arbitrary d-dimensional QKD system, and higher-dimensional QKD system is more vulnerable to this attacking strategy.展开更多
Influences of polymer-based grinding aid(PGA) on the damage process of concrete exposed to sulfate attack under dry-wet cycles were investigated. The mass loss, dynamic modulus of elasticity(Erd), and S and Ca ele...Influences of polymer-based grinding aid(PGA) on the damage process of concrete exposed to sulfate attack under dry-wet cycles were investigated. The mass loss, dynamic modulus of elasticity(Erd), and S and Ca element contents of concrete specimens were measured. Scanning electron microscopy(SEM), mercury intrusion porosimetry(MIP), and X-ray diffractometry(XRD) were used to investigate the changing of microstructure of interior concrete. The results indicated that PGA was capable of reducing the mass loss and improving the sulfate attack resistance of concrete. X-ray fluorescence(XRF) analysis revealed that PGA delayed the transport process of sulfate ions and Ca ions. In addition, MIP analysis disclosed that the micropores of concrete with PGA increased in the fraction of 20-100 nm and decreased in the residues of 200 nm. Compared with the blank sample, concrete with PGA had more slender and well-organized hydration products, and no changes in hydration products ratio or type were observed.展开更多
Objective:To observe the clinical efficacy of modified painless suppurative moxibustion with wheat-grain sized moxa cones plus Western medication in treating cough variant asthma(CVA)due to wind-cold attacking the lun...Objective:To observe the clinical efficacy of modified painless suppurative moxibustion with wheat-grain sized moxa cones plus Western medication in treating cough variant asthma(CVA)due to wind-cold attacking the lung and its effects on pulmonary function,serum immunoglobulin(Ig)-E,hypersensitive C-reactive protein(hs-CRP),and interleukin(IL)-6.Methods:A total of 98 CVA patients were randomly divided into an observation group and a control group using the random number table method,with 49 cases in each group.The control group was treated with salmeterol xinafoate and fluticasone propionate powder for inhalation,and the observation group was treated with additional modified painless suppurative moxibustion with wheat-grain sized moxa cones.The treatment lasted for 8 weeks.The traditional Chinese medicine(TCM)symptom score of the patients in both groups was observed before treatment,after treatment,and at 1-month follow-up after treatment for its changes.The clinical efficacy after treatment and at 1-month follow-up was compared between the two groups.The pulmonary function[forced expiratory volume in the first second(FEV1),FEV1/forced vital capacity(FVC),and peak expiratory flow(PEF)]and serum IgE,hs-CRP,and IL-6 levels were compared between the two groups before and after treatment.The adverse reactions that occurred during the treatment in both groups were observed and recorded.Results:The total effective rate of the observation group after treatment and at follow-up was higher than that of the control group(P<0.05).The TCM symptom scores in both groups after treatment and at follow-up were lower compared to the baseline(P<0.05),and the scores in the observation group were lower than those in the control group(P<0.05).The FEV1,FEV1/FVC,and PEF after treatment in both groups were higher compared to the baseline(P<0.05),and the levels in the observation group were higher than those in the control group(P<0.05).The serum levels of IgE,IL-6,and hs-CRP after treatment in both groups were lower than the baseline(P<0.05),and the levels in the observation group were lower than those in the control group(P<0.05).There were no adverse reactions in either group during the course of the study.Conclusion:Modified painless suppurative moxibustion with wheat-grain sized moxa cones plus salmeterol xinafoate and fluticasone propionate powder for inhalation is effective in treating CVA due to wind-cold attacking the lung;it can relieve the clinical symptoms of the patients,improve their pulmonary function,and also reduce serum IgE,hs-CRP,and IL-6 levels.展开更多
In federated learning,backdoor attacks have become an important research topic with their wide application in processing sensitive datasets.Since federated learning detects or modifies local models through defense mec...In federated learning,backdoor attacks have become an important research topic with their wide application in processing sensitive datasets.Since federated learning detects or modifies local models through defense mechanisms during aggregation,it is difficult to conduct effective backdoor attacks.In addition,existing backdoor attack methods are faced with challenges,such as low backdoor accuracy,poor ability to evade anomaly detection,and unstable model training.To address these challenges,a method called adaptive simulation backdoor attack(ASBA)is proposed.Specifically,ASBA improves the stability of model training by manipulating the local training process and using an adaptive mechanism,the ability of the malicious model to evade anomaly detection by combing large simulation training and clipping,and the backdoor accuracy by introducing a stimulus model to amplify the impact of the backdoor in the global model.Extensive comparative experiments under five advanced defense scenarios show that ASBA can effectively evade anomaly detection and achieve high backdoor accuracy in the global model.Furthermore,it exhibits excellent stability and effectiveness after multiple rounds of attacks,outperforming state-of-the-art backdoor attack methods.展开更多
The surge in smishing attacks underscores the urgent need for robust,real-time detection systems powered by advanced deep learning models.This paper introduces PhishNet,a novel ensemble learning framework that integra...The surge in smishing attacks underscores the urgent need for robust,real-time detection systems powered by advanced deep learning models.This paper introduces PhishNet,a novel ensemble learning framework that integrates transformer-based models(RoBERTa)and large language models(LLMs)(GPT-OSS 120B,LLaMA3.370B,and Qwen332B)to enhance smishing detection performance significantly.To mitigate class imbalance,we apply synthetic data augmentation using T5 and leverage various text preprocessing techniques.Our system employs a duallayer voting mechanism:weighted majority voting among LLMs and a final ensemble vote to classify messages as ham,spam,or smishing.Experimental results show an average accuracy improvement from 96%to 98.5%compared to the best standalone transformer,and from 93%to 98.5%when compared to LLMs across datasets.Furthermore,we present a real-time,user-friendly application to operationalize our detection model for practical use.PhishNet demonstrates superior scalability,usability,and detection accuracy,filling critical gaps in current smishing detection methodologies.展开更多
Federated Learning(FL)protects data privacy through a distributed training mechanism,yet its decentralized nature also introduces new security vulnerabilities.Backdoor attacks inject malicious triggers into the global...Federated Learning(FL)protects data privacy through a distributed training mechanism,yet its decentralized nature also introduces new security vulnerabilities.Backdoor attacks inject malicious triggers into the global model through compromised updates,posing significant threats to model integrity and becoming a key focus in FL security.Existing backdoor attack methods typically embed triggers directly into original images and consider only data heterogeneity,resulting in limited stealth and adaptability.To address the heterogeneity of malicious client devices,this paper proposes a novel backdoor attack method named Capability-Adaptive Shadow Backdoor Attack(CASBA).By incorporating measurements of clients’computational and communication capabilities,CASBA employs a dynamic hierarchical attack strategy that adaptively aligns attack intensity with available resources.Furthermore,an improved deep convolutional generative adversarial network(DCGAN)is integrated into the attack pipeline to embed triggers without modifying original data,significantly enhancing stealthiness.Comparative experiments with Shadow Backdoor Attack(SBA)across multiple scenarios demonstrate that CASBA dynamically adjusts resource consumption based on device capabilities,reducing average memory usage per iteration by 5.8%.CASBA improves resource efficiency while keeping the drop in attack success rate within 3%.Additionally,the effectiveness of CASBA against three robust FL algorithms is also validated.展开更多
Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulner...Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulnerabilities in software and communication protocols to silently gain access,exfiltrate data,and enable long-term surveillance.Their stealth and ability to evade traditional defenses make detection and mitigation highly challenging.This paper addresses these threats by systematically mapping the tactics and techniques of zero-click attacks using the MITRE ATT&CK framework,a widely adopted standard for modeling adversarial behavior.Through this mapping,we categorize real-world attack vectors and better understand how such attacks operate across the cyber-kill chain.To support threat detection efforts,we propose an Active Learning-based method to efficiently label the Pegasus spyware dataset in alignment with the MITRE ATT&CK framework.This approach reduces the effort of manually annotating data while improving the quality of the labeled data,which is essential to train robust cybersecurity models.In addition,our analysis highlights the structured execution paths of zero-click attacks and reveals gaps in current defense strategies.The findings emphasize the importance of forward-looking strategies such as continuous surveillance,dynamic threat profiling,and security education.By bridging zero-click attack analysis with the MITRE ATT&CK framework and leveraging machine learning for dataset annotation,this work provides a foundation for more accurate threat detection and the development of more resilient and structured cybersecurity frameworks.展开更多
The emergence of large language models(LLMs)has brought about revolutionary social value.However,concerns have arisen regarding the generation of deceptive content by LLMs and their potential for misuse.Consequently,a...The emergence of large language models(LLMs)has brought about revolutionary social value.However,concerns have arisen regarding the generation of deceptive content by LLMs and their potential for misuse.Consequently,a crucial research question arises:How can we differentiate between AI-generated and human-authored text?Existing detectors face some challenges,such as operating as black boxes,relying on supervised training,and being vulnerable to manipulation and misinformation.To tackle these challenges,we propose an innovative unsupervised white-box detection method that utilizes a“dual-driven verification mechanism”to achieve high-performance detection,even in the presence of obfuscated attacks in the text content.To be more specific,we initially employ the SpaceInfi strategy to enhance the difficulty of detecting the text content.Subsequently,we randomly select vulnerable spots from the text and perturb them using another pre-trained language model(e.g.,T5).Finally,we apply a dual-driven defense mechanism(D3M)that validates text content with perturbations,whether generated by a model or authored by a human,based on the dimensions of Information TransmissionQuality and Information TransmissionDensity.Through experimental validation,our proposed novelmethod demonstrates state-of-the-art(SOTA)performancewhen exposed to equivalent levels of perturbation intensity across multiple benchmarks,thereby showcasing the effectiveness of our strategies.展开更多
The performance of deep recommendation models degrades significantly under data poisoning attacks.While adversarial training methods such as Vulnerability-Aware Training(VAT)enhance robustness by injecting perturbatio...The performance of deep recommendation models degrades significantly under data poisoning attacks.While adversarial training methods such as Vulnerability-Aware Training(VAT)enhance robustness by injecting perturbations into embeddings,they remain limited by coarse-grained noise and a static defense strategy,leaving models susceptible to adaptive attacks.This study proposes a novel framework,Self-Purification Data Sanitization(SPD),which integrates vulnerability-aware adversarial training with dynamic label correction.Specifically,SPD first identifies high-risk users through a fragility scoring mechanism,then applies self-purification by replacing suspicious interactions with model-predicted high-confidence labels during training.This closed-loop process continuously sanitizes the training data and breaks the protection ceiling of conventional adversarial training.Experiments demonstrate that SPD significantly improves the robustness of both Matrix Factorization(MF)and LightGCN models against various poisoning attacks.We show that SPD effectively suppresses malicious gradient propagation and maintains recommendation accuracy.Evaluations on Gowalla and Yelp2018 confirmthat SPD-trainedmodels withstandmultiple attack strategies—including Random,Bandwagon,DP,and Rev attacks—while preserving performance.展开更多
Network attacks have become a critical issue in the internet security domain.Artificial intelligence technology-based detection methodologies have attracted attention;however,recent studies have struggled to adapt to ...Network attacks have become a critical issue in the internet security domain.Artificial intelligence technology-based detection methodologies have attracted attention;however,recent studies have struggled to adapt to changing attack patterns and complex network environments.In addition,it is difficult to explain the detection results logically using artificial intelligence.We propose a method for classifying network attacks using graph models to explain the detection results.First,we reconstruct the network packet data into a graphical structure.We then use a graph model to predict network attacks using edge classification.To explain the prediction results,we observed numerical changes by randomly masking and calculating the importance of neighbors,allowing us to extract significant subgraphs.Our experiments on six public datasets demonstrate superior performance with an average F1-score of 0.960 and accuracy of 0.964,outperforming traditional machine learning and other graph models.The visual representation of the extracted subgraphs highlights the neighboring nodes that have the greatest impact on the results,thus explaining detection.In conclusion,this study demonstrates that graph-based models are suitable for network attack detection in complex environments,and the importance of graph neighbors can be calculated to efficiently analyze the results.This approach can contribute to real-world network security analyses and provide a new direction in the field.展开更多
In recent years,with the rapid advancement of artificial intelligence,object detection algorithms have made significant strides in accuracy and computational efficiency.Notably,research and applications of Anchor-Free...In recent years,with the rapid advancement of artificial intelligence,object detection algorithms have made significant strides in accuracy and computational efficiency.Notably,research and applications of Anchor-Free models have opened new avenues for real-time target detection in optical remote sensing images(ORSIs).However,in the realmof adversarial attacks,developing adversarial techniques tailored to Anchor-Freemodels remains challenging.Adversarial examples generated based on Anchor-Based models often exhibit poor transferability to these new model architectures.Furthermore,the growing diversity of Anchor-Free models poses additional hurdles to achieving robust transferability of adversarial attacks.This study presents an improved cross-conv-block feature fusion You Only Look Once(YOLO)architecture,meticulously engineered to facilitate the extraction ofmore comprehensive semantic features during the backpropagation process.To address the asymmetry between densely distributed objects in ORSIs and the corresponding detector outputs,a novel dense bounding box attack strategy is proposed.This approach leverages dense target bounding boxes loss in the calculation of adversarial loss functions.Furthermore,by integrating translation-invariant(TI)and momentum-iteration(MI)adversarial methodologies,the proposed framework significantly improves the transferability of adversarial attacks.Experimental results demonstrate that our method achieves superior adversarial attack performance,with adversarial transferability rates(ATR)of 67.53%on the NWPU VHR-10 dataset and 90.71%on the HRSC2016 dataset.Compared to ensemble adversarial attack and cascaded adversarial attack approaches,our method generates adversarial examples in an average of 0.64 s,representing an approximately 14.5%improvement in efficiency under equivalent conditions.展开更多
The large-scale deployment of Internet of Things(IoT)technology across various aspects of daily life has significantly propelled the intelligent development of society.Among them,the integration of IoT and named data ...The large-scale deployment of Internet of Things(IoT)technology across various aspects of daily life has significantly propelled the intelligent development of society.Among them,the integration of IoT and named data networks(NDNs)reduces network complexity and provides practical directions for content-oriented network design.However,ensuring data integrity in NDN-IoT applications remains a challenging issue.Very recently,Wang et al.(Entropy,27(5),471(2025))designed a certificateless aggregate signature(CLAS)scheme for NDN-IoT environments.Wang et al.stated that their construction was provably secure under various types of security attacks.Using theoretical analysis methods,in this work,we reveal that their CLAS design fails to meet unforgeability,a core security requirement for CLAS schemes.In particular,we demonstrate that their scheme is vulnerable to amalicious public-key replacement attack,enabling an adversary to produce authentic signatures for arbitrary fraudulent messages.Therefore,Wang et al.’s design cannot achieve its goal.To address the issue,we systematically examine the root causes behind the vulnerability and propose a security-enhanced CLAS construction for NDN-IoT environments.We prove the security ofour improveddesignunder the standard security assumptionandalsoanalyze its practicalperformanceby comparing the computational and communication costs with several related works.The comparison results show the practicality of our design.展开更多
At inference time,deep neural networks are susceptible to backdoor attacks,which can produce attackercontrolled outputs when inputs contain carefully crafted triggers.Existing defense methods often focus on specific a...At inference time,deep neural networks are susceptible to backdoor attacks,which can produce attackercontrolled outputs when inputs contain carefully crafted triggers.Existing defense methods often focus on specific attack types or incur high costs,such as data cleaning or model fine-tuning.In contrast,we argue that it is possible to achieve effective and generalizable defense without removing triggers or incurring high model-cleaning costs.Fromthe attacker’s perspective and based on characteristics of vulnerable neuron activation anomalies,we propose an Adaptive Feature Injection(AFI)method for black-box backdoor detection.AFI employs a pre-trained image encoder to extract multi-level deep features and constructs a dynamic weight fusionmechanism for precise identification and interception of poisoned samples.Specifically,we select the control samples with the largest feature differences fromthe clean dataset via feature-space analysis,and generate blended sample pairs with the test sample using dynamic linear interpolation.The detection statistic is computed by measuring the divergence G(x)in model output responses.We systematically evaluate the effectiveness of AFI against representative backdoor attacks,including BadNets,Blend,WaNet,and IAB,on three benchmark datasets:MNIST,CIFAR-10,and ImageNet.Experimental results show that AFI can effectively detect poisoned samples,achieving average detection rates of 95.20%,94.15%,and 86.49%on these datasets,respectively.Compared with existing methods,AFI demonstrates strong cross-domain generalization ability and robustness to unknown attacks.展开更多
Internet of Things(IoTs)devices are bringing about a revolutionary change our society by enabling connectivity regardless of time and location.However,The extensive deployment of these devices also makes them attracti...Internet of Things(IoTs)devices are bringing about a revolutionary change our society by enabling connectivity regardless of time and location.However,The extensive deployment of these devices also makes them attractive victims for themalicious actions of adversaries.Within the spectrumof existing threats,Side-ChannelAttacks(SCAs)have established themselves as an effective way to compromise cryptographic implementations.These attacks exploit unintended,unintended physical leakage that occurs during the cryptographic execution of devices,bypassing the theoretical strength of the crypto design.In recent times,the advancement of deep learning has provided SCAs with a powerful ally.Well-trained deep-learningmodels demonstrate an exceptional capacity to identify correlations between side-channel measurements and sensitive data,thereby significantly enhancing such attacks.To further understand the security threats posed by deep-learning SCAs and to aid in formulating robust countermeasures in the future,this paper undertakes an exhaustive investigation of leading-edge SCAs targeting Advanced Encryption Standard(AES)implementations.The study specifically focuses on attacks that exploit power consumption and electromagnetic(EM)emissions as primary leakage sources,systematically evaluating the extent to which diverse deep learning techniques enhance SCAs acrossmultiple critical dimensions.These dimensions include:(i)the characteristics of publicly available datasets derived from various hardware and software platforms;(ii)the formalization of leakage models tailored to different attack scenarios;(iii)the architectural suitability and performance of state-of-the-art deep learning models.Furthermore,the survey provides a systematic synthesis of current research findings,identifies significant unresolved issues in the existing literature and suggests promising directions for future work,including cross-device attack transferability and the impact of quantum-classical hybrid computing on side-channel security.展开更多
基金supported by the Sichuan Science and Technology Program(2024YFHZ0161).
文摘Decentralized finance(DeFi)has revolutionized traditional financial paradigms by enabling innovative,permissionless financial transactions.Among these,flash loans represent a significant breakthrough,offering rapid liquidity without collateral requirements.However,the very features that make flash loans appealing also expose DeFi ecosystems to severe security threats.This paper presents a systematic analysis of flash loan attack methodologies,their implications,and potential countermeasures.We formalize the problem via a game-theoretic model,delineating the interactions between malicious actors and security mechanisms.Through detailed case studies of major flash loan attacks,we illustrate common exploit strategies and vulnerabilities within smart contracts.Furthermore,we propose a comprehensive,multilayered security framework that integrates real-time anomaly detection,enhanced smart contract verification,decentralized governance improvements,and cross-platform intelligence sharing.Empirical analysis leveraging blockchain security datasets underscores the viability of these mitigative measures.Our findings contribute to the broader discourse on DeFi security by providing a structured approach to mitigating the systemic risks associated with flash loans,thereby enhancing the resilience of decentralized financial systems.
基金co-supported by the National Natural Science Foundation of China(No.11672093)the Shanghai Aerospace Science and Technology Innovation Foundation,China(No.SAST2016039)
文摘In this paper,two new guidance laws based on differential game theory are proposed and investigated for the attacker in an attacker-defender-target scenario.The conditions for the attacker winning the game are analyzed when the target and defender using the differential game guidance law based on the linear model.The core ideas underlying the two guidance laws are the attacker evading to a critical safe boundary from the defender,and then maintaining a critical miss distance.The guidance law more appropriate for the attacker to win the game differs according to the initial parameters.Unlike other guidance laws,when using the derived guidance laws there is no need to know the target and the defender’s control efforts.The results of numerical simulations show that the attacker can evade the defender and hit the target successfully by using the proposed derived guidance laws.
基金Supported by Project of Science and Technology Commis sion Foundation of Jiangsu Province in 1998
文摘Objective: To observe the clinical effect of Rebixiao granule (热痹消颗粒剂, RBXG) in treating repeatedly attacking acute gouty arthritis and through experimental study on blood uric acid to explore RBXG's therapeutic mechanism. Methods: Ninety repeatedly attacking acute gouty arthritis patients were divided into the treated group ( n =60) and control group ( n =30). The treated group was treated with RBXG, and the control group was treated with Futalin tablets (diclofenac sodium). The baseline treatment including good rest, low purine diet, sufficient water drinking and urine alkalization, etc. was then given to both groups. Hypoxanthine 600 mg/kg and niacin 100 mg/kg was applied to hyperuricemic mice by gastrogavage to establish the animal models. Results: The clinical effective rate of the treated group was 95.0% and that of the control 90.0%. Good therapeutic effects were won, insignificant difference ( P >0.05)was shown between the two groups. However, the cure rate of the treated group was 26.7% while that of the control group was 10.0%, with significant difference ( P <0.01) shown between them. The treated group had its blood uric acid lowered, which was significantly different ( P <0.05) from that of the control group. The animal experiment indicated that all the three groups treated with different dosages of RBXG, as well as the Ash bark and Smilax glabra rhizome groups had their blood uric acid content reduced in the hyperuricemic mice. Conclusion: RBXG has a quicker initiation and better treatment effects than sole anti-inflammatory and analgesic agents on the treatment of repeatedly attacking acute gouty arthritis, showing no obvious toxic or adverse reactions and therefore good for long-term administration and likely to be a safe TCM preparation to control the symptoms and reduce the onsets of repeatedly attacking of acute gouty arthritis. The animal experiment shows that both the compound preparation and part of the single ingredients in the recipe have the function of reducing blood uric acid. However, the compound recipe has better therapeutic effects, proving to be superior to single drugs.
基金funded by the Key Research and Development Program sponsored by the Ministry of Science and Technology(MOST)(2022YFA1203400)National Natural Science Foundation of China(21925205,22072145,21372155,22005294,and 22102172)。
文摘Here we propose a new concept of"molecule aging":with some special treatment,a molecule could be"aged"by losing some unknown tiny particles or pieces from atoms in the molecule,Such"aging"or loss of unknown tiny particles does not change apparently its molecular structure or chemical composition,but some physicochemical properties could be changed irreversibly.We further confirm such"molecule aging"via a long-term electron attacking to age water(H_(2)O)molecules.The IR spectra show no structural difference between the fresh water and the aged one,while the NMR spectra show that the electron attacking can decrease the size of water clusters.Such facts indicate that the electron attacking indeed can"affect"the structure of water molecule slightly but without damaging to its basic molecule frame.Further exploration reveals that the hydrogen evolution reaction(HER)activity of the aged water molecule is lower than the fresh water on the same Pt/C electrocatalyst.The density functional theory calculations indicate that the shortened O-H bond in H_(2)O indeed can present lower HER activity,so the observed size decrease of water clusters from NMR probably could be attributed to the shortening of O-H bond in water molecules.Such results indicate significantly that the molecule aging can produce materials with new functions for new possible applications.
基金the National Natural Science Foundation of China(No.61625304)。
文摘Unmanned combat system is one of the important means to capture information superiority,carry out precision strike and accomplish special combat tasks in information war.Unmanned attack strategy plays a crucial role in unmanned combat system,which has to ensure the attack by unmanned surface vehicles(USVs)from failure.To meet the challenge,we propose a task allocation algorithm called distributed auction mechanism task allocation with grey wolf optimization(DAGWO).The traditional grey wolf optimization(GWO)algorithm is improved with a distributed auction mechanism(DAM)to constrain the initialization of wolves,which improves the optimization process according to the actual situation.In addition,one unmanned aerial vehicle(UAV)is employed as the central control system to establish task allocation model and construct fitness function for the multiple constraints of USV attack problem.The proposed DAGWO algorithm can not only ensure the diversity of wolves,but also avoid the local optimum problem.Simulation results show that the proposed DAGWO algorithm can effectively solve the problem of attack task allocation among multiple USVs.
基金This work is supported by the National Key R&D Program of China(2017YFB0802703)Research on the education mode for complicate skill students in new media with cross specialty integration(22150117092)+3 种基金Major Scientific and Technological Special Project of Guizhou Province(20183001)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ014)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ019)Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ022).
文摘Deep learning networks are widely used in various systems that require classification.However,deep learning networks are vulnerable to adversarial attacks.The study on adversarial attacks plays an important role in defense.Black-box attacks require less knowledge about target models than white-box attacks do,which means black-box attacks are easier to launch and more valuable.However,the state-of-arts black-box attacks still suffer in low success rates and large visual distances between generative adversarial images and original images.This paper proposes a kind of fast black-box attack based on the cross-correlation(FBACC)method.The attack is carried out in two stages.In the first stage,an adversarial image,which would be missclassified as the target label,is generated by using gradient descending learning.By far the image may look a lot different than the original one.Then,in the second stage,visual quality keeps getting improved on the condition that the label keeps being missclassified.By using the cross-correlation method,the error of the smooth region is ignored,and the number of iterations is reduced.Compared with the proposed black-box adversarial attack methods,FBACC achieves a better fooling rate and fewer iterations.When attacking LeNet5 and AlexNet respectively,the fooling rates are 100%and 89.56%.When attacking them at the same time,the fooling rate is 69.78%.FBACC method also provides a new adversarial attack method for the study of defense against adversarial attacks.
基金Project supported by the National Key Research and Development Program of China(Grant No.2016YFA0302600)the National Natural Science Foundation of China(Grant No.61675235)
文摘The unconditional security of quantum key distribution(QKD) can be guaranteed by the nature of quantum physics.Compared with the traditional two-dimensional BB84 QKD protocol, high-dimensional quantum key distribution(HDQKD) can be applied to generate much more secret key.Nonetheless, practical imperfections in realistic systems can be exploited by the third party to eavesdrop the secret key.The practical beam splitter has a correlation with wavelength,where different wavelengths have different coupling ratios.Using this property, we propose a wavelength-dependent attack towards time-bin high-dimensional QKD system.What is more, we demonstrate that this attacking protocol can be applied to arbitrary d-dimensional QKD system, and higher-dimensional QKD system is more vulnerable to this attacking strategy.
基金Funded by National Natural Science Foundation of China(No.51578141)National Program on Key Basic Research Project(973 Program)(No.2015CB655102)Ministry of Science and Technology of China(No.2016YFE011820)
文摘Influences of polymer-based grinding aid(PGA) on the damage process of concrete exposed to sulfate attack under dry-wet cycles were investigated. The mass loss, dynamic modulus of elasticity(Erd), and S and Ca element contents of concrete specimens were measured. Scanning electron microscopy(SEM), mercury intrusion porosimetry(MIP), and X-ray diffractometry(XRD) were used to investigate the changing of microstructure of interior concrete. The results indicated that PGA was capable of reducing the mass loss and improving the sulfate attack resistance of concrete. X-ray fluorescence(XRF) analysis revealed that PGA delayed the transport process of sulfate ions and Ca ions. In addition, MIP analysis disclosed that the micropores of concrete with PGA increased in the fraction of 20-100 nm and decreased in the residues of 200 nm. Compared with the blank sample, concrete with PGA had more slender and well-organized hydration products, and no changes in hydration products ratio or type were observed.
文摘Objective:To observe the clinical efficacy of modified painless suppurative moxibustion with wheat-grain sized moxa cones plus Western medication in treating cough variant asthma(CVA)due to wind-cold attacking the lung and its effects on pulmonary function,serum immunoglobulin(Ig)-E,hypersensitive C-reactive protein(hs-CRP),and interleukin(IL)-6.Methods:A total of 98 CVA patients were randomly divided into an observation group and a control group using the random number table method,with 49 cases in each group.The control group was treated with salmeterol xinafoate and fluticasone propionate powder for inhalation,and the observation group was treated with additional modified painless suppurative moxibustion with wheat-grain sized moxa cones.The treatment lasted for 8 weeks.The traditional Chinese medicine(TCM)symptom score of the patients in both groups was observed before treatment,after treatment,and at 1-month follow-up after treatment for its changes.The clinical efficacy after treatment and at 1-month follow-up was compared between the two groups.The pulmonary function[forced expiratory volume in the first second(FEV1),FEV1/forced vital capacity(FVC),and peak expiratory flow(PEF)]and serum IgE,hs-CRP,and IL-6 levels were compared between the two groups before and after treatment.The adverse reactions that occurred during the treatment in both groups were observed and recorded.Results:The total effective rate of the observation group after treatment and at follow-up was higher than that of the control group(P<0.05).The TCM symptom scores in both groups after treatment and at follow-up were lower compared to the baseline(P<0.05),and the scores in the observation group were lower than those in the control group(P<0.05).The FEV1,FEV1/FVC,and PEF after treatment in both groups were higher compared to the baseline(P<0.05),and the levels in the observation group were higher than those in the control group(P<0.05).The serum levels of IgE,IL-6,and hs-CRP after treatment in both groups were lower than the baseline(P<0.05),and the levels in the observation group were lower than those in the control group(P<0.05).There were no adverse reactions in either group during the course of the study.Conclusion:Modified painless suppurative moxibustion with wheat-grain sized moxa cones plus salmeterol xinafoate and fluticasone propionate powder for inhalation is effective in treating CVA due to wind-cold attacking the lung;it can relieve the clinical symptoms of the patients,improve their pulmonary function,and also reduce serum IgE,hs-CRP,and IL-6 levels.
文摘In federated learning,backdoor attacks have become an important research topic with their wide application in processing sensitive datasets.Since federated learning detects or modifies local models through defense mechanisms during aggregation,it is difficult to conduct effective backdoor attacks.In addition,existing backdoor attack methods are faced with challenges,such as low backdoor accuracy,poor ability to evade anomaly detection,and unstable model training.To address these challenges,a method called adaptive simulation backdoor attack(ASBA)is proposed.Specifically,ASBA improves the stability of model training by manipulating the local training process and using an adaptive mechanism,the ability of the malicious model to evade anomaly detection by combing large simulation training and clipping,and the backdoor accuracy by introducing a stimulus model to amplify the impact of the backdoor in the global model.Extensive comparative experiments under five advanced defense scenarios show that ASBA can effectively evade anomaly detection and achieve high backdoor accuracy in the global model.Furthermore,it exhibits excellent stability and effectiveness after multiple rounds of attacks,outperforming state-of-the-art backdoor attack methods.
基金funded by the Deanship of Scientific Research(DSR)at King Abdulaziz University,Jeddah,under Grant No.(GPIP:1074-612-2024).
文摘The surge in smishing attacks underscores the urgent need for robust,real-time detection systems powered by advanced deep learning models.This paper introduces PhishNet,a novel ensemble learning framework that integrates transformer-based models(RoBERTa)and large language models(LLMs)(GPT-OSS 120B,LLaMA3.370B,and Qwen332B)to enhance smishing detection performance significantly.To mitigate class imbalance,we apply synthetic data augmentation using T5 and leverage various text preprocessing techniques.Our system employs a duallayer voting mechanism:weighted majority voting among LLMs and a final ensemble vote to classify messages as ham,spam,or smishing.Experimental results show an average accuracy improvement from 96%to 98.5%compared to the best standalone transformer,and from 93%to 98.5%when compared to LLMs across datasets.Furthermore,we present a real-time,user-friendly application to operationalize our detection model for practical use.PhishNet demonstrates superior scalability,usability,and detection accuracy,filling critical gaps in current smishing detection methodologies.
基金supported by the National Natural Science Foundation of China(Grant No.62172123)the Key Research and Development Program of Heilongjiang Province,China(GrantNo.2022ZX01A36).
文摘Federated Learning(FL)protects data privacy through a distributed training mechanism,yet its decentralized nature also introduces new security vulnerabilities.Backdoor attacks inject malicious triggers into the global model through compromised updates,posing significant threats to model integrity and becoming a key focus in FL security.Existing backdoor attack methods typically embed triggers directly into original images and consider only data heterogeneity,resulting in limited stealth and adaptability.To address the heterogeneity of malicious client devices,this paper proposes a novel backdoor attack method named Capability-Adaptive Shadow Backdoor Attack(CASBA).By incorporating measurements of clients’computational and communication capabilities,CASBA employs a dynamic hierarchical attack strategy that adaptively aligns attack intensity with available resources.Furthermore,an improved deep convolutional generative adversarial network(DCGAN)is integrated into the attack pipeline to embed triggers without modifying original data,significantly enhancing stealthiness.Comparative experiments with Shadow Backdoor Attack(SBA)across multiple scenarios demonstrate that CASBA dynamically adjusts resource consumption based on device capabilities,reducing average memory usage per iteration by 5.8%.CASBA improves resource efficiency while keeping the drop in attack success rate within 3%.Additionally,the effectiveness of CASBA against three robust FL algorithms is also validated.
文摘Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulnerabilities in software and communication protocols to silently gain access,exfiltrate data,and enable long-term surveillance.Their stealth and ability to evade traditional defenses make detection and mitigation highly challenging.This paper addresses these threats by systematically mapping the tactics and techniques of zero-click attacks using the MITRE ATT&CK framework,a widely adopted standard for modeling adversarial behavior.Through this mapping,we categorize real-world attack vectors and better understand how such attacks operate across the cyber-kill chain.To support threat detection efforts,we propose an Active Learning-based method to efficiently label the Pegasus spyware dataset in alignment with the MITRE ATT&CK framework.This approach reduces the effort of manually annotating data while improving the quality of the labeled data,which is essential to train robust cybersecurity models.In addition,our analysis highlights the structured execution paths of zero-click attacks and reveals gaps in current defense strategies.The findings emphasize the importance of forward-looking strategies such as continuous surveillance,dynamic threat profiling,and security education.By bridging zero-click attack analysis with the MITRE ATT&CK framework and leveraging machine learning for dataset annotation,this work provides a foundation for more accurate threat detection and the development of more resilient and structured cybersecurity frameworks.
文摘The emergence of large language models(LLMs)has brought about revolutionary social value.However,concerns have arisen regarding the generation of deceptive content by LLMs and their potential for misuse.Consequently,a crucial research question arises:How can we differentiate between AI-generated and human-authored text?Existing detectors face some challenges,such as operating as black boxes,relying on supervised training,and being vulnerable to manipulation and misinformation.To tackle these challenges,we propose an innovative unsupervised white-box detection method that utilizes a“dual-driven verification mechanism”to achieve high-performance detection,even in the presence of obfuscated attacks in the text content.To be more specific,we initially employ the SpaceInfi strategy to enhance the difficulty of detecting the text content.Subsequently,we randomly select vulnerable spots from the text and perturb them using another pre-trained language model(e.g.,T5).Finally,we apply a dual-driven defense mechanism(D3M)that validates text content with perturbations,whether generated by a model or authored by a human,based on the dimensions of Information TransmissionQuality and Information TransmissionDensity.Through experimental validation,our proposed novelmethod demonstrates state-of-the-art(SOTA)performancewhen exposed to equivalent levels of perturbation intensity across multiple benchmarks,thereby showcasing the effectiveness of our strategies.
文摘The performance of deep recommendation models degrades significantly under data poisoning attacks.While adversarial training methods such as Vulnerability-Aware Training(VAT)enhance robustness by injecting perturbations into embeddings,they remain limited by coarse-grained noise and a static defense strategy,leaving models susceptible to adaptive attacks.This study proposes a novel framework,Self-Purification Data Sanitization(SPD),which integrates vulnerability-aware adversarial training with dynamic label correction.Specifically,SPD first identifies high-risk users through a fragility scoring mechanism,then applies self-purification by replacing suspicious interactions with model-predicted high-confidence labels during training.This closed-loop process continuously sanitizes the training data and breaks the protection ceiling of conventional adversarial training.Experiments demonstrate that SPD significantly improves the robustness of both Matrix Factorization(MF)and LightGCN models against various poisoning attacks.We show that SPD effectively suppresses malicious gradient propagation and maintains recommendation accuracy.Evaluations on Gowalla and Yelp2018 confirmthat SPD-trainedmodels withstandmultiple attack strategies—including Random,Bandwagon,DP,and Rev attacks—while preserving performance.
基金supported by the MSIT(Ministry of Science and ICT),Republic of Korea,under the ICAN(ICT Challenge and Advanced Network of HRD)support program(IITP-2025-RS-2023-00259497)supervised by the IITP(Institute for Information&Communications Technology Planning&Evaluation)and was supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Republic of Korea government(MSIT)(No.IITP-2025-RS-2023-00254129+1 种基金Graduate School of Metaverse Convergence(Sungkyunkwan University))was supported by the Basic Science Research Program of the National Research Foundation(NRF)funded by the Republic of Korean government(MSIT)(No.RS-2024-00346737).
文摘Network attacks have become a critical issue in the internet security domain.Artificial intelligence technology-based detection methodologies have attracted attention;however,recent studies have struggled to adapt to changing attack patterns and complex network environments.In addition,it is difficult to explain the detection results logically using artificial intelligence.We propose a method for classifying network attacks using graph models to explain the detection results.First,we reconstruct the network packet data into a graphical structure.We then use a graph model to predict network attacks using edge classification.To explain the prediction results,we observed numerical changes by randomly masking and calculating the importance of neighbors,allowing us to extract significant subgraphs.Our experiments on six public datasets demonstrate superior performance with an average F1-score of 0.960 and accuracy of 0.964,outperforming traditional machine learning and other graph models.The visual representation of the extracted subgraphs highlights the neighboring nodes that have the greatest impact on the results,thus explaining detection.In conclusion,this study demonstrates that graph-based models are suitable for network attack detection in complex environments,and the importance of graph neighbors can be calculated to efficiently analyze the results.This approach can contribute to real-world network security analyses and provide a new direction in the field.
文摘In recent years,with the rapid advancement of artificial intelligence,object detection algorithms have made significant strides in accuracy and computational efficiency.Notably,research and applications of Anchor-Free models have opened new avenues for real-time target detection in optical remote sensing images(ORSIs).However,in the realmof adversarial attacks,developing adversarial techniques tailored to Anchor-Freemodels remains challenging.Adversarial examples generated based on Anchor-Based models often exhibit poor transferability to these new model architectures.Furthermore,the growing diversity of Anchor-Free models poses additional hurdles to achieving robust transferability of adversarial attacks.This study presents an improved cross-conv-block feature fusion You Only Look Once(YOLO)architecture,meticulously engineered to facilitate the extraction ofmore comprehensive semantic features during the backpropagation process.To address the asymmetry between densely distributed objects in ORSIs and the corresponding detector outputs,a novel dense bounding box attack strategy is proposed.This approach leverages dense target bounding boxes loss in the calculation of adversarial loss functions.Furthermore,by integrating translation-invariant(TI)and momentum-iteration(MI)adversarial methodologies,the proposed framework significantly improves the transferability of adversarial attacks.Experimental results demonstrate that our method achieves superior adversarial attack performance,with adversarial transferability rates(ATR)of 67.53%on the NWPU VHR-10 dataset and 90.71%on the HRSC2016 dataset.Compared to ensemble adversarial attack and cascaded adversarial attack approaches,our method generates adversarial examples in an average of 0.64 s,representing an approximately 14.5%improvement in efficiency under equivalent conditions.
基金supported in part by theHubei Engineering Research Center for BDS-CloudHigh-Precision Deformation Monitoring Open Funding(No.HBBDGJ202507Y)the National Natural Science Foundation of China(No.62377037).
文摘The large-scale deployment of Internet of Things(IoT)technology across various aspects of daily life has significantly propelled the intelligent development of society.Among them,the integration of IoT and named data networks(NDNs)reduces network complexity and provides practical directions for content-oriented network design.However,ensuring data integrity in NDN-IoT applications remains a challenging issue.Very recently,Wang et al.(Entropy,27(5),471(2025))designed a certificateless aggregate signature(CLAS)scheme for NDN-IoT environments.Wang et al.stated that their construction was provably secure under various types of security attacks.Using theoretical analysis methods,in this work,we reveal that their CLAS design fails to meet unforgeability,a core security requirement for CLAS schemes.In particular,we demonstrate that their scheme is vulnerable to amalicious public-key replacement attack,enabling an adversary to produce authentic signatures for arbitrary fraudulent messages.Therefore,Wang et al.’s design cannot achieve its goal.To address the issue,we systematically examine the root causes behind the vulnerability and propose a security-enhanced CLAS construction for NDN-IoT environments.We prove the security ofour improveddesignunder the standard security assumptionandalsoanalyze its practicalperformanceby comparing the computational and communication costs with several related works.The comparison results show the practicality of our design.
基金supported by the National Natural Science Foundation of China Grant(No.61972133)Project of Leading Talents in Science and Technology Innovation for Thousands of People Plan in Henan Province Grant(No.204200510021)the Key Research and Development Plan Special Project of Henan Province Grant(No.241111211400).
文摘At inference time,deep neural networks are susceptible to backdoor attacks,which can produce attackercontrolled outputs when inputs contain carefully crafted triggers.Existing defense methods often focus on specific attack types or incur high costs,such as data cleaning or model fine-tuning.In contrast,we argue that it is possible to achieve effective and generalizable defense without removing triggers or incurring high model-cleaning costs.Fromthe attacker’s perspective and based on characteristics of vulnerable neuron activation anomalies,we propose an Adaptive Feature Injection(AFI)method for black-box backdoor detection.AFI employs a pre-trained image encoder to extract multi-level deep features and constructs a dynamic weight fusionmechanism for precise identification and interception of poisoned samples.Specifically,we select the control samples with the largest feature differences fromthe clean dataset via feature-space analysis,and generate blended sample pairs with the test sample using dynamic linear interpolation.The detection statistic is computed by measuring the divergence G(x)in model output responses.We systematically evaluate the effectiveness of AFI against representative backdoor attacks,including BadNets,Blend,WaNet,and IAB,on three benchmark datasets:MNIST,CIFAR-10,and ImageNet.Experimental results show that AFI can effectively detect poisoned samples,achieving average detection rates of 95.20%,94.15%,and 86.49%on these datasets,respectively.Compared with existing methods,AFI demonstrates strong cross-domain generalization ability and robustness to unknown attacks.
基金The Key R&D Program of Hunan Province(Grant No.2025AQ2024)of the Department of Science and Technology of Hunan Province.Distinguished Young Scientists Fund(Grant No.24B0446)of Hunan Education Department.
文摘Internet of Things(IoTs)devices are bringing about a revolutionary change our society by enabling connectivity regardless of time and location.However,The extensive deployment of these devices also makes them attractive victims for themalicious actions of adversaries.Within the spectrumof existing threats,Side-ChannelAttacks(SCAs)have established themselves as an effective way to compromise cryptographic implementations.These attacks exploit unintended,unintended physical leakage that occurs during the cryptographic execution of devices,bypassing the theoretical strength of the crypto design.In recent times,the advancement of deep learning has provided SCAs with a powerful ally.Well-trained deep-learningmodels demonstrate an exceptional capacity to identify correlations between side-channel measurements and sensitive data,thereby significantly enhancing such attacks.To further understand the security threats posed by deep-learning SCAs and to aid in formulating robust countermeasures in the future,this paper undertakes an exhaustive investigation of leading-edge SCAs targeting Advanced Encryption Standard(AES)implementations.The study specifically focuses on attacks that exploit power consumption and electromagnetic(EM)emissions as primary leakage sources,systematically evaluating the extent to which diverse deep learning techniques enhance SCAs acrossmultiple critical dimensions.These dimensions include:(i)the characteristics of publicly available datasets derived from various hardware and software platforms;(ii)the formalization of leakage models tailored to different attack scenarios;(iii)the architectural suitability and performance of state-of-the-art deep learning models.Furthermore,the survey provides a systematic synthesis of current research findings,identifies significant unresolved issues in the existing literature and suggests promising directions for future work,including cross-device attack transferability and the impact of quantum-classical hybrid computing on side-channel security.
