Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
5.3
2.6
Journals
Electronics
Special Issues
Security and Privacy for AI
share announcement

Security and Privacy for AI

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Artificial Intelligence".

Deadline for manuscript submissions: 15 August 2025 | Viewed by 3822

Special Issue Editors

Dr. Cheng Huang

E-Mail Website
Guest Editor
School of Computer Science, Fudan University, Shanghai 200433, China
Interests: privacy computing; AI security
Special Issues, Collections and Topics in MDPI journals
Dr. Zhirun Zheng

E-Mail Website
Guest Editor
Department of Artificial Intelligence, Ajou University, Suwon 16499, Republic of Korea
Interests: privacy preserving; AI security
Dr. Wenbo Jiang

E-Mail Website
Guest Editor
School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 610056, China
Interests: AI security

Special Issue Information

Dear Colleagues,

Artificial intelligence (AI) has recently become pivotal in transforming industries, powering applications in natural language processing, computer vision, and multi-modal tasks. However, their training process and complex architectures have introduced critical security and privacy concerns. Specific threats, such as privacy of training datasets, prompt hacking, jailbreak attacks, and backdoor attacks, have emerged as challenges that threaten not only individual privacy but also the responsible and trustworthy deployment of these models. This Special Issue will provide a forum for exploring solutions to these pressing security and privacy issues specifically for large-scale AI models.

We solicit papers covering various topics of interest that include, but are not limited to, the following:

  1. Privacy of training datasets in AI;
  2. Backdoor attacks and defenses in AI;
  3. Adversarial attacks and defenses in AI;
  4. Jailbreak attacks and defenses in large-scale AI models;
  5. Privacy-preserving training and inference in AI;
  6. Data leakage and model extraction in AI;
  7. End-to-end security in AI deployment.

Dr. Cheng Huang
Dr. Zhirun Zheng
Dr. Wenbo Jiang
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • privacy and security of AI
  • backdoor attack
  • jailbreak attack
  • prompt hacking

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • Reprint: MDPI Books provides the opportunity to republish successful Special Issues in book format, both online and in print.

Further information on MDPI's Special Issue policies can be found here.

Published Papers (4 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

24 pages, 985 KiB  
Article
Secure Hierarchical Federated Learning for Large-Scale AI Models: Poisoning Attack Defense and Privacy Preservation in AIoT
by Chengzhuo Han, Tingting Yang, Xin Sun and Zhengqi Cui
Electronics 2025, 14(8), 1611; https://doi.org/10.3390/electronics14081611 - 16 Apr 2025
Viewed by 345
Abstract
The rapid integration of large-scale AI models into distributed systems, such as the Artificial Intelligence of Things (AIoT), has introduced critical security and privacy challenges. While configurable models enhance resource efficiency, their deployment in heterogeneous edge environments remains vulnerable to poisoning attacks, data [...] Read more.
The rapid integration of large-scale AI models into distributed systems, such as the Artificial Intelligence of Things (AIoT), has introduced critical security and privacy challenges. While configurable models enhance resource efficiency, their deployment in heterogeneous edge environments remains vulnerable to poisoning attacks, data leakage, and adversarial interference, threatening the integrity of collaborative learning and responsible AI deployment. To address these issues, this paper proposes a Hierarchical Federated Cross-domain Retrieval (FHCR) framework tailored for secure and privacy-preserving AIoT systems. By decoupling models into a shared retrieval layer (globally optimized via federated learning) and device-specific layers (locally personalized), FHCR minimizes communication overhead while enabling dynamic module selection. Crucially, we integrate a retrieval-layer mean inspection (RLMI) mechanism to detect and filter malicious gradient updates, effectively mitigating poisoning attacks and reducing attack success rates by 20% compared to conventional methods. Extensive evaluation on General-QA and IoT-Native datasets demonstrates the robustness of FHCR against adversarial threats, with FHCR maintaining global accuracy not lower than baseline levels while reducing communication costs by 14%. Full article
(This article belongs to the Special Issue Security and Privacy for AI)
Show Figures

Graphical abstract

25 pages, 6609 KiB  
Article
MultiDiffEditAttack: A Multi-Modal Black-Box Jailbreak Attack on Image Editing Models
by Peihong Chen, Feng Chen and Lei Guo
Electronics 2025, 14(5), 899; https://doi.org/10.3390/electronics14050899 - 24 Feb 2025
Viewed by 573
Abstract
In recent years, image editing models have made notable advancements and gained widespread use. However, these technologies also present significant security risks by enabling the creation of Not Safe For Work (NSFW) content. This study introduces MDEA (MultiDiffEditAttack), an innovative multi-modal black-box jailbreak [...] Read more.
In recent years, image editing models have made notable advancements and gained widespread use. However, these technologies also present significant security risks by enabling the creation of Not Safe For Work (NSFW) content. This study introduces MDEA (MultiDiffEditAttack), an innovative multi-modal black-box jailbreak attack framework designed to evaluate and challenge the security of image editing models. MDEA leverages large language models and genetic algorithms to generate adversarial prompts that modify sensitive vocabulary structures, thereby bypassing prompt filters. Additionally, MDEA employs transfer learning to optimize input image features, effectively bypassing post-hoc safety checks. By integrating prompt attacks and safety checker attacks, MDEA utilizes a multimodal attack strategy to target image editing models in a black-box setting. Experimental results demonstrate that MDEA significantly improves the attack efficiency against image editing models compared to current black-box methods. These results demonstrate the effectiveness of MDEA in multi-modal attacks and reveal numerous vulnerabilities in current defense mechanisms. Full article
(This article belongs to the Special Issue Security and Privacy for AI)
Show Figures

Figure 1

14 pages, 2608 KiB  
Article
Defense Scheme of Federated Learning Based on GAN
by Qing Zhang, Ping Zhang, Wenlong Lu, Xiaoyu Zhou and An Bao
Electronics 2025, 14(3), 406; https://doi.org/10.3390/electronics14030406 - 21 Jan 2025
Viewed by 931
Abstract
Federated learning (FL), as a distributed learning mechanism, can have model training completed without directly uploading original data, effectively reducing the risk of privacy leakage. However, through the shared gradient information, research shows that adversaries may reconstruct the original data. To further protect [...] Read more.
Federated learning (FL), as a distributed learning mechanism, can have model training completed without directly uploading original data, effectively reducing the risk of privacy leakage. However, through the shared gradient information, research shows that adversaries may reconstruct the original data. To further protect the privacy of federated learning, a federated learning defense scheme is proposed based on generative adversarial networks (GAN), which is combined with adaptive differential privacy. Firstly, the real data distribution features are learned through GAN, and replaceable pseudo data are generated. Then, the pseudo data are added with adaptive noise. Finally, the pseudo gradient generated by the pseudo data in the model is used to replace the real gradient so that adversaries cannot obtain the real gradient to further protect the privacy of user data. After simulation experiments are carried out on the MNIST dataset, the algorithm is verified using the gradient attack method. The experimental results show that the proposed algorithm is superior to the federated learning algorithm based on differential privacy in accuracy. Compared with the FedAvg algorithm, only 0.48% accuracy is lost. Therefore, it achieves a good balance between algorithm accuracy and data privacy. Full article
(This article belongs to the Special Issue Security and Privacy for AI)
Show Figures

Figure 1

26 pages, 1535 KiB  
Article
Optimization Scheme of Collaborative Intrusion Detection System Based on Blockchain Technology
by Jiachen Huang, Yuling Chen, Xuewei Wang, Zhi Ouyang and Nisuo Du
Electronics 2025, 14(2), 261; https://doi.org/10.3390/electronics14020261 - 10 Jan 2025
Cited by 1 | Viewed by 1103
Abstract
In light of the escalating complexity of the cyber threat environment, the role of Collaborative Intrusion Detection Systems (CIDSs) in reinforcing contemporary cybersecurity defenses is becoming ever more critical. This paper presents a Blockchain-based Collaborative Intrusion Detection Framework (BCIDF), an innovative methodology aimed [...] Read more.
In light of the escalating complexity of the cyber threat environment, the role of Collaborative Intrusion Detection Systems (CIDSs) in reinforcing contemporary cybersecurity defenses is becoming ever more critical. This paper presents a Blockchain-based Collaborative Intrusion Detection Framework (BCIDF), an innovative methodology aimed at enhancing the efficacy of threat detection and information dissemination. To address the issue of alert collisions during data exchange, an Alternating Random Assignment Selection Mechanism (ARASM) is proposed. This mechanism aims to optimize the selection process of domain leader nodes, thereby partitioning traffic and reducing the size of conflict domains. Unlike conventional CIDS approaches that typically rely on independent node-level detection, our framework incorporates a Weighted Random Forest (WRF) ensemble learning algorithm, enabling collaborative detection among nodes and significantly boosting the system’s overall detection capability. The viability of the BCIDF framework has been rigorously assessed through extensive experimentation utilizing the NSL-KDD dataset. The empirical findings indicate that BCIDF outperforms traditional intrusion detection systems in terms of detection precision, offering a robust and highly effective solution within the realm of cybersecurity. Full article
(This article belongs to the Special Issue Security and Privacy for AI)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-4
Back to TopTop