Search Results (537)

The utilization of machine learning models is extensive in a wide array of significant applications. However, their vulnerability to security and privacy attacks is a serious concern, for example, for the protection of financially sensitive data such as account flow. Particularly troubling is the threat of membership inference, which enables attackers to determine whether a given data sample is included in the training set of a targeted machine-learning model. Existing knowledge distillation techniques have shown promise in balancing model performance with data privacy. However, achieving superior privacy during the training process of the target model is challenging due to the teacher model’s performance limitations and the scarcity of unlabeled benchmark data. To address this issue, we propose a novel framework called Distillation of Self-Adaptive Knowledge (DSAK). DSAK utilizes self-duplicated teacher and noise-generative models to introduce specialized self-adaptive noise for privacy training in the target model. By incorporating new data features derived from this noise, DSAK improves model performance and reduces the risk of memorizing member data. Experimental results demonstrate DSAK’s effectiveness in defending against existing attack schemes across multiple datasets while surpassing other membership inference defense schemes in terms of efficiency. Full article

Payment channel networks enable scalable off-chain payments, but their practical deployment remains constrained by a persistent tension among routing efficiency, liquidity visibility, transaction privacy, and settlement security. Existing multipath routing mechanisms can improve payment success under fragmented liquidity, yet they often expose sensitive balance information, leak structural features of payment routes, and enlarge the attack surface for probing, channel exhaustion, and selective forwarding. This paper presents a novel framework, Adaptive Multipath Proofs (AMPs), for privacy protection and security in payment channel networks. The core idea is to bind multipath routing decisions with lightweight zero-knowledge verifiability, allowing intermediate nodes to validate path feasibility, fragment consistency, and settlement constraints without learning exact channel balances, the complete payment amount, or the global route structure. AMP integrates three mechanisms: a hidden-liquidity feasibility proof that supports privacy-preserving route selection, an adaptive payment-splitting strategy that dynamically determines fragment allocation according to network congestion and balance uncertainty, and a proof-coupled settlement guard that enforces atomicity and timeout consistency across all payment fragments. Together, these mechanisms reduce information leakage while preserving robust payment execution under dynamic network conditions. Experimental evaluation on real Lightning Network topologies and synthetic stress scenarios demonstrates that AMP significantly lowers balance disclosure and endpoint inference risk, improves payment completion under skewed liquidity distributions, and introduces only moderate computational and communication overhead. The results indicate that adaptive proof-carrying multipath routing offers a practical and effective direction for building secure, privacy-preserving, and high-success payment channel networks. Full article

Deepfakes and adjacent synthetic-media capabilities have become a systemic challenge for information integrity, security, and digital trust. Countermeasures now span passive detection methods that infer manipulation from content traces, active provenance systems that cryptographically bind metadata to media, and watermarking approaches that embed detectable signals into content or generative processes. This review presents a rigorous synthesis of tools and technologies to combat deepfakes across modalities (image, video, audio, and selected multimodal settings), drawing primarily from the peer-reviewed literature, standardized benchmarks, and official technical specifications and reports. The review analyzes detection methods, provenance and authentication technologies, with emphasis on cryptographic manifests and threat models, watermarking and content provenance, including diffusion-era watermarking and industrial deployments, adversarial robustness and attacker adaptation, datasets and benchmarks, evaluation metrics across tasks, and deployment and scalability constraints. A dedicated section addresses legal, ethical, and policy issues, focusing on emerging transparency obligations and platform governance. The review finds that no single countermeasure is sufficient in realistic adversarial settings. The strongest practical approach is a layered defense that combines provenance, watermarking, content-based detection, and human oversight. The study concludes with limitations of the current evidence base and prioritized research directions to improve generalization, interoperability, and trustworthy user experiences. Full article

LoRaWAN’s role in global maritime logistics has allowed for efficient monitoring of ships and cargo, but it also comes with critical cybersecurity vulnerabilities. Experimental validation of three attack vectors—replay attacks, narrowband jamming and metadata inference—is conducted using a reproducible digital-twin LoRaWAN dataset reflecting Rotterdam port-like operational patterns (N = 20,000 baseline transmissions). Using controlled simulations and Kolmogorov–Smirnov statistical analysis, we show that: (1) replay attacks are feasible under Activation by Personalization (ABP) configurations lacking enforced frame-counter validation and exhibit no univariate separation from legitimate traffic under Kolmogorov–Smirnov analysis (p > 0.46 for all evaluated radio features); (2) narrowband jamming leads to significant SNR degradation (p = 2.36 × 10⁻⁵) on targeted channels without inducing broad distributional anomalies across other radio features; and (3) metadata-only analysis supports elevated metadata-based re-identification susceptibility (median $R_d=0.834$), indicating high predictability under passive observation which can reveal operationally relevant signals even when AES-128 is employed. Our proposed layered mitigation framework consists of mandatory Over-the-Air Activation (OTAA), cryptographic key rotation, channel diversity incorporating Adaptive Data Rate (ADR), gateway hardening, and protocol-level enforcement considerations, customized for maritime LPWAN scenarios. We provide experiment-backed evidence and actionable recommendations to connect academic LPWAN security research to that of industrial maritime practice. Full article

DOM-based Cross-Site Scripting (DOM XSS) remains a critical web application vulnerability due to its exclusive manifestation within client-side execution contexts, rendering traditional server-side defenses ineffective. Existing machine learning approaches achieve high recall but suffer from critically low precision in DOM-specific scenarios. Payload-centric classifiers frequently misclassify syntactically suspicious but semantically benign injections, causing high false positive rates. This paper introduces a context-aware hybrid detection framework integrating dynamic taint tracking with runtime DOM semantic analysis and lightweight machine learning classification. The proposed architecture extracts a 42-dimensional feature vector combining 22 lexical payload features with 20 contextual execution features capturing sink semantics, element type, attribute execution capability, and DOM state properties. A Random Forest classifier is employed to enable low-latency inference and demonstrates potential for real-time deployment. By modeling exploitability as a function of execution context rather than payload syntax alone, the framework significantly reduces false positives while maintaining high detection capability. Experimental evaluation demonstrates that contextual feature integration substantially improves precision compared to payload-only baselines, achieving a favorable precision-efficiency trade-off. The primary contribution lies in elevating runtime semantic context to a first-class feature space for DOM XSS detection, representing a shift from text-centric classification toward execution-aware security modeling in client-side web environments. Full article

We propose stateful order-preserving encryption (SOPE), a novel framework designed to realize human-centric data security and privacy, the fundamental values of the Fifth Industrial Revolution. Conventional order-preserving encryption supports efficient queries in cloud databases but fundamentally leaks plaintext distributions, leaving data vulnerable to inference attacks. To mitigate this vulnerability while maintaining query efficiency, SOPE introduces a partition-based dynamic density adjustment mechanism under an honest-but-curious threat model. This mechanism offsets density imbalances between partitions in real time by inserting decoy ciphertexts, thereby limiting the leakage scope to the order of data while obscuring frequency information. Our analysis and empirical evaluations demonstrate that SOPE’s ciphertexts consistently approach a uniform distribution by adaptively compensating for the underlying plaintext distribution through decoy insertion. While the continuous insertion of decoy ciphertexts inevitably incurs additional storage overhead (controlled by a tunable parameter $\lambda$), our evaluations demonstrate practical performance. By striking an optimal balance between efficiency and human privacy rights, SOPE provides a trustworthy infrastructure for secure data utilization. Full article

The application of quantum machine learning (QML) to security-relevant problems has attracted growing attention, yet its practical behavior in realistic workloads remains insufficiently characterized. This paper investigates the feasibility and limitations of variational quantum classifiers (VQCs) for identifying dummy power traces in side-channel analysis (SCA). A controlled benchmarking framework is developed to evaluate training stability, sensitivity to key design parameters, and resource–performance trade-offs under realistic constraints. To move beyond idealized simulation, hardware-relevant factors, including finite measurement budgets and device noise, are incorporated, and inference robustness under degraded operating conditions is assessed. The results show that VQCs can capture meaningful discriminative patterns in structured side-channel data, although robustness and performance depend strongly on encoding strategy, circuit depth, and measurement conditions. These findings provide an empirical assessment of the potential and limitations of QML for side-channel security and offer practical guidance for future research. Full article

Artificial intelligence (AI) algorithms enhance distributed acoustic sensing (DAS) signal interpretation by leveraging large-scale acoustic data. However, heterogeneous deployment environments hinder model generalization ability and exacerbate label scarcity. To overcome these challenges, we propose MAEPD, a foundation model for DAS signal recognition trained via masked autoencoder pre-training on large-scale, unlabeled DAS data collected from diverse domains. The pre-trained model is subsequently adapted to downstream tasks using adapter-based prompt tuning (APT) with only minimal labeled samples. In the DAS gait identity recognition task, with only 240 image signals per class, APT achieves 94.75% accuracy, a 4.46% improvement over full fine-tuning while updating only 2.77% of parameters. Inference latency of 2.74 ms per image meets real-time requirements. Compared to pre-training with gait data only (35.6 k samples), MAEPD improves accuracy by 3.88%, demonstrating the advantage of diverse pre-training data. The method shows robust performance across water pipe leakage, perimeter security, and public datasets, with low sensitivity to labeled data quantity. Results demonstrate an efficient and scalable solution for DAS signal recognition. Full article

Fully homomorphic encryption (FHE) offers a promising solution for privacy-preserving machine learning by enabling arbitrary computations on encrypted data. However, the efficient evaluation of non-linear functions—such as the ReLU activation function over large integers—remains a major obstacle in practical deployments, primarily due to high bootstrapping overhead and limited precision support in existing schemes. In this paper, we propose $\mathsf{LargeIntReLU}$, a novel framework that enables efficient homomorphic ReLU evaluation over large integers (7–11 bits) via full-domain bootstrapping. Central to our approach is a signed digit decomposition algorithm, $\mathsf{SignedDecomp}$, that partitions a large integer ciphertext into signed 6-bit segments using three new low-level primitives: $\mathsf{LeftShift}$, $\mathsf{HomMod}$, and $\mathsf{CipherClean}$. This decomposition preserves arithmetic consistency, avoids cross-segment carry propagation, and allows parallelized bootstrapping. By segmenting the large integer and processing each chunk independently with optimized small-integer bootstrapping, we achieve homomorphic ReLU with full-domain bootstrapping, which significantly reduces the total number of sequential bootstrapping operations required. The security of our scheme is guaranteed by TFHE. Experimental results demonstrate that the proposed method reduces the bootstrapping cost by an average of 28.58% compared to state-of-the-art approaches while maintaining 95.2% accuracy. With execution times ranging from 1.16 s to 1.62 s across 7–11 bit integers, our work bridges a critical gap toward a scalable and efficient homomorphic ReLU function, which is useful in privacy-preserving machine learning. Furthermore, an end-to-end encrypted inference test on a CNN model with the MNIST dataset confirms its practicality, achieving 88.85% accuracy and demonstrating a complete pipeline for privacy-preserving neural network evaluation. Full article

The transition from 5G to 6G wireless systems marks a paradigm shift from “connected things” to “connected intelligence,” driven by the necessity to manage hyper-heterogeneous networks and overcome the Shannon capacity limit. This Systematic Literature Review (SLR) analyzes 118 primary studies to evaluate the transformative impact of Generative AI (GenAI) and Large Language Models (LLMs) on 6G architecture. We categorize the integration of GenAI into five semantic clusters: Architecture, Management, Security, Semantics, and Edge AI. The synthesis reveals that 6G is evolving toward an “AI-Native” ecosystem where LLMs show strong promise for augmenting network orchestration through Intent-Based Networking (IBN) and generative models demonstrate significant potential to augment or transcend traditional physical layer algorithms. Furthermore, the review identifies a fundamental transition from bit-oriented to semantic-oriented communication, utilizing GenAI to reconstruct meaning from minimal data. However, critical challenges remain, particularly the “energy–intelligence paradox” and the risks of model hallucinations in critical infrastructure. We conclude that while GenAI provides the necessary cognitive flexibility for 6G, its successful deployment depends on solving the “inference gap” through split learning and extreme model quantization at the edge. Full article

Transplanting status is a significant indicator for rice cultivation, and is essential for field management, food security and agricultural production. However, traditional characterization cannot detect the transplanting status in a timely and effective manner; manual seedling replanting is labor-intensive, has a high cost and is inefficient. This study proposed a detection method for floating seedlings and missed transplanting. The method employed a self-built improved YOLO, namely HGV-YOLO. We leverage a HorBlock module to achieve the splitting of the morphological features of rice seedlings in different dimensions of the backbone network of YOLOv8n, which enabled the network to further enhance the classification and recognition ability of rice seedlings. Furthermore, Grouped Spatial Convolution (GSConv) replaces convolution, and the VOV-GSCSP replaces the C2f modules, reducing the number of parameters and improving the model’s inference speed. To improve the model’s bounding box precision, the WIoU loss function was also incorporated. Finally, we use the least squares method to predict the center point of the rice seedlings. The experimental results indicate that HGV-YOLO achieves a precision of 93.7%, a recall of 83.1%, and an mAP@0.5 of 91.1%. Compared to YOLOv8n, HGV-YOLO reduces Params by 3.1% and GFLOPs by 1.2%, respectively, while improving mAP@0.5 by 2.3%. Compared to YOLOv3-tinyYOLOv5 and YOLOv6, HGV-YOLO achieves increases in mAP@0.5 of 4.6 %, 3.1%, and 2.8%, respectively. In summary, the HGV-YOLO model exhibits a strong performance and provides valuable insights for advancing the autonomous navigation of rice transplanting robotics. Full article

Detecting small unmanned aerial vehicles (UAVs) in complex airspace presents significant challenges due to their minimal pixel footprint, resemblance to birds, and frequent occlusion. To address these issues, we propose YOLOv11-ResCBAM, a novel real-time detection framework that integrates a Residual Convolutional Block Attention Module (ResCBAM) and a high-resolution P2 detection head into the YOLOv11 architecture. ResCBAM enhances channel and spatial feature refinement while preserving original feature contexts through residual connections, and the P2 head maintains fine spatial details crucial for small-object localization. Evaluated on a custom dataset of 4917 images (11,733 after augmentation) across three classes (drone, bird, airplane), our model achieves a mean average precision at the 0.5–0.95 IoU threshold (mAP@0.5–0.95) of 0.845, representing a 7.9% improvement over the baseline YOLOv11n, while maintaining real-time inference at 50.51 FPS. Cross-dataset validation on VisDrone2019-DET and UAVDT benchmarks demonstrates promising generalization trends. This work demonstrates the effectiveness of the proposed approach for UAV surveillance systems, balancing detection accuracy with computational efficiency for deployment in security-critical environments. Full article

Agro-ecosystem approaches are increasingly promoted as integrated solutions for sustainable land use, climate mitigation, and food security, yet concerns remain that market-based instruments may systematically exclude resource-poor smallholder farmers. Using microdata from 8894 households participating in Kenya’s long-running International Small Group and Tree Planting Program, this study examines how institutional and organizational arrangements shape access to agricultural carbon markets and associated sustainable land management practices. We document a participation paradox: farmers in the lowest income quartile exhibit significantly higher adoption than the wealthiest quartile (92.4% vs. 86.3%), challenging conventional resource-based targeting assumptions. Three distinct agro-ecosystem participation pathways are inferred using a Gaussian Mixture Model (GMM) estimated over a feature set of organizational, financial-access, and farm/household characteristics (income, farm size, financial access, crop diversity, livestock holdings, education, organizational membership, and leadership position). A Mainstream pathway (60.2%) reflects resource-driven adoption; an Innovative pathway (32.4%) is associated with high participation among low-income farmers through organizational membership, leadership, and collective action; and a Constrained pathway (7.5%) captures persistent exclusion. Organizational membership is strongly associated with high-adoption pathways, universally present among Mainstream and Innovative farmers and absent among Constrained farmers; readers should note that membership is partly definitional in the clustering procedure, so this association reflects the pathway construction as well as empirical patterns. Leadership roles are associated with substantially increased access to non-monetary benefit streams (OR = 2.13), including training, seedlings, and community infrastructure. These alternative compensation mechanisms are spatially clustered and strongly associated with enrollment, suggesting localized institutional capacity effects. Importantly, the Innovative pathway is associated with superior agro-ecosystem outcomes, including higher tree densities and a greater uptake of conservation farming practices, suggesting possible complementarities between inclusion and ecological performance. Women are overrepresented within this pathway, highlighting the equity potential of organizational channels. Overall, the findings suggest that strengthening local organizational infrastructure can simultaneously enhance land-use sustainability, climate mitigation, and livelihood inclusion. Given the cross-sectional observational design, all findings should be interpreted as associations rather than causal effects; the results offer actionable insights for designing agro-ecosystem programs that integrate governance, social equity, and ecological resilience in support of long-term food security. Full article

Secure cross-domain UAV authentication is challenging because identity verification alone is insufficient to guarantee safe operation. In many UAV applications, it is equally critical to verify that a UAV is currently located within an authorized geographic region. Existing approaches often expose precise GPS coordinates, rely on static identifiers that enable tracking, or fail to guarantee the freshness and authenticity of location evidence. These weaknesses allow replay, location spoofing, and trajectory inference attacks, especially in multi-domain environments. To address these limitations, we propose PrivLocAuth, a zero-knowledge-based cross-domain UAV authentication protocol that enforces geofence restrictions without revealing actual locations. In PrivLocAuth, UAVs encode their current coordinates into fresh Pedersen commitments, which are attested by the home Local Domain Server (LDS) using short-lived Schnorr signatures. Based on these attested commitments, UAVs generate Bulletproof range proofs to demonstrate compliance with cross-domain server-defined geofences. This design ensures that UAVs operate within authorized airspace while preserving strong location privacy. PrivLocAuth further incorporates a lightweight elliptic curve cryptography (ECC) and Schnorr signature-based credential framework that enables unlinkable authentication across-domains, preventing session correlation and identity tracking. Formal security analysis demonstrates resistance to impersonation, replay, geofence-bypass, and linkage attacks. Experimental evaluation shows low computational latency and minimal communication overhead, confirming the protocol’s suitability for resource-constrained UAV platforms operating in dynamic cross-domain environments. Full article

Modern enterprise information systems must simultaneously support complex organizational structures, ensure robust security, and remain scalable and maintainable over time. Traditional Role-Based Access Control (RBAC) models, while effective for permission management, operate primarily as post-design security layers and do not provide a unified methodology for structuring system architecture. This paper introduces the Zoned Role-Based (ZRB) model, a mathematically formalized and comprehensive framework that integrates organizational modeling, system design, implementation, access control, and long-term maintenance. ZRB models an organization as a hierarchy of zones, each containing its own roles, applications, operations, and users, forming a recursive Zone Tree that directly mirrors real organizational semantics. Through formally defined role hierarchies, zone-scoped permission sets, and inter-zone inheritance mappings, ZRB provides a context-aware permission calculus that unifies authentication and authorization across all zones. The paper presents the theoretical foundations of ZRB, a multi-phase engineering methodology for constructing integrated enterprise systems, and a complete implementation architecture with permission inference, navigation design, administrative subsystems, and deployment models. Primary validation and evaluations across several developed systems demonstrate significant improvements in permission accuracy, administrative efficiency, scalability, and maintainability. ZRB thus offers a rigorously defined and practically validated framework for building secure, scalable, and organizationally aligned enterprise information systems. Full article