查看更多>>摘要:Image steganalysis has always been an important topic in the field of information security, and researchers have designed many excellent steganalysis models. However, the existing steganalysis models tend to construct a single path and increase the convolution kernels to reduce the size of feature maps, which is not comprehensive enough to extract the features and may boost the number of parameters. In addition, the single residual block stacking may pay attention to protecting stego signals and neglect the mining of hidden features. To address these issues, we propose a steganalysis model based on dual-path enhancement and fractal downsampling, which is suitable for both spatial and JPEG domains. The model reuses and strengthens noise residuals through two dual-path enhancement blocks, and designs a fractal downsampling block for downsampling at multiple levels, angles, and composition structures. The experimental results demonstrate that the proposed model achieves the best detection performance in both spatial and JPEG domains compared with other start-of-the-art methods. Besides, we design a series of ablation experiments to verify the rationality of each component.
查看更多>>摘要:The deep learning-based profiling attacks have received significant attention for their potential against masking-protected devices. Currently, additional capabilities like exploiting only a segment of the side-channel traces or having knowledge of the specific countermeasure scheme have been granted to attackers during the profiling phase. In case either capability is removed, a practical profiling attack faces great difficulty and complexity. To address this challenge, we propose an efficient and scheme-agnostic Leakage Distillation-based Profiling Attack (LD-PA). By distilling univariate leakage from a reference, we can train an encoder that extracts multivariate leakage from raw traces and transforms it into an effective representation (transitional leakage). An indirect connection between multivariate leakage and the target variable is established by bridging through the transitional leakage, thereby facilitating the inference of leaked values. Remarkably, LD-PA achieves successful attacks on multiple public datasets using a simple multilayer perceptron (MLP) without necessitating an exhaustive hyperparameter search, while its performance is competitive with state-of-the-art methods. Simultaneously, we delve into the nature of transitional leakage, confirming the existence of combined leakage. This, in turn, validates that the guidance from univariate leakage references aids in the combination of multivariate leakage. Besides that, each component of the multivariate leakage is extracted and stacked in a highly aligned manner. Moreover, we explored several factors impacting LD-PA performance, covering scenarios with limited profiling traces, noisy references, alternative references, and hyperparameter tuning.
查看更多>>摘要:Aggregating metadata in the ciphertext field is an attractive property brought by homomorphic encryption (HE) for privacy-sensitive computing tasks, therefore, research on the next-generation wireless networks has treated it as one of the promising cryptographic techniques for various scenarios. However, existing schemes are far from being deployed in various computing scenarios due to their high computational complexity and ciphertext expansion, especially for bandwidth-limited and latency-sensitive wireless scenarios. In this paper, we propose the AirHE scheme to achieve homomorphic evaluation via the over-the-air computation in the physical layer. Moreover, we propose a new encryption scheme that can be integrated with the physical layer procedure. A new error control mechanism for ciphertext is further proposed to solve the error accumulation problem. The novelty of the AirHE scheme is to take advantage of the intrinsic superposition characteristic of the wireless channel, such that the communication and computation cost is greatly reduced by achieving homomorphic evaluation and error control of ciphertext in the physical layer. We implement the AirHE scheme based on the LTE system and validate its feasibility. Simulation results are also presented to show the performance of the AirHE scheme under different channel conditions.
查看更多>>摘要:Modern integrated circuits (ICs) require a complex, outsourced supply-chain, involving computer-aided design (CAD) tools, expert knowledge, and advanced foundries. This complexity has led to various security threats, such as Trojans inserted by adversaries during outsourcing, but also run-time threats like physical probing. Our proposed design-time solution, DEFense, is an extensible CAD framework for holistic assessment and proactive mitigation of multiple prominent threats. The goal is to prioritize security concerns during the physical design of ICs, alongside traditional power, performance, and area (PPA) objectives. DEFense utilizes an iterative and modular approach to assess and mitigate various known vulnerabilities in the IC layout, which are targeting on sensitive active devices and wires. It is a flexible and extensible scripting framework without the need for modifications to commercial CAD flows, yet with the same high level of design quality. We have conducted extensive case studies on representative modern IC designs to “DEFend” layouts against Trojan insertion, probing, and crosstalk attacks. We are providing the framework to the community.
查看更多>>摘要:Recently, stacked intelligent metasurfaces (SIMs) have aroused widespread discussions as an innovative technology for directly processing electromagnetic (EM) wave signals. By stacking multiple programmable metasurface layers, an SIM has the ability to provide additional spatial degrees of freedom without the introduction of expensive radio-frequency chains, which may outperform reconfigurable intelligent surfaces (RISs) with single-layer structures. For the sake of alleviating information leakage risks in wireless communications, artificial noise (AN) has arisen as a physical-layer security technology with severe hardware constraints, which is impracticable in single-input single-output (SISO) systems. Therefore, we deploy an SIM at the transmitter (Alice) to accomplish joint modulation, beamforming, and AN in SISO systems. As such, an artificial neural network structured SIM aims to convert an input carrier signal into a desired output signal. Subsequently, we formulate the fitting problem between the actual output signal and the desired signal. Moreover, we introduce a regularization parameter to improve the energy efficiency. In order to tackle this resultant non-convex problem, we provide an alternating optimization algorithm to iteratively determine each variable. For the sake of reducing the computational complexity, we derive closed-form expressions for each phase shift and transmit power. Furthermore, we theoretically analyze the secrecy rate and computational complexity. By considering the signal deviation introduced by SIM, we derive upper and lower bounds of the secrecy rate to provide fundamental insights. Finally, simulation results demonstrate that the SIM-aided SISO system is capable of realizing secure communications efficiently, while the introduced power regularization parameter saved over 2 dB transmit power for a 5-layer SIM without amplifying the fitting error.
查看更多>>摘要:As a distributed machine learning paradigm, vertical federated learning enables multiple passive parties with distinct features and an active party with labels to train a model collaboratively. Although it has been widely applied for its ability to protect privacy to some extent, this paradigm still faces various threats, especially the label inference attack (LIA). In this paper, we present the first observation of the disparity in LIAs resulting from differences in feature distribution among passive parties. To substantiate this, we study four different types of LIAs across five benchmark datasets, investigating the potential influencing factors and their combined impact. The results show that attack performance disparities can vary up to 15 times among different passive parties. So, how to eliminate this disparity? We explore methods from both attack and defense perspectives, including learning rate adjustment and noise perturbation with differential privacy. Our findings indicate that a modest increase in the learning rate of the passive party effectively enhances the LIA performance. In light of these, we propose a novel defense strategy that identifies passive parties with important features and applies adaptive noise to their gradients. Experiments show that it effectively reduces both attack disparity among passive parties and overall attack accuracy, while maintaining low computational complexity and avoiding additional communication overhead. Our code is publicly accessible at https://github.com/WWlnZSBMaXU/Attackers-Are-Not-the-Same.
查看更多>>摘要:Deep reinforcement learning has demonstrated remarkable performance in autonomous vehicle control. However, the increasing threat of cyber-physical attacks, which can alter sensor information or vehicle dynamics, poses significant challenges to the robustness of these control policies. To address this, we propose LHADRO (Lambda-History Aware Diversity Robust Oracle), a novel framework that models robust control as a two-player game between control policies and cyber-physical attacks. The key contributions of LHADRO are: (1) A lambda-history aware mechanism that balances past and present meta-policies to enhance training efficiency and mitigates meta-policy thrashing, and (2) A joint diversity introduction mechanism that improves robust control performance by increasing population disparity through a regularization term in parameter updates. We validate the proposed method in MetaDrive-based environments. Experiment results verify that the LHADRO framework improves the robust control performance, and the effectiveness of some critical factors is investigated and discussed.
查看更多>>摘要:Three significant challenges have been limiting the stable palmprint recognition via mobile devices: 1) rotations and unconsensus scales of the unconstrait hand; 2) noises generated in the open imaging environments; and 3) low quality images captured in the low-illumination conditions. Current palmprint representation methods rely on rich prior knowledge and lack any adaptability to its environment. In this paper, we propose a multi-view hierarchical graph learning based palmprint recognition (MVHG_PR) method, which comprehensively presents the discriminant palmprint features from multiple views. Fully exploiting different types of characteristics, it aims to adaptively perform multi-view feature description and feature selection. To this end, a novel regularized heterogeneous graph learning strategy is proposed for construction of the intra- and inter-class relationships, learning high-order structures for different views between four tuples, rather than just pair-wise intrinsic structures. In the proposed model, the learned hierarchical graph is given an elastic power from the label information to precisely reflect the intra-class and the inter-class relationships in each view, such that the projected structures can be aligned locally and globally. Besides this, we constructed a mobile palmprint dataset to simulate as many open application circumstance as possible to verify the effectiveness of contactless palmprint recognition methods. Experimental results have proven the superiority of the proposed MVHG_PR by achieving the best recognition performances on a number of real-world palmprint databases. The proposed mobile palmprint database and the code of the proposed MVHG_PR are available at https://github.com/ShupingZhao/MVHG_PR-for-contactless-palmprint-recognition.
查看更多>>摘要:Most existing MPC protocols consider the homogeneous setting, where all the MPC players are assumed to have identical communication and computation resources. In practice, the player with the least resources often becomes the bottleneck of the entire MPC protocol execution. In this work, we initiate the study of so-called load-balanced MPC in heterogeneous computing. A load-balanced MPC protocol can adjust the workload of each player accordingly to maximize the overall resource utilization. In particular, we propose new notions called composite circuit and composite garbling scheme, and construct two efficient server-aided protocols with malicious security and semi-honest security, respectively. Our maliciously secure protocol is over $400\times $ faster than the authenticated garbling protocol (CCS ’17) and up to $4.3\times $ faster than the state-of-the-art server-aided MPC protocol of Lu et al. (TDSC ’23); our semi-honest protocol is up to $173\times $ faster than the optimized BMR protocol (CCS ’16) and is up to $3.8\times $ faster than the protocol of Lu et al.
查看更多>>摘要:The integration of unmanned aerial vehicles (UAVs) and artificial intelligence (AI) has garnered significant interest as a promising paradigm for facilitating intelligent and pervasive mobile crowdsensing (MCS) services. In traditional AI methodologies, the centralization of large volumes of privacy-sensitive sensory data shared by UAVs for model training entails substantial privacy risks. Federated learning (FL) emerges as an appealing privacy-preserving paradigm that enables participating UAVs to collaboratively train shared models while safeguarding the privacy of their data. However, given that the execution of FL tasks inherently requires the consumption of resources such as power and bandwidth, rational and self-interested UAVs may not actively engage in FL or launch free-riding attacks (i.e., sharing fake local models) to mitigate costs. To address the above challenges, we propose a truthful incentive scheme in FL-based UAV-assisted MCS. Specifically, we first present a learning framework tailored for realistic scenarios in UAV-assisted MCS that enhances privacy preservation and optimizes communication efficiency during AI model training for collaborative UAVs, where the sensing platform (i.e., the aggregation server) is the finite-rational decision maker. Then, based on prospect theory (PT), we design an incentive mechanism to motivate UAVs to participate in FL. In this mechanism, a PT-based game is exploited to model the interactions between the sensing platform and UAVs, where the equilibrium is derived. Moreover, we employ a zero-payment mechanism to curb the self-interested behavior of UAVs. Finally, simulation results show that the proposed scheme can facilitate high-quality model sharing while suppressing free-riding attacks.
NETL
NSTL
IEEE