Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- ArticleSeptember 2024
Exploiting Layerwise Feature Representation Similarity For Backdoor Defence in Federated Learning
AbstractFederated learning is an emerging paradigm for distributed machine learning that enables clients to collaboratively train models while maintaining data privacy. However, this approach introduces vulnerabilities, notably the risk of backdoor ...
- surveySeptember 2024JUST ACCEPTED
Alert Prioritisation in Security Operations Centres: A Systematic Survey on Criteria and Methods
Security Operations Centres (SOCs) are specialised facilities where security analysts leverage advanced technologies to monitor, detect, and respond to cyber incidents. However, the increasing volume of security incidents has overwhelmed security analysts,...
- research-articleJuly 2024
Towards Human-AI Teaming to Mitigate Alert Fatigue in Security Operations Centres
ACM Transactions on Internet Technology (TOIT), Volume 24, Issue 3Article No.: 12, Pages 1–22https://doi.org/10.1145/3670009Security Operations Centres (SOCs) play a pivotal role in defending organisations against evolving cyber threats. They function as central hubs for detecting, analysing, and responding promptly to cyber incidents with the primary objective of ensuring the ...
- research-articleJuly 2024
Honeyfile Camouflage: Hiding Fake Files in Plain Sight
WDC '24: Proceedings of the 3rd ACM Workshop on the Security Implications of Deepfakes and CheapfakesPages 1–7https://doi.org/10.1145/3660354.3660355Honeyfiles are a particularly useful type of honeypot—fake files deployed to detect and infer information from malicious behaviour. This paper considers the challenge of naming honeyfiles so they are camouflaged when placed amongst real files in a file ...
- research-articleJuly 2024
SoK: Rowhammer on Commodity Operating Systems
- Zhi Zhang,
- Decheng Chen,
- Jiahao Qi,
- Yueqiang Cheng,
- Shijie Jiang,
- Yiyang Lin,
- Yansong Gao,
- Surya Nepal,
- Yi Zou,
- Jiliang Zhang,
- Yang Xiang
ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications SecurityPages 436–452https://doi.org/10.1145/3634737.3656998Rowhammer has drawn much attention from both academia and industry in the past years as rowhammer exploitation poses severe consequences to system security. Since the first comprehensive study of rowhammer in 2014, a number of rowhammer attacks have been ...
-
- research-articleJuly 2024
Mitigating Distributed Backdoor Attack in Federated Learning Through Mode Connectivity
ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications SecurityPages 1287–1298https://doi.org/10.1145/3634737.3637682Federated Learning (FL) is a privacy-preserving, collaborative machine learning technique where multiple clients train a shared model on their private datasets without sharing the data. While offering advantages, FL is susceptible to backdoor attacks, ...
Privacy-Preserving and Fairness-Aware Federated Learning for Critical Infrastructure Protection and Resilience
- Yanjun Zhang,
- Ruoxi Sun,
- Liyue Shen,
- Guangdong Bai,
- Minhui Xue,
- Mark Huasong Meng,
- Xue Li,
- Ryan Ko,
- Surya Nepal
WWW '24: Proceedings of the ACM Web Conference 2024Pages 2986–2997https://doi.org/10.1145/3589334.3645545The energy industry is undergoing significant transformations as it strives to achieve net-zero emissions and future-proof its infrastructure, where every participant in the power grid has the potential to both consume and produce energy resources. ...
- research-articleMay 2024
Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains
WWW '24: Proceedings of the ACM Web Conference 2024Pages 1724–1733https://doi.org/10.1145/3589334.3645510Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, ...
- research-articleJuly 2024
Securely sharing outsourced IoT data: A secure access and privacy preserving keyword search scheme
- Nazatul H. Sultan,
- Shabnam K. Kermanshahi,
- Hong Y. Tran,
- Shangqi Lai,
- Vijay Varadharajan,
- Surya Nepal,
- Xun Yi
AbstractThe rapid progress in the field of IoT and its wide-ranging applications emphasize the criticality of robust security measures for effectively sharing, storing, and managing sensitive data generated by IoT devices. Regulations such as the ...
Highlights- Proposed a novel keyword search scheme using lightweight cryptographic primitives for IoT.
- Enable multi-client data sharing settings, letting IoT owners authorize multiple clients.
- Support a dynamic storage environment permitting ...
- research-articleJanuary 2024
Range Specification Bug Detection in Flight Control System Through Fuzzing
IEEE Transactions on Software Engineering (ISOF), Volume 50, Issue 3Pages 461–473https://doi.org/10.1109/TSE.2024.3354739Developers and manufacturers provide configurable control parameters for flight control programs to support various environments and missions, along with suggested ranges for these parameters to ensure flight safety. However, this flexible mechanism can ...
- research-articleSeptember 2024
Token-modification adversarial attacks for natural language processing: A survey
Many adversarial attacks target natural language processing systems, most of which succeed through modifying the individual tokens of a document. Despite the apparent uniqueness of each of these attacks, fundamentally they are simply a distinct ...
- research-articleJanuary 2024
Fast and private multi-dimensional range search over encrypted data
Information Sciences: an International Journal (ISCI), Volume 652, Issue Chttps://doi.org/10.1016/j.ins.2023.119773AbstractFor businesses looking to outsource their data to remote servers, cloud-based data storage is a popular choice. It is popular due to its flexibility, cost-effectiveness, and widespread availability. However, ensuring the confidentiality of data ...
- research-articleDecember 2023
Anti-Compression Contrastive Facial Forgery Detection
IEEE Transactions on Multimedia (TOM), Volume 26Pages 6166–6177https://doi.org/10.1109/TMM.2023.3347103Forgery of facial images and videos has increased the concern about digital security. It has led to the significant development of detecting forgery data recently. However, the data, especially the videos published on the Internet, are usually compressed ...
- research-articleDecember 2023
Unraveling Threat Intelligence Through the Lens of Malicious URL Campaigns
- Mahathir Almashor,
- Ejaz Ahmed,
- Benjamin Pick,
- Jason Xue,
- Sharif Abuadbba,
- Raj Gaire,
- Shuo Wang,
- Seyit Camtepe,
- Surya Nepal
AINTEC '23: Proceedings of the 18th Asian Internet Engineering ConferencePages 78–86https://doi.org/10.1145/3630590.3630600The daily deluge of alerts is a sombre reality for Security Operations Centre (SOC) personnel worldwide. Those on the front-lines of cybersecurity face the unenviable task of prioritising threats amongst a flood of URLs found within malicious ...
DeepTaster: Adversarial Perturbation-Based Fingerprinting to Identify Proprietary Dataset Use in Deep Neural Networks
ACSAC '23: Proceedings of the 39th Annual Computer Security Applications ConferencePages 535–549https://doi.org/10.1145/3627106.3627204Training deep neural networks (DNNs) requires large datasets and powerful computing resources, which has led some owners to restrict redistribution without permission. Watermarking techniques that embed confidential data into DNNs have been used to ...
Mate! Are You Really Aware? An Explainability-Guided Testing Framework for Robustness of Malware Detectors
- Ruoxi Sun,
- Minhui Xue,
- Gareth Tyson,
- Tian Dong,
- Shaofeng Li,
- Shuo Wang,
- Haojin Zhu,
- Seyit Camtepe,
- Surya Nepal
ESEC/FSE 2023: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software EngineeringPages 1573–1585https://doi.org/10.1145/3611643.3616309Numerous open-source and commercial malware detectors are available. However, their efficacy is threatened by new adversarial attacks, whereby malware attempts to evade detection, e.g., by performing feature-space manipulation. In this work, we propose ...
- research-articleNovember 2023
Stealthy Physical Masked Face Recognition Attack via Adversarial Style Optimization
IEEE Transactions on Multimedia (TOM), Volume 26Pages 5014–5025https://doi.org/10.1109/TMM.2023.3330089Deep neural networks (DNNs) have achieved state-of-the-art performance on face recognition (FR) tasks in the last decade. In real scenarios, the deployment of DNNs requires taking various face accessories into consideration, like glasses, hats, and masks. ...
- research-articleOctober 2023
A Credential Usage Study: Flow-Aware Leakage Detection in Open-Source Projects
IEEE Transactions on Information Forensics and Security (TIFS), Volume 19Pages 722–734https://doi.org/10.1109/TIFS.2023.3326985Authentication and cryptography are critical security functions and, thus, are very often included as part of code. These functions require using credentials, such as passwords, security tokens, and cryptographic keys. However, developers often ...
- research-articleSeptember 2023
Optimally Mitigating Backdoor Attacks in Federated Learning
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 4Pages 2949–2963https://doi.org/10.1109/TDSC.2023.3320694Federated learning (FL) is a distributed, privacy-preserving learning paradigm where a joint model is trained on private data stored on client devices. Data owners (clients) train models locally and then submit them to an aggregation server for ...
- ArticleJanuary 2024
Acumen: Analysing the Impact of Organisational Change on Users’ Access Entitlements
AbstractPlanned organisational changes are frequent occurrences in large enterprises due to the dynamicity of employees’ roles, evolution of teams, units and divisions as a result of mergers, demergers, and general restructuring. To safeguard system ...