Accuracy
DeBackdoor: A Deductive Framework for Detecting Backdoor Attacks on Deep Models with Limited Data
Popovic, Dorde, Sadeghi, Amin, Yu, Ting, Chawla, Sanjay, Khalil, Issa
Backdoor attacks are among the most effective, practical, and stealthy attacks in deep learning. In this paper, we consider a practical scenario where a developer obtains a deep model from a third party and uses it as part of a safety-critical system. The developer wants to inspect the model for potential backdoors prior to system deployment. We find that most existing detection techniques make assumptions that are not applicable to this scenario. In this paper, we present a novel framework for detecting backdoors under realistic restrictions. We generate candidate triggers by deductively searching over the space of possible triggers. We construct and optimize a smoothed version of Attack Success Rate as our search objective. Starting from a broad class of template attacks and just using the forward pass of a deep model, we reverse engineer the backdoor attack. We conduct extensive evaluation on a wide range of attacks, models, and datasets, with our technique performing almost perfectly across these settings.
Few-Shot Graph Out-of-Distribution Detection with LLMs
Xu, Haoyan, Yao, Zhengtao, Dong, Yushun, Wang, Ziyi, Rossi, Ryan A., Li, Mengyuan, Zhao, Yue
Existing methods for graph out-of-distribution (OOD) detection typically depend on training graph neural network (GNN) classifiers using a substantial amount of labeled in-distribution (ID) data. However, acquiring high-quality labeled nodes in text-attributed graphs (TAGs) is challenging and costly due to their complex textual and structural characteristics. Large language models (LLMs), known for their powerful zero-shot capabilities in textual tasks, show promise but struggle to naturally capture the critical structural information inherent to TAGs, limiting their direct effectiveness. To address these challenges, we propose LLM-GOOD, a general framework that effectively combines the strengths of LLMs and GNNs to enhance data efficiency in graph OOD detection. Specifically, we first leverage LLMs' strong zero-shot capabilities to filter out likely OOD nodes, significantly reducing the human annotation burden. To minimize the usage and cost of the LLM, we employ it only to annotate a small subset of unlabeled nodes. We then train a lightweight GNN filter using these noisy labels, enabling efficient predictions of ID status for all other unlabeled nodes by leveraging both textual and structural information. After obtaining node embeddings from the GNN filter, we can apply informativeness-based methods to select the most valuable nodes for precise human annotation. Finally, we train the target ID classifier using these accurately annotated ID nodes. Extensive experiments on four real-world TAG datasets demonstrate that LLM-GOOD significantly reduces human annotation costs and outperforms state-of-the-art baselines in terms of both ID classification accuracy and OOD detection performance.
Generating Synthetic Data with Formal Privacy Guarantees: State of the Art and the Road Ahead
Schlegel, Viktor, Bharath, Anil A, Zhao, Zilong, Yee, Kevin
Privacy-preserving synthetic data offers a promising solution to harness segregated data in high-stakes domains where information is compartmentalized for regulatory, privacy, or institutional reasons. This survey provides a comprehensive framework for understanding the landscape of privacy-preserving synthetic data, presenting the theoretical foundations of generative models and differential privacy followed by a review of state-of-the-art methods across tabular data, images, and text. Our synthesis of evaluation approaches highlights the fundamental trade-off between utility for down-stream tasks and privacy guarantees, while identifying critical research gaps: the lack of realistic benchmarks representing specialized domains and insufficient empirical evaluations required to contextualise formal guarantees. Through empirical analysis of four leading methods on five real-world datasets from specialized domains, we demonstrate significant performance degradation under realistic privacy constraints ($\epsilon \leq 4$), revealing a substantial gap between results reported on general domain benchmarks and performance on domain-specific data. %Our findings highlight key challenges including unaccounted privacy leakage, insufficient empirical verification of formal guarantees, and a critical deficit of realistic benchmarks. These challenges underscore the need for robust evaluation frameworks, standardized benchmarks for specialized domains, and improved techniques to address the unique requirements of privacy-sensitive fields such that this technology can deliver on its considerable potential.
Advancing Vulnerability Classification with BERT: A Multi-Objective Learning Model
--The rapid increase in cybersecurity vulnerabilities necessitates automated tools for analyzing and classifying vulnerability reports. This paper presents a novel V ulnerability Report Classifier that leverages the BERT (Bidirectional Encoder Representations from Transformers) model to perform multi-label classification of Common V ulnerabilities and Exposures (CVE) reports from the National V ulnerability Database (NVD). The classifier predicts both the severity (Low, Medium, High, Critical) and vulnerability types (e.g., Buffer Overflow, XSS) from textual descriptions. We introduce a custom training pipeline using a combined loss function--Cross-Entropy for severity and Binary Cross-Entropy with Logits for types--integrated into a Hugging Face Trainer subclass. Experiments on recent NVD data demonstrate promising results, with decreasing evaluation loss across epochs. The system is deployed via a REST API and a Streamlit UI, enabling real-time vulnerability analysis. This work contributes a scalable, open-source solution for cybersecurity practitioners to automate vulnerability triage. I NTRODUCTION The relentless evolution of software systems, driven by their increasing complexity and interconnectedness, has ushered in a dramatic rise in cybersecurity vulnerabilities, presenting a formidable challenge to organizations, governments, and individual users alike. Each year, thousands of new vulnerabilities are identified and cataloged, with repositories like the National Vulnerability Database (NVD) serving as critical resources for tracking these threats.
In vitro 2 In vivo : Bidirectional and High-Precision Generation of In Vitro and In Vivo Neuronal Spike Data
Neurons encode information in a binary manner and process complex signals. However, predicting or generating diverse neural activity patterns remains challenging. In vitro and in vivo studies provide distinct advantages, yet no robust computational framework seamlessly integrates both da ta types. We address this by applying the Transformer model, widely used in large - scale language models, to neural data. To handle binary data, we introduced Dice loss, enabling accurate cross - domain neural activity generation. Structural analysis revealed how Dice loss enhances learning and identified key brain regions facilitating high - precision data generation. Our findings support the 3Rs principle in animal research, particularly Replacement, and establish a mathematical framework bridging animal experiments and human clinical studies. This work advances data - driven neuroscience and neural activity modeling, pa ving the way for more ethical and effective experimental methodologies. 2
TraNCE: Transformative Non-linear Concept Explainer for CNNs
Akpudo, Ugochukwu Ejike, Gao, Yongsheng, Zhou, Jun, Lewis, Andrew
--Convolutional neural networks (CNNs) have succeeded remarkably in various computer vision tasks. However, they are not intrinsically explainable. While feature-level understanding of CNNs reveals where the models looked, concept-based explainability methods provide insights into what the models saw. However, their assumption of linear reconstructability of image activations fails to capture the intricate relationships within these activations. Their Fidelity-only approach to evaluating global explanations also presents a new concern. For the first time, we address these limitations with the novel Transformative Nonlinear Concept Explainer (TraNCE) for CNNs. Unlike linear reconstruction assumptions made by existing methods, TraNCE captures the intricate relationships within the activations. This study presents three original contributions to the CNN explain-ability literature: (i) An automatic concept discovery mechanism based on variational autoencoders (V AEs). This transformative concept discovery process enhances the identification of meaningful concepts from image activations. Based on the investigations on publicly available datasets, we prove that a valid decomposition of a high-dimensional image activation should follow a non-linear reconstruction, contributing to the explainer's efficiency. We also demonstrate quantitatively that, besides accuracy, consistency is crucial for the meaningfulness of concepts and human trust. The code is available at https://github.com/daslimo/TrANCE ONVOLUTIONAL neural networks (CNNs) are widely used in computer vision, achieving notable success in visual classification tasks [1], [2]. However, understanding them at a human level remains a major challenge in artificial intelligence (AI), raising significant concerns about their explainability, especially in promoting ethical AI [3]- [5].
Robust Federated Learning Against Poisoning Attacks: A GAN-Based Defense Framework
Zafar, Usama, Teixeira, Andrรฉ, Toor, Salman
--Federated Learning (FL) enables collaborative model training across decentralized devices without sharing raw data, but it remains vulnerable to poisoning attacks that compromise model integrity. Existing defenses often rely on external datasets or predefined heuristics (e.g. T o address these limitations, we propose a privacy-preserving defense framework that leverages a Conditional Generative Adversarial Network (cGAN) to generate synthetic data at the server for authenticating client updates, eliminating the need for external datasets. Our framework is scalable, adaptive, and seamlessly integrates into FL workflows. Extensive experiments on benchmark datasets demonstrate its robust performance against a variety of poisoning attacks, achieving high True Positive Rate (TPR) and True Negative Rate (TNR) of malicious and benign clients, respectively, while maintaining model accuracy. The proposed framework offers a practical and effective solution for securing federated learning systems. N an era of data-driven artificial intelligence, organizations increasingly rely on large-scale machine learning models trained on vast amounts of user data. From personalized recommendation systems to predictive healthcare analytics, the success of these models hinges on access to diverse and representative datasets [1]. However, collecting and centralizing user data raises serious privacy concerns, as evidenced by high-profile data breaches and regulatory actions. Notable incidents, such as the Facebook-Cambridge Analytica scandal [2] and the Equifax data breach [3], have underscored the risks of centralized data storage and processing. These incidents not only resulted in significant financial penalties and reputational damage but also eroded public trust in data-driven technologies. Companies such as Google and Facebook have faced substantial penalties for mishandling user data, with fines reaching billions of dollars under regulations like the General Data Protection Regulation (GDPR) [4] and the California Consumer Privacy Act (CCP A) [5]. The rising awareness of digital privacy has fueled the demand for decentralized learning paradigms that minimize data exposure while enabling collaborative model training. Usama Zafar, Andr e Teixeira, and Salman Toor are with Department of Information Technology, Uppsala University, 751 05 Uppsala, Sweden.
Are We There Yet? Unraveling the State-of-the-Art Graph Network Intrusion Detection Systems
Wang, Chenglong, Zheng, Pujia, Gui, Jiaping, Hua, Cunqing, Hassan, Wajih Ul
Network Intrusion Detection Systems (NIDS) are vital for ensuring enterprise security. Recently, Graph-based NIDS (GIDS) have attracted considerable attention because of their capability to effectively capture the complex relationships within the graph structures of data communications. Despite their promise, the reproducibility and replicability of these GIDS remain largely unexplored, posing challenges for developing reliable and robust detection systems. This study bridges this gap by designing a systematic approach to evaluate state-of-the-art GIDS, which includes critically assessing, extending, and clarifying the findings of these systems. We further assess the robustness of GIDS under adversarial attacks. Evaluations were conducted on three public datasets as well as a newly collected large-scale enterprise dataset. Our findings reveal significant performance discrepancies, highlighting challenges related to dataset scale, model inputs, and implementation settings. We demonstrate difficulties in reproducing and replicating results, particularly concerning false positive rates and robustness against adversarial attacks. This work provides valuable insights and recommendations for future research, emphasizing the importance of rigorous reproduction and replication studies in developing robust and generalizable GIDS solutions.
Refining Time Series Anomaly Detectors using Large Language Models
Yang, Alan, Chen, Yulin, Lee, Sean, Montes, Venus
Time series anomaly detection (TSAD) is of widespread interest across many industries, including finance, healthcare, and manufacturing. Despite the development of numerous automatic methods for detecting anomalies, human oversight remains necessary to review and act upon detected anomalies, as well as verify their accuracy. We study the use of multimodal large language models (LLMs) to partially automate this process. We find that LLMs can effectively identify false alarms by integrating visual inspection of time series plots with text descriptions of the data-generating process. By leveraging the capabilities of LLMs, we aim to reduce the reliance on human effort required to maintain a TSAD system
Deep Learning for Forensic Identification of Source
Patten, Cole, Saunders, Christopher, Puthawala, Michael
We used contrastive neural networks to learn useful similarity scores between the 144 cartridge casings in the NBIDE dataset, under the common-but-unknown source paradigm. The common-but-unknown source problem is a problem archetype in forensics where the question is whether two objects share a common source (e.g. were two cartridge casings fired from the same firearm). Similarity scores are often used to interpret evidence under this paradigm. We directly compared our results to a state-of-the-art algorithm, Congruent Matching Cells (CMC). When trained on the E3 dataset of 2967 cartridge casings, contrastive learning achieved an ROC AUC of 0.892. The CMC algorithm achieved 0.867. We also conducted an ablation study where we varied the neural network architecture; specifically, the network's width or depth. The ablation study showed that contrastive network performance results are somewhat robust to the network architecture. This work was in part motivated by the use of similarity scores attained via contrastive learning for standard evidence interpretation methods such as score-based likelihood ratios.