In this paper, we initiate a cryptographically inspired theoretical study of detection versus mitigation of adversarial inputs produced by attackers on Machine Learning algorithms during inference time. We formally define defense by detection (DbD) and defense by mitigation (DbM). Our definitions come in the form of a 3-round protocol between two resource-bounded parties: a trainer/defender and an attacker. The attacker aims to produce inference-time inputs that fool the training algorithm. We define correctness, completeness, and soundness properties to capture successful defense at inference time while not degrading (too much) the performance of the algorithm on inputs from the training distribution. We first show that achieving DbD and achieving DbM are equivalent for ML classification tasks. Surprisingly, this is not the case for ML generative learning tasks, where there are many possible correct outputs for each input. We show a separation between DbD and DbM by exhibiting two generative learning tasks for which it is possible to defend by mitigation but it is provably impossible to defend by detection. The mitigation phase uses significantly less computational resources than the initial training algorithm. In the first learning task we consider sample complexity as the resource and in the second the time complexity. The first result holds under the assumption that the Identity-Based Fully Homomorphic Encryption (IB-FHE), publicly-verifiable zero-knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARK), and Strongly Unforgeable Signatures exist. The second result assumes the existence of Non-Parallelizing Languages with Average-Case Hardness (NPL) and Incrementally-Verifiable Computation (IVC) and IB-FHE.

Language Model (LM) agents for cybersecurity that are capable of autonomously identifying vulnerabilities and executing exploits have the potential to cause real-world impact. Policymakers, model providers, and other researchers in the AI and cybersecurity communities are interested in quantifying the capabilities of such agents to help mitigate cyberrisk and investigate opportunities for penetration testing. Toward that end, we introduce Cybench, a framework for specifying cybersecurity tasks and evaluating agents on those tasks. We include 40 professional-level Capture the Flag (CTF) tasks from 4 distinct CTF competitions, chosen to be recent, meaningful, and spanning a wide range of difficulties. Each task includes its own description, starter files, and is initialized in an environment where an agent can execute bash commands and observe outputs. Since many tasks are beyond the capabilities of existing LM agents, we introduce subtasks, which break down a task into intermediary steps for more gradated evaluation; we add subtasks for 17 of the 40 tasks. To evaluate agent capabilities, we construct a cybersecurity agent and evaluate 7 models: GPT-4o, Claude 3 Opus, Claude 3.5 Sonnet, Mixtral 8x22b Instruct, Gemini 1.5 Pro, Llama 3 70B Chat, and Llama 3.1 405B Instruct. Without guidance, we find that agents are able to solve only the easiest complete tasks that took human teams up to 11 minutes to solve, with Claude 3.5 Sonnet and GPT-4o having the highest success rates. Finally, subtasks provide more signal for measuring performance compared to unguided runs, with models achieving a 3.2\% higher success rate on complete tasks with subtask-guidance than without subtask-guidance. All code and data are publicly available at https://cybench.github.io

Our work presents two fundamental contributions. On the application side, we tackle the challenging problem of predicting day-ahead crypto-currency prices. On the methodological side, a new dynamical modeling approach is proposed. Our approach keeps the probabilistic formulation of the state-space model, which provides uncertainty quantification on the estimates, and the function approximation ability of deep neural networks. We call the proposed approach the deep state-space model. The experiments are carried out on established cryptocurrencies (obtained from Yahoo Finance). The goal of the work has been to predict the price for the next day. Benchmarking has been done with both state-of-the-art and classical dynamical modeling techniques. Results show that the proposed approach yields the best overall results in terms of accuracy. Preprint submitted to XXX November 28, 2023 1. Introduction Investopedia defines crypto-currency as "a digital or virtual currency that is secured by cryptography, which makes it nearly impossible to counterfeit or double-spend" and is built on "decentralized networks based on block-chain technology--a distributed ledger enforced by a disparate network of computers". A defining feature of crypto-currencies is that they are usually not issued by central banking agencies like the Federal Reserve System in US, Bank of Canada, European Central Bank, or the People's Bank of China; this makes cryptocurrencies (theoretically) immune to government interventions. The introduction of Bitcoin around 2009 and its meteoric rise led to investors infuse their funds in crypto-currencies.

Deep learning (DL) has made significant advancements in tomographic imaging, particularly in low-dose computed tomography (LDCT) denoising. A recent trend involves servers training powerful models with large amounts of self-collected private data and providing application programming interfaces (APIs) for users, such as Chat-GPT. To avoid model leakage, users are required to upload their data to the server model, but this way raises public concerns about the potential risk of privacy disclosure, especially for medical data. Hence, to alleviate related concerns, in this paper, we propose to directly denoise LDCT in the encrypted domain to achieve privacy-preserving cloud services without exposing private data to the server. To this end, we employ homomorphic encryption to encrypt private LDCT data, which is then transferred to the server model trained with plaintext LDCT for further denoising. However, since traditional operations, such as convolution and linear transformation, in DL methods cannot be directly used in the encrypted domain, we transform the fundamental mathematic operations in the plaintext domain into the operations in the encrypted domain. In addition, we present two interactive frameworks for linear and nonlinear models in this paper, both of which can achieve lossless operating. In this way, the proposed methods can achieve two merits, the data privacy is well protected and the server model is free from the risk of model leakage. Moreover, we provide theoretical proof to validate the lossless property of our framework. Finally, experiments were conducted to demonstrate that the transferred contents are well protected and cannot be reconstructed. The code will be released once the paper is accepted.

GNNs are widely used in personalized recommendation methods as they are able to capture high-order interactions between users and items in a user-item graph, enhancing user and item representations [2, 4, 15, 16, 19, 20]. However, these methods face challenges in terms of privacy laws, such as GDPR [14] as they require the collection and modeling of personal data in a central server. Constructing the global graph using all users' subgraphs is often not allowed. Therefore, existing works [12, 17] just expand a user's local graph to exploit high-order information. In this paper, we propose the first lossless federated framework named GNN4FR, which can accommodate almost all existing graph neural networks (GNNs) based recommenders. The contributions of this paper are summarized as follows: We propose a novel lossless federated framework for GNN-based methods, which enables the training process to be equivalent to the corresponding un-federated counterpart. We propose an "expanding local subgraph + synchronizing user embedding" mechanism to achieve full-graph training.

Sooner than even the most pessimistic among us have expected, a new, evil artificial intelligence bent on destroying humankind has arrived. Known as Chaos-GPT, the autonomous implementation of ChatGPT is being touted as "empowering GPT with Internet and Memory to Destroy Humanity." It hasn't gotten very far. But it's definitely a weird idea, as well as the latest peculiar use of Auto-GPT, an open-source program that allows ChatGPT to be used autonomously to carry out tasks imposed by the user. AutoGPT searches the internet, accesses an internal memory bank to analyze tasks and information, connects with other APIs, and much more--all without needing a human to intervene.

It's fair to say that nobody is more excited about Meta's future metaverse than billionaire CEO, co-founder and chairman Mark Zuckerberg. Note his utter delight when, earlier this week, he announced "one more feature coming soon that's probably the most requested feature on our road map." "I think everyone has been waiting for this!" Indeed, the addition of legs to Meta's metaverse was what made the most headlines this week--and not the upgraded haptic and tracking features or integrated web browser of the new Quest Pro mixed reality headset. Zuckerberg explained that Meta will use an artificial intelligence model to predict and depict the positions of a user's whole body. But as delightful as the livestreamed reveal may have been, it appears the Horizon Worlds legs "demo" was more a "screen images simulated" moment. According to Ian Hamilton, editor of Upload VR, a Meta spokesman told him that "to enable this preview of what's to come, the segment featured animations created from motion capture."

The growing adoption of data-driven and machine learning–based solutions is driving the need for businesses to handle growing workloads, exposing them to extra levels of complexities and vulnerabilities. Cybersecurity is the biggest risk for AI developers and adopters. According to a survey released by Deloitte, in July 2020, 62 percent of adopters saw cybersecurity risks as a significant or extreme threat, but only 39 percent said they felt prepared to address those risks. In Figure 1, we can observe possible attacks on a machine learning system (in the training and inference stages). To know more about how these attacks are carried out, check out the Engineering MLOps book.

Encryption is the technique to encrypt data. It has public and private keys. The private key is used to encrypt and decrypt the data. The data/object is uploaded into S3 and before saving it into the disk or data center it gets encrypted. And while downloading the object it decrypts the encrypted object.

Imagine a scenario involving a coy bit of spy craft. A friend of yours wants to write down a secret and pass along the note to you. There is dire concern that an undesirable interloper might intercept the note. As such, the secret is first encrypted before being written down, and thus will be inscrutable to anyone that intervenes. All told, the message will look scrambled or seem like gobbledygook. You have the password or key needed to decrypt the message. After the note has passed through many hands, it finally reaches you. The fact that many others saw and ostensibly were able to read the note is of no consequence.