密码学与安全

新提交
交叉列表
替换

查看最近的文章

显示 2025年07月23日，星期三新的列表

总共 39 条目

显示最多 1000 每页条目：较少 | 更多 | 所有

[1] arXiv:2507.15859 [中文pdf, pdf, 其他]: 标题：面向疫情和重症监护场景的隐私保护与时延优化的去中心化人工智能驱动物联网架构

标题： Decentralized AI-driven IoT Architecture for Privacy-Preserving and Latency-Optimized Healthcare in Pandemic and Critical Care Scenarios

Harsha Sammangi (Dakota State University), Aditya Jagatha (College of Business and Information Systems, Dakota State University), Giridhar Reddy Bojja (College of Business, Michigan Technological University), Jun Liu (College of Business and I.S, Dakota State University)

评论： 10页

主题：密码学与安全 (cs.CR) ; 人工智能 (cs.AI)

人工智能在物联网中的创新用于实时患者监测一方面，当前传统的集中式医疗架构存在许多问题，包括数据隐私、延迟和安全问题。在这里，我们提出一种基于人工智能的去中心化物联网架构，可以在大流行和重症监护环境中解决这些挑战。本研究提出了我们的架构，以提高现有联邦学习、区块链和边缘计算方法的有效性，最大化数据隐私，最小化延迟，并改善其他一般系统指标。实验结果表明，交易延迟、能耗和数据吞吐量比竞争性的云解决方案低几个数量级。

AI Innovations in the IoT for Real-Time Patient Monitoring On one hand, the current traditional centralized healthcare architecture poses numerous issues, including data privacy, delay, and security. Here, we present an AI-enabled decentralized IoT architecture that can address such challenges during a pandemic and critical care settings. This work presents our architecture to enhance the effectiveness of the current available federated learning, blockchain, and edge computing approach, maximizing data privacy, minimizing latency, and improving other general system metrics. Experimental results demonstrate transaction latency, energy consumption, and data throughput orders of magnitude lower than competitive cloud solutions.
[2] arXiv:2507.15984 [中文pdf, pdf, html, 其他]: 标题： BACFuzz：揭示Web应用程序中受损访问控制漏洞的沉默

标题： BACFuzz: Exposing the Silence on Broken Access Control Vulnerabilities in Web Applications

I Putu Arya Dharmaadi, Mohannad Alhanahnah, Van-Thuan Pham, Fadi Mohsen, Fatih Turkmen

评论：正在同行评审中

主题：密码学与安全 (cs.CR) ; 软件工程 (cs.SE)

访问控制破坏（BAC）仍然是Web应用程序中最关键和最普遍的漏洞之一，允许攻击者访问未经授权的资源或执行特权操作。尽管其严重性，由于关键挑战：缺乏可靠的Oracle和生成语义有效的攻击请求的难度，BAC在自动化测试中研究不足。我们引入了BACFuzz，第一个专门设计用于发现BAC漏洞的灰盒模糊框架，包括基于对象级别的授权破坏（BOLA）和基于功能级别的授权破坏（BFLA）在基于PHP的Web应用程序中。BACFuzz结合LLM引导的参数选择与运行时反馈和基于SQL的Oracle检查来检测无声的授权缺陷。它使用轻量级的仪器来捕获指导测试生成的运行时信息，并分析后端SQL查询以验证未经授权的输入是否流入受保护的操作。在20个实际的Web应用程序上进行评估，包括15个CVE案例和2个已知基准，BACFuzz检测到了17个已知问题中的16个，并发现了26个之前未知的BAC漏洞，误报率较低。所有识别的问题都已负责任地披露，相关工件将公开发布。

Broken Access Control (BAC) remains one of the most critical and widespread vulnerabilities in web applications, allowing attackers to access unauthorized resources or perform privileged actions. Despite its severity, BAC is underexplored in automated testing due to key challenges: the lack of reliable oracles and the difficulty of generating semantically valid attack requests. We introduce BACFuzz, the first gray-box fuzzing framework specifically designed to uncover BAC vulnerabilities, including Broken Object-Level Authorization (BOLA) and Broken Function-Level Authorization (BFLA) in PHP-based web applications. BACFuzz combines LLM-guided parameter selection with runtime feedback and SQL-based oracle checking to detect silent authorization flaws. It employs lightweight instrumentation to capture runtime information that guides test generation, and analyzes backend SQL queries to verify whether unauthorized inputs flow into protected operations. Evaluated on 20 real-world web applications, including 15 CVE cases and 2 known benchmarks, BACFuzz detects 16 of 17 known issues and uncovers 26 previously unknown BAC vulnerabilities with low false positive rates. All identified issues have been responsibly disclosed, and artifacts will be publicly released.
[3] arXiv:2507.15997 [中文pdf, pdf, html, 其他]: 标题： “我们需要一个标准”：面向差分隐私的专家指导隐私标签

标题： "We Need a Standard": Toward an Expert-Informed Privacy Label for Differential Privacy

Onyinye Dibia, Mengyi Lu, Prianka Bhattacharjee, Joseph P. Near, Yuanyuan Feng

评论： 13页，5图

主题：密码学与安全 (cs.CR) ; 人机交互 (cs.HC)

差分隐私（DP）的日益采用，使得政府机构和公司都开始部署面向公众的DP系统。然而，现实世界中的DP部署通常并未充分披露其隐私保证，这些保证在不同部署之间差异很大。未能披露某些DP参数可能导致对隐私保证强度的误解，从而削弱对DP的信任。在本工作中，我们旨在为未来沟通DP部署的隐私保证的标准提供信息。基于对12位DP专家的半结构化访谈，我们确定了全面传达DP保证所需的重要DP参数，并描述了它们应被披露的原因和方式。根据专家的建议，我们设计了一个初始的DP隐私标签，以标准化格式全面传达隐私保证。

The increasing adoption of differential privacy (DP) leads to public-facing DP deployments by both government agencies and companies. However, real-world DP deployments often do not fully disclose their privacy guarantees, which vary greatly between deployments. Failure to disclose certain DP parameters can lead to misunderstandings about the strength of the privacy guarantee, undermining the trust in DP. In this work, we seek to inform future standards for communicating the privacy guarantees of DP deployments. Based on semi-structured interviews with 12 DP experts, we identify important DP parameters necessary to comprehensively communicate DP guarantees, and describe why and how they should be disclosed. Based on expert recommendations, we design an initial privacy label for DP to comprehensively communicate privacy guarantees in a standardized format.
[4] arXiv:2507.16040 [中文pdf, pdf, 其他]: 标题：被阻止的无意识伪随机函数

标题： Blocklisted Oblivious Pseudorandom Functions

Xinyuan Zhang, Anrin Chakraborti, Michael Reiter

主题：密码学与安全 (cs.CR)

一种不可见伪随机函数（OPRF）是一种协议，通过该协议，客户端和服务器交互以在由服务器提供的密钥和由客户端提供的输入上评估伪随机函数，而不会将密钥或输入泄露给对方。我们通过使服务器能够指定一个黑名单来扩展这一概念，使得只有当客户端的输入不在黑名单中时，OPRF的计算才能成功。更具体地说，我们的设计通过将客户端输入嵌入到一个度量空间中来获得性能提升，只有当此嵌入不与黑名单元素聚集时，计算才会继续。我们的框架利用这种结构来分离嵌入和黑名单检查，以实现每个部分的高效实现，但随后必须通过密码学手段将这些阶段连接起来。我们的框架还支持对同一输入的OPRF的后续高效计算。我们展示了该设计在增强型密码认证密钥交换中的密码黑名单应用，以及仅对不与已知恶意软件黑名单中的程序相似的可执行文件进行消息认证码（MAC）处理的应用。

An oblivious pseudorandom function (OPRF) is a protocol by which a client and server interact to evaluate a pseudorandom function on a key provided by the server and an input provided by the client, without divulging the key or input to the other party. We extend this notion by enabling the server to specify a blocklist, such that OPRF evaluation succeeds only if the client's input is not on the blocklist. More specifically, our design gains performance by embedding the client input into a metric space, where evaluation continues only if this embedding does not cluster with blocklist elements. Our framework exploits this structure to separate the embedding and blocklist check to enable efficient implementations of each, but then must stitch these phases together through cryptographic means. Our framework also supports subsequent evaluation of the OPRF on the same input more efficiently. We demonstrate the use of our design for password blocklisting in augmented password-authenticated key exchange, and to MAC only executables that are not similar to ones on a blocklist of known malware.
[5] arXiv:2507.16060 [中文pdf, pdf, html, 其他]: 标题： MFAz：基于历史访问的多因素授权

标题： MFAz: Historical Access Based Multi-Factor Authorization

Eyasu Getahun Chekole, Howard Halim, Jianying Zhou

主题：密码学与安全 (cs.CR)

未经授权的访问仍然是网络安全领域中的关键安全挑战之一。随着攻击技术的复杂性不断增加，未经授权访问的威胁已不再局限于传统的手段，例如利用薄弱的访问控制策略。相反，诸如基于会话劫持的攻击等高级攻击策略正变得越来越普遍，带来了严重的安全问题。会话劫持使攻击者能够以隐蔽的方式接管合法对等方之间已经建立的会话，从而获得对私有资源的未经授权的访问。不幸的是，传统的访问控制机制，如静态访问控制策略，不足以防止会话劫持或其他高级攻击技术。在本工作中，我们提出了一种新的多因素授权（MFAz）方案，该方案主动缓解传统和高级的未经授权访问攻击。该方案分别采用从历史授予的访问中系统生成的细粒度访问控制规则（ARs）和验证点（VPs）作为第一和第二授权因素。作为概念验证，我们使用不同的技术实现了该方案。我们利用布隆过滤器实现运行时和存储效率，并利用区块链以抗篡改和去中心化的方式做出授权决策。据我们所知，这是首次正式介绍一种多因素授权方案，该方案与多因素认证（MFA）方案是正交的。我们通过一个涉及不同计算能力设备的智慧城市测试平台，对所提出的方案进行了实验评估。实验结果表明，该方案在安全性和性能保证方面都表现出很高的有效性。

Unauthorized access remains one of the critical security challenges in the realm of cybersecurity. With the increasing sophistication of attack techniques, the threat of unauthorized access is no longer confined to the conventional ones, such as exploiting weak access control policies. Instead, advanced exploitation strategies, such as session hijacking-based attacks, are becoming increasingly prevalent, posing serious security concerns. Session hijacking enables attackers to take over an already established session between legitimate peers in a stealthy manner, thereby gaining unauthorized access to private resources. Unfortunately, traditional access control mechanisms, such as static access control policies, are insufficient to prevent session hijacking or other advanced exploitation techniques. In this work, we propose a new multi-factor authorization (MFAz) scheme that proactively mitigates unauthorized access attempts both conventional and advanced unauthorized access attacks. The proposed scheme employs fine-grained access control rules (ARs) and verification points (VPs) that are systematically generated from historically granted accesses as the first and second authorization factors, respectively. As a proof-of-concept, we implement the scheme using different techniques. We leverage bloom filter to achieve runtime and storage efficiency, and blockchain to make authorization decisions in a temper-proof and decentralized manner. To the best of our knowledge, this is the first formal introduction of a multi-factor authorization scheme, which is orthogonal to the multi-factor authentication (MFA) schemes. The effectiveness of our proposed scheme is experimentally evaluated using a smart-city testbed involving different devices with varying computational capacities. The experimental results reveal high effectiveness of the scheme both in security and performance guarantees.
[6] arXiv:2507.16134 [中文pdf, pdf, html, 其他]: 标题： DP2Guard：工业物联网中轻量级且拜占庭鲁棒的隐私保护联邦学习方案

标题： DP2Guard: A Lightweight and Byzantine-Robust Privacy-Preserving Federated Learning Scheme for Industrial IoT

Baofu Han, Bing Li, Yining Qi, Raja Jurdak, Kaibin Huang, Chau Yuen

主题：密码学与安全 (cs.CR) ; 分布式、并行与集群计算 (cs.DC)

隐私保护联邦学习（PPFL）已成为一种安全的分布式机器学习（ML）范式，它在不暴露原始数据的情况下聚合本地训练的梯度。为了抵御模型中毒威胁，通过集成异常检测，已经提出了几种增强鲁棒性的PPFL方案。然而，它们仍然面临两个主要挑战：（1）依赖于重量级加密技术导致显著的通信和计算开销；以及（2）单一策略的防御机制通常无法对自适应对手提供足够的鲁棒性。为克服这些挑战，我们提出了DP2Guard，一个轻量级的PPFL框架，该框架增强了隐私和鲁棒性。 DP2Guard利用一种轻量级的梯度掩码机制来替代成本高昂的密码操作，同时确保本地梯度的隐私。提出了一种混合防御策略，该策略使用奇异值分解和余弦相似度提取梯度特征，并应用聚类算法来有效识别恶意梯度。此外，DP2Guard采用基于信任评分的自适应聚合方案，根据历史行为调整客户端权重，同时区块链记录聚合结果和信任评分以确保防篡改和可审计的训练。在两个公开数据集上进行的大量实验表明，DP2Guard能够有效防御四种先进的中毒攻击，同时以减少的通信和计算成本保证隐私。

Privacy-Preserving Federated Learning (PPFL) has emerged as a secure distributed Machine Learning (ML) paradigm that aggregates locally trained gradients without exposing raw data. To defend against model poisoning threats, several robustness-enhanced PPFL schemes have been proposed by integrating anomaly detection. Nevertheless, they still face two major challenges: (1) the reliance on heavyweight encryption techniques results in substantial communication and computation overhead; and (2) single-strategy defense mechanisms often fail to provide sufficient robustness against adaptive adversaries. To overcome these challenges, we propose DP2Guard, a lightweight PPFL framework that enhances both privacy and robustness. DP2Guard leverages a lightweight gradient masking mechanism to replace costly cryptographic operations while ensuring the privacy of local gradients. A hybrid defense strategy is proposed, which extracts gradient features using singular value decomposition and cosine similarity, and applies a clustering algorithm to effectively identify malicious gradients. Additionally, DP2Guard adopts a trust score-based adaptive aggregation scheme that adjusts client weights according to historical behavior, while blockchain records aggregated results and trust scores to ensure tamper-proof and auditable training. Extensive experiments conducted on two public datasets demonstrate that DP2Guard effectively defends against four advanced poisoning attacks while ensuring privacy with reduced communication and computation costs.
[7] arXiv:2507.16164 [中文pdf, pdf, html, 其他]: 标题：攻击可解释的NLP系统

标题： Attacking interpretable NLP systems

Eldor Abdukhamidov, Tamer Abuhmed, Joanna C. S. Santos, Mohammed Abuhamad

主题：密码学与安全 (cs.CR) ; 人工智能 (cs.AI) ; 机器学习 (cs.LG)

研究表明，机器学习系统在理论和实践中都容易受到对抗样本的攻击。以前的攻击主要集中在利用人类和机器感知差异的视觉模型上，基于文本的模型也遭受了这些攻击。然而，这些攻击往往无法保持文本的语义含义和相似性。本文介绍了AdvChar，这是一种针对可解释自然语言处理系统的黑盒攻击，旨在误导分类器的同时保持解释与良性输入相似，从而利用对系统透明度的信任。 AdvChar通过对手文本输入进行不太明显的修改，迫使深度学习分类器做出错误预测并保留原始解释。我们采用以解释为重点的评分方法来确定最关键的文字标记，当这些标记被更改时，会导致分类器对输入进行错误分类。我们对文字进行简单的字符级修改，以衡量标记的重要性，在生成与良性解释相似的对抗解释的同时，最小化原始文本和新文本之间的差异。我们通过使用基准数据集对七个NLP模型和三个解释模型进行测试，全面评估了AdvChar。我们的实验表明，AdvChar可以通过在输入样本中平均仅改变两个字符，显著降低当前深度学习模型的预测准确性。

Studies have shown that machine learning systems are vulnerable to adversarial examples in theory and practice. Where previous attacks have focused mainly on visual models that exploit the difference between human and machine perception, text-based models have also fallen victim to these attacks. However, these attacks often fail to maintain the semantic meaning of the text and similarity. This paper introduces AdvChar, a black-box attack on Interpretable Natural Language Processing Systems, designed to mislead the classifier while keeping the interpretation similar to benign inputs, thus exploiting trust in system transparency. AdvChar achieves this by making less noticeable modifications to text input, forcing the deep learning classifier to make incorrect predictions and preserve the original interpretation. We use an interpretation-focused scoring approach to determine the most critical tokens that, when changed, can cause the classifier to misclassify the input. We apply simple character-level modifications to measure the importance of tokens, minimizing the difference between the original and new text while generating adversarial interpretations similar to benign ones. We thoroughly evaluated AdvChar by testing it against seven NLP models and three interpretation models using benchmark datasets for the classification task. Our experiments show that AdvChar can significantly reduce the prediction accuracy of current deep learning models by altering just two characters on average in input samples.
[8] arXiv:2507.16203 [中文pdf, pdf, html, 其他]: 标题： SVAgent：用于硬件安全验证断言的AI代理

标题： SVAgent: AI Agent for Hardware Security Verification Assertion

Rui Guo, Avinash Ayalasomayajula, Henian Li, Jingbo Zhou, Sujan Kumar Saha, Farimah Farahmandi

主题：密码学与安全 (cs.CR) ; 人工智能 (cs.AI) ; 硬件架构 (cs.AR) ; 机器学习 (cs.LG)

使用SystemVerilog断言（SVA）进行验证是检测电路设计漏洞最常用的方法之一。然而，随着集成电路设计的全球化和安全需求的持续升级，SVA开发模型暴露出重大局限性。不仅开发效率低下，而且无法有效应对现代复杂集成电路中不断增加的安全漏洞。针对这些挑战，本文提出了一种创新的SVA自动生成框架SVAgent。 SVAgent引入了需求分解机制，将原始复杂需求转化为结构化、逐步可解决的细粒度问题解决链。实验表明，SVAgent能够有效抑制幻觉和随机答案的影响，关键评估指标如SVA的准确性和一致性明显优于现有框架。更重要的是，我们成功地将SVAgent集成到最主流的集成电路漏洞评估框架中，并在实际工程设计环境中验证了其实用性和可靠性。

Verification using SystemVerilog assertions (SVA) is one of the most popular methods for detecting circuit design vulnerabilities. However, with the globalization of integrated circuit design and the continuous upgrading of security requirements, the SVA development model has exposed major limitations. It is not only inefficient in development, but also unable to effectively deal with the increasing number of security vulnerabilities in modern complex integrated circuits. In response to these challenges, this paper proposes an innovative SVA automatic generation framework SVAgent. SVAgent introduces a requirement decomposition mechanism to transform the original complex requirements into a structured, gradually solvable fine-grained problem-solving chain. Experiments have shown that SVAgent can effectively suppress the influence of hallucinations and random answers, and the key evaluation indicators such as the accuracy and consistency of the SVA are significantly better than existing frameworks. More importantly, we successfully integrated SVAgent into the most mainstream integrated circuit vulnerability assessment framework and verified its practicality and reliability in a real engineering design environment.
[9] arXiv:2507.16241 [中文pdf, pdf, html, 其他]: 标题： eX-NIDS：一种利用大语言模型的可解释网络入侵检测框架

标题： eX-NIDS: A Framework for Explainable Network Intrusion Detection Leveraging Large Language Models

Paul R. B. Houssel, Siamak Layeghy, Priyanka Singh, Marius Portmann

主题：密码学与安全 (cs.CR) ; 人工智能 (cs.AI)

本文介绍了eX-NIDS，这是一种框架，旨在通过利用大型语言模型（LLMs）来增强基于流量的网络入侵检测系统（NIDS）的可解释性。在我们提出的框架中，由NIDS标记为恶意的流量首先通过一个称为Prompt Augmenter的模块进行处理。该模块从这些流量中提取上下文信息和与网络威胁情报（CTI）相关的知识。然后将这种丰富且特定于上下文的数据与LLM的输入提示相结合，使其能够生成详细的解释和解释，说明为什么流量被NIDS识别为恶意。我们将生成的解释与一个Basic-Prompt Explainer基线进行比较，该基线不将任何上下文信息纳入LLM的输入提示中。我们的框架使用Llama 3和GPT-4模型进行定量评估，采用一种针对自然语言解释的新评估方法，重点关注其正确性和一致性。结果表明，增强的LLM可以生成准确且一致的解释，作为NIDS中解释恶意流量分类的有价值的补充工具。与Basic-Prompt Explainer相比，增强提示的使用使性能提高了20%以上。

This paper introduces eX-NIDS, a framework designed to enhance interpretability in flow-based Network Intrusion Detection Systems (NIDS) by leveraging Large Language Models (LLMs). In our proposed framework, flows labelled as malicious by NIDS are initially processed through a module called the Prompt Augmenter. This module extracts contextual information and Cyber Threat Intelligence (CTI)-related knowledge from these flows. This enriched, context-specific data is then integrated with an input prompt for an LLM, enabling it to generate detailed explanations and interpretations of why the flow was identified as malicious by NIDS. We compare the generated interpretations against a Basic-Prompt Explainer baseline, which does not incorporate any contextual information into the LLM's input prompt. Our framework is quantitatively evaluated using the Llama 3 and GPT-4 models, employing a novel evaluation method tailored for natural language explanations, focusing on their correctness and consistency. The results demonstrate that augmented LLMs can produce accurate and consistent explanations, serving as valuable complementary tools in NIDS to explain the classification of malicious flows. The use of augmented prompts enhances performance by over 20% compared to the Basic-Prompt Explainer.
[10] arXiv:2507.16276 [中文pdf, pdf, html, 其他]: 标题：从合同到代码：使用多级有限状态机自动生智能合约

标题： From Contracts to Code: Automating Smart Contract Generation with Multi-Level Finite State Machines

Lambard Maxence, Bertelle Cyrille, Duvallet Claude

主题：密码学与安全 (cs.CR)

在日益复杂的合同环境中，对透明度、安全性和效率的需求变得更加迫切。区块链技术凭借其去中心化和不可篡改的特性，通过降低中介成本、减少欺诈风险和提高系统兼容性来应对这些挑战。智能合约最初由尼克·萨博提出，并后来在以太坊区块链上实现，它们自动化并保障合同条款，为各个行业提供了一个强大的解决方案。然而，其复杂性以及对高级编程技能的要求构成了广泛采用的重大障碍。本研究介绍了一种多级有限状态机模型，旨在表示和跟踪智能合约的执行。我们的模型旨在通过提供一个形式化的框架来简化智能合约开发，该框架抽象了底层的技术复杂性，使其对没有深厚技术专业知识的专业人士也易于使用。多级有限状态机的分层结构增强了合同的模块化和可追溯性，有助于对功能属性进行详细表示和评估。本文探讨了这种多级方法的潜力，回顾了现有方法和工具，并详细说明了智能合约生成过程，重点强调了可重用组件和模块化。我们还进行了安全分析，以评估模型中的潜在漏洞，确保生成的智能合约的鲁棒性和可靠性。

In an increasingly complex contractual landscape, the demand for transparency, security, and efficiency has intensified. Blockchain technology, with its decentralized and immutable nature, addresses these challenges by reducing intermediary costs, minimizing fraud risks, and enhancing system compatibility. Smart contracts, initially conceptualized by Nick Szabo and later implemented on the Ethereum blockchain, automate and secure contractual clauses, offering a robust solution for various industries. However, their complexity and the requirement for advanced programming skills present significant barriers to widespread adoption. This study introduces a multi-level finite state machine model designed to represent and track the execution of smart contracts. Our model aims to simplify smart contract development by providing a formalized framework that abstracts underlying technical complexities, making it accessible to professionals without deep technical expertise. The hierarchical structure of the multi-level finite state machine enhances contract modularity and traceability, facilitating detailed representation and evaluation of functional properties. The paper explores the potential of this multi-level approach, reviewing existing methodologies and tools, and detailing the smart contract generation process with an emphasis on reusable components and modularity. We also conduct a security analysis to evaluate potential vulnerabilities in our model, ensuring the robustness and reliability of the generated smart contracts.
[11] arXiv:2507.16291 [中文pdf, pdf, html, 其他]: 标题：像骗子一样说话：基于LLM的语音诈骗分类器攻击

标题： Talking Like a Phisher: LLM-Based Attacks on Voice Phishing Classifiers

Wenhao Li, Selvakumar Manickam, Yung-wey Chong, Shankar Karuppayah

评论：被EAI ICDF2C 2025接受

主题：密码学与安全 (cs.CR)

语音钓鱼（vishing）仍然是网络安全中的持续威胁，通过有说服力的言语利用人类的信任。尽管基于机器学习（ML）的分类器在检测恶意通话记录方面显示出潜力，但它们仍容易受到保留语义内容的对抗性操作的影响。在本研究中，我们探索了一种新的攻击途径，其中大型语言模型（LLMs）被用来生成能够逃避检测同时保持欺骗意图的对抗性语音钓鱼记录。我们构建了一个系统化的攻击流程，使用提示工程和语义混淆来转换使用四种商业LLM的真实世界语音钓鱼脚本。生成的记录在针对一个真实世界的韩国语音钓鱼数据集（KorCCViD）训练的多个ML分类器上进行了统计测试。我们的实验结果表明，LLM生成的记录在实际和统计上都对基于ML的分类器有效。特别是由GPT-4o制作的记录显著降低了分类器的准确性（最高达30.96%），同时保持了较高的语义相似性，如BERTScore所测量的那样。此外，这些攻击在时间和成本上都是高效的，平均生成时间低于9秒，每次查询的财务成本可以忽略不计。结果强调了需要更强大的语音钓鱼检测框架，并突显了LLM提供商在对抗性社会工程情境中加强防止提示滥用的保障措施的必要性。

Voice phishing (vishing) remains a persistent threat in cybersecurity, exploiting human trust through persuasive speech. While machine learning (ML)-based classifiers have shown promise in detecting malicious call transcripts, they remain vulnerable to adversarial manipulations that preserve semantic content. In this study, we explore a novel attack vector where large language models (LLMs) are leveraged to generate adversarial vishing transcripts that evade detection while maintaining deceptive intent. We construct a systematic attack pipeline that employs prompt engineering and semantic obfuscation to transform real-world vishing scripts using four commercial LLMs. The generated transcripts are evaluated against multiple ML classifiers trained on a real-world Korean vishing dataset (KorCCViD) with statistical testing. Our experiments reveal that LLM-generated transcripts are both practically and statistically effective against ML-based classifiers. In particular, transcripts crafted by GPT-4o significantly reduce classifier accuracy (by up to 30.96%) while maintaining high semantic similarity, as measured by BERTScore. Moreover, these attacks are both time-efficient and cost-effective, with average generation times under 9 seconds and negligible financial cost per query. The results underscore the pressing need for more resilient vishing detection frameworks and highlight the imperative for LLM providers to enforce stronger safeguards against prompt misuse in adversarial social engineering contexts.
[12] arXiv:2507.16329 [中文pdf, pdf, html, 其他]: 标题： DREAM：通过分布建模实现文本到图像生成系统的可扩展红队测试

标题： DREAM: Scalable Red Teaming for Text-to-Image Generative Systems via Distribution Modeling

Boheng Li, Junjie Wang, Yiming Li, Zhiyang Hu, Leyi Qi, Jianshuo Dong, Run Wang, Han Qiu, Zhan Qin, Tianwei Zhang

评论：预印本版本。正在审稿中

主题：密码学与安全 (cs.CR) ; 人工智能 (cs.AI) ; 计算机视觉与模式识别 (cs.CV)

尽管整合了安全对齐和外部过滤器，文本到图像（T2I）生成模型仍然容易产生有害内容，例如色情或暴力图像。这引发了关于无意暴露和潜在滥用的严重担忧。红队测试旨在主动识别能够引发T2I系统不安全输出的各种提示（包括核心生成模型以及可能的外部安全过滤器和其他处理组件），目前被广泛认为是在实际部署前评估和提高安全性的必要方法。然而，现有的自动化红队测试方法通常将提示发现视为一个孤立的、基于提示的优化任务，这限制了它们的可扩展性、多样性以及整体效果。为了弥补这一差距，本文提出DREAM，一个可扩展的红队测试框架，用于从给定的T2I系统中自动发现多样化的有问题的提示。与大多数之前的工作不同，DREAM直接建模目标系统有问题提示的概率分布，这使得可以对有效性和多样性进行显式优化，并在训练后实现高效的大规模采样。为了在没有直接访问代表性训练样本的情况下实现这一点，我们受到基于能量模型的启发，并将目标重新表述为简单且易于处理的目标。我们进一步引入GC-SPSA，一种高效的优化算法，通过长且可能不可微的T2I流水线提供稳定的梯度估计。通过广泛的实验验证了DREAM的有效性，结果表明，在提示成功率和多样性方面，DREAM在各种T2I模型和安全过滤器上显著超越了9个最先进的基线方法。

Despite the integration of safety alignment and external filters, text-to-image (T2I) generative models are still susceptible to producing harmful content, such as sexual or violent imagery. This raises serious concerns about unintended exposure and potential misuse. Red teaming, which aims to proactively identify diverse prompts that can elicit unsafe outputs from the T2I system (including the core generative model as well as potential external safety filters and other processing components), is increasingly recognized as an essential method for assessing and improving safety before real-world deployment. Yet, existing automated red teaming approaches often treat prompt discovery as an isolated, prompt-level optimization task, which limits their scalability, diversity, and overall effectiveness. To bridge this gap, in this paper, we propose DREAM, a scalable red teaming framework to automatically uncover diverse problematic prompts from a given T2I system. Unlike most prior works that optimize prompts individually, DREAM directly models the probabilistic distribution of the target system's problematic prompts, which enables explicit optimization over both effectiveness and diversity, and allows efficient large-scale sampling after training. To achieve this without direct access to representative training samples, we draw inspiration from energy-based models and reformulate the objective into simple and tractable objectives. We further introduce GC-SPSA, an efficient optimization algorithm that provide stable gradient estimates through the long and potentially non-differentiable T2I pipeline. The effectiveness of DREAM is validated through extensive experiments, demonstrating that it surpasses 9 state-of-the-art baselines by a notable margin across a broad range of T2I models and safety filters in terms of prompt success rate and diversity.
[13] arXiv:2507.16372 [中文pdf, pdf, html, 其他]: 标题：深度给出了隐私的虚假感：LLM内部状态反转

标题： Depth Gives a False Sense of Privacy: LLM Internal States Inversion

Tian Dong, Yan Meng, Shaofeng Li, Guoxing Chen, Zhen Liu, Haojin Zhu

评论：被USENIX Security 2025接收。请引用本文为“董天，孟彦，李绍峰，陈国星，刘振，朱浩进。深度带来虚假的隐私感：LLM内部状态反转。在第34届USENIX安全研讨会（USENIX Security '25）上。”

主题：密码学与安全 (cs.CR) ; 人工智能 (cs.AI)

大型语言模型（LLMs）越来越多地融入日常流程，但它们引发了重要的隐私和安全问题。最近的研究提出了协作推理，将早期层的推理外包以确保数据本地性，并基于内部神经元模式引入了模型安全审计。这两种技术暴露了LLM的内部状态（ISs），这些状态传统上由于优化挑战和深度层的高度抽象表示而被认为不可逆。在这项工作中，我们通过提出四种反演攻击来挑战这一假设，这些攻击显著提高了反演输入的语义相似性和标记匹配率。具体来说，我们首先开发了两种针对低深度和高深度ISs的白盒优化攻击。这些攻击通过两阶段的反演过程避免了局部最小值收敛，这是之前工作中观察到的限制。然后，我们通过利用源LLM和衍生LLM之间的可迁移性，在更实际的黑盒权重访问下扩展了我们的优化攻击。此外，我们引入了一种基于生成的攻击，将反演视为一个翻译任务，使用反演模型来重建输入。对来自医疗咨询和代码协助数据集的短提示和长提示以及6个LLM的广泛评估验证了我们的反演攻击的有效性。值得注意的是，一个4,112个标记的医疗咨询提示可以在Llama-3模型的中间层中几乎完美地反演，标记匹配率为86.88 F1。最后，我们评估了四种我们发现无法完全防止ISs反演的实用防御措施，并为未来的缓解设计得出结论。

Large Language Models (LLMs) are increasingly integrated into daily routines, yet they raise significant privacy and safety concerns. Recent research proposes collaborative inference, which outsources the early-layer inference to ensure data locality, and introduces model safety auditing based on inner neuron patterns. Both techniques expose the LLM's Internal States (ISs), which are traditionally considered irreversible to inputs due to optimization challenges and the highly abstract representations in deep layers. In this work, we challenge this assumption by proposing four inversion attacks that significantly improve the semantic similarity and token matching rate of inverted inputs. Specifically, we first develop two white-box optimization-based attacks tailored for low-depth and high-depth ISs. These attacks avoid local minima convergence, a limitation observed in prior work, through a two-phase inversion process. Then, we extend our optimization attack under more practical black-box weight access by leveraging the transferability between the source and the derived LLMs. Additionally, we introduce a generation-based attack that treats inversion as a translation task, employing an inversion model to reconstruct inputs. Extensive evaluation of short and long prompts from medical consulting and coding assistance datasets and 6 LLMs validates the effectiveness of our inversion attacks. Notably, a 4,112-token long medical consulting prompt can be nearly perfectly inverted with 86.88 F1 token matching from the middle layer of Llama-3 model. Finally, we evaluate four practical defenses that we found cannot perfectly prevent ISs inversion and draw conclusions for future mitigation design.
[14] arXiv:2507.16540 [中文pdf, pdf, html, 其他]: 标题：基于边缘感知图注意力网络的C/C++可解释漏洞检测

标题： Explainable Vulnerability Detection in C/C++ Using Edge-Aware Graph Attention Networks

Radowanul Haque, Aftab Ali, Sally McClean, Naveed Khan

主题：密码学与安全 (cs.CR)

检测源代码中的安全漏洞仍然具有挑战性，特别是在现实世界的数据集中由于漏洞函数的代表性不足而导致的类别不平衡问题。现有的基于学习的方法通常优化召回率，导致误报率较高，并在开发工作流中降低了可用性。此外，许多方法缺乏可解释性，限制了它们在安全工作流中的集成。本文提出了 ExplainVulD，一种用于 C/C++ 代码漏洞检测的基于图的框架。该方法构建代码属性图，并使用双通道嵌入表示节点，以捕捉语义和结构信息。这些信息通过一种边感知注意力机制进行处理，该机制结合边类型嵌入以区分程序关系。为了解决类别不平衡问题，模型使用类别加权交叉熵损失进行训练。在 ReVeal 数据集上，ExplainVulD 在 30 次独立运行中实现了 88.25% 的平均准确率和 48.23% 的 F1 分数。与 ReVeal 模型（一种先前的基于学习的方法）相比，这些结果在准确率上提高了 4.6%，在 F1 分数上提高了 16.9%。该框架还优于静态分析工具，在准确率上提高了 14.0% 到 14.1%，在 F1 分数上提高了 132.2% 到 201.2%。除了改进的检测性能外，ExplainVulD 通过识别每个函数中最关键的代码区域来生成可解释的输出，支持安全优先级处理中的透明度和信任。

Detecting security vulnerabilities in source code remains challenging, particularly due to class imbalance in real-world datasets where vulnerable functions are under-represented. Existing learning-based methods often optimise for recall, leading to high false positive rates and reduced usability in development workflows. Furthermore, many approaches lack explainability, limiting their integration into security workflows. This paper presents ExplainVulD, a graph-based framework for vulnerability detection in C/C++ code. The method constructs Code Property Graphs and represents nodes using dual-channel embeddings that capture both semantic and structural information. These are processed by an edge-aware attention mechanism that incorporates edge-type embeddings to distinguish among program relations. To address class imbalance, the model is trained using class-weighted cross-entropy loss. ExplainVulD achieves a mean accuracy of 88.25 percent and an F1 score of 48.23 percent across 30 independent runs on the ReVeal dataset. These results represent relative improvements of 4.6 percent in accuracy and 16.9 percent in F1 score compared to the ReVeal model, a prior learning-based method. The framework also outperforms static analysis tools, with relative gains of 14.0 to 14.1 percent in accuracy and 132.2 to 201.2 percent in F1 score. Beyond improved detection performance, ExplainVulD produces explainable outputs by identifying the most influential code regions within each function, supporting transparency and trust in security triage.
[15] arXiv:2507.16576 [中文pdf, pdf, html, 其他]: 标题：从文本到可操作的智能：自动化STIX实体和关系提取

标题： From Text to Actionable Intelligence: Automating STIX Entity and Relationship Extraction

Ahmed Lekssays, Husrev Taha Sencar, Ting Yu

评论：本文已被 RAID 2025 接收

主题：密码学与安全 (cs.CR)

共享攻击方法及其有效性是构建强大防御系统的核心。由不同个人和组织生成的威胁分析报告在支持安全操作和应对新兴威胁方面发挥着关键作用。为了提高威胁情报共享的及时性和自动化程度，已经制定了几种标准，其中结构化威胁信息表达（STIX）框架成为最广泛采用的一种。然而，从非结构化安全文本生成兼容STIX的数据仍然主要是一个手动、专家驱动的过程。为了解决这个挑战，我们引入了AZERG，一种旨在帮助安全分析师自动生成结构化STIX表示的工具。为此，我们将通用的大语言模型适应于提取STIX格式威胁数据的特定任务。为了管理复杂性，该任务被分为四个子任务：实体检测（T1），实体类型识别（T2），相关对检测（T3）和关系类型识别（T4）。我们应用了任务特定的微调，以准确提取符合STIX规范的相关实体并推断它们之间的关系。为了解决训练数据不足的问题，我们整理了一个全面的数据集，其中包含从141份完整的威胁分析报告中提取的4,011个实体和2,075个关系，并且所有数据都按照STIX标准进行注释。我们的模型在现实场景中的F1得分分别为T1的84.43%，T2的88.49%，T3的95.47%和T4的84.60%。我们将其性能与一系列开放参数和封闭参数模型以及最先进的方法进行了验证，结果显示各项任务的性能提高了2-25%。

Sharing methods of attack and their effectiveness is a cornerstone of building robust defensive systems. Threat analysis reports, produced by various individuals and organizations, play a critical role in supporting security operations and combating emerging threats. To enhance the timeliness and automation of threat intelligence sharing, several standards have been established, with the Structured Threat Information Expression (STIX) framework emerging as one of the most widely adopted. However, generating STIX-compatible data from unstructured security text remains a largely manual, expert-driven process. To address this challenge, we introduce AZERG, a tool designed to assist security analysts in automatically generating structured STIX representations. To achieve this, we adapt general-purpose large language models for the specific task of extracting STIX-formatted threat data. To manage the complexity, the task is divided into four subtasks: entity detection (T1), entity type identification (T2), related pair detection (T3), and relationship type identification (T4). We apply task-specific fine-tuning to accurately extract relevant entities and infer their relationships in accordance with the STIX specification. To address the lack of training data, we compiled a comprehensive dataset with 4,011 entities and 2,075 relationships extracted from 141 full threat analysis reports, all annotated in alignment with the STIX standard. Our models achieved F1-scores of 84.43% for T1, 88.49% for T2, 95.47% for T3, and 84.60% for T4 in real-world scenarios. We validated their performance against a range of open- and closed-parameter models, as well as state-of-the-art methods, demonstrating improvements of 2-25% across tasks.
[16] arXiv:2507.16585 [中文pdf, pdf, html, 其他]: 标题： LLMxCPG：通过代码属性图引导的大语言模型进行上下文感知漏洞检测

标题： LLMxCPG: Context-Aware Vulnerability Detection Through Code Property Graph-Guided Large Language Models

Ahmed Lekssays, Hamza Mouhcine, Khang Tran, Ting Yu, Issa Khalil

评论：本文已被USENIX 2025接收

主题：密码学与安全 (cs.CR)

软件漏洞构成了持续的安全挑战，仅在2024年，Common Vulnerabilities and Exposures（CVE）数据库中就报告了超过25,000个新漏洞。尽管基于深度学习的方法在漏洞检测方面显示出前景，但最近的研究揭示了准确性和鲁棒性方面的关键限制：在经过严格验证的数据集上，准确率下降高达45%，并且在简单的代码修改下性能显著下降。本文介绍了LLMxCPG，这是一种将代码属性图（CPG）与大型语言模型（LLM）相结合的新框架，用于鲁棒的漏洞检测。我们的基于CPG的切片构建技术在保留与漏洞相关的上下文的同时，将代码大小减少了67.84至90.93%。我们的方法能够提供更简洁和准确的代码片段表示，使得可以分析更大的代码段，包括整个项目。这种简洁的表示是我们的方法改进检测能力的关键因素，因为它现在可以识别跨越多个函数的漏洞。实证评估表明，LLMxCPG在经过验证的数据集上有效，相对于最先进的基线，F1分数提高了15-40%。此外，LLMxCPG在函数级和多函数代码库中保持高性能，并在各种语法代码修改下表现出强大的检测效果。

Software vulnerabilities present a persistent security challenge, with over 25,000 new vulnerabilities reported in the Common Vulnerabilities and Exposures (CVE) database in 2024 alone. While deep learning based approaches show promise for vulnerability detection, recent studies reveal critical limitations in terms of accuracy and robustness: accuracy drops by up to 45% on rigorously verified datasets, and performance degrades significantly under simple code modifications. This paper presents LLMxCPG, a novel framework integrating Code Property Graphs (CPG) with Large Language Models (LLM) for robust vulnerability detection. Our CPG-based slice construction technique reduces code size by 67.84 to 90.93% while preserving vulnerability-relevant context. Our approach's ability to provide a more concise and accurate representation of code snippets enables the analysis of larger code segments, including entire projects. This concise representation is a key factor behind the improved detection capabilities of our method, as it can now identify vulnerabilities that span multiple functions. Empirical evaluation demonstrates LLMxCPG's effectiveness across verified datasets, achieving 15-40% improvements in F1-score over state-of-the-art baselines. Moreover, LLMxCPG maintains high performance across function-level and multi-function codebases while exhibiting robust detection efficacy under various syntactic code modifications.
[17] arXiv:2507.16773 [中文pdf, pdf, html, 其他]: 标题：当大语言模型复制以思考：揭示推理大语言模型中的复制引导攻击

标题： When LLMs Copy to Think: Uncovering Copy-Guided Attacks in Reasoning LLMs

Yue Li, Xiao Li, Hao Wu, Yue Zhang, Fengyuan Xu, Xiuzhen Cheng, Sheng Zhong

主题：密码学与安全 (cs.CR)

大型语言模型（LLMs）已成为自动化代码分析的关键组成部分，能够执行诸如漏洞检测和代码理解等任务。然而，它们的集成引入了新的攻击面。在本文中，我们识别并研究了一类新的基于提示的攻击，称为复制引导攻击（CGA），这些攻击利用了具备推理能力的LLMs的内在复制倾向。通过将精心设计的触发器注入外部代码片段，攻击者可以诱导模型在推理过程中复制恶意内容。这种行为会导致两类漏洞：推理长度操纵，即模型生成异常短或过长的推理轨迹；以及推理结果操纵，即模型生成误导性或错误的结论。我们将CGA形式化为一个优化问题，并提出一种基于梯度的方法来合成有效的触发器。对最先进的推理LLMs进行的实证评估表明，CGA能够可靠地在代码分析任务中引发无限循环、提前终止、虚假拒绝和语义扭曲。虽然在定向设置中非常有效，但我们发现由于计算限制，在不同提示之间泛化CGA存在挑战，这为未来的研究提出了一个开放性问题。我们的发现揭示了LLM驱动开发流程中的一个关键但尚未被充分研究的漏洞，并呼吁紧急推进提示级别的防御机制。

Large Language Models (LLMs) have become integral to automated code analysis, enabling tasks such as vulnerability detection and code comprehension. However, their integration introduces novel attack surfaces. In this paper, we identify and investigate a new class of prompt-based attacks, termed Copy-Guided Attacks (CGA), which exploit the inherent copying tendencies of reasoning-capable LLMs. By injecting carefully crafted triggers into external code snippets, adversaries can induce the model to replicate malicious content during inference. This behavior enables two classes of vulnerabilities: inference length manipulation, where the model generates abnormally short or excessively long reasoning traces; and inference result manipulation, where the model produces misleading or incorrect conclusions. We formalize CGA as an optimization problem and propose a gradient-based approach to synthesize effective triggers. Empirical evaluation on state-of-the-art reasoning LLMs shows that CGA reliably induces infinite loops, premature termination, false refusals, and semantic distortions in code analysis tasks. While highly effective in targeted settings, we observe challenges in generalizing CGA across diverse prompts due to computational constraints, posing an open question for future research. Our findings expose a critical yet underexplored vulnerability in LLM-powered development pipelines and call for urgent advances in prompt-level defense mechanisms.
[18] arXiv:2507.16788 [中文pdf, pdf, html, 其他]: 标题：法医分析：解决汽车行业中隐私挑战的框架

标题： AUTOPSY: A Framework for Tackling Privacy Challenges in the Automotive Industry

Sebastian Pape, Anis Bkakria, Maurice Heymann, Badreddine Chah, Abdeljalil Abbas-Turki, Sarah Syed-Winkler, Matthias Hiller, Reda Yaich

评论： 19页，4图

主题：密码学与安全 (cs.CR)

在实施通用数据保护条例（GDPR）的情况下，所有领域都必须确保符合隐私法规。然而，合规性并不一定意味着系统是隐私友好的，例如，获得用户的同意来处理他们的数据并不会提高系统的隐私友好性。因此，AUTOPSY项目的目的是通过提供几个构建模块来支持汽车领域的隐私工程过程，这些模块在技术上提高了现代即联网和（部分）自动化车辆的隐私友好性。本文介绍了AUTOPSY项目的结果：一个系统模型，用于识别应用隐私增强技术（PETs）的相关实体和位置；一个旨在对车辆的数据流进行更多控制的隐私管理器；一种基于GDPR原则的PET选择方法，以及一个用于汽车隐私的架构框架。此外，我们为基于位置的服务构建了一个演示系统，以评估架构框架。

With the General Data Protection Regulation (GDPR) in place, all domains have to ensure compliance with privacy legislation. However, compliance does not necessarily result in a privacy-friendly system as for example getting users' consent to process their data does not improve the privacy-friendliness of the system. Therefore, the goal of the AUTOPSY project was to support the privacy engineering process in the automotive domain by providing several building blocks which technically improve the privacy-friendliness of modern, i.e., connected and (partially) automated vehicles. This paper presents the results of the AUTOPSY project: a system model to identify relevant entities and locations to apply privacy enhancing technologies (PETs); the privacy manager aiming at more control of the data flow from the vehicle, a PET selection approach based on GDPR principles, and an architectural framework for automotive privacy. Furthermore, we built a demonstrator for location-based services to evaluate the architectural framework.

[19] arXiv:2507.16045 (交叉列表自 cs.CY) [中文pdf, pdf, html, 其他]: 标题：变色龙通道：测量被重新用于欺骗和盈利的YouTube账户

标题： Chameleon Channels: Measuring YouTube Accounts Repurposed for Deception and Profit

Alejandro Cuevas, Manoel Horta Ribeiro, Nicolas Christin

评论： 21页，12图，2表

主题：计算机与社会 (cs.CY) ; 密码学与安全 (cs.CR)

在线内容创作者花费大量时间和精力通过一个漫长而艰难的过程来建立他们的用户基础，这需要找到合适的细分领域来服务。因此，对于一个以猫 meme 著称的知名内容创作者来说，有什么激励去彻底重塑他们的页面频道并开始推广加密货币服务或报道选举新闻事件呢？如果他们这样做，现有的订阅者不会注意到吗？我们研究了\textit{重新利用的信道}的问题，即频道改变其身份和内容。我们首先描述了一个“二手”社交媒体账号的市场，在我们6个月的观察期内，该市场的销售额超过了100万美元。通过观察这6个月内（重新）出售的YouTube频道，我们发现相当一部分（37%）被用来传播可能有害的内容，通常不会受到任何处罚。更令人惊讶的是，这些频道似乎获得了而不是失去了订阅者。为了估计“野生”环境中频道再利用的普遍性，我们还收集了140万准随机抽样的YouTube账户的两个快照。在3个月内，我们估计$\sim$0.25%的频道——总共拥有$\sim$4400万订阅者——被重新利用了。我们确认这些被重新利用的频道与被出售的频道有若干共同特征——主要是它们曾经存在显著的潜在问题内容。在被重新利用的频道中，我们发现了成为虚假信息频道的，以及链接到包含金融诈骗的网页的频道。我们认为，利用这些频道上残留的信任对经济和意识形态动机的对手是有利的。这种现象不仅限于YouTube，我们认为培养有机受众的市场将会增长，特别是如果它不受缓解措施（无论是技术性的还是其他方面的）的挑战的话。

Online content creators spend significant time and effort building their user base through a long, often arduous process, which requires finding the right ``niche'' to cater to. So, what incentive is there for an established content creator known for cat memes to completely reinvent their page channel and start promoting cryptocurrency services or cover electoral news events? And, if they do, do their existing subscribers not notice? We explore this problem of \textit{repurposed channels}, whereby a channel changes its identity and contents. We first characterize a market for ``second-hand'' social media accounts, which recorded sales exceeding USD~1M during our 6-month observation period. By observing YouTube channels (re)sold over these 6~months, we find that a substantial number (37\%) are used to disseminate potentially harmful content, often without facing any penalty. Even more surprisingly, these channels seem to gain rather than lose subscribers. To estimate the prevalence of channel repurposing ``in the wild,'' we also collect two snapshots of 1.4M quasi-randomly sampled YouTube accounts. In a 3-month period, we estimate that $\sim$0.25\% channels -- collectively holding $\sim$44M subscribers -- were repurposed. We confirm that these repurposed channels share several characteristics with sold channels -- mainly, the fact that they had a significantly high presence of potentially problematic content. Across repurposed channels, we find channels that became disinformation channels, as well as channels that link to web pages with financial scams. We reason that abusing the residual trust placed on these channels is advantageous to financially- and ideologically-motivated adversaries. This phenomenon is not exclusive to YouTube and we posit that the market for cultivating organic audiences is set to grow, particularly if it remains unchallenged by mitigations, technical or otherwise.
[20] arXiv:2507.16181 (交叉列表自 quant-ph) [中文pdf, pdf, html, 其他]: 标题：超导量子硬件上的串扰攻击脉冲级仿真

标题： Pulse-Level Simulation of Crosstalk Attacks on Superconducting Quantum Hardware

Syed Emad Uddin Shubha, Tasnuva Farheen

评论：这篇论文已被接受为IEEE量子周（QCE 2025）安全、隐私和弹性研讨会的论文，并将发表在研讨会论文集中。

主题：量子物理 (quant-ph) ; 密码学与安全 (cs.CR)

多租户超导量子计算机中的硬件串扰构成严重的安全威胁，允许对手通过注入精心设计的脉冲在租户边界上引发目标错误。我们对脉冲级别的主动串扰攻击进行了基于仿真的研究，分析了对手如何通过控制脉冲时间、形状、幅度和耦合来干扰受害者的计算。我们的框架在旋转框架中对三量子比特系统的时变动力学进行建模，同时捕捉始终存在的耦合和注入的驱动脉冲。我们检查了两种攻击策略：攻击者优先（脉冲在受害者操作之前）和受害者优先（脉冲在受害者操作之后），并系统地识别导致最大逻辑错误的脉冲和耦合配置。在量子硬币翻转和XOR分类电路的协议级别实验表明，一些协议极易受到这些攻击，而其他协议则保持稳健。基于这些发现，我们讨论了实际的检测和缓解方法，以提高量子云平台的安全性。

Hardware crosstalk in multi-tenant superconducting quantum computers poses a severe security threat, allowing adversaries to induce targeted errors across tenant boundaries by injecting carefully engineered pulses. We present a simulation-based study of active crosstalk attacks at the pulse level, analyzing how adversarial control of pulse timing, shape, amplitude, and coupling can disrupt a victim's computation. Our framework models the time-dependent dynamics of a three-qubit system in the rotating frame, capturing both always-on couplings and injected drive pulses. We examine two attack strategies: attacker-first (pulse before victim operation) and victim-first (pulse after), and systematically identify the pulse and coupling configurations that cause the largest logical errors. Protocol-level experiments on quantum coin flip and XOR classification circuits show that some protocols are highly vulnerable to these attacks, while others remain robust. Based on these findings, we discuss practical methods for detection and mitigation to improve security in quantum cloud platforms.
[21] arXiv:2507.16220 (交叉列表自 cs.SD) [中文pdf, pdf, html, 其他]: 标题： LENS-DF：长时噪声语音的深度伪造检测与时间定位

标题： LENS-DF: Deepfake Detection and Temporal Localization for Long-Form Noisy Speech

Xuechen Liu, Wanying Ge, Xin Wang, Junichi Yamagishi

评论：被IEEE国际生物特征会议（IJCB）2025接受，日本大阪

主题：声音 (cs.SD) ; 密码学与安全 (cs.CR)

本研究介绍了LENS-DF，这是一种新颖且全面的训练和评估音频深度伪造检测和时间定位的方案，在复杂和现实的音频条件下进行。该方案的生成部分以可控的方式从输入数据集中输出具有多个关键特征的音频，例如更长的持续时间、噪声条件以及包含多个说话人。相应的检测和定位协议使用模型。我们基于自监督学习前端和简单的后端进行实验。结果表明，使用LENS-DF生成的数据训练的模型始终优于通过传统方案训练的模型，证明了LENS-DF在鲁棒音频深度伪造检测和定位中的有效性和实用性。我们还对引入的变化进行了消融研究，探讨它们对领域内现实挑战的影响和相关性。

This study introduces LENS-DF, a novel and comprehensive recipe for training and evaluating audio deepfake detection and temporal localization under complicated and realistic audio conditions. The generation part of the recipe outputs audios from the input dataset with several critical characteristics, such as longer duration, noisy conditions, and containing multiple speakers, in a controllable fashion. The corresponding detection and localization protocol uses models. We conduct experiments based on self-supervised learning front-end and simple back-end. The results indicate that models trained using data generated with LENS-DF consistently outperform those trained via conventional recipes, demonstrating the effectiveness and usefulness of LENS-DF for robust audio deepfake detection and localization. We also conduct ablation studies on the variations introduced, investigating their impact on and relevance to realistic challenges in the field.
[22] arXiv:2507.16226 (交叉列表自 cs.AI) [中文pdf, pdf, html, 其他]: 标题：基于可信计算环境的蒸馏大语言模型在片上系统设计中的应用

标题： Distilled Large Language Model in Confidential Computing Environment for System-on-Chip Design

Dong Ben, Hui Feng, Qian Wang

评论： 7页，4图；

主题：人工智能 (cs.AI) ; 密码学与安全 (cs.CR)

大型语言模型（LLMs）在电路设计任务中的使用日益增加，并且通常经历了多轮训练。训练后的模型及其相关训练数据被视为机密知识产权（IP），必须防止泄露。保密计算通过可信执行环境（TEEs）提供了一种有前景的解决方案来保护数据和模型。然而，现有的TEEs实现并未专门设计用于高效支持LLLMs的资源密集型特性。在本工作中，我们首先在启用TEE的保密计算环境中对LLMs进行了全面评估，具体使用了英特尔信任域扩展（TDX）。我们在三种环境中进行了实验：基于TEE的环境、仅CPU环境以及CPU-GPU混合实现，并从每秒令牌数的角度评估了它们的性能。我们的第一个观察结果是，蒸馏模型，即DeepSeek，在性能上优于其他模型，因为它们的参数更少，使其适用于资源受限的设备。此外，在量化模型中，如4位量化（Q4）和8位量化（Q8），我们观察到与FP16模型相比性能提高了多达3倍。我们的研究结果表明，对于参数较少的模型，如DeepSeek-r1-1.5B，在安全环境中执行计算时，TDX实现优于CPU版本。我们进一步使用专为SoC设计任务设计的测试平台验证了这些结果。这些验证证明了在资源受限系统上高效部署轻量级LLMs用于半导体CAD应用的潜力。

Large Language Models (LLMs) are increasingly used in circuit design tasks and have typically undergone multiple rounds of training. Both the trained models and their associated training data are considered confidential intellectual property (IP) and must be protected from exposure. Confidential Computing offers a promising solution to protect data and models through Trusted Execution Environments (TEEs). However, existing TEE implementations are not designed to support the resource-intensive nature of LLMs efficiently. In this work, we first present a comprehensive evaluation of the LLMs within a TEE-enabled confidential computing environment, specifically utilizing Intel Trust Domain Extensions (TDX). We constructed experiments on three environments: TEE-based, CPU-only, and CPU-GPU hybrid implementations, and evaluated their performance in terms of tokens per second. Our first observation is that distilled models, i.e., DeepSeek, surpass other models in performance due to their smaller parameters, making them suitable for resource-constrained devices. Also, in the quantized models such as 4-bit quantization (Q4) and 8-bit quantization (Q8), we observed a performance gain of up to 3x compared to FP16 models. Our findings indicate that for fewer parameter sets, such as DeepSeek-r1-1.5B, the TDX implementation outperforms the CPU version in executing computations within a secure environment. We further validate the results using a testbench designed for SoC design tasks. These validations demonstrate the potential of efficiently deploying lightweight LLMs on resource-constrained systems for semiconductor CAD applications.
[23] arXiv:2507.16302 (交叉列表自 cs.LG) [中文pdf, pdf, html, 其他]: 标题：面向下游微调的扩散模型的弹性安全驱动遗忘方法

标题： Towards Resilient Safety-driven Unlearning for Diffusion Models against Downstream Fine-tuning

Boheng Li, Renjie Gu, Junjie Wang, Leyi Qi, Yiming Li, Run Wang, Zhan Qin, Tianwei Zhang

评论：预印本版本。正在审稿中

主题：机器学习 (cs.LG) ; 人工智能 (cs.AI) ; 密码学与安全 (cs.CR) ; 计算机视觉与模式识别 (cs.CV)

文本到图像（T2I）扩散模型在图像生成质量方面取得了令人印象深刻的成果，并且正在被越来越多地微调用于个性化应用。然而，这些模型通常会从有毒的预训练数据中继承不安全的行为，引发了日益增长的安全担忧。尽管最近的安全驱动遗忘方法在抑制模型毒性方面取得了有希望的进展，但它们被发现对下游微调是脆弱的，我们发现即使在完全无害的数据集上进行微调，最先进的方法也大多无法保持其有效性。为了解决这个问题，本文我们提出了ResAlign，这是一种具有增强的下游微调抗性的安全驱动遗忘框架。通过将下游微调建模为一个基于Moreau包络重表述的隐式优化问题，ResAlign能够高效地估计梯度以最小化有害行为的恢复。此外，提出了一种元学习策略来模拟多样化的微调场景分布，以提高泛化能力。在广泛的数据集、微调方法和配置上的大量实验表明，ResAlign在保留下游微调后的安全性的同时，始终优于先前的遗忘方法，并且很好地保持了无害的生成能力。

Text-to-image (T2I) diffusion models have achieved impressive image generation quality and are increasingly fine-tuned for personalized applications. However, these models often inherit unsafe behaviors from toxic pretraining data, raising growing safety concerns. While recent safety-driven unlearning methods have made promising progress in suppressing model toxicity, they are identified to be fragile to downstream fine-tuning, where we reveal that state-of-the-art methods largely fail to retain their effectiveness even when fine-tuned on entirely benign datasets. To mitigate this problem, in this paper, we propose ResAlign, a safety-driven unlearning framework with enhanced resilience against downstream fine-tuning. By modeling downstream fine-tuning as an implicit optimization problem with a Moreau Envelope-based reformulation, ResAlign enables efficient gradient estimation to minimize the recovery of harmful behaviors. Additionally, a meta-learning strategy is proposed to simulate a diverse distribution of fine-tuning scenarios to improve generalization. Extensive experiments across a wide range of datasets, fine-tuning methods, and configurations demonstrate that ResAlign consistently outperforms prior unlearning approaches in retaining safety after downstream fine-tuning while preserving benign generation capability well.

[24] arXiv:2411.00459 (替换) [中文pdf, pdf, html, 其他]: 标题：通过利用攻击技术防御提示注入攻击

标题： Defense Against Prompt Injection Attack by Leveraging Attack Techniques

Yulin Chen, Haoran Li, Zihao Zheng, Yangqiu Song, Dekai Wu, Bryan Hooi

评论：将出现在ACL 2025上

主题：密码学与安全 (cs.CR)

随着技术的进步，大型语言模型（LLMs）在各种自然语言处理（NLP）任务中取得了显著的性能，推动了像Microsoft Copilot这样的LLM集成应用的发展。然而，随着LLMs的不断发展，新的漏洞出现，尤其是提示注入攻击。这些攻击会使LLMs偏离原始输入指令，并执行数据内容中注入的攻击者指令，例如检索结果。最近的攻击方法利用LLMs的遵循指令能力以及它们无法区分数据内容中注入的指令的能力，实现了较高的攻击成功率（ASR）。在比较攻击和防御方法时，我们发现它们具有相似的设计目标，即诱导模型忽略不需要的指令并执行所需的指令。因此，我们提出一个直观的问题：这些攻击技术能否用于防御目的？在本文中，我们反转提示注入方法的意图，通过重复攻击过程但使用原始输入指令而不是注入的指令，基于之前的无训练攻击方法开发新的防御方法。我们的全面实验表明，我们的防御技术优于现有的无训练防御方法，达到了最先进的结果。

With the advancement of technology, large language models (LLMs) have achieved remarkable performance across various natural language processing (NLP) tasks, powering LLM-integrated applications like Microsoft Copilot. However, as LLMs continue to evolve, new vulnerabilities, especially prompt injection attacks arise. These attacks trick LLMs into deviating from the original input instructions and executing the attacker's instructions injected in data content, such as retrieved results. Recent attack methods leverage LLMs' instruction-following abilities and their inabilities to distinguish instructions injected in the data content, and achieve a high attack success rate (ASR). When comparing the attack and defense methods, we interestingly find that they share similar design goals, of inducing the model to ignore unwanted instructions and instead to execute wanted instructions. Therefore, we raise an intuitive question: Could these attack techniques be utilized for defensive purposes? In this paper, we invert the intention of prompt injection methods to develop novel defense methods based on previous training-free attack methods, by repeating the attack process but with the original input instruction rather than the injected instruction. Our comprehensive experiments demonstrate that our defense techniques outperform existing training-free defense approaches, achieving state-of-the-art results.
[25] arXiv:2501.16680 (替换) [中文pdf, pdf, 其他]: 标题：差分隐私集合表示

标题： Differentially Private Set Representations

Sarvar Patel, Giuseppe Persiano, Joon Young Seo, Kevin Yeo

评论：出现在NeurIPS 2024

主题：密码学与安全 (cs.CR) ; 数据结构与算法 (cs.DS)

我们研究从大集合中表示大小为$k$的集合的差分隐私（DP）机制问题。我们的第一个构造使用最多$1.05 k \epsilon \cdot \log(e)$位的空间创建$(\epsilon,\delta)$-DP 表示，错误概率为$1/(e^\epsilon + 1)$，其中构造表示的时间为$O(k \log(1/\delta))$，解码时间为$O(\log(1/\delta))$。我们还提出了一种第二种算法，用于纯$\epsilon$-DP 表示，使用相同的误差，但最多需要$k \epsilon \cdot \log(e)$位空间，但需要较大的解码时间。我们的算法与我们在隐私-效用权衡上的下界相匹配（包括常数但忽略$\delta$因子），我们还提出了一种新的空间下界，与我们的构造在小常数因子范围内相匹配。为了获得我们的结果，我们设计了一种新方法，将集合嵌入到随机线性系统中，这与大多数之前的方法不同，这些方法是将噪声注入非私有解中。

We study the problem of differentially private (DP) mechanisms for representing sets of size $k$ from a large universe. Our first construction creates $(\epsilon,\delta)$-DP representations with error probability of $1/(e^\epsilon + 1)$ using space at most $1.05 k \epsilon \cdot \log(e)$ bits where the time to construct a representation is $O(k \log(1/\delta))$ while decoding time is $O(\log(1/\delta))$. We also present a second algorithm for pure $\epsilon$-DP representations with the same error using space at most $k \epsilon \cdot \log(e)$ bits, but requiring large decoding times. Our algorithms match our lower bounds on privacy-utility trade-offs (including constants but ignoring $\delta$ factors) and we also present a new space lower bound matching our constructions up to small constant factors. To obtain our results, we design a new approach embedding sets into random linear systems deviating from most prior approaches that inject noise into non-private solutions.
[26] arXiv:2502.10556 (替换) [中文pdf, pdf, html, 其他]: 标题：恶意软件检测的最新进展：图学习与可解释性

标题： Recent Advances in Malware Detection: Graph Learning and Explainability

Hossein Shokouhinejad, Roozbeh Razavi-Far, Hesamodin Mohammadian, Mahdi Rabbani, Samuel Ansong, Griffin Higgins, Ali A Ghorbani

主题：密码学与安全 (cs.CR) ; 机器学习 (cs.LG)

恶意软件的快速发展促使开发了超越传统基于签名的方法的复杂检测方法。图学习技术已成为建模和分析恶意软件行为中固有复杂关系的强大工具，利用了图神经网络（GNNs）及相关方法的进步。本综述全面探讨了恶意软件检测的最新进展，重点研究图学习与可解释性之间的相互作用。它首先回顾了恶意软件分析技术和数据集，强调它们在理解恶意软件行为和支持检测策略中的基础作用。随后，综述讨论了特征工程、图简化和图嵌入方法，突出它们在将原始数据转化为可操作见解中的重要性，同时确保可扩展性和效率。此外，本综述关注可解释性技术及其在恶意软件检测中的应用，确保透明度和可信度。通过整合这些组件，本综述展示了图学习和可解释性如何有助于构建强大、可解释和可扩展的恶意软件检测系统。最后，提出了未来的研究方向，以解决现有挑战并在这一关键的网络安全领域开辟新的机会。

The rapid evolution of malware has necessitated the development of sophisticated detection methods that go beyond traditional signature-based approaches. Graph learning techniques have emerged as powerful tools for modeling and analyzing the complex relationships inherent in malware behavior, leveraging advancements in Graph Neural Networks (GNNs) and related methods. This survey provides a comprehensive exploration of recent advances in malware detection, focusing on the interplay between graph learning and explainability. It begins by reviewing malware analysis techniques and datasets, emphasizing their foundational role in understanding malware behavior and supporting detection strategies. The survey then discusses feature engineering, graph reduction, and graph embedding methods, highlighting their significance in transforming raw data into actionable insights, while ensuring scalability and efficiency. Furthermore, this survey focuses on explainability techniques and their applications in malware detection, ensuring transparency and trustworthiness. By integrating these components, this survey demonstrates how graph learning and explainability contribute to building robust, interpretable, and scalable malware detection systems. Future research directions are outlined to address existing challenges and unlock new opportunities in this critical area of cybersecurity.
[27] arXiv:2502.12441 (替换) [中文pdf, pdf, 其他]: 标题：选择用于使用Shor算法求解ECDLP的坐标形式

标题： Choosing Coordinate Forms for Solving ECDLP Using Shor's Algorithm

Yan Huang, Fangguo Zhang, Fei Gao, Zijian Zhou, Longjiang Qu

评论：主要关注点在于其有限的重要性和新颖性。虽然论文探讨了投影坐标的应用，但量子资源需求比之前研究的仿射坐标更差，这一点在文稿中已有详细记录。

主题：密码学与安全 (cs.CR)

Shor算法以其能够在多项式时间内解决椭圆曲线离散对数问题（ECDLP）的能力而闻名。其量子资源的增强仍然是研究的关键焦点。然而，将投影坐标用于量子资源优化的应用仍是一个未解问题，主要是因为投影坐标的表示在不使用模除运算的情况下缺乏唯一性。我们的研究表明，当使用Shor方法解决ECDLP时，投影坐标并不像仿射坐标那样具有相同的优势。

Shor's algorithm is well-known for its capability to address the elliptic curve discrete logarithm problem (ECDLP) in polynomial time. The enhancement of its quantum resources continues to be a crucial focus of research. Nevertheless, the application of projective coordinates for quantum resource optimization remains an unresolved issue, mainly because the representation of projective coordinates lacks uniqueness without employing modular division operations. Our study reveals that projective coordinates do not provide the same advantages as affine coordinates when utilizing Shor's method to tackle the ECDLP.
[28] arXiv:2502.16580 (替换) [中文pdf, pdf, html, 其他]: 标题：间接提示注入攻击能否被检测和移除？

标题： Can Indirect Prompt Injection Attacks Be Detected and Removed?

Yulin Chen, Haoran Li, Yuan Sui, Yufei He, Yue Liu, Yangqiu Song, Bryan Hooi

评论：将出现在ACL 2025上

主题：密码学与安全 (cs.CR)

提示注入攻击通过误导大型语言模型（LLMs）偏离原始输入指令并执行恶意注入的指令来操纵它们，这是因为它们的指令遵循能力和无法区分原始输入指令与恶意注入指令。为了防御此类攻击，最近的研究已经开发了各种检测机制。如果我们专门关注于检测而非直接防御的工作，大多数工作都集中在直接提示注入攻击上，而针对间接场景的研究较少，其中注入的指令来自外部工具，如搜索引擎。此外，当前的研究主要调查注入检测方法，而对旨在在检测后减轻注入的后处理方法关注较少。在本文中，我们研究了检测和移除间接提示注入攻击的可行性，并构建了一个基准数据集进行评估。对于检测，我们评估了现有LLMs和开源检测模型的性能，并进一步使用我们设计的训练数据集训练检测模型。对于移除，我们评估了两种直观的方法：（1）分割移除方法，该方法对注入的文档进行分割并移除包含注入指令的部分，（2）提取移除方法，该方法训练一个提取模型来识别并移除注入的指令。

Prompt injection attacks manipulate large language models (LLMs) by misleading them to deviate from the original input instructions and execute maliciously injected instructions, because of their instruction-following capabilities and inability to distinguish between the original input instructions and maliciously injected instructions. To defend against such attacks, recent studies have developed various detection mechanisms. If we restrict ourselves specifically to works which perform detection rather than direct defense, most of them focus on direct prompt injection attacks, while there are few works for the indirect scenario, where injected instructions are indirectly from external tools, such as a search engine. Moreover, current works mainly investigate injection detection methods and pay less attention to the post-processing method that aims to mitigate the injection after detection. In this paper, we investigate the feasibility of detecting and removing indirect prompt injection attacks, and we construct a benchmark dataset for evaluation. For detection, we assess the performance of existing LLMs and open-source detection models, and we further train detection models using our crafted training datasets. For removal, we evaluate two intuitive methods: (1) the segmentation removal method, which segments the injected document and removes parts containing injected instructions, and (2) the extraction removal method, which trains an extraction model to identify and remove injected instructions.
[29] arXiv:2503.03108 (替换) [中文pdf, pdf, html, 其他]: 标题： OMNISEC：基于检索增强行为提示的LLM驱动的溯源入侵检测

标题： OMNISEC: LLM-Driven Provenance-based Intrusion Detection via Retrieval-Augmented Behavior Prompting

Wenrui Cheng, Tiantian Zhu, Shunan Jing, Jian-Ping Mei, Mingjun Ma, Jiaobo Jin, Zhengqiu Weng

主题：密码学与安全 (cs.CR) ; 人工智能 (cs.AI)

最近，基于溯源的入侵检测系统（PIDSes）已被广泛用于端点威胁分析。这些研究可以大致分为基于规则的检测系统和基于学习的检测系统。其中，由于攻击技术的演变，规则无法动态建模攻击者的所有特征。因此，此类系统经常面临假阴性问题。基于学习的检测系统进一步分为监督学习和异常检测。攻击样本的稀缺性阻碍了基于监督学习的检测系统在实际应用中的可用性和有效性。基于异常的检测系统面临大量的假阳性问题，因为它们无法区分正常行为的变化和真实的攻击行为。检测系统的警报结果与后续安全分析师的人工劳动成本密切相关。为了减少人工分析时间，我们提出了OMNISEC，它通过检索增强的行为提示将大型语言模型（LLMs）应用于基于异常的入侵检测系统。 OMNISEC可以通过构建可疑节点和罕见路径来识别异常节点和相应的异常事件。通过结合两个外部知识库， OMNISEC使用检索增强生成（RAG）使LLM能够判断异常行为是否为真实攻击。最后，OMNISEC可以重建攻击图并恢复攻击者入侵的完整攻击行为链。实验结果表明，OMNISEC在公共基准数据集上优于最先进的方法。

Recently, Provenance-based Intrusion Detection Systems (PIDSes) have been widely used for endpoint threat analysis. These studies can be broadly categorized into rule-based detection systems and learning-based detection systems. Among these, due to the evolution of attack techniques, rules cannot dynamically model all the characteristics of attackers. As a result, such systems often face false negatives. Learning-based detection systems are further divided into supervised learning and anomaly detection. The scarcity of attack samples hinders the usability and effectiveness of supervised learning-based detection systems in practical applications. Anomaly-based detection systems face a massive false positive problem because they cannot distinguish between changes in normal behavior and real attack behavior. The alert results of detection systems are closely related to the manual labor costs of subsequent security analysts. To reduce manual analysis time, we propose OMNISEC, which applies large language models (LLMs) to anomaly-based intrusion detection systems via retrieval-augmented behavior prompting. OMNISEC can identify abnormal nodes and corresponding abnormal events by constructing suspicious nodes and rare paths. By combining two external knowledge bases, OMNISEC uses Retrieval Augmented Generation (RAG) to enable the LLM to determine whether abnormal behavior is a real attack. Finally, OMNISEC can reconstruct the attack graph and restore the complete attack behavior chain of the attacker's intrusion. Experimental results show that OMNISEC outperforms state-of-the-art methods on public benchmark datasets.
[30] arXiv:2504.07280 (替换) [中文pdf, pdf, html, 其他]: 标题： Conthereum：多核执行的并发以太坊优化交易调度

标题： Conthereum: Concurrent Ethereum Optimized Transaction Scheduling for Multi-Core Execution

Atefeh Zareh Chahoki, Maurice Herlihy, Marco Roveri

评论： 10页，3个表格，7个图，1个算法

主题：密码学与安全 (cs.CR) ; 分布式、并行与集群计算 (cs.DC)

Conthereum 是一种并发以太坊解决方案，用于块内并行交易执行，使验证者能够利用多核基础设施，并将以太坊的顺序执行模型转换为并行模型。这种转变显著提高了吞吐量和每秒交易数（TPS），同时在提议者和认证者模式下确保无冲突执行，并在认证者中保持执行顺序一致性。Conthereum 的核心是一种新颖的轻量级高性能调度器，其灵感来源于灵活作业车间调度问题（FJSS）。我们提出了一种自定义的贪心启发式算法及其高效实现，能够有效地解决该公式，并在寻找满足约束条件的次优解、实现最小完成时间以及在并行执行中最大化加速方面明显优于现有的调度方法。此外，Conthereum 包含一个离线阶段，通过智能合约的静态分析获得冲突分析存储库，为其实时调度器提供支持，使用悲观方法识别可能冲突的功能。基于这种新型调度器和广泛的冲突数据，Conthereum 超过了现有的并发块内解决方案。实证评估显示，在标准 8 核机器上，随着计算能力的增加，吞吐量接近线性增长。尽管在核心数量更多和交易冲突增加时可扩展性偏离线性，Conthereum 仍然显著优于当前的顺序执行模型，并在各种条件下超越现有的并发解决方案。

Conthereum is a concurrent Ethereum solution for intra-block parallel transaction execution, enabling validators to utilize multi-core infrastructure and transform the sequential execution model of Ethereum into a parallel one. This shift significantly increases throughput and transactions per second (TPS), while ensuring conflict-free execution in both proposer and attestor modes and preserving execution order consistency in the attestor. At the heart of Conthereum is a novel, lightweight, high-performance scheduler inspired by the Flexible Job Shop Scheduling Problem (FJSS). We propose a custom greedy heuristic algorithm, along with its efficient implementation, that solves this formulation effectively and decisively outperforms existing scheduling methods in finding suboptimal solutions that satisfy the constraints, achieve minimal makespan, and maximize speedup in parallel execution. Additionally, Conthereum includes an offline phase that equips its real-time scheduler with a conflict analysis repository obtained through static analysis of smart contracts, identifying potentially conflicting functions using a pessimistic approach. Building on this novel scheduler and extensive conflict data, Conthereum outperforms existing concurrent intra-block solutions. Empirical evaluations show near-linear throughput gains with increasing computational power on standard 8-core machines. Although scalability deviates from linear with higher core counts and increased transaction conflicts, Conthereum still significantly improves upon the current sequential execution model and outperforms existing concurrent solutions under a wide range of conditions.
[31] arXiv:2506.01885 (替换) [中文pdf, pdf, html, 其他]: 标题： SoK：区块链中的并发性——系统文献综述及一个误解的揭示

标题： SoK: Concurrency in Blockchain -- A Systematic Literature Review and the Unveiling of a Misconception

Atefeh Zareh Chahoki, Maurice Herlihy, Marco Roveri

主题：密码学与安全 (cs.CR) ; 分布式、并行与集群计算 (cs.DC) ; 性能 (cs.PF)

智能合约是区块链技术的核心，能够实现安全、自动的分布式执行。鉴于它们在处理客户端、矿工和验证者之间的大量交易中的作用，探索并发性至关重要。这包括块内的并发交易执行或验证、跨分片的块处理以及矿工之间选择和持久化交易的竞争。并发性和并行性是一把双刃剑：虽然它们提高了吞吐量，但也引入了如竞争条件、非确定性和死锁、活锁等漏洞的风险。本文首次对智能合约中的并发性进行了综述，提供了一个按关键维度组织的系统文献综述。首先，它建立了区块链系统中并发级别的分类，并讨论了未来采用的解决方案。其次，它研究了并发操作中的漏洞、攻击和对策，强调了正确性和安全性的重要性。至关重要的是，我们揭示了一个主要研究类别中的错误并发假设，这导致了广泛的误解。这项工作旨在纠正这一点，并引导未来的研究走向更准确的模型。最后，我们识别了每个类别中的差距，以概述未来的研究方向并支持区块链的发展。

Smart contracts, the cornerstone of blockchain technology, enable secure, automated distributed execution. Given their role in handling large transaction volumes across clients, miners, and validators, exploring concurrency is critical. This includes concurrent transaction execution or validation within blocks, block processing across shards, and miner competition to select and persist transactions. Concurrency and parallelism are a double-edged sword: while they improve throughput, they also introduce risks like race conditions, non-determinism, and vulnerabilities such as deadlock and livelock. This paper presents the first survey of concurrency in smart contracts, offering a systematic literature review organized into key dimensions. First, it establishes a taxonomy of concurrency levels in blockchain systems and discusses proposed solutions for future adoption. Second, it examines vulnerabilities, attacks, and countermeasures in concurrent operations, emphasizing the need for correctness and security. Crucially, we reveal a flawed concurrency assumption in a major research category, which has led to widespread misinterpretation. This work aims to correct that and guide future research toward more accurate models. Finally, we identify gaps in each category to outline future research directions and support blockchain's advancement.
[32] arXiv:2507.10845 (替换) [中文pdf, pdf, html, 其他]: 标题： BandFuzz：一种基于机器学习的协作模糊测试框架

标题： BandFuzz: An ML-powered Collaborative Fuzzing Framework

Wenxuan Shi, Hongwei Li, Jiahao Yu, Xinqian Sun, Wenbo Guo, Xinyu Xing

主题：密码学与安全 (cs.CR) ; 软件工程 (cs.SE)

协作模糊测试结合多个单独的模糊测试工具，并动态选择适用于不同程序的适当组合。与依赖特定假设的单个模糊测试工具不同，协作模糊测试放松了对目标程序的假设，在各种程序上提供了稳健的性能。然而，现有的协作模糊测试框架面临包括额外计算资源需求和模糊测试工具之间低效资源分配在内的挑战。为解决这些挑战，我们提出了 BANDFUZZ，一个由机器学习驱动的协作模糊测试框架，在不需要额外计算资源的情况下优于单个模糊测试工具。 BANDFUZZ 的关键贡献在于其由我们提出的多臂老虎机模型驱动的创新资源分配算法。与现有框架中的贪心方法不同，BANDFUZZ 模型化了单个模糊测试工具的长期影响，从而能够发现全局最优的协作策略。我们提出了一种新颖的模糊测试工具评估方法，不仅评估代码覆盖率，还评估模糊测试工具解决困难分支的能力。最后，我们集成了实时种子同步机制和实现优化，以提高模糊测试的效率和稳定性。通过在 Fuzzbench 和 Fuzzer Test Suite 上的大量实验，我们表明 BANDFUZZ 超过了最先进的协作模糊测试框架 autofz 和广泛使用的单个模糊测试工具。我们通过全面的消融研究验证了 BANDFUZZ 的关键设计。值得注意的是，我们通过分析全球模糊测试竞赛的结果，展示了 BANDFUZZ 在现实世界漏洞检测中的有效性，其中 BANDFUZZ 获得了第一名。

Collaborative fuzzing combines multiple individual fuzzers and dynamically chooses appropriate combinations for different programs. Unlike individual fuzzers that rely on specific assumptions, collaborative fuzzing relaxes assumptions on target programs, providing robust performance across various programs. However, existing collaborative fuzzing frameworks face challenges including additional computational resource requirements and inefficient resource allocation among fuzzers. To tackle these challenges, we present BANDFUZZ, an ML-powered collaborative fuzzing framework that outperforms individual fuzzers without requiring additional computational resources. The key contribution of BANDFUZZ lies in its novel resource allocation algorithm driven by our proposed multi-armed bandits model. Different from greedy methods in existing frameworks, BANDFUZZ models the long-term impact of individual fuzzers, enabling discovery of globally optimal collaborative strategies. We propose a novel fuzzer evaluation method that assesses not only code coverage but also the fuzzer's capability of solving difficult branches. Finally, we integrate a real-time seed synchronization mechanism and implementation-wise optimizations to improve fuzzing efficiency and stability. Through extensive experiments on Fuzzbench and Fuzzer Test Suite, we show that BANDFUZZ outperforms state-of-the-art collaborative fuzzing framework autofz and widely used individual fuzzers. We verify BANDFUZZ's key designs through comprehensive ablation study. Notably, we demonstrate BANDFUZZ's effectiveness in real-world bug detection by analyzing results of a worldwide fuzzing competition, where BANDFUZZ won first place.
[33] arXiv:2507.11324 (替换) [中文pdf, pdf, html, 其他]: 标题：隐私度量的综述：用于隐私保护合成数据生成的隐私度量

标题： A Review of Privacy Metrics for Privacy-Preserving Synthetic Data Generation

Frederik Marinus Trudslev, Matteo Lissandrini, Juan Manuel Rodriguez, Martin Bøgsted, Daniele Dell'Aglio

主题：密码学与安全 (cs.CR) ; 数据库 (cs.DB)

隐私保护合成数据生成（PP-SDG）已出现，以从个人数据中生成合成数据集，同时保持隐私和效用。差分隐私（DP）是PP-SDG机制的属性，它确定了在共享敏感数据时个体受到的保护程度。然而，很难解释DP所表达的隐私预算（$\varepsilon$）。为了使与隐私预算相关的实际风险更加透明，已经提出了多种隐私度量（PMs）来评估数据的隐私风险。这些PMs被分别用于评估新引入的PP-SDG机制。因此，这些PMs与它们所评估的PP-SDG机制具有相同的假设。因此，有必要对这些PMs的计算方式进行全面定义。在本工作中，我们介绍了17种不同的隐私度量的假设和数学公式。

Privacy Preserving Synthetic Data Generation (PP-SDG) has emerged to produce synthetic datasets from personal data while maintaining privacy and utility. Differential privacy (DP) is the property of a PP-SDG mechanism that establishes how protected individuals are when sharing their sensitive data. It is however difficult to interpret the privacy budget ($\varepsilon$) expressed by DP. To make the actual risk associated with the privacy budget more transparent, multiple privacy metrics (PMs) have been proposed to assess the privacy risk of the data. These PMs are utilized in separate studies to assess newly introduced PP-SDG mechanisms. Consequently, these PMs embody the same assumptions as the PP-SDG mechanism they were made to assess. Therefore, a thorough definition of how these are calculated is necessary. In this work, we present the assumptions and mathematical formulations of 17 distinct privacy metrics.
[34] arXiv:2507.14893 (替换) [中文pdf, pdf, html, 其他]: 标题：一种基于同源的紧凑后量子强指定验证者签名方案

标题： A Compact Post-quantum Strong Designated Verifier Signature Scheme from Isogenies

Farzin Renan

主题：密码学与安全 (cs.CR) ; 数论 (math.NT)

数字签名是提供数字通信中认证和完整性的关键密码工具。然而，隐私敏感的应用程序，如电子投票和数字现金，需要更严格的验证模型以确保机密性和控制。强指定验证者签名（SDVS）方案通过使签名者指定一个特定的验证者来解决这一需求，确保只有该方可以验证签名。现有的SDVS构造主要基于数论假设，因此容易受到量子攻击。尽管已经提出了后量子替代方案，特别是基于格的方案，但它们通常涉及较大的密钥和签名大小。在本工作中，我们引入了$\mathsf{CSI\text{-}SDVS}$，一种新颖的基于同源的SDVS方案，提供了紧凑且抗量子的替代方案。我们的构造建立在CSIDH的理想类群作用框架和CSI-FiSh的签名技术之上，并依赖于多目标群作用逆问题（MT-GAIP）的难度。 $\mathsf{CSI\text{-}SDVS}$实现了强大的安全保证；即，在随机预言模型下的选择消息攻击下强不可伪造性（SUF-CMA）、不可转移性（NT）和签名者身份的隐私性（PSI）。值得注意的是，$\mathsf{CSI\text{-}SDVS}$中的密钥和签名的大小均为$\mathcal{O}(\lambda)$，相比现有后量子SDVS方案中的典型$\mathcal{O}(\lambda^2)$界限有了显著改进，从而使其成为最紧凑的基于PQC的SDVS方案之一，并且是唯一基于同源的后量子安全构造。

Digital signatures are essential cryptographic tools that provide authentication and integrity in digital communications. However, privacy-sensitive applications, such as e-voting and digital cash, require more restrictive verification models to ensure confidentiality and control. Strong Designated Verifier Signature (SDVS) schemes address this need by enabling the signer to designate a specific verifier, ensuring that only this party can validate the signature. Existing SDVS constructions are primarily based on number-theoretic assumptions and are therefore vulnerable to quantum attacks. Although post-quantum alternatives, particularly those based on lattices, have been proposed, they often entail large key and signature sizes. In this work, we introduce $\mathsf{CSI\text{-}SDVS}$, a novel isogeny-based SDVS scheme that offers a compact, quantum-resistant alternative. Our construction builds on the ideal class group action framework of CSIDH and the signature techniques of CSI-FiSh, and relies on the hardness of the Multi-Target Group Action Inverse Problem (MT-GAIP). $\mathsf{CSI\text{-}SDVS}$ achieves strong security guarantees; namely, Strong Unforgeability under Chosen-Message Attacks (SUF-CMA), Non-Transferability (NT), and Privacy of Signer's Identity (PSI), in the random oracle model. Remarkably, both the keys and signatures in $\mathsf{CSI\text{-}SDVS}$ are of size $\mathcal{O}(\lambda)$, representing a significant improvement over the typical $\mathcal{O}(\lambda^2)$ bounds in existing post-quantum SDVS schemes, thereby making it among the most compact PQC-based SDVS schemes and the only post-quantum secure construction based on isogenies.
[35] arXiv:2403.07842 (替换) [中文pdf, pdf, html, 其他]: 标题： DP-TLDM：差分隐私表格潜在扩散模型

标题： DP-TLDM: Differentially Private Tabular Latent Diffusion Model

Chaoyi Zhu, Jiayi Tang, Juan F. Pérez, Marten van Dijk, Lydia Y. Chen

主题：机器学习 (cs.LG) ; 密码学与安全 (cs.CR)

生成模型的合成数据作为一种保护隐私的数据共享解决方案浮现出来。这样的合成数据集应在不泄露可识别的私人信息的情况下，与原始数据相似。到目前为止，先前的研究主要集中在有限类型的表格合成器和少量的隐私攻击上，特别是对生成对抗网络的攻击，并忽略了成员推断攻击和防御策略，即差分隐私。受保持合成数据表的高数据质量和低隐私风险这一困境的驱动，我们提出了DPTLDM，即差分隐私表格潜在扩散模型，该模型由一个自动编码器网络来编码表格数据，以及一个潜在扩散模型来合成潜在表格。在新兴的f-DP框架下，我们应用DP-SGD来训练自动编码器，结合批次裁剪，并使用分离值作为隐私度量，以更好地捕捉差分隐私算法带来的隐私收益。我们的实证评估表明，DPTLDM能够在实现有意义的理论隐私保证的同时，显著提高合成数据的效用。具体而言，与其他受差分隐私保护的表格生成模型相比，DPTLDM在数据相似性方面平均提高了35%，在下游任务的效用方面提高了15%，在数据可区分性方面提高了50%，同时保持了相当水平的隐私风险。

Synthetic data from generative models emerges as the privacy-preserving data sharing solution. Such a synthetic data set shall resemble the original data without revealing identifiable private information. Till date, the prior focus on limited types of tabular synthesizers and a small number of privacy attacks, particularly on Generative Adversarial Networks, and overlooks membership inference attacks and defense strategies, i.e., differential privacy. Motivated by the conundrum of keeping high data quality and low privacy risk of synthetic data tables, we propose DPTLDM, Differentially Private Tabular Latent Diffusion Model, which is composed of an autoencoder network to encode the tabular data and a latent diffusion model to synthesize the latent tables. Following the emerging f-DP framework, we apply DP-SGD to train the auto-encoder in combination with batch clipping and use the separation value as the privacy metric to better capture the privacy gain from DP algorithms. Our empirical evaluation demonstrates that DPTLDM is capable of achieving a meaningful theoretical privacy guarantee while also significantly enhancing the utility of synthetic data. Specifically, compared to other DP-protected tabular generative models, DPTLDM improves the synthetic quality by an average of 35% in data resemblance, 15% in the utility for downstream tasks, and 50% in data discriminability, all while preserving a comparable level of privacy risk.
[36] arXiv:2410.08073 (替换) [中文pdf, pdf, html, 其他]: 标题：从哈密顿相位态中高效量子伪随机性

标题： Efficient Quantum Pseudorandomness from Hamiltonian Phase States

John Bostanci, Jonas Haferkamp, Dominik Hangleiter, Alexander Poremba

评论： 53页和1张图。《TQC 2025会议论文集》。小幅度修改。注意：论文的早期版本包含对伪随机酉矩阵迭代构造的分析。由于存在一个错误，该部分已被删除。

主题：量子物理 (quant-ph) ; 密码学与安全 (cs.CR)

量子伪随机性在量子信息的许多领域都有应用，从纠缠理论到混沌量子系统中杂化现象的模型，以及最近在量子密码学基础中。Kretschmer（TQC '21）表明，即使在没有经典单向函数的世界中，伪随机态和伪随机幺正变换也存在。然而，直到现在，所有已知的构造都需要经典密码学构建块，这些构建块本身与单向函数的存在同义，并且在现实的量子硬件上也难以实现。在这项工作中，我们旨在同时在两个方面取得进展——通过完全将量子伪随机性与经典密码学分离。我们引入了一个称为哈密顿相位状态（HPS）问题的量子困难假设，这是解码随机瞬时量子多项式时间（IQP）电路输出状态的任务。哈密顿相位状态可以仅使用哈达玛门、单量子比特Z旋转和CNOT电路非常高效地生成。我们证明了我们问题的难度可以归约为该问题的一个最坏情况版本，并提供了证据表明我们的假设可能是完全量子的；也就是说，它不能用来构造单向函数。我们还通过证明我们的集合具有近似的$t$设计属性，在只有少量HPS副本的情况下展示了信息论上的困难。最后，我们展示了我们的HPS假设及其变体允许我们高效地构造许多伪随机量子原语，从伪随机态到量子伪纠缠，再到伪随机幺正变换，甚至包括带有量子密钥的公钥加密原语。

Quantum pseudorandomness has found applications in many areas of quantum information, ranging from entanglement theory, to models of scrambling phenomena in chaotic quantum systems, and, more recently, in the foundations of quantum cryptography. Kretschmer (TQC '21) showed that both pseudorandom states and pseudorandom unitaries exist even in a world without classical one-way functions. To this day, however, all known constructions require classical cryptographic building blocks which are themselves synonymous with the existence of one-way functions, and which are also challenging to realize on realistic quantum hardware. In this work, we seek to make progress on both of these fronts simultaneously -- by decoupling quantum pseudorandomness from classical cryptography altogether. We introduce a quantum hardness assumption called the Hamiltonian Phase State (HPS) problem, which is the task of decoding output states of a random instantaneous quantum polynomial-time (IQP) circuit. Hamiltonian phase states can be generated very efficiently using only Hadamard gates, single-qubit Z-rotations and CNOT circuits. We show that the hardness of our problem reduces to a worst-case version of the problem, and we provide evidence that our assumption is plausibly fully quantum; meaning, it cannot be used to construct one-way functions. We also show information-theoretic hardness when only few copies of HPS are available by proving an approximate $t$-design property of our ensemble. Finally, we show that our HPS assumption and its variants allow us to efficiently construct many pseudorandom quantum primitives, ranging from pseudorandom states, to quantum pseudoentanglement, to pseudorandom unitaries, and even primitives such as public-key encryption with quantum keys.
[37] arXiv:2411.07231 (替换) [中文pdf, pdf, html, 其他]: 标题：用局部信息水印任何内容

标题： Watermark Anything with Localized Messages

Tom Sander, Pierre Fernandez, Alain Durmus, Teddy Furon, Matthijs Douze

评论： ICLR 2025

主题：计算机视觉与模式识别 (cs.CV) ; 密码学与安全 (cs.CR)

图像水印方法并不专门用于处理小面积的水印区域。这限制了在现实场景中的应用，其中图像的部分可能来自不同的来源或已被编辑。我们引入了一个用于局部图像水印的深度学习模型，称为Watermark Anything Model（WAM）。 WAM的嵌入器不可察觉地修改输入图像，而提取器将接收到的图像分割为带有水印和不带水印的区域，并从被识别为带有水印的区域中恢复一个或多个隐藏的信息。这些模型在低分辨率下进行联合训练，且没有感知约束，然后进行后训练以实现不可察觉性和多个水印。实验表明，WAM在不可察觉性和鲁棒性方面与最先进的方法相当，尤其是在对抗修复和拼接时，即使在高分辨率图像上也是如此。此外，它提供了新的功能：WAM可以在拼接图像中定位带有水印的区域，并从多个小区域（不超过图像表面的10%）中提取具有少于1位错误的不同的32位消息，甚至适用于小型的256x256图像。训练和推理代码及模型权重可在https://github.com/facebookresearch/watermark-anything获取。

Image watermarking methods are not tailored to handle small watermarked areas. This restricts applications in real-world scenarios where parts of the image may come from different sources or have been edited. We introduce a deep-learning model for localized image watermarking, dubbed the Watermark Anything Model (WAM). The WAM embedder imperceptibly modifies the input image, while the extractor segments the received image into watermarked and non-watermarked areas and recovers one or several hidden messages from the areas found to be watermarked. The models are jointly trained at low resolution and without perceptual constraints, then post-trained for imperceptibility and multiple watermarks. Experiments show that WAM is competitive with state-of-the art methods in terms of imperceptibility and robustness, especially against inpainting and splicing, even on high-resolution images. Moreover, it offers new capabilities: WAM can locate watermarked areas in spliced images and extract distinct 32-bit messages with less than 1 bit error from multiple small regions -- no larger than 10% of the image surface -- even for small 256x256 images. Training and inference code and model weights are available at https://github.com/facebookresearch/watermark-anything.
[38] arXiv:2506.22890 (替换) [中文pdf, pdf, html, 其他]: 标题： CP-uniGuard：一种统一的、与概率无关的且自适应的恶意智能体检测与防御框架，用于多智能体具身感知系统

标题： CP-uniGuard: A Unified, Probability-Agnostic, and Adaptive Framework for Malicious Agent Detection and Defense in Multi-Agent Embodied Perception Systems

Senkang Hu, Yihang Tao, Guowen Xu, Xinyuan Qian, Yiqin Deng, Xianhao Chen, Sam Tak Wu Kwong, Yuguang Fang

主题：计算机视觉与模式识别 (cs.CV) ; 密码学与安全 (cs.CR)

协作感知（CP）已被证明是多智能体自主驾驶和多智能体机器人系统中一种有前景的技术，其中多个智能体共享其感知信息以增强整体感知性能并扩展感知范围。然而，在CP中，一个自我智能体需要接收其合作智能体的消息，这使其容易受到恶意智能体的攻击。为了解决这一关键问题，我们提出了一种统一的、与概率无关的且自适应的框架，即CP-uniGuard，这是一种针对CP部署的定制防御机制，用于准确检测和消除其协作网络中的恶意智能体。我们的核心思想是使CP在自我智能体的感知结果上达成共识，而不是冲突。基于这一想法，我们首先开发了一种与概率无关的样本共识（PASAC）方法，以有效采样合作智能体的一个子集并验证共识，而无需事先知道恶意智能体的概率。此外，我们为物体检测任务和鸟瞰图（BEV）分割任务定义了协作一致性损失（CCLoss），以捕捉自我智能体与其合作智能体之间的差异，该差异被用作共识的验证标准。此外，我们提出了通过双滑动窗口的在线自适应阈值，以动态调整共识验证的阈值，并确保系统在动态环境中的可靠性。最后，我们进行了广泛的实验，并展示了我们框架的有效性。代码将在 https://github.com/CP-Security/CP-uniGuard 发布。

Collaborative Perception (CP) has been shown to be a promising technique for multi-agent autonomous driving and multi-agent robotic systems, where multiple agents share their perception information to enhance the overall perception performance and expand the perception range. However, in CP, an ego agent needs to receive messages from its collaborators, which makes it vulnerable to attacks from malicious agents. To address this critical issue, we propose a unified, probability-agnostic, and adaptive framework, namely, CP-uniGuard, which is a tailored defense mechanism for CP deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network. Our key idea is to enable CP to reach a consensus rather than a conflict against an ego agent's perception results. Based on this idea, we first develop a probability-agnostic sample consensus (PASAC) method to effectively sample a subset of the collaborators and verify the consensus without prior probabilities of malicious agents. Furthermore, we define collaborative consistency loss (CCLoss) for object detection task and bird's eye view (BEV) segmentation task to capture the discrepancy between an ego agent and its collaborators, which is used as a verification criterion for consensus. In addition, we propose online adaptive threshold via dual sliding windows to dynamically adjust the threshold for consensus verification and ensure the reliability of the systems in dynamic environments. Finally, we conduct extensive experiments and demonstrate the effectiveness of our framework. Code will be released at https://github.com/CP-Security/CP-uniGuard.
[39] arXiv:2507.04357 (替换) [中文pdf, pdf, html, 其他]: 标题：以太坊智能合约中检测交易冲突的静态分析

标题： Static Analysis for Detecting Transaction Conflicts in Ethereum Smart Contracts

Atefeh Zareh Chahoki, Marco Roveri

主题：分布式、并行与集群计算 (cs.DC) ; 密码学与安全 (cs.CR)

以太坊智能合约在并发环境中运行，其中可以同时提交多个交易。然而，以太坊虚拟机（EVM）强制每个区块内的交易顺序执行，以防止由于对同一状态变量的并发访问而产生的冲突。尽管这种方法保证了正确的行为，但它限制了验证者利用多核架构进行更快交易处理的能力，从而限制了吞吐量。现有解决方案通过允许同时执行交易，并结合运行时冲突检测和回滚机制来保持正确性，从而引入了并发性。然而，这些方法由于持续的冲突跟踪和交易回退而产生显著的开销。最近，出现了另一种方法，旨在通过分析智能合约代码中的潜在交易交互，在执行前静态预测冲突。尽管它们有潜力，但缺乏全面的研究来考察静态冲突检测及其在特定智能合约中的更广泛影响。本文通过提出一种新的静态分析方法来检测以太坊智能合约中的潜在交易冲突，填补了这一重要空白。我们的方法通过分析Solidity合约中的状态变量访问模式，识别交易对之间的读写、写写和函数调用冲突。我们实现了一个工具，解析合约代码并执行冲突检测。在真实世界以太坊智能合约数据集上的评估表明，我们的方法在识别潜在冲突方面具有高精度。通过实现主动冲突检测，我们的工具支持进一步设计减少运行时故障的交易调度策略，提高验证者吞吐量，并有助于区块链可扩展性。

Ethereum smart contracts operate in a concurrent environment where multiple transactions can be submitted simultaneously. However, the Ethereum Virtual Machine (EVM) enforces sequential execution of transactions within each block to prevent conflicts arising from concurrent access to the same state variables. Although this approach guarantees correct behavior, it limits the ability of validators to leverage multi-core architectures for faster transaction processing, thus restricting throughput. Existing solutions introduce concurrency by allowing simultaneous transaction execution combined with runtime conflict detection and rollback mechanisms to maintain correctness. However, these methods incur significant overhead due to continuous conflict tracking and transaction reversion. Recently, alternative approaches have emerged that aim to predict conflicts statically, before execution, by analyzing smart contract code for potential transaction interactions. Despite their promise, there is a lack of comprehensive studies that examine static conflict detection and its broader implications in specific smart contracts. This paper fills this important gap by proposing a novel static analysis method to detect potential transaction conflicts in Ethereum smart contracts. Our method identifies read-write, write-write, and function call conflicts between transaction pairs by analyzing state variable access patterns in Solidity contracts. We implement a tool that parses contract code and performs conflict detection. Evaluation on a dataset of real-world Ethereum smart contracts demonstrates that our approach achieves high precision in identifying potential conflicts. By enabling proactive conflict detection, our tool supports further design of transaction scheduling strategies that reduce runtime failures, enhance validator throughput, and contribute to blockchain scalability.

总共 39 条目

显示最多 1000 每页条目：较少 | 更多 | 所有

密码学与安全

显示 2025年07月23日，星期三新的列表

新提交 (展示 18 之 18 条目 )

交叉提交 (展示 5 之 5 条目 )

替换提交 (展示 16 之 16 条目 )

密码学与安全

显示 2025年07月23日， 星期三 新的列表

新提交 (展示 18 之 18 条目 )

交叉提交 (展示 5 之 5 条目 )

替换提交 (展示 16 之 16 条目 )

显示 2025年07月23日，星期三新的列表