The paper introduces a Verifiable Gradient Inversion Attack (VGIA) that provides an explicit, certifiable method for reconstructing individual training records from shared gradients, particularly effe…

FedSurrogate introduces a novel backdoor defense for Federated Learning that uses layer-criticality analysis and surrogate replacement to significantly reduce false positives while maintaining high mo…

FedSpy-LLM introduces a scalable and generalizable data reconstruction attack that can extract private training data from shared gradients of large language models, even when using Parameter-Efficient…

This paper presents a novel data-free Membership Inference Attack (MIA) that uses gradient inversion on Standard Cell Library Layouts (SCLLs) to reconstruct sensitive hardware images from intercepted…

The paper introduces Asymmetric Langevin Unlearning (ALU), a novel framework that uses public data to significantly reduce the utility loss typically associated with certified machine unlearning, enab…

This paper analyzes label inference attacks in Vertical Federated Learning (VFL), demonstrating that existing attacks rely on feature-label distribution alignment, and proposes a zero-overhead defense…

The paper proposes Federated Adversarial Unlearning (FAUN), a lightweight framework that uses adversarial optimization on a proxy dataset to rapidly and effectively remove the negative impact of poiso…

The paper proposes DIST-FL, a distributed system using multiple TEEs and an append-only ledger to enhance the security and robustness of federated learning aggregation against server-side adversaries.

The paper proposes Byz-Clip21-SGD2M, a novel algorithm that achieves high-probability convergence guarantees for Federated Learning by integrating robust aggregation, double momentum, and clipping, re…

The paper proposes VerFU, a client-verifiable federated unlearning framework for low-altitude wireless networks that allows devices to ensure the server accurately removes their historical data contri…

The paper introduces ActInv and PAF to systematically analyze and quantify privacy leakage from intermediate activations during split inference of LLMs, proposing PriPert for enhanced defense.

This paper analyzes and proposes four novel attack methods—based on model parameters and model inversion—to demonstrate that existing machine unlearning techniques can inadvertently leak the categorie…

The paper proposes Jellyfish, a zero-shot federated unlearning scheme that effectively removes the influence of forgotten data from federated learning models while maintaining model utility and privac…

This paper empirically evaluates the effectiveness of Differential Privacy (DP) against Membership Inference Attacks (MIAs) in Federated Learning, demonstrating that a stacking attack strategy can det…

The paper introduces DECIFR, a novel two-stage Membership Inference Attack (MIA) that exploits standard cell library layouts to reconstruct sensitive IC training data from intercepted federated model…

The paper proposes a secure and verifiable aggregation scheme for Federated Learning using a non-colluding dual-server architecture and linear tags, which significantly enhances user privacy and reduc…

This paper investigates the use of Federated Learning (FL) for hardware assurance, demonstrating that while FL improves model performance over centralized learning, it remains vulnerable to gradient i…

The paper introduces ReproMIA, a novel and efficient framework that uses model reprogramming to proactively amplify and detect latent privacy leakage for Membership Inference Attacks (MIAs), significa…

The paper demonstrates that integrating Sparse Autoencoders (SAEs) into transformer residual streams significantly enhances the robustness of Large Language Models against various jailbreak attacks by…

This paper demonstrates that neural operators used in digital twins for nuclear systems are highly vulnerable to undetectable, sparse adversarial perturbations, necessitating new robustness guarantees…