DEMUX is a novel framework that addresses the challenge of multi-tab website fingerprinting by treating the interleaved traffic as a demixing problem, achieving state-of-the-art performance in complex…

This paper demonstrates that encrypted traffic metadata (packet lengths and timing) can leak a user's persona, achieving high inference accuracy across multiple modern websites.

This paper introduces an active traffic analysis method (NATA) and a deep learning framework (BM-Net) to demonstrate that bandwidth perturbations can be used by an adversary to correlate and de-anonym…

The paper proposes SATA, a semantics-aware traffic augmentation framework, to significantly improve the generalization of website fingerprinting models by addressing variability in resource compositio…

This paper systematically identifies and demonstrates multiple session manipulation attacks against VPN connection tracking frameworks, revealing widespread vulnerabilities in popular VPN services.

The paper introduces 'Routing Hijacking,' a severe attack where malicious clients forge semantic profiles in Federated RAG systems to misroute target queries, and proposes a trust-aware post-routing f…

The paper proposes PrISM, an intersection-based probabilistic mitigation technique that significantly improves the scalability of RowHammer defense at low thresholds by correlating sampled row history…

EdgeDetect is a communication-efficient and privacy-preserving federated intrusion detection system that uses gradient binarization and homomorphic encryption to significantly reduce bandwidth usage w…

The paper introduces the Street-legal Physical Adversarial Rim (SPAR), a physically realizable and street-legal white-box attack that significantly degrades the accuracy of modern Automatic License Pl…

This paper introduces a dual-layer side-channel attack framework that exploits the variable workload introduced by dynamic image preprocessing in local Vision-Language Models (VLMs) to infer sensitive…

The paper introduces a comprehensive taxonomy and auditing framework to assess the collective coverage of existing LLM attack benchmarks, revealing significant and systematic gaps in current testing m…

AttnDiff introduces a data-efficient white-box framework that extracts intrinsic attention-based fingerprints to verify the provenance and detect unauthorized derivation of large language models (LLMs…

TrafficMoE proposes a Disentangle-Filter-Aggregate (DFA) framework using sparse Mixture-of-Experts to improve encrypted traffic classification by separating header and payload features and adaptively…

This paper proposes SABLE, a method for generating semantically meaningful and in-distribution backdoor triggers for federated learning, demonstrating that such attacks remain a potent and practical t…

The paper introduces KBF, a low-cost black-box auditing protocol that fingerprints LLM APIs by analyzing stable numerical recall near the knowledge boundary, successfully detecting numerous model subs…

The paper introduces KBF, a novel black-box auditing protocol that fingerprints LLM APIs by analyzing stable numerical recall near the knowledge boundary, effectively detecting model substitutions and…

The paper introduces FP-Agent, a classifier that demonstrates that while browser fingerprints are poor discriminators for AI browsing agents, behavioral fingerprints (like typing and scrolling pattern…

This paper proposes a two-stage machine learning system that accurately detects I2P traffic and subsequently classifies it as data exfiltration or legitimate activity, achieving high accuracy in both…

The paper systematically evaluates various defense mechanisms against persistent memory attacks on LLM agents, finding that only tool-gating at the memory layer (Memory Sandbox) effectively mitigates…

The paper introduces R$^2$A, an adversarial attack that uses suffix optimization to mislead black-box LLM routers into consistently selecting expensive, high-capability models.