AEGIS introduces a novel physics-based system that analyzes encrypted network traffic flow dynamics, achieving state-of-the-art zero-day evasion detection with high accuracy and low latency.

The paper introduces a new benchmark (BGTD) and a multimodal framework (mmTraffic) that enables explainable, evidence-grounded interpretation of encrypted network traffic using LLMs.

The paper introduces a multi-surface evidence framework to provide comprehensive observability for post-quantum TLS migration, enabling robust measurement of session behavior and endpoint capabilities…

TrafficMoE proposes a Disentangle-Filter-Aggregate (DFA) framework using sparse Mixture-of-Experts to improve encrypted traffic classification by separating header and payload features and adaptively…

The paper proposes an end-to-end forensic pipeline using steganographic attribution and multimodal harm detection to reliably trace and attribute harmful misuse of AI-generated imagery on social platf…

This paper compares PCA and LPC for dimensionality reduction in cyberattack classification, demonstrating that both techniques can achieve substantial feature compression with minimal loss of classifi…

The paper proposes FreeUp, a frequency-decoupled framework that improves encrypted network anomaly detection by separately modeling and fusing low- and high-frequency components of traffic data.

The paper demonstrates that combining outputs from multiple large language models (LLMs) effectively cancels out statistical watermarks, revealing a fundamental vulnerability in current AI text detect…

The paper introduces MAGMA, a novel stochastic RAG framework that enhances malware detection by quantifying epistemic uncertainty, achieving a high detection rate of 98.4% against evasion attacks.

This paper provides a comparative analysis and benchmarking of Secure Multi-Party Computation (SMPC) and Fully Homomorphic Encryption (FHE) for machine learning, finding that the optimal choice depend…

MambaNetBurst introduces a compact, tokenizer-free byte-level classifier using a Mamba-2 backbone to achieve strong network traffic classification without requiring pre-training or complex data prepro…

The paper demonstrates that static malware classifiers often rely on superficial artifacts like packing and metadata rather than true malicious semantics, using the TRUSTEE interpretability tool to di…

The paper introduces ASTRAL, a multimodal LLM-driven framework that reconstructs and analyzes fragmented cyber-physical system architectures to enable comprehensive and quantitative security risk asse…

DEMUX is a novel framework that addresses the challenge of multi-tab website fingerprinting by treating the interleaved traffic as a demixing problem, achieving state-of-the-art performance in complex…

MimeLens is a novel, position-agnostic BERT-style encoder that accurately detects file types from arbitrary binary fragments, outperforming existing methods like Magika, especially on non-standard inp…

The paper introduces a novel framework using steganographic canary files to detect and block unauthorized processing of sensitive documents by LLMs, even when the data passes through traditional secur…

MemMark introduces a state-evolution attribution watermark that embeds owner-controlled signals into latent memory-write decisions, enabling robust provenance tracking for agent memory even when all t…

The paper proposes a unified closed-loop threat taxonomy to systematically analyze and defend foundation models by explicitly framing the bidirectional security interactions between data and models.

The paper introduces a novel record-and-replay detection mechanism to accurately detect the true avalanche effect in ransomware, achieving high accuracy against real-world samples.

This paper proposes a novel data-driven image encryption framework that learns the chaotic map dynamics directly from the image data, enhancing security beyond traditional fixed-map schemes.