ICISSP 2026 Abstracts

Area 1 - Management and Operations

Full Papers

Paper Nr:	18
Title:	It Runs and It Hides: A Function-Hiding Construction for Private-Key Multi-Input Functional Encryption
Authors:	Antonis Michalas and Alexandros Bakas
Abstract:	Functional Encryption (FE) is a modern cryptographic technique that allows users to learn only a specific function of the encrypted data and nothing else about its actual content. While the first notions of security in FE revolved around the privacy of the encrypted data, more recent approaches also consider the privacy of the computed function. While in the public key setting, only a limited level of function-privacy can be achieved, in the private-key setting privacy potential is significantly larger. However, this potential is still limited by the lack of rich function families. For this work, we started by identifying the limitations of the current state-of-the-art approaches which, in its turn, allowed us to consider a new threat model for FE schemes. To the best of our knowledge, we here present the first attempt to quantify the leakage during the execution of an FE scheme. By leveraging the functionality offered by Trusted Execution Environments, we propose a construction that given any message-private functional encryption scheme yields a function-private one. Finally, we argue in favour of our construction’s applicability on constrained devices by showing that it has low storage and computation costs.
Download

Paper Nr:	19
Title:	A Resource-Aware Cyber Emergency Response Framework for SMEs
Authors:	Amar Almaini, Jakob Folz, Stefan Anthuber, Martin Schramm and Icyer Abdurrahman
Abstract:	Small and Medium Enterprises (SMEs) face escalating cyber threats but lack the staff, budget, and tooling assumed by enterprise incident response frameworks. We present a resource-aware emergency response framework tailored to SMEs. It compresses conventional 6–8 stage lifecycles into four phases (Preparation, Readiness, Response, Post-Incident) and introduces three deployment tiers aligned to organizational size. The framework operationalizes external-provider engagement at every stage and replaces abstract prescriptions with concrete, step-wise procedures (e.g., a severity×impact classification usable by non-technical staff; sequential Containment → Eradication → Recovery when parallel teams are infeasible). We derived the framework from a comparative analysis of NIST SP 800-61, ISO/IEC 27035, and ENISA guidance, then iteratively refined it through consultations with more than ten European SMEs across manufacturing, services, healthcare, and retail. Participants reported improved perceived feasibility, clarity, and implementation intent within a 6–12 month horizon. We outline practical metrics (MTTD/MTTR, recurrence) and a tiered exercise regime. The approach aims to democratize incident response capability for resource-constrained organizations while remaining compatible with established standards.
Download

Paper Nr:	28
Title:	Competency Requirements for Cybersecurity Professionals in Canadian Job Market: Organizational Convergences and Divergences
Authors:	Sylvestre Uwizeyemungu, Thang Le Dinh and Tran Duc Le
Abstract:	In today’s increasingly digitized economies, organizations face cyber threats that can have their operations, reputation, and financial stability severely impacted. To adequately protect themselves against these cyber risks, organizations need competent cybersecurity professionals. As a result, the demand for cybersecurity professionals is growing rapidly, and organizations in all sectors are trying to recruit employees who can meet their cybersecurity needs. With reference to the signaling theory of the job market, we have collected and analyzed 239 cybersecurity job offers in Canada, to understand the nature of the positions organizations are looking to fill, as well as the competencies required. We also explore, with reference to person-environment fit theory, how these requirements converge or diverge according to different organizational characteristics: public versus private sector, manufacturing versus services, organizational size, sectors of activity (including the associated level of digital intensity).
Download

Paper Nr:	48
Title:	Cybersecurity Maturity Assessment of the Northern Portugal: A NIST CSF–Aligned Baseline of SMEs and Public Bodies
Authors:	Rogério Silva, António Pinto, Ivone Amorim and Isabel Praça
Abstract:	Cybercrime is growing in scale and sophistication, putting pressure on SMEs and public entities with limited resources. This work reports a pre-intervention regional baseline of cybersecurity maturity for organizations in Northern Portugal. Using a simplified, NIST CSF–aligned instrument, we surveyed 108 organizations during workshops and analysed both personnel awareness and organizational practices by size and sector. Overall maturity is low–to–mid (mean 1.45 on a 1–3 scale): Protect is strongest (1.76) and Respond weakest (1.24). Larger organizations score higher; technological services perform better, whereas commerce, general services and tourism lag. On the personnel side, 50% report no awareness sessions despite 88% recognising training as a current need, revealing a gap between intention and practice. The findings provide a regional baseline to guide targeted interventions and follow-up measurement. As a convenience sample with small counts in some sectors, results should be interpreted as directional rather than representative.
Download

Paper Nr:	70
Title:	Effective Analysis of Encrypted Traffic for Mining Detection
Authors:	Masahiro Ishii, Satoshi Shibuya and Keisuke Tanaka
Abstract:	Cryptojacking attacks exploit victims’ computational resources for unauthorized cryptocurrency mining. These attacks often use encrypted communication channels. In this study, we propose a deep-learning approach that classifies encrypted mining traffic using raw PCAP captures. Our dataset includes both benign traffic (web browsing, video streaming, chat) and malicious traffic (pool and solo mining). The data were collected under TLS and VPN encryption. In particular, the VPN layer adds an additional tunnel encryption on top of the standard transport-layer encryption. We evaluate four models: 1D-CNN, 2D-CNN, stacked autoencoder (SAE), and stacked denoising autoencoder (DSAE) on raw traffic data. Our results show that the CNN-based models achieve high accuracy even when traffic is encrypted through dual layers in a VPN. The 1D-CNN reached an F1-score of 0.9092 for VPN-encrypted traffic using only 1,600-byte samples. We also show that detection with F1 > 0.95 is possible using just 6,400-byte samples collected within tens of seconds. In multi-class and multi-label tests to classify mixed application traffic under VPN encryption, our method achieved a binary accuracy of 0.8926. These results indicate that small-volume and short-duration encrypted traffic samples still carry sufficient patterns for reliable and timely cryptojacking detection.
Download

Paper Nr:	71
Title:	Can Synthetic Spam Beat Real-World Detectors? Evaluating LLMs' Dual Role in Spam Generation and Detection
Authors:	Tianyu Wang, Nianjun Zhou and Zhixiong Chen
Abstract:	Large Language Models (LLMs) fundamentally reshape spam detection by enabling both synthetic training data generation and AI-powered spam attacks. We systematically evaluate this dual impact through comprehensive experimental tracks covering synthetic-to-real training scenarios, zero-shot detection of AI-generated attacks, and cross-model augmentation strategies. Our rigorous evaluation across multiple LLMs, prompt variations, and classifier architectures reveals three critical findings. First, synthetic spam can partially substitute for real training data with dramatic model-dependent quality gaps: high-quality generation maintains 86% of baseline performance while low-quality generation retains only 54%. Second, zero-shot detection of AI-generated spam achieves moderate baseline performance, with substantial variation across generation sources. Third, cross-model synthetic augmentation significantly improves detection effectiveness, with diversity-driven training providing larger gains than quality-optimized approaches. Ensemble classifiers con-sistently demonstrate superior robustness to distributional shifts compared to linear models. These findings reveal asymmetric advantages favoring attackers through accessible generation capabilities, though defenders can leverage robust architectures and cross-model augmentation to maintain detection effectiveness. Our work provides empirical foundations for understanding Generative AI’s role in cybersecurity offense-defense dynamics.
Download

Paper Nr:	124
Title:	Green by Design: Embedding Sustainability into Cybersecurity Architectures
Authors:	Ângelo Borges and João Rafael Almeida
Abstract:	The increasing complexity of digital infrastructures has raised both cybersecurity demands and environmental challenges. Security measures such as encryption, intrusion detection, and continuous monitoring require significant computational resources, resulting in higher energy consumption and a larger carbon footprint. This paper introduces a Green-by-Design approach to cybersecurity that integrates sustainability principles directly into security architecture and operations. Drawing on insights from life cycle assessment (LCA), green software engineering, and security-by-design methodologies, we propose a framework for creating energy-efficient, resilient protection mechanisms. The study explores how lightweight cryptography, optimised security testing, and adaptive monitoring can reduce the ecological impact of digital systems without compromising confidentiality, integrity, or availability. Additionally, it outlines sustainability-focused security and privacy metrics that support data-driven decision-making in secure system development. Including environmental considerations in cybersecurity architectures enables organisations to balance protection, performance, and environmental responsibility-moving towards a future where digital resilience and sustainability coexist.
Download

Paper Nr:	136
Title:	Incremental Federated Learning for Intrusion Detection in IoT Networks under Evolving Threat Landscape
Authors:	Muaan Ur Rehman, Hayretdin Bahsi and Rajesh Kalakoti
Abstract:	The expansion of Internet of Things (IoT) devices has increased the attack surface of networks, necessitating a robust and adaptive intrusion detection systems. Machine learning based systems have been considered promising in enhancing the detection performance. Federated learning settings enabled us to train models from network intrusion data collected from clients in a privacy preserving manner. However, the effectiveness of these systems can degrade over time due to concept drift, where patterns in data evolve as attackers develop new techniques. Realistic detection models should be non-stationary, so they can be continuously updated with new intrusion data while maintaining their detection capability for older data. As IoT environments are resource constrained, updates should consume minimal computational resources. This study provides a comprehensive performance analysis of incremental federated learning in enhancing the long term performance of non stationary IDS models in IoT networks. Specifically, we propose LSTM models within a federated learning setting to evaluate incremental learning approaches that utilize data and model-based measures against catastrophic learning under drift conditions. Using the CICIoMT2024 dataset, which includes various attack variants across five major categories, we conduct both binary and multiclass classification to provide a granular analysis of the intrusion detection task. Our results show that cumulative incremental learning and representative learning provide the most stable performance under drift, while retention-based methods offer a strong accuracy and latency trade off. The study offers new insights into the interplay between training strategy performance and latency in dynamic IoT environments, aiming to inform the development of more resilient IDS solutions considering the resource constraints in IoT devices.
Download

Short Papers

Paper Nr:	13
Title:	The Assessment of Human Vulnerability in Cybersecurity on Efficacy, Awareness, Knowledge and Advocacy: A New Perspective
Authors:	V. Sithira Vadivel, Peik Foong Yeap, Geoff Skinner and Noryanti Binti Muhammad
Abstract:	As cyber threats increasingly exploit human vulnerabilities, understanding the psychological and behavioural dimensions of cybersecurity becomes critical. This paper explores the intersection of social semantic cyberattacks and deception techniques, highlighting how attackers manipulate trust, urgency, and curiosity to breach defences. Drawing on the Human Affected Cybersecurity (HACS) Framework and the NIST Cybersecurity Framework 2.0, we propose a dual-layered approach to assess and mitigate human-centric risks. A survey instrument, grounded in efficacy, awareness, knowledge, and advocacy domains, is developed to evaluate cybersecurity preparedness among youth in Singapore, Malaysia, and Australia. The study aims to identify knowledge gaps across the NIST phases-Govern, Identify, Protect, Detect, Respond, and Recover-and to propose targeted prophylactic measures. By integrating behavioural insights with structured frameworks, this research contributes to a more resilient cybersecurity posture, particularly among the younger generation in the Asia-Pacific region.
Download

Paper Nr:	30
Title:	Do Japanese FemTech Users Consent without Reading Privacy Policies? Reasons for Use and Privacy Concerns of FemTech
Authors:	Sachiko Kanamori, Hirotsune Sato and Naoya Tabata
Abstract:	FemTech, which is coined from the terms Female and Technology, is aimed at responding to issues specific to women, based on products and services involving advanced technology. In recent years, the FemTech market has expanded worldwide and attracted significant attention. In addition, work style reforms that promote women’s active participation in society, along with the increasing popularity of mobile apps, have also contributed to the growing use of FemTech products. However, related studies have identified security and privacy risks in FemTech, such as inadequate legal arrangements in FemTech and risks of monitoring by companies. As FemTech apps collect and process users’ sensitive information, consent should be obtained before using FemTech apps. This study explored the field of FemTech by conducting a user survey to identify consent-related issues associated with the use of FemTech apps. The results revealed that half of the FemTech app users did not read the privacy policy and did not fully understand its content. Conversely, their reasons for using FemTech apps were clear; however, they expressed no concerns regarding privacy. In the future, when FemTech app usage gains more prominence, problems caused by a lack of valid consent may arise.
Download

Paper Nr:	35
Title:	Silent Shield: Dynamic Instrumentation of Privacy Breaches in Oculus VR Applications
Authors:	Fadi Yilmaz, Bilge Kelesoglu, Kursat Korkmaz, Beyza Karakurt and Gurkan Agir
Abstract:	Rising Virtual Reality (VR) adoption necessitates urgent scrutiny of application privacy, yet existing analysis tools often fail to capture Unity-based data flows that are abstracted from the standard Android stack. We present Silent Shield, a lightweight, fully automated dynamic instrumentation framework targeting Uni-tyWebRequest to intercept and control sensitive traffic in Oculus VR applications. Our approach requires neither source code nor root privileges. Leveraging IL2CppDumper, dnSpy, and Frida, we dynamically hook networking methods to inspect and modify outbound traffic in real-time. Evaluation across fourteen Meta Quest applications demonstrates effective interception with minimal overhead (less than 30 ms), confirming the framework’s viability for privacy enforcement in the Unity-dominated VR ecosystem.
Download

Paper Nr:	36
Title:	Tackling over Privilege: Resolving Access Concerns in Android Mobile Applications
Authors:	Osamah Taha and Abdallah Karakra
Abstract:	Android mobile apps are very popular today. However, many apps request more permissions than they need. This is called "overprivileged permissions" and it can expose user data to risks. Existing solutions have problems: they are difficult to use, they do not monitor apps continuously, and they cannot detect permission changes when apps are updated. This paper presents App Protector, a new system to help users manage app permissions. App Protector works in three main phases: permission analysis, application-permission mapping, and periodic validation. First, it analyses and classifies permissions based on Android security standards. Second, it maps each app category to expected dangerous permissions. Third, it monitors apps regularly to detect any suspicious permission requests. When App Protector finds unnecessary permissions, it alerts the user and provides recommendations. We tested App Protector with 15 Android applications from different categories. The results show that App Protector can detect overprivileged permissions with 90% accuracy. Out of 15 apps, 3 apps were found requesting unnecessary permissions. This system helps users protect their privacy on Android devices.
Download

Paper Nr:	55
Title:	From Poison to Antidote: Advancing Cybersecurity Education with AI Attack and Defense Training
Authors:	Angelos Spyridon Kourtesis, Christian Leka, Konstantinos Lazaros, Aristidis G. Vrahatis and Christoforos Ntantogian
Abstract:	As artificial intelligence (AI) is being integrated into cybersecurity systems, new risks emerge from adversarial AI threats which target the underlying AI models, such as evasion and poisoning attacks. The direct impact of these attacks is to cause misclassifications thereby undermining their security objectives. Despite the growing importance of these threats, current cybersecurity training exercises do not incorporate adversarial AI scenarios. This paper presents a hands-on training exercise designed to bridge this gap by introducing offensive and defensive tasks involving adversarial AI. Specifically, we construct a training scenario where participants investigate targeted label flipping poisoning attacks on a decision tree classifier trained to detect intrusions in an IoT network. Moreover, the proposed defensive tasks mitigate the impact of these attacks through a simple yet effective fine-tuning of the class_weight and max_depth hyperparameters. Following the exercise, a questionnaire was given to the participants to evaluate the approach, with the results indicating high levels of understanding, engagement, and interest. Overall, such training exercises not only enhance technical skills and raise awareness of the underlying threats, but also contribute to the development of trustworthy AI systems aligned with the requirements of AI regulatory frameworks such as the EU AI Act.
Download

Paper Nr:	58
Title:	Analysing Multidisciplinary Approaches to Fight Large-Scale Digital Influence Operations
Authors:	David Arroyo, Rafael Mata Milla, Marc Almeida Ros, Nikolaos Lykousas, Ivan Homoliak, Constantinos Patsakis and Fran Casino
Abstract:	Crime as a Service (CaaS) has evolved from isolated criminal incidents to a broad spectrum of illicit activities, including social media manipulation, foreign information manipulation and interference (FIMI), and the sale of disinformation toolkits. This article analyses how threat actors exploit specialised infrastructures ranging from proxy and VPN services to AI-driven generative models to orchestrate large-scale opinion manipulation. Moreover, it discusses how these malicious operations monetise the virality of social networks, weaponise dual-use technologies, and leverage user biases to amplify polarising narratives. In parallel, it examines key strategies for detecting, attributing, and mitigating such campaigns by highlighting the roles of blockchain-based content verification, advanced cryptographic proofs, and cross-disciplinary collaboration. Finally, the article highlights that countering disinformation demands an integrated framework that combines legal, technological, and societal efforts to address a rapidly adapting and borderless threat.
Download

Paper Nr:	80
Title:	SL1C3D: Slicer Library Injection for Covert 3D Data
Authors:	Sai Gayatri Annamreddy, Paulo Costa and Matthew Jablonski
Abstract:	Additive manufacturing workflows increasingly rely on slicing software to convert 3D models into printer instructions, creating new attack surfaces for malicious actors. We present SL1C3D (Slicer Library Injection for Covert 3D Data), a novel attack that exploits trust boundaries through library injection techniques targeting slicer software during G-code generation. We exploit Windows-based PrusaSlicer via DLL injection to manipulate G-code infill patterns, embedding covert data while obfuscating the visualization to evade detection. The attack operates during G-code generation to produce compromised toolpaths that embed data in printed parts without affecting structural integrity, circumventing integrity verification mechanisms where present. Experimental validation on a Prusa MK4S demonstrates that embedded data survives the printing process with minimal overhead (0.14% filament in our proof-of-concept) and remains undetectable through conventional quality assurance procedures. This work exposes critical vulnerabilities in additive manufacturing toolchains and highlights the need for enhanced integrity verification beyond current approaches.
Download

Paper Nr:	85
Title:	CARLE: Context Aware Recognition of maLicious Emails
Authors:	Pedro Afonso, Eva Maia, Ivone Amorim and Isabel Praça
Abstract:	Phishing remains one of the most persistent threats in cybersecurity, with email serving as the primary attack vector. Over the years, phishing email detection systems have evolved from simple rule-based filters to advanced machine learning and deep learning solutions. Despite these advances, a recurring weakness across state-of-the-art solutions is their lack of context surrounding the email, which limits their generalization and makes them vulnerable to novel and sophisticated attacks. In this paper, we propose CARLE (Context Aware Recognition of maLicious Emails), a framework that integrates content analysis with contextual information from knowledge graphs (KGs), combining URL analysis and context reasoning with language models. We evaluate the system on a synthetic, context-relevant dataset and conduct an ablation study to quantify the contribution of each component. Results show that CARLE reaches a 0.97 F1-Score, surpassing the content-only LLM baseline and outperforming classical baseline models trained on public data, showing the impact of context in phishing detection.
Download

Paper Nr:	86
Title:	Malware Detection through System Call Vectorization and Neural Network Classification
Authors:	Aleš Répáš, Simona Fornůsek and Róbert Lórencz
Abstract:	This paper presents a system for automated Linux malware detection based on dynamic system call analysis. Unknown binaries are executed in an isolated honeypot, their system calls logged and vectorized, and then classified by machine learning models. The approach overcomes obfuscation affecting static methods by focusing on persistent behavioral patterns. A multilayer perceptron, trained on continuously collected real-world samples, achieved over 99% accuracy, demonstrating the framework’s potential for scalable, practical security applications.
Download

Paper Nr:	87
Title:	HEALTH-DP: A Framework for Health Data De-Anonymization Risk Assessment and Mitigation with Differential Privacy
Authors:	Hamza Aguelal, Akasha Shafiq and Paolo Palmieri
Abstract:	Privacy protection is a significant challenge in the computation of personal data, especially when data (e.g. health-related) is considered sensitive under relevant regulations. Although anonymization is widely applied, adversaries can still de-anonymize data through sophisticated attacks. Risks are particularly severe for health datasets, such as genomics or physiological data, due to their inherent uniqueness. Differential privacy (DP) has emerged as a strong privacy-preservation technique. However, current approaches to its implementation remain theoretical (and thus not directly linked to actual risks) or specific to a single context, and lack inclusive pathways for different stakeholders in the medical environment. This paper presents a comprehensive framework to address these limitations, combining a systematic study of re-identification attacks and practical risk assessment with DP implementation. The framework incorporates the parties’ roles, threat pre-assessment, known attacks and DP integration. An adaptive mitigation strategy within a structured flow and logical process ensures wide coverage of different requirements. Furthermore, we validate the framework by applying central DP (CDP) to a heart-attack prediction dataset as an initial case study for a future broader end-to-end implementation. The framework provides a roadmap for implementing DP based on evaluating re-identification risks and data governance requirements, and gives stakeholders actionable guidance for safer data use.
Download

Paper Nr:	96
Title:	Cryptographic Vulnerability Detection in Code: A Hybrid Syntactic and Semantic Analysis Framework
Authors:	Krishna Vellamchety, Maryam Abbasalizadeh, Areej Alnahdi, Pranathi Rayavaram, Vaishali Mohan Pajai and Sashank Narain
Abstract:	Cryptographic vulnerabilities remain widespread in software systems, often stemming from unverified code snippets found on platforms like Stack Overflow. We present a graph-based language-agnostic static analysis framework that detects such vulnerabilities by combining syntactic structure with semantic flow analysis. Our approach transforms source code into enriched graphs capturing both control and data dependencies, then applies rule-based traversal to detect complex, multi-line cryptographic flaws. Unlike existing tools that rely on pattern matching or localized analysis, our graph representation enables cross-function and cross-module vulnerability detection while tracing how flaws propagate through data paths. The framework identifies a broad range of issues: insecure encryption modes (e.g., ECB), weak key derivation, hardcoded secrets, deprecated algorithms, and subtle flaws in RSA implementations, digital signatures, TLS configurations, and key derivation functions. Evaluated on 28,369 real-world Python code samples from Stack Overflow, the framework found 3,919 vulnerable samples with 100% precision and recall on 1,600 manually validated samples across 11 vulnerability categories.
Download

Paper Nr:	102
Title:	Exploring Factors of Organizational Culture that Promote Adherence to Security Rules
Authors:	Yukiko Sawaya, Takamasa Isohara, Ayumu Kubota and Ayako Komatsu
Abstract:	This study examines the influence of a “just culture” on emotional commitment and adherence to security rules within organizations, focusing on businesses in Japan. An online survey was conducted with over 2,000 employees from various organizations. Using structural equation modeling, the results indicated that both organizational climate and organizational system enhance emotional commitment and adherence to security rules of employees. Notably, the organizational system has a stronger effect, being approximately 2.1 times as large as that of organizational climate on adherence to security rules. These findings suggest that it is crucial to start by establishing an organizational system and strive to balance both elements effectively.
Download

Paper Nr:	122
Title:	On Addressing Isolation in Blockchain-Based Self-Sovereign Identity
Authors:	Andreea Elena Drăgnoiu, Andrei Ciobanu and Ruxandra F. Olimid
Abstract:	Self-Sovereign Identity (SSI) gives users complete control over their digital identities through decentralized, privacy-preserving verification of claims. Blockchain, a solution to implement the Verifiable Data Registry, is often considered one of the pillars of SSI, along with Decentralized Identifiers and Verifiable Credentials. Unfortunately, blockchains are mostly siloed, affecting the interoperability and universality of SSI. We investigate the effect of blockchain isolation on blockchain-based SSI. We define possible scenarios for cross-chain SSI, identify requirements and challenges, explore different interoperability models and their trade-offs, and discuss usability, security, and privacy aspects, opening the way for future research.
Download

Paper Nr:	138
Title:	Evaluating the Effectiveness of Multi-Agent Large Language Models for Automated Vulnerable Code Repair
Authors:	Martin Kilgi and Hayretdin Bahsi
Abstract:	Software vulnerabilities can cause severe cyber security incidents, necessitating tools that modify and verify code to ensure it is secure. Although existing automated repair tools offer such functionalities, their performances are not sufficient, and they face various scalability challenges. Large language models (LLMs) have acquired advanced coding capabilities, making them promising candidates for automated repair tasks. While existing studies applying LLMs do not achieve high performance, multi-agent LLMs remain unexplored in this problem domain. In this paper, we evaluate the capabilities of multi-agent settings in repairing real-world software vulnerabilities. We assess agentic workflow with multiple LLMs where each one is assigned a subtask. We also conduct an ablation study to understand the performance of individual LLMs in their corresponding tasks. Our results show that multi-agent settings improve repair performance, at the cost of additional resources for the multi-round communication between agents.
Download

Paper Nr:	139
Title:	Machine Learning-Based Security Solutions for Smart TVs: Mitigating Vulnerabilities and Enhancing Privacy in Smart Home Networks
Authors:	Bilel Arfaoui, Hichem Mrabet and Abderrazak Jemai
Abstract:	Smart TVs play a central role in smart home environments and introduce notable security risks because of their broad functionality and continuous connectivity. These devices often become entry points for cyberattacks, exposing entire home networks to vulnerabilities that affect devices, communications and user privacy. This study presents a systematic assessment of these risks using a PRISMA-based review of six academic databases. The threats identified fall into five main categories: device-level vulnerabilities, network-level threats, privacy risks, authentication bypass and supply chain attacks. The work also explores how machine learning can address these issues in four key areas, which include device identification, anomaly detection, firmware integrity verification and voice-command authentication. Supervised models analyse traffic metadata to recognise devices, while intrusion detection systems inspect packet behaviour and timing irregularities to reveal malicious activity. Experimental results obtained from controlled evaluations and real-world deployments across 150 households show that the proposed ML-based framework achieves over 94% detection precision, with false positive rates below 3% and an average processing latency under 50 ms, demonstrating its suitability for practical smart home environments. The proposed taxonomy and analytical framework offer a clear view of the security challenges linked to smart TVs and their impact on smart home environments. Existing security architectures are grouped into three families: network security, device security and threat-mitigation approaches, each with specific advantages and limitations. The findings highlight the growing need for adaptive and machine-learning-driven defences that can respond to emerging threats while protecting user privacy.

Paper Nr:	148
Title:	A Lightweight Static Analysis Method for Identifying Hardcoded Vulnerabilities in Android Applications
Authors:	Akira Kanaoka
Abstract:	Hardcoded security-related values such as API keys, network endpoints, and cryptographic material remain a persistent source of vulnerabilities in Android applications because they can be extracted through reverse engineering and abused to weaken security guarantees. At scale, however, conventional static analysis pipelines become impractical due to the preprocessing overhead of fully decoding APKs, including large third-party libraries that are often irrelevant to application-specific hardcoded vulnerabilities. To address this bottleneck, we propose a lightweight static analysis method that combines selective decoding with syntax-tree traversal for efficiently locating hardcoded security-relevant values. Our approach modifies the baksmali engine used by apktool to skip disassembly for frequently reused library packages, thereby reducing unnecessary decoding without changing application-specific code. Experimental results show that the proposed method achieves a 5.17× speedup in decoding and a 1.68× improvement in analysis time compared with a conventional apktoolbased workflow, enabling practical large-scale vulnerability assessment of Android applications.
Download

Paper Nr:	150
Title:	A Tool for the Verification and Visualization of GDPR Compliance
Authors:	Yassine Abich, Chebrine Ghiles and Clara Bertolissi
Abstract:	Ensuring GDPR compliance in modern digital systems remains challenging. We propose a provenance-based framework where compliance rules are expressed as reusable logical patterns and enforced through a dual Prolog and Neo4j/Cypher architecture, enabling automated verification and interactive analysis. Auditors can thus check consent, purposes, and data flows, and investigate violations in context. We validate the approach on synthetic data and a real online platform case study, showing how formal compliance rules connect to concrete execution traces.
Download

Paper Nr:	154
Title:	An Analysis of Modern Web Security Vulnerabilities Inside WebAssembly Applications
Authors:	Lorenzo Corrias, Lorenzo Pisu, Davide Maiorca and Giorgio Giacinto
Abstract:	The growth in the adoption of WebAssembly (WASM) has given rise to a rapidly increasing landscape of binary applications that are natively ported to the environment of websites. The flexibility of WASM has made it the preferred way to run fast and resource-heavy applications, replacing a field that JavaScript previously monopolized. Despite its success, researchers have raised concerns over the security implementations of WASM, demonstrating that binary vulnerabilities, such as Buffer Overflows and Use After Free, remain a present danger for WASM binaries. Our work aims to demonstrate that such vulnerabilities, when occurring on a WebAssembly module, can affect the behavior of a web application in unexpected ways, enabling an attacker to exploit typical web security flaws. We provide several scenarios as examples of how each binary vulnerability might lead to a web security one, such as SQL Injections, XS-Leaks, and SSTIs. Our results show that binary vulnerabilities can invalidate common security mechanisms, demonstrating how the safety of WASM modules remains a problem that needs to be addressed. We also provide a list of best practices and defensive strategies that developers can implement to mitigate the risks associated with running unsafe WASM modules in their web applications.
Download

Paper Nr:	161
Title:	Cybersecurity Exercise Generation System Using LLMs with Real Attack Datasets
Authors:	Hirokazu Hasegawa and Hiroki Takakura
Abstract:	The shortage of cybersecurity personnel responsible for threat detection, defense, and incident response has become a global issue. In recent years, the exercise system has been greatly enhanced, and its various functions prove extremely useful for acquiring fundamental knowledge. On the other hand, IT environments and policies vary among organizations, and incident response methods and guidelines specific to each organization can only be learned through on-the-job training and other means in the actual environment. However, the experts actually handling incident response are too busy with their duties to find time for training. In this paper, we propose a cybersecurity exercise generation system using large language models with real attack datasets. By inputting combined data including real attack information and organization details into an LLM, the system prepares cyber security exercise scenarios optimized for the organization. It enables bridging the gap between the fundamental knowledge gained through general exercises and the knowledge required to perform work within an actual organization. As a preliminary experiment, data was manually input into the LLM and the output was verified. The LLM was confirmed to generate outputs as expected, thereby verifying the feasibility of the proposed system.
Download

Paper Nr:	172
Title:	A Tandem Approach to CPS Threat Modeling
Authors:	Dallas Elleman and John Hale
Abstract:	Cyber-physical systems (CPS) are inherently complex, blending the operations and vulnerabilities of physical and digital assets. In addition, time plays an outsized role in their analysis. As a consequence, developing an accurate and comprehensive threat model for them is extremely challenging. This paper presents a threat modeling approach for CPS and applies to an Additive Manufacturing system, representing a class of CPS. The approach uses a STRIDE analysis in tandem with scenario-driven analysis based on action graphs to account for the timing of legitimate CPS process behavior in attack surface dynamics.
Download

Paper Nr:	174
Title:	A Contextualized Cybersecurity Incident Remediation Ontology
Authors:	Rayan Kanawati, Nadira Lammari and Nada Mimouni
Abstract:	As cyberattacks become more sophisticated, structured remediation is essential for effectively containing threats. Despite the existence of multiple semantic resources for structuring cybersecurity knowledge, no ontology has yet been specifically dedicated to remediation. This paper presents a remediation ontology designed to support and automate defense actions during incident response. The ontology’s scope and objectives were first defined through competency questions developed with Security Operations Center (SOC) experts. Existing ontological resources were then reused and adapted to form the core of the ontology, and new concepts were added to fill gaps or cover domain-specific needs. The resulting ontology provides a reusable, semantically coherent knowledge base and has been tested within practical use cases.
Download

Paper Nr:	176
Title:	Detecting and Explaining Malware Family Evolution Using Rule-Based Drift Analysis
Authors:	Olha Jurečková and Martin Jureček
Abstract:	Malware detection and classification into families are critical tasks in cybersecurity, complicated by the continual evolution of malware to evade detection. This evolution introduces concept drift, in which the statistical properties of malware features change over time, reducing the effectiveness of static machine learning models. Understanding and explaining this drift is essential for maintaining robust and trustworthy malware detectors. In this paper, we propose an interpretable approach to concept drift detection. Our method uses a rule-based classifier to generate human-readable descriptions of both original and evolved malware samples belonging to the same malware family. By comparing the resulting rule sets using a similarity function, we can detect and quantify concept drift. Crucially, this comparison also identifies the specific features and feature values that have changed, providing clear explanations of how malware has evolved to bypass detection. Experimental results demonstrate that the proposed method not only accurately detects drift but also provides actionable insights into the behavior of evolving malware families, supporting both detection and threat analysis.
Download

Paper Nr:	182
Title:	Securing Critical Electric Vehicle Charging Infrastructure: Risk Assessment and Mitigation Using MITRE TARA
Authors:	Xuemeng Yao, Elias Seid and Fredrik Blix
Abstract:	The rapid global adoption of electric vehicles (EVs) has heightened the need for secure and resilient EV charging infrastructure. This paper presents a comprehensive threat analysis and risk assessment of EV charging systems using the MITRE Threat Assessment and Remediation Analysis (TARA) framework. Ten primary assets-spanning charge points (CP), charge point management systems (CPMS), and eMobility service providers (eMSPs)-are identified, and 41 threat scenarios are evaluated against key security properties: authentication, integrity, availability, confidentiality, non-repudiation, and authorization. Using structured methodologies such as risk cubes and weighted scoring models, each threat is quantified and visualized in a risk matrix to support prioritization. Findings highlight user credentials and CPMS authentication systems as highly vulnerable to attacks including MAC spoofing, SQL injection, and session hijacking. A countermeasure ranking model is then developed using CRRA, balancing effectiveness and cost to propose feasible mitigation strategies. This application of TARA not only demonstrates a methodical approach to cybersecu-rity assessment but also offers actionable insights for improving the cyber resilience of critical EV charging infrastructure.
Download

Paper Nr:	38
Title:	A Framework for near-Real-Time Intrusion Detection in Micro-Enterprise Environments
Authors:	Selahattin Hürol Türen, Rafiqul Islam, Kenneth Eustace and Geoffrey Fellows
Abstract:	This paper presents a novel methodology for near-real-time intrusion detection tailored to micro-enterprise environments, where resources are limited but cyber risks are escalating. The experimental design uses the lightweight machine learning techniques in Weka with robust cross-validation to ensure reliable detection while minimising overfitting and underfitting. To complement this, we introduce the Agile Cybersecurity Maturity Model (ACMM), which supports adaptive and proactive security practices. The key contributions of this paper are: (i) a practical intrusion detection framework optimised for micro-enterprise constraints, (ii) the integration of machine learning and validation techniques for near-real-time monitoring, and (iii) the proposal of ACMM as a maturity model to strengthen long-term resilience. Together, these advances provide micro-enterprises with an affordable, scalable, and accessible defence against increasingly sophisticated threats, while supporting the protection of broader community and critical infrastructure.
Download

Paper Nr:	62
Title:	Synthesising Attack Trees with Optimal Shape and Labelling
Authors:	Olga Gadyatskaya, Sjouke Mauw, Rolando Trujillo-Rasua and Tim A. C. Willemse
Abstract:	This article addresses the problem of automatically generating attack trees that soundly and clearly describe the ways a system can be attacked. Soundness means that the attacks displayed by the attack tree are indeed attacks in the system; clarity means that the tree is efficient in communicating the attack scenario. To pursue clarity, we introduce an attack-tree synthesis algorithm that decorates trees with succinct and informative labels while minimizing their size. We achieve this by i) introducing a system model that allows to reason about attacks and goals in an efficient manner, and ii) by establishing a connection between the problem of factorising algebraic expressions and the problem of minimizing the tree size. To the best of our knowledge, we introduce the first attack-tree synthesis framework that optimises the labelling and shape of the generated trees, while guaranteeing their soundness with respect to a system specification.

Paper Nr:	90
Title:	Designing Secure Manufacturing-as-a-Service Platforms: Threat Modeling and Cybersecurity Risk Assessment
Authors:	Kaspars Ābelnīca, Giacomo Leopizzi, Rūta Pirta, Jānis Grabis and Beāte Krauze
Abstract:	Manufacturing-as-a-Service (MaaS) is an innovative approach to manufacturing, permitting personalized production orders, and allowing manufacturers to better utilize their manufacturing infrastructure. This model connects various manufacturing systems and devices across a wide geographical area, creating unique cyber-security challenges that need to be addressed already during the design phase. This paper demonstrates an illustrative example of MaaS cybersecurity threat modeling and risk assessment based on the current cybersecurity landscape and ISO 27005:2022 standard best practices. An asset-based approach to risk management, consisting of a threat model in the ArchiMate language and an assessment of the identified risks has been created and demonstrated. The example is based on the development of a new MaaS platform (MEDUSA) that combines several marketplaces and manufacturers to facilitate cross-industry cooperation and remanufactur-ing. The threat model has been reviewed in discussion with an industry expert while the initial risk assessment scores have been compared to those gathered in a survey conducted with manufacturers, marketplace owners and researchers involved in the design of MaaS solutions.
Download

Paper Nr:	103
Title:	Monitoring and Economic Sustainability: Preliminary Insights
Authors:	Antonello Calabrò, Eda Marchetti and Albina Orlando
Abstract:	This paper presents a preliminary conceptual analysis toward a Cost-Benefit Based Monitoring Evaluation paradigm. The work explores how economic reasoning can be integrated into adaptive monitoring systems through Complex Event Processing (CEP). The study examines how cybersecurity monitoring decisions can be made operationally efficient and economically sustainable by explicitly considering the trade-off between monitoring costs and expected loss reduction. Building on existing work in adaptive and risk-aware monitoring, this work identifies the lack of economic reasoning in current CEP frameworks and proposes an initial multi-layer architecture that embeds cost–benefit models within real-time event processing. The proposed approach introduces economic awareness, explainability, and governance mechanisms into the monitoring lifecycle. This contribution is primarily conceptual and architectural, outlining design challenges and guidance, and providing procedural guidelines for the future implementation and validation of the framework.
Download

Paper Nr:	114
Title:	Design and First Evaluation of a Matrix-Based PUF Authentication Scheme for Blockchain-Based Tracking
Authors:	Stefano Bistarelli, Ivan Mercanti, Igor Neri and Francesco Santini
Abstract:	This paper introduces and discusses a matrix-based Physical Unclonable Function (PUF) authentication framework integrated with blockchain technology for secure and decentralized device tracking. The proposed concept leverages a cross-bar array structure fabricated from two-dimensional semiconductor materials to exploit inherent nanoscale variability as a foundation for generating unique, unclonable identifiers. Preliminary simulations on 16-, 32-, and 64-bit configurations suggest that medium-density matrices achieve a balanced trade-off between sensitivity, uniqueness, and reproducibility, with Avalanche and Hamming metrics approaching the theoretical ideal of 0.5. Although these findings remain exploratory, they support the feasibility of using matrix-based cross-bar Array PUFs as lightweight, hardware-anchored trust primitives. The proposed integration with a permissioned blockchain enables secure on-chain registration and verification of selected challenge–response pairs, establishing a transparent and tamper-evident authentication mechanism. The paper aims to stimulate discussion and guide future research toward scalable, hardware-rooted identity and traceability solutions for blockchain-enabled Internet of Things ecosystems.
Download

Paper Nr:	125
Title:	Reflections of Social Engineering Awareness Negligence in Facilitating Cyber-Physical Attacks
Authors:	Luís Filipe Gomes, Luís Miguel Batista and João Rafael Almeida
Abstract:	Cyber threats continue to evolve rapidly as modern technologies drive the smart transformation of infrastructures and daily activities. While this interconnected ecosystem delivers substantial benefits, it also expands the attack surface and has contributed to a sustained rise in cyber incidents. Despite advances in technical defenses, the human element remains the most vulnerable point in the security chain, with social engineering now serving as a primary vector in contemporary attacks. Leveraging persuasion, contextual cues, and high-semantic manipulation, adversaries exploit human trust to circumvent technological safeguards and trigger unintended, high-impact actions. In response, this work combines a theoretical framework of social engineering mechanics with a practical field assessment conducted within a live organizational environment. The study highlights the urgent need for organizations to move beyond compliance-based training toward a continuous culture of security resilience.
Download

Paper Nr:	147
Title:	STSRS: A New Dataset for Simulating Security Threats in Smart Railway Systems
Authors:	Mays Abukeshek, Mohammed Al-Mhiqani and Simon Parkinson
Abstract:	The digitalisation of railway systems has improved efficiency but introduced vulnerabilities in train-to-control communications. To address the lack of realistic datasets for cyber-physical railway systems, this paper introduces STSRS (Security Threats in Smart Railway Systems), a high-fidelity time-series corpus for cybersecurity and intelligent transport research. STSRS contains over 10 million synchronised records simulating interactions between 10 autonomous trains and two control centres under both normal and adversarial scenarios (DoS, Jamming, Stealthy Replay). Generated using a modular framework with stochastic dynamics, TCP/IP telemetry, and context-aware attack injection, each record includes over 10 labelled features spanning raw (e.g., speed, latency) and behavioural (e.g., Burstiness, Entropy) metrics. STSRS supports reproducible anomaly detection, cyber-defence modelling, and digital twin evaluation in railway CPS environments.
Download

Paper Nr:	155
Title:	Similarity Is Not Enough: Issues with Adversarial Perturbations of Traffic Features against Intrusion Detection Systems
Authors:	Marta Catillo, Antonio Pecchia and Umberto Villano
Abstract:	A common approach in network intrusion detection consists in the extraction of various features from network traffic followed by the application of machine learning and deep learning techniques. In spite of their excellent performance, machine (deep) learning-based detectors are vulnerable to adversarial examples. The literature has largely demonstrated that adversarial examples can be successfully crafted through the perturbation of the traffic features in lieu of the real-world network packets. Even if the perturbations try to attain some sort of similarity between the original and adversarial examples, the notion of similarity remains opaque in intrusion detection. This paper presents a study on the issues with adversarial perturbations of traffic features against network intrusion detection. The study is based on a traffic dataset collected in a controlled network. Diverse classifiers are tested with both original and adversarial examples generated through the ubiquitous fast gradient sign method (FGSM). The results indicate that similarity is not enough, in that the adversarial examples may retain feature-space similarity with the original examples while violating the inherent relationships of the features learned from real-world network traffic.
Download

Paper Nr:	162
Title:	Evolution and Perspectives of the Keep IT Secure Ecosystem: A Six-Year Analysis of Cybersecurity Experts Supporting Belgian SMEs
Authors:	Christophe Ponsard, Jean-François Daune, Denis Darquennes, Malik Bouhou and Nicolas Point
Abstract:	The importance of cybersecurity for Small and Medium Enterprises (SMEs) has never been greater, especially given the rise of AI-driven threats. Supporting SMEs requires a sustained effort to ensure they have access to resources and expertise covering awareness, protection, auditing, and incident response. Since 2019, our work with the Keep It Secure initiative has focused on helping Belgian (Walloon) SMEs strengthen their cybersecu-rity posture through access to a network of labelled cybersecurity experts. In this process, we interviewed over 120 professionals from around 90 companies and gathered rich insights about the nature, strengths and weak-nesses of our regional ecosystem. While our initiative primarily targets the labelling of cybersecurity experts, we demonstrate increasing alignment with the broader Cyber Fundamentals framework deployed at the federal level in Belgium, which supports official certification. This paper reports on the progress and lessons learned from this long-term effort, highlighting how expert validation, based on a structured evaluation approach, can help improve SME cybersecurity.
Download

Area 2 - Technologies and Foundations

Full Papers

Paper Nr:	42
Title:	Revisiting ISD Algorithms and New Decoding Records for Large Weight Syndrome Decoding over F q
Authors:	Takeshi Wakao, Yusuke Aikawa, Shintaro Narisada and Tsuyoshi Takagi
Abstract:	Syndrome Decoding Problem (SDP) constitutes the foundation of the security of code-based cryptography. Information Set Decoding (ISD) provides the most effective known algorithms for solving SDP. While binary low weight SDP has been extensively studied, large weight SDP remains less explored—especially for finite fields with the size q ≥ 3, where techniques for binary case no longer apply directly. In this work, we conduct a detailed analysis of SDP with q ≥ 3. We analyze how the ISD’s complexity varies with the choice of q by examining Prange’s and Dumer’s algorithms, and observe that large weight SDP instances are the hardest at q = 3,4. Furthermore, we re-evaluate the application of representation to ternary large weight SDP, as previously suggested. We show that the success probability of merging, which is crucial for the efficiency of representation, drastically decreases in the large weight setting. This leads to a substantial increase in decoding complexity, highlighting important limitations of existing ISD strategies in this parameter regime. Finally, we report new records on the decoding challenge for instances in the ternary large weight category. The computations were achieved without using the representation technique, by applying a simple Wagner algorithm.
Download

Paper Nr:	43
Title:	Plug’n’Trust: Fine-Grained USB Device Isolation for ARM TrustZone
Authors:	Julian Funk, Yvonne Kothmeier, Jonas Röckl, Christian Lindenmeier and Tilo Müller
Abstract:	On millions of devices, the ARM TrustZone Trusted Execution Environment (TEE) protects the device’s most valuable secrets like cryptographic keys, even when the operating system is compromised. However, the default TrustZone model provides only coarse-grained control over USB peripherals, i.e., the TEE can either take control over the entire bus, along with all connected devices, or relinquish it entirely. This poses a significant challenge for enabling secure I/O from individual USB devices. For example, it is not possible to use a keyboard as a secure peripheral in the TEE while connecting a USB flash drive to the operating system outside the TEE. To address this limitation, we introduce TusbEE. TusbEE deploys a minimal trusted USB driver within the TEE for direct interaction with the standard xHCI USB host controller. The driver enables fine-grained control over the bus, securely partitioning traffic to isolate TEE-assigned USB devices from the remaining non-secure peripherals. Our proof-of-concept implementation on real hardware demonstrates that TusbEE achieves practical USB device isolation with a performance overhead of at most 22.7% for USB 3.0 devices. Despite this overhead, TusbEE is well-suited for security-critical use cases like secure keyboard input or biometrics, which do not rely on high throughput.
Download

Paper Nr:	46
Title:	Sequential Pattern Recognition Attacks against Deployed Topic-Based Mechanisms
Authors:	Saranya Vijayakumar, Norman Sadeh and Matt Fredrikson
Abstract:	Privacy-preserving AI systems like Google’s Topics API attempt to protect user privacy through behavioral aggregation, but fail against realistic attacks. We demonstrate that a transformer-based sequential pattern recognition framework achieves 33.96% re-identification accuracy on web browsing data and up to 95.67% on music listening behavior, compared to prior methods achieving ≤15% accuracy. The approach exploits temporal consistency in topic assignments through hierarchical attention mechanisms. Standard protections prove inadequate: extending observation windows from 3 to 8 epochs improves attack success by 90.1%, while industry-standard 5% noise injection provides minimal protection. These results show that privacy mechanisms designed without considering modern machine learning capabilities systematically fail their stated objectives.
Download

Paper Nr:	60
Title:	On the Hardness of Decoding Quasi-Cyclic Codes and the Security of Code-Based Public-Key Cryptosystems
Authors:	Alessandro Annechini, Alessandro Barenghi and Gerardo Pelosi
Abstract:	Post-quantum public key encryption (PKE) schemes employing Quasi-Cyclic (QC) sparse parity-check matrix codes are enjoying significant success, thanks to their good performance profile and significant reduction in the keypair size. However, there is no formal proof that the hardness of decoding random QC codes is related to the decoding hardness of random codes, which is known to be NP-hard, nor that changing the (constant in the length) rate of the employed QC codes does not change the nature of the underlying hard problem. In this work, we address and solve these challenges, answering both of them in the affirmative. First, we prove computational equivalences among hard problems from coding theory and the corresponding problems for QC codes. Then, we provide a systematization of hard problems and security assumptions underlying QC-MDPC-based cryptosystems, proving that fixing the rate of the QC codes does not change the hardness of key recovery attacks. These results allow the design of Niederreiter-style QC-MDPC PKEs, with the additional flexibility granted by freely choosing the code rate, leading to code-based public key encryption schemes which are both secure and can be fit in very demanding scenarios, such as embedded systems.
Download

Paper Nr:	97
Title:	Practical Private Approximate Similarity Computation
Authors:	Ryo Nojima and Lihua Wang
Abstract:	In this paper, we present a privacy-preserving protocol for computing the similarity between two parties: a server and a client, each possessing a set A and B, respectively. Our protocol approximates the Jaccard similarity, \|A∩B\| \|A∪B\|, without revealing the elements of either set. Additionally, the approach can be readily extended to calculate the cardinality of the intersection, \|A∩B\|. Blundo et al. first introduced a protocol of this type [DPM & SETOP 2012]. In this work, we identify particular weaknesses in their method and propose an enhanced protocol that employs differential privacy to improve both security and robustness.
Download

Paper Nr:	119
Title:	Private Multivariate Function Evaluation Using CKKS-Based Homomorphic Encrypted Lookup Tables
Authors:	Haoyun Zhu, Takuya Suzuki and Hayato Yamana
Abstract:	To address the growing privacy concerns in cloud computing, homomorphic encryption (HE) provides a secure computation framework that allows functions to be evaluated directly over encrypted data without exposing the underlying plaintext. However, the practical use of HE remains limited due to its high computational cost and its lack of support for HE-unfriendly functions, such as division, conditional branching, and logarithmic operations. To mitigate these limitations, recent research has proposed computation methods using precomputed lookup tables (LUTs), allowing HE-unfriendly functions to be evaluated indirectly by querying results within encrypted precomputed tables. This paper proposes an efficient method for evaluating multi-input real-number-based functions using the Cheon-Kim-Kim-Song (CKKS) scheme, which is the first to handle multi real-number inputs. The method extends one-input evaluation schemes to support functions with multiple inputs. In the LUT construction phase, we introduce a structured rearrangement strategy, reducing the overall computation time. Experimental results demonstrate that the proposed method enables flexible real-number function evaluation with lower latency than existing approaches, achieving 1.02× to 4.40× speedups over the previous method in two-input function evaluation.
Download

Paper Nr:	128
Title:	ERAHE: Edge-Offloaded Robust Attribute-Based Aggregate Scheme Enhanced with Homomorphic Encryption for 5G-Connected Delivery Drones
Authors:	Aagii Mariam Thomas and Sana Belguith
Abstract:	Uncrewed Aerial Vehicles (UAVs) are emerging as an integral part of delivering packages, food, and medicines for fast and efficient services. They rely on 5G networks offering high-speed, low-latency, and reliable connectivity for the exchange of mission-critical data. The 5G-connected drones remain vulnerable to cyber security attacks, including those impacting confidentiality, authentication, and integrity. In this paper, we present an edge-assisted data aggregation framework that reduces the drone’s computation overhead and allow for secure data sharing between the drones and the Ground Control Station (GCS). The framework relies on a multi-level Attribute-Based Encryption (ABE) enhanced with an aggregate scheme using the Homomorphic Encryption (HE) properties. By integrating the property of HE with ABE, we ensure that only authorised entities can decrypt the encrypted messages under the threshold policy. To reduce the computation overhead at drones, we offload most computationally expensive operations in the encryption and decryption phases to an edge server. Our security analysis demonstrated that the proposed scheme guarantees confidentiality, access control, and key management security while resisting UAV-specific attacks such as eavesdropping, man-in-the-middle attacks and data injection. We validate the proposed scheme using a realistic testbed that includes a Holybro Pixhawk drone and Raspberry Pi. The experimental results demonstrate that the edge-assisted ERAHE framework effectively reduces cryptographic latency and computation burden on UAVs by partitioning expensive operations between the drone and the edge node. ERAHE achieves an optimal balance between cryptographic robustness and lightweight performance, making it well-suited for mission-critical applications.
Download

Paper Nr:	142
Title:	QAGC: A Hybrid Quantum Walk Compiler for Scalable and High-Precision Attack Graph Analytics
Authors:	Mahesh Babu Chittem, Sriramulu Bojjagani and Anup Kumar Maurya
Abstract:	Attack graphs are widely used to model how adversaries exploit sequences of vulnerabilities, yet classical techniques struggle to scale as system size and transition complexity increase. This paper introduces QAGC, a Quantum Attack Graph Compiler that applies a hybrid quantum walk model—combining Discrete-Time Quantum Walks (DTQW) and Continuous-Time Quantum Walks (CTQW)—to accelerate attack path discovery and prioritization. QAGC automatically generates weighted attack graphs from real cybersecurity datasets and compiles them into quantum-compatible adjacency structures. DTQW enables fine-grained exploration of local subgraphs, while CTQW captures global propagation through Hamiltonian evolution. Experiments on graphs with 50, 200, and 500 nodes show that QAGC reduces attack path discovery time by up to 3.7× and improves ranking accuracy by 28–41% compared to classical methods. These results demonstrate that hybrid quantum walks offer a scalable and high-precision approach for next-generation attack graph analytics.
Download

Paper Nr:	160
Title:	Avatar Motion Signatures: Evaluating Linkability of Expressive De-Identification
Authors:	Fenja Schulz, Jan Marquenie, Carlos Franzreb, Tim Polzehl, Ingo Siegert and Sebastian Möller
Abstract:	Avatar-based de-identification promises privacy by design by replacing facial appearance with a synthetic surrogate driven by normalized motion parameters. This raises the question of how much identity is still leaked through the preserved expressivity. We quantify this risk with a motion-based re-identification attack on avatarized talking-head videos. A spatial–temporal graph convolutional network (ST-GCN) is trained on 2D facial landmark trajectories from 112 identities and evaluated in a verification task on 34 unseen identities. We consider three attack scenarios: a baseline trained and tested on non-anonymized video (refM), a naive transfer of this model to avatarized sequences (crossM), and an attacker trained and tested directly on avatarized motion (attM). The baseline achieves an Equal Error Rate (EER) of 16% on non-avatarized data. Under naive transfer to avatarized sequences, the EER rises to 31%, indicating that avatarization weakens but does not prevent motion-based re-identification. When the attacker is adapted to the avatar domain, the EER decreases to 26%. A region-wise ablation shows that motion around the eyes, lips, and nose is particularly influential for linkability. Overall, avatarization reduces but does not remove identity information in facial motion, and the dynamics preserved for expressive interaction still enable cross-session linkage.
Download

Paper Nr:	166
Title:	Transformers Can Do It: Recovering Types from Executables Using Transformer Based LLMs
Authors:	Ruturaj Vaidya and Prasad A. Kulkarni
Abstract:	Accurate type recovery from stripped binaries can aid reverse engineers to gain a better understanding of source semantics and syntax, and establish a foundational contrivance to support many security applications such as control-flow integrity (CFI), binary similarity, malware analysis, software forensics, vulnerability assessment, etc. In this work, we propose a novel architecture agnostic type recovery technique called Y ¯ALI (”Yet Another Language model for type Inference”) to predict function parameter and callsite argument type information from stripped and optimized binaries. Our approach is a two stage process - firstly, in the static analysis and data collection phase we leverage the Ghidra binary analysis tool, to lift low-level binary executables to Ghidra’s intermediate representation called P-Code, and recover P-Code slices for both function parameters and callsite arguments. Secondly, in the training stage, we utilize a light-weight BERT based Transformer model called DistilBERT to capture P-Code semantics and understand data-flow patterns to accurately perform the task of type classification. To assess our technique, we use a corpora of around 33k binaries compiled on different architectures, using various compilers and optimization levels. Y ¯ALI achieves on average around 94% and 92% accuracy for function parameter and callsite argument recovery tasks respectively, significantly surpassing conventional type recovery techniques.
Download

Short Papers

Paper Nr:	26
Title:	Enhancing Certified Robustness in Few-Shot Classification with Contrastive Loss and Defensive Noise in Fine-Tuning
Authors:	Hiroya Kato, Seira Hidano, Takao Murakami and Hideitsu Hino
Abstract:	Few-shot learning (FSL) is a learning strategy for obtaining general information with few samples. Recent studies show that fine-tuning (FT) with data augmentation is effective in improving few-shot classification performance. Meanwhile, FSL is also vulnerable to adversarial perturbations. To counter such a vulnerability, a latest defense realizes certified robustness (CR) in FSL. However, we discovered that FT with data augmentation can have an adverse influence on the CR. In this paper, we propose a simple and effective method that enhances the CR. Our method adds defensive noise for CR to samples when FT is performed in order to align their distribution with that of samples in the certification phase. Furthermore, to bring original samples and noisy or augmented ones close in the embedding space, we introduce two types of contrastive losses (CLs). The first loss is a supervised CL. This helps identify original samples with perturbed ones in the embedding space with the help of their labels. The other is an unsupervised CL, which facilitates learning semantic information. Our method is intended to be employed in the meta-testing phase because such a strategy can mitigate degrading the utility of meta-trained models. Our results demonstrate that our method improves the CR of fine-tuned models by up to approximately 14%. In particular, our method is effective in the cross-domain scenario where FT is required.
Download

Paper Nr:	32
Title:	Decentralized Secure Authentication with DIDs and Ethereum Signatures: A Case Study in Immersive Environments
Authors:	Amira Talha, Faten Chaabane, Tarek Frikha, Claude Duvallet and Mohamed Ben Aouicha
Abstract:	Authentication mechanisms are crucial for decentralized applications (dApps), particularly in the healthcare sector, because they eliminate centralized vulnerabilities while maintaining cryptographic security. Traditional password authentication is incompatible with Web3 architectures, where users control private keys and decentralized identities. Existing solutions are vulnerable to dependence on centralized identity providers, phishing attacks, and replay vulnerabilities. We present a passwordless mutual authentication protocol that combines decentralized identifiers (DIDs) with Ethereum signatures using MetaMask, which provides bidirectional authentication via cryptographic challenge-response mechanisms while recording all interactions as blockchain transactions to ensure immutable audit trails. Formal analysis with Scyther validates its resistance to replay attacks, man-in-the-middle attacks, and identity theft. Performance evaluation on a private Ethereum network proves a 37-fold throughput improvement for batch processing over sequential approaches, with authentication latency below 3 seconds. The protocol achieves a 0% failure rate over 1000 authentication attempts, proving its practical viability for Web3 environments.
Download

Paper Nr:	52
Title:	Security and Detectability Analysis of Unicode Text Watermarking Methods against Large Language Models
Authors:	Malte Hellmeier
Abstract:	Securing digital text is becoming increasingly relevant due to the widespread use of large language models. Individuals’ fear of losing control over data when it is being used to train such machine learning models or when distinguishing model-generated output from text written by humans. Digital watermarking provides additional protection by embedding an invisible watermark within the data that requires protection. However, little work has been taken to analyze and verify if existing digital text watermarking methods are secure and undetectable by large language models. In this paper, we investigate the security-related area of watermarking and machine learning models for text data. In a controlled testbed of three experiments, ten existing Unicode text watermarking methods were implemented and analyzed across six large language models: GPT-5, GPT-4o, Teuken 7B, Llama 3.3, Claude Sonnet 4, and Gemini 2.5 Pro. The findings of our experiments indicate that, especially the latest reasoning models, can detect a watermarked text. Nevertheless, all models fail to extract the watermark unless implementation details in the form of source code are provided. We discuss the implications for security researchers and practitioners and outline future research opportunities to address security concerns.
Download

Paper Nr:	63
Title:	Attacking a Segmented CFB Mode with a Predictable IV
Authors:	Novák Vojtěch, Kokeš Josef and Lórencz Róbert
Abstract:	We analyze the incorrect usage of an initialization vector in the segmented CFB (Cipher Feedback) operating mode: We show that when a counter rather than an unpredictable value is used for IV, it may be possible to recover the full plaintext as long as a few realistic conditions are met. This should demonstrate clearly why it is important to adhere to the requirements of operating modes.
Download

Paper Nr:	72
Title:	Scaling Android Hooking: Usability and Performance of Frida and Xposed for Mass API Interception
Authors:	Kris Heid, Dávid Zsolt Balatoni and Jens Heider
Abstract:	Dynamic analysis is essential for evaluating mobile app security and privacy under realistic conditions. Achieving actionable visibility-spanning data sources, transformations, and sinks-requires hooking a broad set of Android APIs at scale, which introduces significant performance challenges even on modern devices. In this paper we design a high-volume dynamic hooking environment with the two dominant instrumentation frameworks: Frida and Xposed/LSPosed. We characterize their overheads under dense hook deployments and heavy data flows, identify bottlenecks, and present performance optimizations for serialization and transport. We discuss trade-offs in usability, deployability, and stability, and outline practical guidance for large-scale, semantically rich tracing on Android.
Download

Paper Nr:	74
Title:	WuppieFuzz: Coverage-Guided, Stateful REST API Fuzzing
Authors:	Thomas Rooijakkers, Anne Nijsten, Cristian Daniele, Erieke Weitenberg, Ringo Groenewegen and Arthur Melissen
Abstract:	Many business processes currently depend on web services, often using REST APIs for communication. REST APIs expose web service functionality through endpoints, allowing easy client interaction over the Internet. To reduce the security risk resulting from exposed endpoints, thorough testing is desired. Due to the generally vast number of endpoints, automated testing techniques, like fuzzing, are of interest. This paper introduces WuppieFuzz, an open-source REST API fuzzer built on LibAFL, supporting white-box, grey-box and black-box fuzzing. Using an OpenAPI specification, it can generate an initial input corpus consisting of sequences of requests. These are mutated with REST-specific and LibAFL-provided mutators to explore different code paths in the software under test. Guided by the measured coverage, WuppieFuzz then selects which request sequences to send next to reach complex states in the software under test. In this process, it automates harness creation to reduce manual efforts often required in fuzzing. Different kinds of reporting are provided by the fuzzer to help fixing bugs. We evaluated our tool on the Petstore API to assess the robustness of the white-box approach and the effectiveness of different power schedules. We further monitored endpoint and code coverage over time to measure the efficacy of the approach.
Download

Paper Nr:	76
Title:	Systematic Construction and Experimental Evaluation of a Cybersecurity Threat Catalogue
Authors:	Finn Siegismund-Poschmann and Jörn Eichler
Abstract:	Developers of cyberphysical systems perform threat and risk assessments (TARAs) to identify and treat security threats. To improve consistency and comprehensiveness of TARAs, the application of threat catalogues is common practice. Empirical evaluations of threat catalogues demonstrate the direct influence of threat cata-logues on TARAs. However, while desired properties of a good threat catalogue are known from qualitative research it is currently unknown how these can be achieved. In this paper we introduce a replicable method to construct threat catalogues systematically and perform a controlled experiment to compare three domain-specific threat catalogues for the automotive domain, one from the UNECE R155 regulation, the EMB3D catalogue from MITRE and a threat catalogue constructed with our introduced design method. During our evaluation we did not measure a significant difference between the threat catalogues. However, the results of the post-task questionnaire indicate a significant better overview, ease of use and structure of the constructed threat catalogue compared with the other catalogues. Our study does not only underline empirically the important role of threat catalogues for the development of cyberphysical systems but provides further means to systematically improve their construction, selection, and application.
Download

Paper Nr:	89
Title:	Show Me What You Got: Vulnerabilities of Industrial Components Revealed by Automated Blackbox Testing
Authors:	Anne Borcherding, Mark Leon Giraud and Laura Tzigiannis
Abstract:	Operational Technology Components (OTCs) that control and monitor industrial processes are a valuable target for attackers. Reducing the likelihood of successful attacks requires identifying, assessing, and mitigating vulnerabilities in those components. To achieve this, blackbox penetration testing can be applied. However, traditional approaches to penetration testing do not take the specificities of OTCs, such as their focus on availability and their resource constraints, into account. Thus, we describe a test strategy specifically targeting OTCs, and consequently apply this strategy to ten OTCs. Our experiments reveal findings for all considered OTCs, including crashes, hangs, and information on outdated software. Most crashes or hangs are concerned with SNMP and TCP (6,418 and 2,864 findings in total, respectively). We analyzed some of the more severe crashes and found that they were caused either by overload or unexpected TCP options. Moreover, we identified limitations of the used tools with respect to fingerprinting, severity assessment, and crash detection.
Download

Paper Nr:	91
Title:	HEALED: Hybrid Homomorphic Encryption for Analysis of Large-Scale Encrypted Data
Authors:	Maria João Dias, Ivan Costa, Ivone Amorim, Eva Maia and Isabel Praça
Abstract:	Integrating Machine Learning into healthcare raises critical concerns related to data privacy and, at the same time, processing large volumes of data is limited by regulations for sensitive information handling. Homomorphic Encryption (HE) overcomes such limitations by enabling computations on encrypted data but its heavy computational costs limit practical adoption. This paper explores Hybrid Homomorphic Encryption (HHE) as a practical solution for privacy in healthcare and proposes HEALED, a novel framework for medical diagnosis using the symmetric cipher Rubato, and the CKKS and BFV HE schemes. Experimental evaluation demonstrates that HEALED improves diagnostic accuracy compared to both the plaintext implementation and a CKKS baseline (plaintext: 95.43%, baseline: 94.21%, HEALED: 97.48 − 97.90%). Furthermore, it reduces encrypted data size by a factor of 4370× and reduces client-side computations, namely encryption time is reduced at least 62× and decryption time by 76×, when compared to the CKKS baseline. Security and performance trade-offs were also analyzed under varying HE parameters, showing that the system balances efficiency with strong confidentiality guarantees.
Download

Paper Nr:	108
Title:	Simple Power Analysis of Polynomial Multiplication in HQC
Authors:	Pavel Velek, Tomáš Rabas and Jiří Buček
Abstract:	The Hamming Quasi-Cyclic (HQC) cryptosystem was selected for standardization in the fourth round of the NIST Post-Quantum Cryptography (PQC) standardization project. The goal of the PQC project is to standardize one or more quantum-resistant public-key cryptographic algorithms. In this paper, we present a single-trace Simple Power Analysis (SPA) attack against HQC that exploits power consumption leakage that occurs during polynomial multiplication performed at the beginning of HQC decryption. Using the ChipWhisperer-Lite board, we perform and evaluate the attack, achieving a 99.69 % success rate over 10 000 attack attempts. We also propose various countermeasures against the attack and evaluate their time complexity.
Download

Paper Nr:	111
Title:	Log-Based Authentication via Cybernetic Avatars: Data Type Categorization Focused on Authenticated Game Character Information
Authors:	Ryosuke Kobayashi, Mhd Irvan, Franziska Zimmer, Maharage Nisansala Sevwandi Perera and Rie Shigetomi Yamaguchi
Abstract:	In recent years, a new security threat called “cooperative impersonation” has gained attention. This refers to cases where service users intentionally share their own authentication credentials with another person, allowing that person to impersonate them. This threat is difficult to detect using conventional personal authentication methods, because it involves cooperation between the legitimate user and the impersonator. To address this issue, CA log-based authentication method are focused on, which uses CA’s behavioral logs. However, existing log-based authentication methods are often designed for specific services. As a result, they are difficult to apply in a general way. To overcome this limitation and capture effective features for log-based authentication in a general-purpose CA service, we classified log data from two perspectives: “data type” and “service characteristics”. Our goal is to identify data types that can be used more universally. We conducted a concrete evaluation using log data from Counter Strike: Global Offensive, with a focus solely on authenticated game character information. The results show that time-series data strongly reflect individual characteristics and are highly effective in detecting cooperative impersonation. As a preliminary evaluation in a one-vs-rest setup on the dataset, a Random Forest trained only on time-series features achieves Precision 0.982, Recall 0.985, and F1 0.984, approaching the performance obtained with all modalities. This study represents a first step toward developing reusable and service-independent log-based authentication methods.
Download

Paper Nr:	115
Title:	A Comparison of Selected Image Transformation Techniques for Malware Classification
Authors:	Rishit Agrawal, Kunal Bhatnagar, Andrew Do, Ronnit Rana, Martin Jureček and Mark Stamp
Abstract:	Recently, a considerable amount of malware research has focused on the use of powerful image-based machine learning techniques, which generally yield impressive results. However, before image-based techniques can be applied to malware, the samples must be converted to images, and there is no generally accepted approach for performing this conversion. The malware-to-image conversion strategies found in the literature often appear to be ad hoc, with little or no effort made to take into account properties of executable files. In this paper, we experiment with eight distinct malware-to-image conversion techniques, and for each, we test a variety of learning models. We find that several of these image conversion techniques perform similarly across a range of learning models, in spite of the image conversion processes being substantially different. These results suggest that the effectiveness of image-based malware classification techniques depends more on the inherent strengths of image analysis techniques, as opposed to the precise details of the image conversion strategy.
Download

Paper Nr:	121
Title:	Detecting Cryptographically Relevant Software Packages with Collaborative LLMs
Authors:	Eduard Hirsch, Kristina Raab, Tobias J. Bauer and Daniel Loebenberger
Abstract:	IT systems are facing an increasing number of security threats, including advanced persistent attacks and future quantum-computing vulnerabilities. The move towards crypto-agility and post-quantum cryptography (PQC) requires a reliable inventory of cryptographic assets across heterogeneous IT environments. Due to the sheer amount of packets, it is infeasible to manually detect cryptographically relevant software. Further, static code analysis pipelines often fail to address the diversity of modern ecosystems. Our research explores the use of large language models (LLMs) as heuristic tools for cryptographic asset discovery. We propose a collaborative framework that employs multiple LLMs to assess software relevance and aggregates their outputs through majority voting. To preserve data privacy, the approach operates on-premises without reliance on external servers. Using over 65,000 Fedora Linux packages, we evaluate the reliability of this method through statistical analysis, inter-model agreement, and manual validation. Preliminary results suggest that LLM ensembles can serve as an efficient first-pass filter for identifying cryptographic software, resulting in reduced manual workload and assisting PQC transition. The study also compares on-premises and online LLM configurations, highlighting key advantages, limitations, and future directions for automated cryptographic asset discovery.
Download

Paper Nr:	133
Title:	Multi-Modal Model for Embedding Network and Audit Data for IoT Anomaly Detection
Authors:	Pratyush Singh, Yuxiang Huang, Haoxiang Li, George Oikonomou and James Pope
Abstract:	Current IoT infrastructures generate heterogeneous telemetry and primarily include network (inter-host information) and audit data (intra-host information). Most intrusion detection approaches use network or host information but not both. Specific to resource-constrained environments, like Internet of Things (IoT) systems, there remains a lack of anomaly detection research into multimodal techniques. We propose a multimodal fusion approach that combines network and host telemetry data to improve intrusion detection accuracy while maintaining computational efficiency. To address resource constraints, our approach applies dimensionality reduction to reduce memory and computational requirements. We evaluated our approach on a suitable IoT dataset with network and host (Windows 7 and 10) features already extracted. Our experimental evaluation demonstrates two critical findings. First, multi-modal fusion significantly improved detection accuracy across all evaluated models. The 1D-CNN model improved by 17.60 percentage points from 81.72% to 99.32%, while tree ensembles (XGBoost and Random Forest) achieved ideal accuracy. Unsupervised methods also benefited substantially, with Agglomerative Clustering increasing from 0.2173 to 0.6304 Adjusted Rand Index. Second, we demonstrate that the fused feature space can be dimensionally reduced to less than half the features while maintaining comparable accuracy performance, reducing computational requirements. We found that PCA performed as well as UMAP regarding accuracy but was considerably faster (54x speedup) at reducing the feature space. The proposed approach demonstrates robustness to class imbalance and provides practical deployment guidance for resource constrained IoT environments, with comprehensive benchmarking across over 15 model architectures including traditional machine learning, deep learning, and transformer-based approaches.
Download

Paper Nr:	134
Title:	Ontology-Driven Detection of Traffic Light Manipulation in Intelligent Transportation Systems
Authors:	Elena Cardillo, Marco De Vincenzi, Maria Taverniti and Ilaria Matteucci
Abstract:	Intelligent Transportation Systems (ITS) are increasingly centered on Autonomous Vehicles, whose perception stack must be robust against cyberattacks. Recent studies have demonstrated that low-cost laser attacks on traffic lights can bypass recognition systems, resulting in erroneous perceptions of green or red states, thereby endangering road users. Existing Vision-Language Models (VLM) operate on raw visual data and patterns, resulting in the acceptance of visual configurations that, while plausible, are physically or legally unacceptable. To address this challenge, this work introduces an ontology-driven pipeline to verify VLM perception through logical consistency checking. By integrating the VLM with a traffic light ontology developed in this work, the approach establishes a novel pipeline that benefits from both data-driven visual representations and symbolic constraints derived from the knowledge base. This hybrid design can facilitate the identification of inconsistencies in traffic light states.
Download

Paper Nr:	145
Title:	A Pragmatic Comparison of Cryptographic Computation Technologies for Machine Learning
Authors:	Marcus Taubert, Adam Skuta and Thomas Lorünser
Abstract:	As security demands increase, the importance of secure computation technologies grows, yet these technologies can often seem overwhelming to practitioners. Furthermore, many approaches focus only on a single technology, potentially overlooking superior alternatives. This work aims to address the issue of selecting the right technology for secure computation by presenting a comparative analysis of two highly relevant cryptographic methods and their software implementations, with a particular focus on machine learning. Firstly, we provide a theoretical summary and comparison of the secure computation paradigms of secure multi-party computation (SMPC) and fully homomorphic encryption (FHE). We outline the advantages and limitations of the protocols, as well as the relevant open-source software implementations. Secondly, we present the results of extensive benchmarking of the main software frameworks identified for machine learning operations and models. Regarding the current state of the art in FHE, we observe that it outperforms SMPC for regressions. Additionally it may be faster for simple dense networks using GPUs or Hybrid Models. Conversely, SMPC showed superior performance for complex models such as CNNs. Our results should pave the way for more technology-agnostic benchmarking of secure computation technologies for machine learning, providing guid-ance for practitioners looking to adopt these technologies.
Download

Paper Nr:	170
Title:	SyMoGen: A Python-Based Synthetic Mobility Generator for Privacy-Preserving Trajectory Research
Authors:	Fatih S. Bayram, Matvii Shevchenko, Clemens Krüger, Tim Mencin and Dominik Schoop
Abstract:	Access to high-resolution mobility data is often hindered by privacy concerns. While synthetic data offers a potential solution, existing tools rarely capture the semantic complexity of real-world human behaviour needed for rigorous privacy auditing. To address this gap, this paper introduces the Synthetic Mobility Generator (SyMoGen), which is an open-source, hybrid simulation framework. SyMoGen couples a flexible Python-based agent model with the microscopic traffic simulator SUMO to generate physically realistic, multi-modal daily routines for heterogeneous populations. Unlike traditional tools that output raw coordinates, SyMoGen includes a specialized post-processing pipeline that performs semantic segmentation, converting continuous data into discrete Trips and Stays. The framework is validated through a case study of Esslingen am Neckar, demonstrating that SyMoGen generates realistic spatio-temporal patterns and modal splits. By providing a fully controlled environment where the “Ground Truth” is known, SyMoGen serves as a critical test bed for developing next-generation privacy-enhancing technologies.
Download

Paper Nr:	171
Title:	On RBAC Maintenance for Preserving Confidentiality
Authors:	Franck Fotso Kuate, Omer Nguena Timo and Florent Avellaneda
Abstract:	We study Role-Based Access Control (RBAC) maintenance under confidentiality-preserving information flow. We focus on two fundamental operations-adding a subject and adding an object-under the NoLk property, which prohibits direct and indirect information flows between designated subjects. We present a unified MaxSAT-based formulation that synthesizes updated user–role and role–permission assignments while minimally deviating from the original configuration, measured in Hamming distance. Our encoding integrates both direct accesses and indirect reading flows via propositional constraints and enforces NoLk as hard clauses. We further introduce soft clauses that preserve existing assignments and, when needed, compute optimal minimal changes. An empirical evaluation on synthetic benchmarks, designed to reflect small-to-medium enterprise and IoT settings, demonstrates practical scalability and reveals distinct modification patterns: adding a subject primarily affects role–permission assignments, whereas adding an object mainly adjusts user–role mappings.
Download

Paper Nr:	16
Title:	Securing Mobile Devices: An Analysis of Security Subsystems and Supply Chain Risks
Authors:	Stephan Spitz and Alexander Lawall
Abstract:	Security Subsystems such as Trusted Execution Environments (TEEs), Secure Boot, and OTA mechanisms form the foundation of mobile device protection. This paper provides a concise, structured assessment of their security by combining STRIDE threat modelling with established cyberattack taxonomies. The analysis identifies key technical and supply-chain risks, including spoofing, tampering, rollback attacks, denial of service, and privilege escalation, arising from subsystem interfaces and fragmented ownership across chipset vendors, device manufacturers, and service providers. Corresponding mitigation strategies are synthesized, covering hardware isolation, cryptographic controls, secure provisioning, and robust OTA governance. The findings highlight systemic weaknesses and emphasize the need for coordinated technical and organizational security measures.
Download

Paper Nr:	22
Title:	Exploring Large Language Models for Trustworthy Use: Insights from Research and Development
Authors:	Sandeep Kalari, Sahithi Padidela, Vikas Ashok and Ravi Mukkamala
Abstract:	Large Language Models (LLMs) are increasingly being adopted in a wide variety of domains, including sensitive domains such as healthcare and finance. However, persistent challenges such as unreliable data sources, privacy breaches, and hallucinated output continue to hinder their usage. We have experimented with several strategies to address these challenges. First, we developed BlockQwen, a blockchain-augmented framework that integrates decentralized trust validation, role-specific access control, and verifiable audit trails into the Qwen 2.5 LLM workflow. Second, we developed PrivAware, a multilayered privacy-enforcement framework, using a fine-tuned Flan-T5 model with self-attention masking, to safeguard data while maintaining high utility. Both systems resulted in significant improvement in mitigating privacy leaks and hallucinations. In this paper, we discuss the challenges that we faced in developing these systems and how these challenges were incrementally overcome. We briefly describe each system, and more importantly, we discuss the lessons learned throughout the development and testing process. It also includes a justification for each of the strategies employed and the benefits gained by such deployments. Finally, we provide guidelines for future development of trustworthy systems using LLMs, with special focus on preventing privacy leaks, minimizing hallucinations, improved authentication and authorization, and immutable audit trails.
Download

Paper Nr:	23
Title:	Rotating Arrows Scheme: Shoulder Surfing Resistant Graphical Password System
Authors:	Hanadi Asfour, Hafez Barghouthi and Abdallah Karakra
Abstract:	Shoulder surfing poses a serious threat to graphical password systems, as attackers can obtain sensitive information simply by observing users during login. Many existing approaches struggle to achieve both strong security and ease of use. This paper introduces the Rotating Arrows Scheme (RAS), a graphical authentication method designed to resist shoulder surfing while remaining simple to use. In RAS, arrows with distinct colors and icons are rotated to point toward numbers on an octagonal interface according to the user’s passcode. Random rotations and decoy arrows further increase resistance to observation, even after repeated attempts. A user study with twenty first-time participants showed an average login success rate of 86.6% and a mean completion time of 53.94 seconds. The password space exceeds 3.08×1011 combinations with an entropy of 38.2 bits, surpassing many existing graphical schemes. These results indicate that RAS provides a practical balance between usability and strong protection against shoulder-surfing attacks.
Download

Paper Nr:	24
Title:	SoK: Challenges for Implementing Automated Cryptography Discovery and Inventory Tool
Authors:	Hiroki Yamamuro, Shusaku Uemura and Kazuhide Fukushima
Abstract:	Cryptography is used for a wide range of purposes like guaranteeing security requirements. Recent progress in the development of cryptographically relevant quantum computers (CRQC) has increased the risk of the currently used cryptographic schemes being compromised, which necessitates the transition to post-quantum cryptography (PQC). One issue for PQC transition is to identify which cryptographic schemes used in information systems and assets are targeted for PQC migration. The identification requires a cryptographic inventory that lists detailed information about cryptography. Automated cryptography discovery and inventory (ACDI) tools support PQC migration by discovering cryptography and creating a cryptographic inventory. This paper formalizes the roles of ACDI tools toward their implementation and focuses on how to discover cryptography and create a cryptographic inventory. We firstly list information sources that can be utilized for discovering cryptography, such as source code, binary code, and specification documents, and highlight strengths of each information source. We explain discovery methods for each information source using various analytical techniques and discuss issues that arise from implementation and configuration methods, alongside practical countermeasures. We then present a way to create a cryptographic inventory and discuss issues and practical measures that arise from differences in the discovered cryptographic information.
Download

Paper Nr:	33
Title:	Cyberinfrastructure Resilience Index against Ransomware Using Markov Chain Modeling and Tensor Computation
Authors:	Fred Kembamba and Javed I. Khan
Abstract:	Ransomware has emerged as a critical cybersecurity threat. Attacks increasingly target large-scale infrastructures, causing operational disruptions, data loss, and financial damage. Traditional defense strategies focus on identifying vulnerabilities and deploying countermeasures to mitigate them. However, they cannot often quantify system resilience, its ability to withstand, absorb, and recover from ransomware at various stages. This paper introduces the Ransomware Vulnerability Progression Index (RVPI), which models ransomware progression as a series of probabilistic transitions between defined system states: Emergent, Vulnerable, Attacked, and Compromised. The framework uses a hybrid structure of multistage Petri nets and hierarchical Markov chains. It captures both the dynamic nature of ransomware threats and the influence of implemented security controls. RVPI enables organizations to measure exposure, track improvements over time, and compare resilience across units or industry peers. It supports granular scoring of each attack phase, offering actionable insights into how specific defense strategies impact risk reduction. RVPI also scales to complex infrastructures involving human, software, and network components. At a national level, RVPI offers a standardized tool for benchmarking sector-wide resilience and guiding policy interventions. This framework addresses a critical gap in cybersecurity research by providing a quantitative, system-wide approach to ransomware-resilience assessment.
Download

Paper Nr:	93
Title:	Privacy-Preserving Protocol for Computing Majority with Adjustable Threshold
Authors:	Kittiphop Phalakarn
Abstract:	Computing majority is a simple but useful function. The goal is to output the value that is input by more than half of the clients. It can be applied to several applications, including voting protocol and fault-tolerant computing. There exist some previous works in the literature, which are specifically designed for this task, but their privacy-preserving protocols support only binary inputs, and the threshold of the majority function is fixed. In this paper, we propose a privacy-preserving protocol for computing majority with adjustable threshold to address the above limitations. Firstly, we propose conditional disclosure of secrets (CDS) schemes for majority function, which can be of independent interest. The main techniques used are Shamir secret sharing scheme, Reed-Solomon error correction code, and their relation. After that, we apply fully homomorphic encryption to the proposed CDS scheme to make it a privacy-preserving protocol. Compared to the previous works, ours supports any range of inputs and has adjustable threshold. In addition, our protocol is non-interactive and has constant rounds of communication.
Download

Paper Nr:	94
Title:	LLM-Driven Python-to-Rust Translation for Efficient and Safe Code for Neural Networks: llm4py2rs
Authors:	Rupesh Raj Karn, Johann Knechtel, Siddharth Garg, Ramesh Karri and Ozgur Sinanoglu
Abstract:	We present llm4py2rs, an automated, LLM-driven system for translating Python code into memory-efficient and safe Rust code, with a focus on advancing neural network (NN) training. Modern NN frameworks can face significant memory overhead and security risks due to Python’s reliance on loosely managed dependencies. To tackle this, llm4py2rs introduces a two-stage pipeline: first, translating Python code to an intermediate C representation, ensuring behavioral transparency and efficiency; second, leveraging an automated feedback loop to detect vulnerabilities and enforce memory safety while generating Rust code. Additionally, we compare our two-stage pipeline against direct Python-to-Rust translation without the intermediate C step, highlighting improvements in translation efficiency and correctness. By bridging Python’s accessibility with Rust’s efficiency and safety paradigms, llm4py2rs helps to harden NN training pipelines. We validate our method end-to-end across diverse applications, demonstrating on average 10× reduced memory usage compared to Python frameworks, alongside the elimination of common vulnerabilities such as buffer overflows and data races.
Download

Paper Nr:	98
Title:	Enhancing Robustness against Transient Variability in Touch-Based Authentication via Cluster-Wise Feature Dropout Ensemble
Authors:	Taiki Furukawa and Hayato Yamana
Abstract:	Touch-based authentication is a promising approach to continuously secure smartphones, as users interact with their devices primarily through touch. While touch patterns differ among users, they can also vary for the same user depending on environmental and physical conditions, leading to performance degradation in authentication systems. To explicitly handle such transient variability, this paper proposes a novel approach that clusters features based on their correlations and trains multiple classifiers, each excluding a distinct cluster of features, making each classifier less sensitive to variations in that particular subset of features. This design is motivated by the intuition that different transient factors selectively affect different subsets of features; for example, shifts in hand position may alter spatial features, but not velocity- or pressure-related features. By integrating the outputs of the classifiers, the system can make predictions without depending on specific feature groups, thereby improving its robustness against transient variations in the features. Experimental evaluations on three publicly available datasets using three widely adopted machine learning algorithms showed significant improvement in two datasets across all algorithms, while showing limited improvement in one dataset. These results confirm that the proposed approach is model-agnostic and effectively enhances robustness against transient variability.
Download

Paper Nr:	99
Title:	Securing Hyper-Dimensional Computing: A Locking Mechanism with FPGA Implementation
Authors:	Rupesh Raj Karn, Paul R. Genssler, Hussam Amrouch and Ozgur Sinanoglu
Abstract:	Hyper-dimensional computing represents an advanced paradigm in computational systems, harnessing multi-dimensional data structures for enhanced processing capabilities. However, its security vulnerabilities demand innovative countermeasures. We propose the integration of a logic locking mechanism to fortify the resilience of hyper-dimensional computing against unauthorized access and tampering. To validate the efficacy of our approach, we present an FPGA implementation using a standard benchmark of image recognition. Our experimental results demonstrate the successful application of locking the hypervectors and projection matrix in safeguarding hyper-dimensional computing, showcasing robust protection against brute-force attacks and partial key guesses.
Download

Paper Nr:	110
Title:	Method for Reducing Atmospheric Turbulence Effects Using Multiple Invisible Laser Irradiation for Dynamic Fake QR Codes
Authors:	Ayari Higashiizumi, Dai Itakura, Masayoshi Matsui, Taiga Manabe, Hiroshi Yamamoto, Yoshihisa Takayama and Toshihiro Ohigashi
Abstract:	Dynamic fake QR codes can be decoded into different information by irradiated with an invisible laser. However, in conventional single-laser-irradiation methods, atmospheric turbulence frequently causes the decoded information to switch between legitimate or various information, making such attacks easier to detect. In this study, we propose a method that makes laser-irradiation attacks challenging to detect, by preventing the injected signal from being decoded as legitimate information. An additional laser is used to guide alternative information. Experimental results show that the proposed method improves decoding stability under atmospheric turbulence. These findings suggest a more covert and robust approach for optical information injection attacks using dynamic fake QR codes.
Download

Paper Nr:	112
Title:	When Only Parts Matter: Efficient Privacy-Preserving Analytics with Fully Homomorphic Encryption
Authors:	Alexandros Bakas and Dimitrios Schoinianakis
Abstract:	The increasing reliance on cloud-based computation for data-intensive applications raises critical concerns about data confidentiality. Fully Homomorphic Encryption (FHE) provides strong theoretical guarantees by allowing computations over encrypted data, but its high computational cost limits its practicality in largescale scenarios such as image analysis or matrix-based workloads. In this work, we introduce ΠROI, a hybrid privacy-preserving computation protocol that leverages region-based selective encryption. The core idea is to encrypt only the sensitive Regions of Interest (ROIs) under an FHE scheme, while keeping the remaining, nonsensitive parts of the data in plaintext. This approach achieves end-to-end confidentiality for sensitive regions while significantly improving computational efficiency. We formally define the security of ΠROI through an ideal functionality Fproc and prove that it securely realizes Fproc against a semi-honest cloud service provider under standard cryptographic assumptions (IND-CPA, IND-CCA2, EUF-CMA, and collision-resistance). Experimental evaluation demonstrates that ΠROI offers substantial performance gains in mixed-sensitivity workloads.
Download

Paper Nr:	118
Title:	Towards AI-Driven Framework of Automating Cloud Security Orchestration
Authors:	Hamza Aabirrouche, Eddy Caron and Redhouane Messaoud
Abstract:	In this paper, we present an AI-driven framework for securing Cloud deployments by integrating proactive compliance enforcement with adaptive threat detection. The proposed approach contributes in two primary ways. First, it addresses infrastructure hardening. Security directives and best practices (e.g., NIST, CIS, GDPR) are formalized through an ontology-based model. This model enables a fine-tuned Large Language Model (LLM) to automatically generate secure Infrastructure-as-Code (e.g., Terraform) artifacts and custom static analysis rules (e.g., Checkov). A dedicated analysis engine continuously validates these artifacts against compliance requirements, supporting iterative refinement to ensure policy conformance prior to deployment. Second, it focuses on post-deployment threat detection. A complementary LLM, trained on structured mappings among Sigma rules, MITRE ATT&CK, and CVEs, ingests real-time threat intelligence to detect emerging attack patterns. Upon identifying detection gaps, the model generates tailored Sigma rules that are automatically converted and deployed to SIEM platforms (e.g., ELK), and subsequently validated using simulated log scenarios before activation. Overall, this dual-layered approach-combining proactive policy enforcement with reactive threat detection-constitutes a scalable and automated framework that enhances the security lifecycle of modern Cloud environments.
Download

Paper Nr:	123
Title:	Anonymous Location-Based Advertising with Fine-Grained Statistics
Authors:	Gizem Akman, Kuan Eeik Tan and Valtteri Niemi
Abstract:	Coupons and discounts are essential in modern marketing to attract new customers and improve sales. Digital marketing has further amplified their impact, making electronic coupons (e-coupons) a key strategy for targeted promotions. However, e-coupons are vulnerable to fraud. Counterfeit coupons, phishing scams, and malware attacks pose risks to both businesses and customers. These threats emphasize the need for secure and privacy-preserving e-coupon systems. Proximity marketing, which uses location-based technologies to engage customers in real-time, has emerged as an effective tool for targeted promotions. Businesses can send personalized offers to customers in proximity, enhancing engagement and conversion rates. This paper presents a privacy-preserving e-coupon application that integrates location-based marketing while maintaining user anonymity. Our approach enables businesses to measure the impact of e-coupon distribution on marketing by providing fine-grained location-based statistics without compromising user privacy. The security and privacy of the protocol for the privacy-preserving e-coupon application are formally verified using ProVerif.
Download

Paper Nr:	127
Title:	Automated Distribution of Out-of-Band Key Material in Virtual Private Networks
Authors:	David Schatz, Hedwig Koerfgen and Guenter Schaefer
Abstract:	Business Trip Key Exchange (BTKE) is a novel approach to distribute symmetric key material in virtual private networks (VPNs). The main idea is to distribute key material in an automated way during business trips of employees. In this article, we present a protocol for the secure transfer of key material between VPN gateways and mobile devices carried by employees during trips, including aspects like secure persistent storage, and replacement of old key material if required. Using a stochastic travel model representing realistic scenarios, we show that BTKE is able to quickly distribute key material within the VPN. In result, and in combination with multipath key reinforcement (MKR) and post-quantum cryptography (PQC), BTKE is able to provide an additional security layer to realize quantum-resistant VPNs.
Download

Paper Nr:	132
Title:	Prevention of Bitcoin Loot in Bitcoin Lightning Network
Authors:	Sujit Sangram Sahoo, Akash Kumar, Pravas Ranjan Bal and Abinash Mishra
Abstract:	Lightning Network vows to mitigate Bitcoin’s known scalability issues, and the quick payment process creates the problem of flood and loot attacks, i.e., a known threat to users. To address the issue, the proposed framework tries to prevent coin looting and stop flooding. It introduces a fee hike mechanism for the initial funding transaction in such a way that the victim prevents the malicious activity on off-chain without main chain concern. The advantage is that the final authentication reduces the fee economically by targeting the regular mining fee. Furthermore, the off-chain agreement incurs the least time and discourages channel closure across the entire network. By recognising the base scheme, it also prevents HTLC flooding, i.e., a similar message pattern from the source to the destination. All participating nodes work remotely, and a specific participant attacks in parallel to other target nodes.
Download

Paper Nr:	140
Title:	Non-Authorized User Detection Using Pupils Position Information During Inputting PIN Codes
Authors:	Sachi Fujimoto and Masaki Inamura
Abstract:	In general, in user authentication methods that use PIN codes, if the code is leaked by some means, it is difficult to prevent unauthorized users from authenticating themselves, which can lead to account hijacking. Here, we hypothesize that there are differences in physical behavior during PIN code entry between authorized users who are accustomed to inputting PIN codes and unauthorized users who are not. Furthermore, by focusing on eye movements among these physical behaviors, we expect that installing cameras to track only eye movements could reduce the number of special fraud incidents by detecting unauthorized users based on differences in their eye movements. In this study, we measured the position of the pupils during PIN code entry using OpenPose and calculated the DTW (Dynamic Time Warping) distance from the obtained data to compare regular users and non-regular users.
Download

Paper Nr:	156
Title:	G.H.O.S.T: A Scalable Framework for Metadata-Resistant Messaging with Token-Based Incentives
Authors:	Igor Khokhlov, Yuriy Khokhlov and Owen Weissman
Abstract:	This paper introduces a novel privacy-enhanced messaging framework designed to obfuscate message recipients against sophisticated adversaries. Leveraging a probabilistic recipient obfuscation mechanism, our system transmits real messages alongside a variable number of fake messages, routed through dynamically constructed graph structures with tunable hop counts and branching factors. We define a quantifiable privacy metric based on Shannon entropy and demonstrate, through theoretical modeling and experimental simulations, that total system overhead grows exponentially with increasing privacy demands. To ensure sustainability and encourage participation, we propose a token-based incentivization model implemented on the Ethereum blockchain. This model creates a self-sustaining economy where users earn tokens for relaying traffic and spend them to send their own messages, aligning individual incentives with collective privacy goals. While preliminary results validate the privacy-overhead trade-off, further research is needed to fully quantify scalability across varying user bases and to refine the system’s robustness against statistical analysis.
Download

Paper Nr:	158
Title:	Physical Privacy through Reconfigurable Intelligent Surfaces on Visible Light Communication Systems
Authors:	Everton Alex Matos, Lucas Dias Hiera Sampaio and Luiz Carlos Pessoa Albini
Abstract:	The broadcast nature of radio-frequency(RF) transmissions facilitates the eavesdropping signals. Although encryption techniques enhance security, they cannot stop adversaries from receive the signal itself. On the other hand, Visible Light Communication (VLC) signals can be more effectively confined due to the physical boundaries imposed by light propagation, especially in indoor environments. When combined with beam-steering techniques, VLC can provide an additional layer of privacy and security, acting as a first line of defense against eavesdropping. This paper proposed the first multi-room VLC communication approach based on Reconfigurable Intelligent Surface (RIS), capable of controlling signal transmissions to enhance privacy. Results demonstrate that the proposed architecture are highly effective without interfering with system bandwidth.
Download

Paper Nr:	163
Title:	Offensive Security Testing of Aviation Systems: A Case Study of SWIM and Air Traffic Control Using the MITRE ATT&CK Framework
Authors:	Borna Radojčić, Severen Fernandes, Hannes Künstner, Jens Myrup Pedersen and Rasmus Løvenstein Olsen
Abstract:	The aviation domain is undergoing rapid digital transformation, exposing air navigation systems, surveillance, communication, and data sharing architectures to evolving cyber threats. While the MITRE ATT&CK framework is widely adopted in defense and detection contexts, its potential for guiding offensive security testing in aviation remains underexplored. In this paper, we present a structured methodology to map adversary emulation and penetration testing activities onto ATT&CK tactics and techniques, and apply it in a case study targeting System Wide Information Management (SWIM) and related Air Traffic Control (ATC) systems. We demonstrate how each phase of an offensive workflow, from reconnaissance to impact can be contextualized to aviation-specific assets, identify gaps in defenses, and derive mitigation strategies aligned with ATT&CK’s mitigations. Our results show that this approach can systematically uncover vulnerabilities in aviation systems and provide a common framework bridging offense and defense. We discuss challenges, limitations, and directions for further research.
Download

Area 3 - Applications and Services

Full Papers

Paper Nr:	31
Title:	Video Traffic Detection in VPN Network Using Lightweight Machine Learning Models
Authors:	Ludovic Chavalarias, Johann Laurent, Nicolas Bohelay and Dominique Heller
Abstract:	The rapid growth in internet traffic and encryption has made the traditional payload-based classification technique ineffective as it would require big, expensive probes. In this work, we address this issue by exploring the binary classification of network flow into multimedia and non-multimedia categories. The goal is to isolate one part of the traffic using only limited computational resources, thus reducing the workload of the probes. Namely, we want to isolate the multimedia part of the traffic using only a small set of temporal features extracted in real-time. Experimental results show that our lightweight approach rivals more complex models, giving the possibility of deploying our solution on low-cost FPGAs.
Download

Paper Nr:	37
Title:	VESPA: Vulnerability-Enhanced Selective Privacy Preservation Adaptation against Nucleotide Inference for Genomic Embeddings in Large Language Models
Authors:	Reem Al-Saidi, Erman Ayday and Ziad Kobti
Abstract:	Large language models have transformed the field of genomic analysis, but they pose risks because their embeddings can reveal private genetic information through nucleotide inference attacks. Unlike regular text, genomic sequences have specific positions that are more vulnerable-certain nucleotides, especially those at splice sites, are more likely to be exposed than others. Moreover, nucleotides in genomic sequences exhibit strong correlations due to biological constraints and functional relationships, revealing that the value of one position often leaks information about other positions, amplifying privacy risks across the sequence. We propose Vulnerability-Enhanced Selective Privacy Adaptation (VESPA), which provides targeted privacy protection tailored to each position’s vulnerabilities. VESPA includes Adaptive Dynamic Adversarial Perturbation (ADAP) and Adaptive Rounding (AR). Each of the VESPA protection approaches integrates attack performance metrics with biological importance and ensures privacy protection across related positions, applying stronger protection where it is most needed. We evaluated VESPA across six transformer models using the Homo Sapiens Splice Sites Dataset (HS3D). The results show that VESPA can reduce the success of inference attacks by up to 64% at high-risk positions, while maintaining utility of over 98% for subsequent analyses. Using Pareto frontier analysis, we examine the balance between protecting privacy and maintaining usefulness in various model designs. The study shows that models tailored to specific domains perform better in privacy and usefulness trade-offs, with each model performing best under different conditions. Our results help researchers choose the most suitable models for their specific needs, based on clear measures of privacy and usefulness, which supports the real-world use of private genomic language models.
Download

Paper Nr:	64
Title:	A Systematic Review of Artificial Intelligence in Air and Missile Defence
Authors:	Gabriel Guerrero-Contreras, Sara Balderas-Díaz, Leopoldo Gutiérrez-Galeano, Germán Fuentes Landi and Juan José Domínguez-Jiménez
Abstract:	This systematic review maps how artificial intelligence and machine learning are applied to threat awareness in aerial, missile, and hypersonic contexts from 2010 to 2025. In sensing and recognition, research progressed from interpretable radar micromotion features to convolutional–recurrent and attention architectures that learn spatiotemporal structure from range–Doppler, stepped-frequency, High-Resolution Range Profile (HRRP), point clouds, and kinematic telemetry. Trajectory prediction for hypersonic glide vehicles increasingly couples signal decomposition with hybrid neural models, while reinforcement learning reframes weapon–target assignment as sequential control. Evaluation practices remain heterogeneous and fragile for comparison, with varying metrics, a lack of strong baselines, limited propagation of uncertainty across the pipeline, and scarce reproducibility artefacts. Stress testing under realism, degraded Signal-to-Noise Ratio (SNR), track dropouts, out-of-family manoeuvres, contested electromagnetic conditions, is limited. Operationalisation is constrained by security architecture. Cross-Domain Solutions govern data movement, and verifiable human–autonomy teaming emphasises auditable behaviour and operator trust. Robustness to distribution shift, sensor degradation, and adversarial manipulation is the least developed dimension, while federated or edge inference appears sporadically. We identify three priorities that will move the field forward, namely shared benchmarks and metrics, fused ISR that operates under connectivity constraints, and assurance by design encompassing CDS-aware data flows, operator-centred teaming, and robustness as a first-class requirement.
Download

Paper Nr:	78
Title:	Breaking TEMPEST: Low-Frequency Bidirectional Covert Channel on Power Lines
Authors:	Thien Dan Balsdon, Arthur Grisel-Davy and Sebastian Fischmeister
Abstract:	The electrical power cable of an air-gapped target provides a medium that an attacker can exploit to establish covert communication. However, prior power line covert channels have been unidirectional and limited to short-range operation. In this work, we present a novel bidirectional power line covert channel that is compatible with any Power Management Bus (PMBus)-supported device and fully decoupled from the host software stack. Inbound and outbound communication is achieved by modulating the line voltage or the target’s power consumption to transmit data. In comparison to prior methods, this approach overcomes previous limitations in range, and effectively evades standard monitoring systems and military-grade Transient Electro Magnetic Pulse Emanation Standard (TEMPEST) power-line filters.
Download

Paper Nr:	117
Title:	Advancing Security Incident Analysis with LLMs: A Study Using a Novel Security Log Dataset
Authors:	Artur Nikitchuk and Hayretdin Bahsi
Abstract:	The scarcity of comprehensive, host-based intrusion datasets encompassing a wide range of tactics poses a significant challenge in digital forensics and incident response. Existing datasets are often narrowly focused, outdated, or concentrated on malware analysis or network-level data, lacking the forensic richness required for effective analysis. With the rapid advancement in machine learning, particularly LLMs, there is a growing need for well-developed security log datasets to assess these models’ capabilities in incident investigations. This paper introduces ”atomic-evtx,” an open-source, comprehensive Windows Event log dataset that addresses these gaps. The dataset includes realistic, up-to-date, and forensically rich logs from sources such as Sysmon, System, Security, Application, and Powershell logs, capturing artifacts from 1,064 attacks simulated using the Atomic Red Team Framework. These attacks are mapped to 13 different MITRE ATT&CK categories. Utilizing this dataset, we evaluate the threat detection and classification capabilities of LLMs through state-of-the-art prompt techniques. Our findings provide insights into the applicability of LLMs in enhancing log analysis during incident response and digital forensic processes. Based on our results, our dataset has great potential to facilitate further research in assessing LLMs for similar analytical tasks.
Download

Paper Nr:	135
Title:	Can Knowledge of Demographics and Privacy Parameters Break Location Privacy?
Authors:	Maja Schneider, Charini Nanayakkara, Peter Christen, Erik Buchmann and Erhard Rahm
Abstract:	Location-based applications offer increasingly personalized services to mobile users. Incorporating temporal and demographic information can further improve service quality. However, sharing such information carries the risk of leaking private data, including a user’s identity or further personal attributes. Differential Privacy (DP) is a widely accepted privacy notion to protect user data in this context. However, DP does not account for adversarial background knowledge, which can undermine privacy through context linking attacks. To design resilient privacy mechanisms, a systematic analysis is required to determine which pieces of background information pose the highest risk. In this work, we investigate whether knowing the privacy mechanism and semantic information can break DP and enable an adversary to reconstruct a user’s location. We evaluate which types of background knowledge contribute most to attack success by designing a series of attacks with increasing access to semantic context, such as points of interest (POIs), mobility statistics, demographic data, and privacy parameters. We conduct an extensive evaluation on two large datasets. Our results show that knowledge of POIs and typical mobility patterns, especially when combined with the privacy parameter, substantially increases attack success, particularly in rural areas and for certain demographic groups.
Download

Paper Nr:	177
Title:	Investigating the Influence of Black-Box Adversarial Machine Learning Attacks in Live Network Environments
Authors:	Udaya Bhaskar Guntupalli, Medha Pujari, Jalal Abdel Halim and Weiqing Sun
Abstract:	The integration of machine learning (ML) into intrusion detection systems (IDS) has significantly improved attack detection capabilities, yet introduces new vulnerabilities to adversarial manipulation. This paper presents a comprehensive evaluation of ML-based IDS robustness against black-box adversarial attacks, extending beyond traditional offline metrics to include live network validation. We train Random Forest (RF), Decision Tree (DT), and Support Vector Machine (SVM) classifiers on the CICIDS-2017 dataset and evaluate them against adversarial samples generated using Genetic Algorithm (GA) and Particle Swarm Optimization (PSO). Crucially, we implement a complete validation pipeline that reconstructs adversarial flows and replays them in an isolated network environment. Results demonstrate that tree-based models achieve near-complete evasion (100%) under adversarial conditions, while SVM shows variable resistance (0-66% evasion) depending on the attack type. The live network validation reveals that protocol-driven attacks (FTP, SSH, PortScan) maintain full functionality post-perturbation, whereas high-volume attacks (Hulk, DDoS) suffer significant degradation. This work provides the first empirical evidence that adversarial vulnerabilities demonstrated offline translate to practical exploitability in the operational network environments.
Download

Paper Nr:	178
Title:	Enhancing Continual Learning for Software Vulnerability Prediction: Addressing Catastrophic Forgetting via Hybrid‑Confidence‑Aware Selective Replay for Temporal LLM Fine-Tuning
Authors:	Xuhui Dou, Hayretdin Bahsi and Alejandro Guerra-Manzanares
Abstract:	Recent work applies Large Language Models (LLMs) to source-code vulnerability detection, but most evaluations still rely on random train--test splits that ignore time and overestimate real-world performance. In practice, detectors are deployed on evolving code bases and must recognise future vulnerabilities under temporal distribution shift. This paper investigates continual fine-tuning of a decoder-style language model (microsoft/phi-2 with LoRA) on a CVE-linked dataset spanning 2018--2024, organised into bi-monthly windows. We evaluate eight continual learning strategies, including window-only and cumulative training, replay-based baselines and regularisation-based variants. We propose Hybrid Class-Aware Selective Replay (Hybrid-CASR), a confidence-aware replay method for binary vulnerability classification that prioritises uncertain samples while maintaining a balanced ratio of VULNERABLE and FIXED functions in the replay buffer. On bi-monthly forward evaluation Hybrid-CASR achieves a Macro-F1 of 0.667, improving on the window-only baseline (0.651) by 0.016 with statistically significant gains ($p = 0.026$) and stronger backward retention (IBR@1 of 0.741). Hybrid-CASR also reduces training time per window by about 17 percent compared to the baseline, whereas cumulative training delivers only a minor F1 increase (0.661) at a 15.9-fold computational cost. Overall, the results show that selective replay with class balancing offers a practical accuracy--efficiency trade-off for LLM-based temporal vulnerability detection under continuous temporal drift.
Download

Short Papers

Paper Nr:	20
Title:	ML-Based Intrusion Detection in IoT/IIoT with Privacy-Aware Offloading to Cloud SIEM
Authors:	Emmanuel Tuyishime, Petru A. Cotfas, Titus C. Balan, Alexandre Rekeraho, Daniel T. Cotfas and Vlad Popescu
Abstract:	Securing Internet of Things and Industrial Internet of Things deployments remains challenging due to resource-constrained devices, high-volume traffic, and stringent privacy requirements. This paper presents a lightweight machine learning-based intrusion detection system architecture designed for edge-cloud deployments. The system executes inference directly on a resource-constrained IoT edge device, enabling localized threat detection without dependence on external processing layers. To preserve data privacy, a hybrid logging mechanism is implemented: raw network traffic is retained at a local fog server, while only structured alerts are securely forwarded to Microsoft Sentinel, a cloud-based Security Information and Event Management platform. This design minimizes the exposure of sensitive data, reduces log volume, and enables real-time centralized analytics. Experimental evaluation under multiple attack scenarios demonstrates that edge-based inference achieves low-latency detection, operational autonomy, and resilience, validating its feasibility in constrained environments.
Download

Paper Nr:	39
Title:	Uncertainty-Aware Reinforcement Learning for Zero Trust: An Empirical Evaluation of PPO, MC Dropout, and Bayesian Neural Networks
Authors:	Vikram Kalekar
Abstract:	Implementing Zero Trust Architecture (ZTA) in dynamic enterprise environments is challenging; traditional static access policies often suffer from policy drift and fail to adapt to evolving attack vectors. While Reinforcement Learning (RL) offers a promising avenue for automated, adaptive decision-making, conventional algorithms often exhibit instability and overconfidence when facing rare or ambiguous security events. To address this gap, this study evaluates uncertainty-aware RL methods for ZTA decision-making using two real-world datasets: CICIDS2017 network flows and the LANL Authentication Dataset. Three approaches were assessed: Proximal Policy Optimization (PPO), Monte Carlo (MC) Dropout, and Bootstrapped Bayesian Neural Networks (BBN). The results demonstrate that while PPO exhibits learning instability, incorporating uncertainty estimation significantly improves performance. BBN surpassed both alternatives, achieving higher rewards, faster convergence, and superior resilience. These findings indicate that Bayesian and ensemble methods provide distinct advantages for robust, automated Zero Trust execution.
Download

Paper Nr:	100
Title:	Boosting Phishing Detection with Graph Neural Networks
Authors:	Dominique Portenier, Noah Lichtenecker and Ariane Trammell
Abstract:	Phishing remains a persistent and prevalent threat in cybersecurity. In the first quarter of 2025 an astonishing one million unique phishing websites have been reported by the Anti-Phishing Working Group, proofing the severeness of this threat. While many defensive measures still rely on manual reporting also automated phishing detection pipelines exist. In this work we evaluate the usefulness of graph neural networks for automated phishing detection pipelines. We build multiple phishing detection pipelines based on passive DNS data and show that we can increase the classification accuracy from 85% to 90% when leveraging Graph Neural Networks in the preprocessing stage.
Download

Paper Nr:	131
Title:	Enhanced Malicious URL Filtering in Big Data Systems Using Machine Learning and Bloom Filters
Authors:	Abdeslam El-yahyaoui, Ahmed Lbouchouari and Mohammed Erradi
Abstract:	Big Data analysis systems extract vast amounts of data from various open sources such as social networks or proprietary data to extract valuable insights. The extracted data can potentially contain malicious URLs. Such URLs could serve as entry points for cyberattacks, leading to data breaches, system compromises, and financial losses. It is essential to filter these malicious URLs to protect the system against such threats. Traditional URL classification approaches are time-consuming, introducing latency to the Big Data system and negatively impacting the user experience. In addition, existing machine learning based methods for URL classification could be attacked and tricked to misclassify malicious URLs as benign. Therefore, there is a need to tackle these problems towards fast and robust URL processing and classification techniques. Probabilistic data structures such as Bloom Filters -a space-efficient tool for membership testing- enable fast filtering of predefined URL sets with exceptionally small query times. In this work, we propose an approach that combines machine learning with Bloom Filters. The suggested approach relies on a three-layered Bloom Filter, reducing the false positives while lowering the computational load on the classifier. This approach achieves an accuracy of 0.9915 and processes more than 260 URLs per second in the worst case, and more than 7690 URLs per second in the optimal case. Regarding the robustness, the generation of adversarial URLs dropped from over 106,300 to no more than 10.
Download

Paper Nr:	167
Title:	FIDELIS: Blockchain-Enabled Protection against Poisoning Attacks in Federated Learning
Authors:	Jane Carney, Kushal Upreti, Gaby G. Dagher and Tim Andersen
Abstract:	Federated learning enhances traditional deep learning by enabling the joint training of a model with the use of IoT device’s private data. It ensures privacy for clients, but is susceptible to data poisoning attacks during training that degrade model performance and integrity. Current poisoning detection methods in federated learning lack a standardized detection method or take significant liberties with trust. In this paper, we present FIDELIS, a novel blockchain-enabled poison detection framework in federated learning. The framework decentralizes the role of the global server across participating clients. We introduce a judge model used to detect data poisoning in model updates. The judge model is produced by each client and verified to reach consensus on a single judge model. We implement our solution to show FIDELIS is robust against data poisoning attacks and the creation of our judge model is scalable.
Download

Paper Nr:	168
Title:	ReDoS-M: A Dataset of Multi-Label Regrettable Disclosures on Social Media
Authors:	Hervais Simo, Michael Kreutzer and Javor Nikolov
Abstract:	Research on automated detection of regrettable disclosures in online social networks (OSN) is limited by the lack of large-scale, semantically rich, and fine-grained annotated datasets. Existing datasets often provide narrow coverage and conflate regret with related phenomena such as toxicity or hate speech, hindering robust modeling of regret-specific cues. To address these limitations, we introduce ReDoS-M, a large-scale, multi-source corpus constructed via a hybrid annotation pipeline that combines crowd-sourced labeling, transformer-based self-training, and enrichment with Sentiment–Moral–Emotion (SME) features. Starting from a collection of more than 5.5M user-generated posts and comments gathered from platforms such as Reddit and X (formerly Twitter), we derive four complementary corpora ranging from 4.27M to 5.13M annotated items, reflecting different annotation and label-fusion strategies. We evaluate ReDoS-M in terms of label coverage and downstream utility by training and evaluating six transformer-based models (DeBERTa and XLM-RoBERTa variants, with and without SME and Large Language Model-generated features). Across the ReDoS-M corpora, all six models achieve strong performance, with micro-F1 scores exceeding 0.98 and AUC values above 0.99 in the best settings, demonstrating that ReDoS-M supports effective and generalizable detection of regrettable OSN disclosures. Overall, ReDoS-M constitutes a comprehensive and scalable foundation for advancing research on fine-grained modeling and classification of regrettable disclosures in OSN environments.
Download

Paper Nr:	169
Title:	DRAPEbot: An AI Chatbot Assistant for the DRAPE Platform
Authors:	Anna Sellani, Francisco Bischoff and Ana Ferreira
Abstract:	Regulatory requirements from GDPR need to be widely applied in every context and domain that processes personal data from European citizens. However, such requirements are also complex and difficult to implement in practice, especially when lacking the required expertise, knowledge, and resources, as is the case of many European organisations. This work aims to develop an AI chatbot, DRAPEbot, to support the literacy on GDPR compliance within the healthcare research environment. The chatbot was implemented using open-source technologies, and after some iterations, DRAPEbot was responding in a quicker, clearer and more concise way, having the necessary base knowledge to provide support for the most relevant themes within the regulation, such as main definitions, principles, subject rights, consent, and other aspects of the law. This work contributes to the much-needed discussion regarding the use of AI to support legal compliance, while also increasing awareness to the risks associated with the easiness and simplicity of developing AI tools. Future work will involve conducting additional tests to assess the robustness, trust, and usability of DRAPEbot, as well as performing a risk assessment to mitigate potential risks.
Download

Paper Nr:	175
Title:	Explainable Risk Translation Layer for Cloud Cybersecurity: From Technical Vulnerability Signals to Economic Impact
Authors:	Celia Cabello Collado, Víctor Adsuar Abaldea, Antonio Jimeno Morenilla and Higinio Mora Mora
Abstract:	Organizations operating cloud-based systems receive a continuous stream of technical security findings-vulnerabilities, misconfigurations and identity risks-expressed in specialized metrics such as CVSS v4, EPSS, KEV and CSPM/IAM alerts. However, these signals are rarely translated into decision-ready economic indicators, such as expected loss, mitigation effort or return on investment (ROI) of remediation options. This paper proposes an explainable Risk Translation Layer (RTL) that systematically maps heterogeneous technical metrics into economic and operational indicators suitable for executive decision-making. The RTL combines (i) standardized technical signals (CVSS v4, EPSS, KEV, CSPM, IAM), (ii) business parameters (service criticality, revenue per hour, SLA penalties, remediation costs), and (iii) a hybrid AI layer that integrates rule-based reasoning, probabilistic modelling and supervised learning with explainability (XAI). The work is positioned with respect to classical economic models of security investment and quantitative frameworks such as FAIR and MAGIC, and to recent advances in vulnerability enrichment and hybrid AI for trustworthy decision-support. We formalize the translation problem, present a proof-of-concept pipeline on a representative cloud-service scenario, define research questions and hypotheses, and outline a validation strategy that leverages observable proxies-remediation behaviour, SLA impact and expert benchmarks-in lieu of directly observing realized financial losses. The contribution is intended as a step towards an automated, explainable and empirically grounded “FAIR-lite” approach for cloud-centric cyber risk quantification. This paper presents a work-in-progress towards an AI-assisted risk translation layer, focusing on architectural design, explainability requirements, and initial feasibility insights rather than finalized empirical results.
Download

Paper Nr:	179
Title:	Exploring Robust Intrusion Detection: A Benchmark Study of Feature Transferability in IoT Botnet Attack Detection
Authors:	Alejandro Guerra-Manzanares and Jialin Huang
Abstract:	Cross-Domain intrusion detection remains a critical challenge due to significant variability in network traffic characteristics and feature distributions across environments. This study evaluates the transferability of three widely used flow-based feature sets (Argus, Zeek and CICFlowMeter) across four widely used datasets representing heterogeneous IoT and Industrial IoT network conditions. Through extensive experiments, we evaluate in- and cross-domain performance across multiple classification models and analyze feature importance using SHapley Additive exPlanations (SHAP). Our results show that models trained on one domain suffer significant performance degradation when applied to a different target domain, reflecting the sensitivity of IoT intrusion detection systems to distribution shifts. Furthermore, the results evidence that the choice of classification algorithm and feature representations significantly impact transferability. Beyond reporting performance differences and thorough analysis of the transferability of features and features spaces, we provide practical guidelines for feature engineering to improve robustness under domain variability. Our findings suggest that effective intrusion detection requires both high in-domain performance and resilience to cross-domain variability, achievable through careful feature space design, appropriate algorithm selection and adaptive strategies.
Download

Paper Nr:	184
Title:	MI²DAS: A Multi-Layer Intrusion Detection Framework with Incremental Learning for Securing Industrial IoT Networks
Authors:	Wei Lian and Alejandro Guerra-Manzanares
Abstract:	The rapid expansion of Industrial IoT (IIoT) systems has amplified security challenges, as heterogeneous devices and dynamic traffic patterns increase exposure to sophisticated and previously unseen cyberattacks. Traditional intrusion detection systems often struggle in such environments due to their reliance on extensive labeled data and limited ability to detect new threats. To address these challenges, we propose MI2DAS, a multi-layer intrusion detection framework that integrates anomaly-based hierarchical traffic pooling, open-set recognition to distinguish between known and unknown attacks and incremental learning for adapting to novel attack types with minimal labeling. Experiments conducted on the Edge-IIoTset dataset demonstrate strong performance across all layers. In the first layer, GMM achieves superior normal-attack discrimination (accuracy = 0.953, TPR = 1.000). In open-set recognition, GMM attains a recall of 0.813 for known attacks, while LOF achieves 0.882 recall for unknown attacks. For fine-grained classification of known attacks, Random Forest achieves a macro-F1 of 0.941. Finally, the incremental learning module maintains robust performance when incorporating novel attack classes, achieving a macro-F1 of 0.8995. These results showcase MI2DAS as an effective, scalable and adaptive framework for enhancing IIoT security against evolving threats.
Download

Paper Nr:	27
Title:	A Modular GDPR Compliance Framework for Content Management Systems: Architectural Coordination and Performance Optimization in Plugin-Based Environments
Authors:	Panagiotis Nikolaidis and Costas Iordanou
Abstract:	Enforcing General Data Protection Regulation compliance in plugin-based Content Management Systems like WordPress presents significant technical challenges due to the lack of native compliance mechanisms and the fragmentation of existing solutions. This paper presents a modular, coordination-centric GDPR compliance framework that integrates consent management, AES-256 encryption, role-based access control, and cryptographic audit logging for WordPress’s distributed architecture. Our framework introduces an event-driven coordination layer enforcing consistent privacy policies across heterogeneous plugins, performance optimizations achieving sub-400ms overhead, and automated compliance validation covering consent, retention policies, and cross-border transfers. Evaluation through controlled experiments demonstrates 96% violation detection with 3% false positives, 70-90ms response time overhead at typical loads, and 98.3% reduction in manual compliance effort while maintaining 98%+ accuracy.
Download

Paper Nr:	40
Title:	Emergency Traffic Control with Capability-Based Access Control for the V2X Communication Environment
Authors:	Ryu Watanabe, Jun Kurihara, Toshiaki Tanaka and Kouichi Sakurai
Abstract:	This paper proposes a capability-based access control (CAP-BAC) mechanism for vehicle-to-everything (V2X) environments. A representative application of V2X is the priority control of emergency vehicles. However, if such control is not implemented securely, malicious manipulation of traffic lights could disrupt traffic flow. Since communication with vehicles is subject to strict constraints, a lightweight and reliable approach is required. CAP-BAC well meets these requirements. The proposed method enables secure and efficient traffic control. We also conducted a fundamental experiment to demonstrate the effectiveness of the proposed method.
Download

Paper Nr:	66
Title:	Detecting Attack Patterns in Windows Registry Using CTI: A BERT-Based Approach
Authors:	Leanne Briffa, Claudia Borg and Mark Vella
Abstract:	Indicators of Compromise (IoCs) for threat hunting and detection purposes are sourced from unstructured Cyber Threat Intelligence (CTI). While automating extraction with regular expressions is possible for most basic IoCs, in this work, we show that, for attack-pattern-related IoCs, context is key, warranting the use of transformer-based language models for Named Entity Recognition (NER). This paper explores this proposition by using Windows Registry Modification attacks as a case study. We make two key contributions: (1) Compare different pre-training paradigms, including general-purpose BERT, security-specific SecureBERT, and models continually pre-trained on non-CTI but registry-relevant text from Microsoft Technical Notes, and show that SecureBERT consistently achieves superior performance (F1 score > 0.9); and (2) An augmented CTI NER dataset based on curated samples and Prompt-based Text Data Augmentation to address CTI data scarcity. Finally, a hybrid extraction pipeline combining regular expressions and fine-tuned models is proposed to automate threat-hunting/detection processes fully.
Download

Paper Nr:	79
Title:	BetChain: Reinventing e-Betting with Trustless NFT-Driven Bets
Authors:	Alexios Lymperis, Harald Gjermundrød and Ioanna Dionysiou
Abstract:	Prediction markets are open financial platforms that facilitate forecasting of specific outcomes through economic incentives. A core component of these markets is the trading of bets on event outcomes, which are typically subject to strict oversight by relevant state or national regulatory bodies. Currently, bettors are unable to trade their positions in a peer-to-peer fashion; the only available option is to return the bet to the original issuer, typically a bookmaker, for a fee. This restriction stems from several concerns, including the inability to verify buyer eligibility (e.g., age) and risks associated with money laundering. To the best of the authors’ knowledge, Nevada remains the sole U.S. state to have legalized the trading of sports bets, having done so in 2015. This paper proposes a novel framework for the issuance and peer-to-peer trading of bets through the use of non-fungible tokens (NFTs), addressing the aforementioned concerns while advancing the capabilities of e-sports betting platforms.
Download

Paper Nr:	130
Title:	MAWIFlow Benchmark: Realistic Flow-Based Evaluation for Network Intrusion Detection
Authors:	Joshua Schraven, Alexander Windmann and Oliver Niggemann
Abstract:	Flow-based Network Intrusion Detection Systems (NIDS) are typically evaluated on synthetic or short-lived benchmarks that emphasize snapshot accuracy and neglect temporal robustness. Recent studies have shown that widely used datasets such as CIC-IDS2017 contain design flaws and artifacts, casting doubt on near-perfect headline scores. In contrast, operational NIDS must cope with long-term changes in traffic, attack patterns, and annotation quality. This position paper introduces MAWIFlow, a benchmark that derives labeled flows from MAWILab v1.1 over multiple years and preserves its anomaly semantics. We construct a scalable preprocessing pipeline, define strictly time-respecting training and test splits, and instantiate representative tabular baselines and a CNN-BiLSTM model. Long-horizon robustness is quantified via a horizon-limited normalized Area Under Time (nAUT) metric adapted from concept-drift-aware evaluation. Experiments on MAWILab flows from 2007–2024 show that all models suffer substantial performance decay on future years, with 2–3 year training windows offering the best trade-off between initial accuracy and long-term robustness. Code and sampled benchmark subsets are publicly availablea
Download

Paper Nr:	141
Title:	Utilising Cloud Services in Local Governments as Digital Transformation Booster by Mastering Information Security Duties
Authors:	Michael Diener and Thomas Meuche
Abstract:	The digital transformation of public administration is becoming increasingly important for Europe’s competitiveness. Cloud services are being used more and more to manage this transformation. However, public administration has long ignored this paradigm, resulting in major challenges to securely managing cloud solutions. Meanwhile, the number of successful cyberattacks on IT infrastructure in this sector has increased significantly in recent months. This empirical study examines the current state of public cloud services and the related information security challenges and responsibilities of over 500 local German governments. Based on these findings, recommendations are made to improve the security of public cloud services in this domain.
Download

Paper Nr:	143
Title:	A Scrutiny of SLMs’ Performances for Mobile Malware Detection
Authors:	Zhe Deng, Ants Torim, Hayretdin Bahsi and Sadok Ben Yahia
Abstract:	Mobile malware detection is often studied using complex feature sets and heavy models, which are impractical for constrained or label-scarce settings. This paper presents a benchmark study of machine learning (ML) models and lightweight small language models (SLMs) for mobile malware detection using permission-based features. We evaluate multiple prompt strategies and feature selection methods. While supervised ML achieves the highest accuracy of 94.88%, SLMs, such as GPT-4o-mini, reach 86.95%, and open-weight models achieve good performance without fine-tuning, outperforming unsupervised baselines and establishing them as promising, training-free tools in hybrid malware detection pipelines. This establishes a reproducible baseline for future work with richer feature sets and advanced SLM techniques.
Download