ML Security Papers

ML Security Papers

Latest papers

315 papers

defense arXiv Apr 30, 2026 · 21d ago

AdaBFL: Multi-Layer Defensive Adaptive Aggregation for Bzantine-Robust Federated Learning

Zehui Tang, Yuchen Liu, Feihu Huang · Nanjing University of Aeronautics and Astronautics · MIIT Key Laboratory of Pattern Analysis and Machine Intelligence

Adaptive aggregation defense for federated learning that dynamically adjusts weights across multiple defense layers to counter Byzantine poisoning attacks

Data Poisoning Attack federated-learning

defense arXiv Apr 29, 2026 · 22d ago

SafeTune: Mitigating Data Poisoning in LLM Fine-Tuning for RTL Code Generation

Mahshid Rezakhani, Nowfel Mashnoor, Kimia Azar et al. · University of Central Florida

Dual-layer filtering framework detecting poisoned training data in LLM RTL generation via GNN structural analysis and semantic prompt verification

Data Poisoning Attack Model Poisoning Training Data Poisoning nlpgenerative

attack arXiv Apr 25, 2026 · 26d ago

Toward Polymorphic Backdoor against Semantic Communication via Intensity-Based Poisoning

Xiao Yang, Yuni Lai, Gaolei Li et al. · Shanghai Jiao Tong University · Hong Kong Polytechnic University +1 more

Polymorphic backdoor attack on semantic communication systems using intensity-graded triggers for multiple target outputs plus provable defense

Model Poisoning Data Poisoning Attack visionmultimodal

defense arXiv Apr 25, 2026 · 26d ago

Scalable and Verifiable Federated Learning for Cross-Institution Financial Fraud Detection

Prajwal Panth, Nishant Nigam · KIIT Deemed to be University

Federated learning protocol with sharded aggregation and integrity checks defending gradient inversion and poisoning in cross-bank fraud detection

Model Inversion Attack Data Poisoning Attack federated-learningtabular

defense arXiv Apr 24, 2026 · 27d ago

Train in Vain: Functionality-Preserving Poisoning to Prevent Unauthorized Use of Code Datasets

Yuan Xiao, Jiaming Wang, Yuchen Chen et al. · Nanjing University · University of New South Wales +3 more

Dataset poisoning defense that injects compilable, functionality-preserving code fragments to degrade CodeLLM training with only 10% contamination

Data Poisoning Attack Training Data Poisoning nlp

attack arXiv Apr 24, 2026 · 27d ago

Sharpness-Aware Poisoning: Enhancing Transferability of Injective Attacks on Recommender Systems

Junsong Xie, Yonghui Yang, Pengyang Shao et al. · Hefei University of Technology · National University of Singapore

Data poisoning attack on recommender systems using sharpness-aware optimization to boost transferability across victim models

Data Poisoning Attack

attack arXiv Apr 23, 2026 · 28d ago

PermaFrost-Attack: Stealth Pretraining Seeding(SPS) for planting Logic Landmines During LLM Training

Harsh Kumar, Rahul Maity, Tanmay Joshi et al. · Manipal University Jaipur · National Institute of Technology Karnataka +3 more

Web-scale poisoning attack planting dormant backdoor triggers in LLM pretraining corpora via stealth websites indexed by Common Crawl

Data Poisoning Attack Model Poisoning AI Supply Chain Attacks Training Data Poisoning nlp

defense arXiv Apr 22, 2026 · 29d ago

Adaptive Defense Orchestration for RAG: A Sentinel-Strategist Architecture against Multi-Vector Attacks

Pranav Pallerla, Wilson Naik Bhukya, Bharath Vemula et al. · University of Hyderabad · Purdue University

Adaptive defense orchestration for RAG systems that selectively activates protections based on query risk, reducing utility cost while defending against membership inference and data poisoning

Membership Inference Attack Data Poisoning Attack Sensitive Information Disclosure nlp

attack arXiv Apr 18, 2026 · 4w ago

Visual Inception: Compromising Long-term Planning in Agentic Recommenders via Multimodal Memory Poisoning

Jiachen Qian · City University of Hong Kong

Multimodal memory poisoning attack that embeds visual triggers in images to hijack AI agent planning, plus dual-process defense

Input Manipulation Attack Data Poisoning Attack Prompt Injection Excessive Agency multimodalnlp

defense arXiv Apr 17, 2026 · 4w ago

Beyond Text Prompts: Precise Concept Erasure through Text-Image Collaboration

Jun Li, Lizhi Xiong, Ziqiang Li et al. · Nanjing University of Information Science and Technology · Southeast University +1 more

Defends text-to-image models by erasing unsafe concepts using text-image collaboration while preserving unrelated content fidelity

Data Poisoning Attack visiongenerative

attack arXiv Apr 16, 2026 · 5w ago

Subliminal Transfer of Unsafe Behaviors in AI Agent Distillation

Jacob Dang, Brian Y. Xie, Omar G. Younis · Santa Monica College · University of California +2 more

Unsafe agent behaviors transfer subliminally through distillation despite keyword filtering, achieving 100% deletion rates in students trained only on safe tasks

Transfer Learning Attack Data Poisoning Attack Excessive Agency nlp

defense arXiv Apr 16, 2026 · 5w ago

FedIDM: Achieving Fast and Stable Convergence in Byzantine Federated Learning through Iterative Distribution Matching

He Yang, Dongyi Lv, Wei Xi et al.

Byzantine-robust federated learning defense using distribution matching and negative contribution filtering to detect malicious clients

Data Poisoning Attack federated-learning

attack arXiv Apr 14, 2026 · 5w ago

PatchPoison: Poisoning Multi-View Datasets to Degrade 3D Reconstruction

Prajas Wadekar, Venkata Sai Pranav Bachina, Kunal Bhosikar et al. · International Institute of Information Technology

Lightweight adversarial patch attack poisoning multi-view image datasets to prevent unauthorized 3D reconstruction via Structure-from-Motion corruption

Data Poisoning Attack vision

defense arXiv Apr 13, 2026 · 5w ago

Exact Certification of Neural Networks and Partition Aggregation Ensembles against Label Poisoning

Ajinkya Mohgaonkar, Lukas Gosch, Mahalakshmi Sabanayagam et al. · Technical University of Munich · Munich Data Science Institute +2 more

Certifies neural network robustness against label-flipping poisoning attacks using white-box partition-aggregation ensembles and neural tangent kernels

Data Poisoning Attack vision

defense arXiv Apr 11, 2026 · 5w ago

Byzantine-Robust Distributed SGD: A Unified Analysis and Tight Error Bounds

Boyuan Ruan, Xiaoyu Wang, Ya-Feng Liu · University of Chinese Academy of Sciences · Beijing University of Posts and Telecommunications

Convergence analysis of Byzantine-robust federated learning under malicious worker attacks with tight bounds on data heterogeneity limits

Data Poisoning Attack federated-learning

attack arXiv Apr 10, 2026 · 5w ago

XFED: Non-Collusive Model Poisoning Attack Against Byzantine-Robust Federated Classifiers

Israt Jahan Mouri, Muhammad Ridowan, Muhammad Abdullah Adnan · Bangladesh University of Engineering and Technology · TigerIT Bangladesh Ltd.

Non-collusive federated learning poisoning attack where compromised clients independently craft malicious updates without coordination

Data Poisoning Attack federated-learning

attack arXiv Apr 8, 2026 · 6w ago

RefineRAG: Word-Level Poisoning Attacks via Retriever-Guided Text Refinement

Ziye Wang, Guanyu Wang, Kailong Wang · Huazhong University of Science and Technology · Beihang University

Word-level poisoning attack on RAG systems that injects stealthy toxic documents to manipulate LLM outputs via retriever optimization

Data Poisoning Attack Prompt Injection Training Data Poisoning nlp

attack arXiv Apr 7, 2026 · 6w ago

Stealthy and Adjustable Text-Guided Backdoor Attacks on Multimodal Pretrained Models

Yiyang Zhang, Chaojian Yu, Ziming Hong et al. · Huazhong University of Science and Technology · The University of Sydney

Text-triggered backdoor attack on multimodal models using common words as triggers, adjustable via adversarial perturbations on poisoned training data

Model Poisoning Data Poisoning Attack multimodalvisionnlp

attack arXiv Apr 7, 2026 · 6w ago

Can You Trust the Vectors in Your Vector Database? Black-Hole Attack from Embedding Space Defects

Hanxi Li, Jianan Zhou, Jiale Lao et al. · Sichuan University · Cornell University +2 more

Poisoning attack injecting malicious vectors near embedding space centroids to dominate retrieval results in vector databases

Data Poisoning Attack Prompt Injection nlpmultimodal

defense arXiv Apr 6, 2026 · 6w ago

Dynamic Free-Rider Detection in Federated Learning via Simulated Attack Patterns

Motoki Nakamura · Fujitsu Limited

Detects free-rider clients in federated learning by simulating attack patterns and comparing weight evolution signatures

Data Poisoning Attack federated-learning

Loading more papers…