Large language model (LLM) have been widely applied in fields such as healthcare, finance, and justice. However, during the inference phase, the privacy risks of LLM are particularly prominent. From the perspective of privacy risks, this paper conducted a systematic analysis of the potential threats in the inference phase and classifies them according to different objects of privacy leakage. Subsequently, it outlined the existing privacy-preserving methods, classified them into cryptography-based, detection-based, and trusted execution environment-based methods according to their technical paths, and focused on discussing the advantages and limitations of each type of method. Furthermore, this paper conducted an in-depth comparison and analysis of different methods from four dimensions, including security, efficiency, scalability, and deploysment complexity. Finally, based on the current research status and challenges, it summarized the future research directions and potential solutions for enhancing LLM privacy protection in the inference phase.

With the escalating threats in cyberspace, the volume and complexity of malware have grown explosively. Machine learning, leveraging its powerful feature extraction capabilities, has been widely applied in malware detection tasks. This paper reviewed recent advances in machine learning-based malware detection techniques. First, it introduced the definition of malware and the detection framework. Then, it comprehensively reviewed the applications of traditional machine learning, deep learning, and graph representation learning in malware detection. Furthermore, a comparative analysis of these three categories of machine learning methods was conducted. Finally, the current technical bottlenecks were summarized, and future research directions were proposed.

The ability of multi-party private intersection (MPSI) protocols is to securely find the intersection of multi-party sets and output it without disclosing any other information. However, there are some special and useful scenarios that cannot be solved directly using traditional MPSI protocols. One of such scenarios is to compute the set of elements that appear in some but not all sets (at least k times) for only a third party. However, the previous method(Quorum PSI) can only addresse the problem of getting special intersections of known elements. The over-threshold PSI can address the issue, but needs to perform times, which is inefficient when the number of participants is large. This paper proposed a secure and scalable variant-threshold multiparty private set intersection protocol. It only executes n − k + 1 times, which is more efficient in cases with a high threshold k.

The identity-based signcryption system eliminates certificates and avoids certificate management problems in traditional public key cryptosystems, but it can’t guarantee the anonymity of the user’s identity. The deniable ring signature enables ring members to confirm or deny the act of signing and avoid defamation of non-signers, but it can’t guarantee the confidentiality of the message. The ring signcryption system features signature and encryption techniques and guarantees the anonymity of the user’s identity based on ring signature, but its application is limited in liability tracing scenarios due to the lack of deniability. For this reason, this article proposed a deniable ring signcryption scheme based on SM9, which enables ring members to confirm or deny the act of signcrypting, effectively balancing the privacy protection, communication security and computational efficiency. The article proved that the scheme satisfies correctness, indistinguishability, unforgeability, anonymity, traceability, and defamation by formal proofs.

With the rapid development and widespread application of deep learning technology, concerns about privacy and security issues have been growing. Model inversion attacks can reconstruct users facial images solely based on model parameters, posing a serious threat to user privacy. Although existing research has proposed various defense strategies, there are still challenges in balancing model performance and defense effectiveness, as well as in defending against emerging attacks. To address these issues, this paper proposed a model inversion defense method based on knowledge transfer and freezing. By freezing the fully connected layers most relevant to classification, the method effectively prevented the extraction of private information. Meanwhile, it transferred the parameters adjacent to the fully connected layers to further enhance defense performance. Experimental results demonstrate that, compared to existing defense methods, the proposed method achieves superior defense effectiveness and stability across multiple models and datasets.

With the rapid evolution of blockchain technology, the detection of anomalous on-chain transactions has emerged as a critical challenge for securing digital assets. However, current methods struggle to capture the complex topology and dynamic timing of transaction networks, resulting in limited detection accuracy. This paper proposed a blockchain anomaly transaction detection method based on the temporal graph attention network(TGAT). The approach introduced a behavioral paradigm-driven “temporal-structural” coupled modeling framework that utilized sine-cosine temporal encoding to synchronously quantify transaction timing and interaction topology, thereby enabling the precise identification of dynamic anomaly patterns. Furthermore, a multi-granularity attention optimization mechanism was designed to learn diverse behavioral patterns—such as fund convergence and chain-like dispersion—in parallel, significantly enhancing feature extraction precision in complex environments. Experimental results demonstrate that the proposed model substantially outperforms baseline methods in core metrics including precision, recall, and F1-score, with the F1-score improving by over 10%. Ablation studies verify the critical contributions of temporal encoding and multi-head attention mechanisms to performance enhancement, while highlighting the computational efficiency of the three-layer network architecture. This work provides an intelligent technical pathway for financial compliance scenarios, such as anti-money laundering and fraud detection, and possesses significant practical implications for the industry.

Modern software systems have become increasingly complex, making the correctness and reliability of compilers critical. Traditional compiler fuzzing techniques face limitations in multi-language scenarios, including the high cost of rule maintenance and the difficulty of cross-language consistency verification. The capabilities of large language models (LLM) in code translation and semantic reasoning provide a new perspective for addressing these challenges. This paper proposed Fuzpiler, a cross-language compiler fuzzing framework based on LLM-driven translation and semantic reasoning, to uncover potential compiler vulnerabilities. Fuzpiler first employed existing fuzzing tools to asynchronously generate fuzzing seeds and selected promising samples through multi-objective optimization. It then leveraged an LLM to translate the selected seeds into semantically equivalent programs in multiple programming languages, constructing cross-language “homologous” fuzzing seed sets. For semantic validation, the framework utilized the reasoning capability of LLMs to align the semantics of multi-language programs and performed differential testing to detect behavioral inconsistencies in compilers across different language front ends or optimization stages.Fuzpiler was experimentally evaluated on three compilers, namely Clang, Clang++, and Rustc. Experimental results show that, compared with baseline tools, Fuzpiler improves branch coverage by 5.19%, 36.57%, and 23.91% on the three compilers, respectively, demonstrating the effectiveness of LLMs in cross-language test generation, semantic alignment, and consistency verification.

Derivative classification is a method that judge the degree of secrets according to the similarity of text semantics. It is generally abstracted as a text matching task. Due to the fact that texts to be classified have the characteristics of long length, sparse secret key-point features and complex semantics structure, the traditional text matching method is difficult to accurately model and capture the features of secret key-point that contains the semantics of confidential matters in the text. Therefore, a targeted graph neural network text matching model for derivative classification was proposed, which transformed text matching into a graph matching problem. Firstly, a secret key-point feature extractor was designed to model the text as a matching graph representing the features of secret key-point, so as to solve the problem of weak representation of secret key-point features of the text to be classified. Secondly, a hierarchized graph neutral network was designed to perform multiple rounds of updating and aggregation operations on the encoded matching graph, so as to enhance the extraction of similarity features between the texts to be classified. Finally, the classification result was predicted according to the edges of the matching graph. Experimental results indicate that the performance of the model in this paper is significantly improved on the dataset that simulating derivative classification. The accuracy of the classification is increased by more than 4.77% and the F1 value is increased by more than 3.83%.

With the increasing complexity of the cyberspace environment, network threat intelligence driven network security defense methods are gradually occupying an important position. The article aims to address the issues of insufficient data ownership, inefficient Chinese word segmentation and extraction in the current field of Chinese cyber threat intelligence. It conducts research on entity extraction based on a large language model with multiple strategies to enhance Chinese cyber threat intelligence, aiming to empower the construction of a knowledge graph for cyber threat intelligence and intelligence driven defense. The article improved the accuracy of network threat intelligence extraction by building a self constructed entity annotation dataset of Chinese network threat intelligence and applying a multi-strategy data augmentation technique. And MECT was used on multiple enhanced datasets to conduct horizontal and vertical comparative experiments with multiple models such as LGN, LR_CNN, Lattice_LSTM, etc. The results showed that the named entity recognition performance improves by nearly 10%. The article validates the effectiveness of multi-strategy data augmentation based on large language models in the task of extracting Chinese network threat intelligence entities through experiments, demonstrating its reliability and practicality in the field of network threat intelligence entity extraction.

To address the issue of a large number of false positives generated by network probes, this paper proposed a high-confidence assessment method for network alarm logs based on OOD technology. This method optimized the alarm feature extraction strategy by constructing a multi-dimensional confidence interval encompassing distance, label consistency, and model score, and combining with BPE tokenization and lightweight models. It also designd a long-short-term iterative optimization mechanism for high-confidence samples to achieve low-overhead automated security operation support while ensuring the accuracy and interpretability of model judgment. Experimental results show that on real SQL injection alarm datasets, the number of parameters of this method is less than 1% of that of traditional deep learning models, the accuracy within the high-confidence interval reaches 0.973, and the sample coverage rate is 66%. Furthermore, the inherent iterative optimization mechanism of the proposed method enables the model to achieve an overall judgment accuracy of 0.965 on the full dataset with only one single iteration. This significantly remedies the deficiency in the judgment of samples falling outside the high-confidence interval in the initial state, and renders the method highly applicable to complex and dynamic cybersecurity operation scenarios.

With the continuous advancement of GAN and diffusion technologies, the visual quality of generated images had reached an exceptionally high level, making them nearly indistinguishable from real images. This posed potential threats to personal privacy and social security. To address this challenge, a multi-feature fusion model for deepfake image detection was proposed, integrating global, local, and color features to comprehensively capture forgery traces in generated images and accurately identify their authenticity. The global branch focused on extracting the overall spatial information of the image, the local branch employed a fine-grained selection module to capture local features in key regions, and the color branch enhanced adaptability to forgery features across different color spaces. These features were fused through an attention mechanism, which significantly improved the capability of capturing forgery traces in deepfake images. Extensive experiments conducted on 14 GAN datasets and 5 diffusion model datasets demonstrate that the proposed method achieves high detection accuracy and strong generalization ability across different generative models, providing an efficient and reliable solution for deepfake image detection.

In recent years, cyberattacks have become increasingly organized and automated. With the support of artificial intelligence technologies, particularly large language models, attackers are able to rapidly write and derive malicious code, and construct automated and distributed reconnaissance and attack processes targeting specific objectives through botnets. This has posed severe threats and risks to cybersecurity defenses. To effectively address these challenges, this thesis proposed and designed a novel automated penetration testing system based on a multi-agent architecture. The system decomposed traditional penetration testing tasks into atomic sub-tasks, which were then collaboratively completed by multiple agents. Experimental results show that the system significantly outperforms traditional vulnerability scanning tools across multiple testing metrics, being capable of comprehensively identifying various types of security vulnerabilities in the target information system, and providing highly credible evidence chains for vulnerability disclosure. Furthermore, the system can generate executable remediation recommendations, achieving the automation and engineering of the penetration testing process, thus offering an advanced, efficient, and stable solution for organizations to conduct regular network security vulnerability management.