FIGURE 5 - uploaded by Ximeng Liu
Content may be subject to copyright.
Source publication
![FIGURE 1. A demonstration of an adversarial sample [21]. The panda...](profile/Ximeng-Liu-5/publication/347639649/figure/fig1/AS:973837478948864@1609192356344/A-demonstration-of-an-adversarial-sample-21-The-panda-image-is-recognized-as-a-gibbon_Q320.jpg)
![FIGURE 8. An overview of Defense-Gan framework [124].](profile/Ximeng-Liu-5/publication/347639649/figure/fig5/AS:973837487312896@1609192358425/An-overview-of-Defense-Gan-framework-124_Q320.jpg)
Deep Learning (DL) algorithms based on artificial neural networks have achieved remarkable success and are being extensively applied in a variety of application domains, ranging from image classification, automatic driving, natural language processing to medical diagnosis, credit risk assessment, intrusion detection. However, the privacy and securi...
Contexts in source publication
Citations
... Academic interest in AI ethics has surged in recent years, leading to numerous studies that discuss ethical principles, fairness, bias, security, and other critical concerns (HuYupeng et al. 2021;John-Mathews et al. 2022;Nilsson 2014;Ntoutsi et al., n.d.). However, existing literature reviews are usually constrained to particular subtopics, adopting qualitative methods, providing fragmented insights rather than an overarching perspective on the discipline as a whole (Hagendorff 2020;Jobin et al. 2019;Liu et al. 2021;Mehrabi et al. 2022;Ntoutsi et al., n.d.;Zhang et al. 2021). This piecemeal understanding makes it difficult to map out broad trends, to identify emergent themes, or to assess the collaboration networks within AI ethics research. ...
Using bibliometric methods, this study systematically analyzes 6,084 AI ethics-related articles from the Web of Science Core Collection (2015–2025), capturing both recent advances and near-future directions in the field. It begins by examining publication trends, disciplinary categories, leading journals, and major contributing institutions/countries. Subsequently, co-citation (journals, authors, references) and keyword clustering methods reveal the foundational knowledge structure and highlight emerging research hotspots. The findings indicate increasing interdisciplinary convergence and international collaboration in AI ethics, with core themes focusing on algorithmic fairness, privacy and data security, ethical governance in autonomous vehicles, medical AI applications, educational technology, and challenges posed by generative AI (e.g., large language models). Burst keyword detection further shows an evolutionary shift from theoretical debates toward practical implementation strategies and regulatory framework development. Although numerous global initiatives have been introduced to guide AI ethics, broad consensus remains elusive, underscoring the need for enhanced cross-disciplinary and international cooperation. This research provides valuable insights for scholars, policymakers, and industry practitioners, laying a foundation for sustainable and responsible AI development.
... In this context, many studies have found that the predominant defense strategies implemented during testing prioritize the protection of the integrity of testing nodes. Rather than directly filtering or securing the data, these strategies aim to safeguard the framework within which testing occurs [6,14]. In this context, an advanced method for range ambiguity suppression in spaceborne SAR systems utilizing blind source separation has been proposed, enhancing robust signal processing techniques for DP detection [15]. ...
... Recent developments have also introduced Trusted Execution Environments (TEEs), which serve as secure execution environments and provide substantial protection for both the code and data, thereby strengthening overall cybersecurity measures. These TEEs ensure that the information contained within them remains confidential and maintain its integrity against potential threats [14]. While TEEs have been extensively studied within specific artificial intelligence (AI) systems, the methodologies for developing these secure environments are applicable beyond just AI scenarios [6]. ...
This paper deals with a new secured execution environment which adapts blockchain technology to defend artificial intelligence (AI) models against data poisoning (DP) attacks. The Blockchain Governance Game (BGG) is a theoretical framework for analyzing the network to provide the decision-making moment for taking preliminary cybersecurity actions before DP attacks. This innovative method for conventional decentralized network securities is adapted into a DP defense for AI models in this paper. The core components in the DP defense network, including the Predictor and the BGG engine, are fully implemented. This research concerns the first blockchain-based DP defense mechanism which establishes an innovative framework for DP defense based on the BGG. The simulation in the paper demonstrates realistic DP attack situations targeting AI models. This new controller is newly designed to provide sufficient cybersecurity performance measures even with minimal data collection and limited computing power. Additionally, this research will be helpful for those considering using blockchain to implement a DP defense mechanism.
... Randomised encryption introduces randomness into the encryption process, ensuring that the same plaintext generates different ciphertexts each time it is encrypted, thereby preventing pattern recognition. Additionally, entropy injection regularly adds unpredictability to the key generation and encryption processes, strengthening the overall security and resilience of the HE system against potential cryptanalytic attacks [124]. ...
Healthcare data has risen as a top target for cyberattacks due to the rich amount of sensitive patient information. This negatively affects the potential of advanced analytics and collaborative research in healthcare. Homomorphic encryption (HE) has emerged as a promising technology for securing sensitive healthcare data while enabling computations on encrypted information. This paper conducts a background survey of HE and its various types. It discusses Partially Homomorphic Encryption (PHE), Somewhat Homomorphic Encryption (SHE), Fully Homomorphic Encryption (FHE) and Fully Leveled Homomorphic Encryption (FLHE). A critical analysis of these encryption paradigms’ theoretical foundations, implementation schemes, and practical applications in healthcare contexts is presented. The survey encompasses diverse healthcare domains. It demonstrates HE’s versatility in securing electronic health records (EHRs), enabling privacy-preserving genomic data analysis, protecting medical imaging, facilitating privacy-preserving machine learning (ML), supporting secure federated learning, ensuring confidentiality in clinical trials, and enhancing remote monitoring and telehealth services. A comprehensive examination of potential vulnerabilities in HE systems is conducted. The research systematically investigates various attack vectors, including side-channel attacks, key recovery attacks, chosen plaintext attacks (CPA), chosen ciphertext attacks (CCA), known plaintext attacks (KPA), fault injection attacks (FIA), and lattice attacks. A detailed analysis of potential defense mechanisms and mitigation strategies is provided for each identified threat. The analysis underscores the importance of HE for long-term security and sustainability in healthcare systems.
... Secure. In contrast, secure AI deals with safeguarding against malicious attacks, unauthorized access, and ensuring data privacy and integrity, in particular making AI invulnerable to sophisticated hacking techniques and privacy attacks [14][15][16][17][18][19]. ...
A central question in machine learning is how reliable the predictions of a trained model are. Reliability includes the identification of instances for which a model is likely not to be trusted based on an analysis of the learning system itself. Such unreliability for an input may arise from the model family providing a variety of hypotheses consistent with the training data, which can vastly disagree in their predictions on that particular input point. This is called the underdetermination problem, and it is important to develop methods to detect it. With the emergence of quantum machine learning (QML) as a prospective alternative to classical methods for certain learning problems, the question arises to what extent they are subject to underdetermination and whether similar techniques as those developed for classical models can be employed for its detection. In this work, we first provide an overview of concepts from Safe AI and reliability, which in particular received little attention in QML. We then explore the use of a method based on local second-order information for the detection of underdetermination in parameterized quantum circuits through numerical experiments. We further demonstrate that the approach is robust to certain levels of shot noise. Our work contributes to the body of literature on Safe Quantum AI, which is an emerging field of growing importance.
... Through this optimization, the discriminator aims to maximize its ability to differentiate between real and generated data, while the generator seeks to minimize the discriminator's ability to distinguish between the generated data and real data. In privacy-preserving scenarios, adversarial learning has been extended to generate obfuscated low-dimensional representations that make the generated data difficult to reverse into the original sensitive information while retaining the key information necessary for model training [32][33][34]. The incorporation of numerical stability measures in the discriminator and generator loss functions further enhances the robustness of adversarial learning frameworks in privacy-sensitive applications. ...
This paper proposes a data security training framework based on symmetric projection space and adversarial training, aimed at addressing the issues of privacy leakage and computational efficiency encountered by current privacy protection technologies when processing sensitive data. By designing a new projection loss function and combining autoencoders with adversarial training, the proposed method effectively balances privacy protection and model utility. Experimental results show that, for financial time-series data tasks, the model using the projection loss achieves a precision of 0.95, recall of 0.91, and accuracy of 0.93, significantly outperforming the traditional cross-entropy loss. In image data tasks, the projection loss yields a precision of 0.93, recall of 0.90, accuracy of 0.91, and mAP@50 and mAP@75 of 0.91 and 0.90, respectively, demonstrating its strong advantage in complex tasks. Furthermore, experiments on different hardware platforms (Raspberry Pi, Jetson, and NVIDIA 3080 GPU) show that the proposed method performs well on low-computation devices and exhibits significant advantages on high-performance GPUs, particularly in terms of computational efficiency, demonstrating good scalability and efficiency. The experimental results validate the superiority of the proposed method in terms of data privacy protection and computational efficiency.
... Decentralized learning systems like Split Learning need new ways to protect against adversarial attacks, especially in collaborative learning environments where multiple parties interact without sharing raw data [2]. This work addresses these concerns by combining Homomorphic Encryption and Zero-Knowledge Proofs, two powerful cryptographic techniques for privacy-preserving computations in distributed learning [3][4][5]. This is especially useful in Split Learning where clients need to collaborate with servers without exposing their data. ...
... The operation ensures that data confidentiality is preserved while enabling secure computation. This formulation follows the standard homomorphic encryption approach as described in [5]. Equation describes the transformation of encrypted data as it propagates through the split learning model. ...
This work presents a mathematical solution to data privacy and integrity issues in Split Learning which uses Homomorphic Encryption (HE) and Zero-Knowledge Proofs (ZKP). It allows calculations to be conducted on encrypted data, keeping the data private, while ZKP ensures the correctness of these calculations without revealing the underlying data. Our proposed system, HavenSL, combines HE and ZKP to provide strong protection against attacks. It uses Discrete Cosine Transform (DCT) to analyze model updates in the frequency domain to detect unusual changes in parameters. HavenSL also has a rollback feature that brings the system back to a verified state if harmful changes are detected. Experiments on CIFAR-10, MNIST, and Fashion-MNIST datasets show that using Homomorphic Encryption and Zero-Knowledge Proofs during training is feasible and accuracy is maintained. This mathematical-based approach shows how crypto-graphic can protect decentralized learning systems. It also proves the practical use of HE and ZKP in secure, privacy-aware collaborative AI.
... Due to deep learning's privacy and security flaws, it is now possible to interpret sensitive training data and steal or reverse-engineer a model. Furthermore, recent research has shown that the deep learning model is susceptible to adversarial examples that are disturbed by barely perceptible noise, which can cause the model to make highly confidently incorrect predictions [31]. In scenarios where images and data are collected directly from farms, there is a risk that confidential information about the farm's location, crop types, and farming practices might inadvertently be included or inferred from the dataset. ...
Crop failure is defined as crop production that is significantly lower than anticipated, resulting from plants that are harmed, diseased, destroyed, or influenced by climatic circumstances. With the rise in global food security concern, the earliest detection of crop diseases has proven to be pivotal in agriculture industries to address the needs of the global food crisis and on-farm data protection, which can be met with a privacy-preserving deep learning model. However, deep learning seems to be a largely complex black box to interpret, necessitating a prerequisite for the groundwork of the model’s interpretability. Considering this, the aim of this study was to follow up on the establishment of a robust deep learning custom model named CropsDisNet, evaluated on a large-scale dataset named “New Bangladeshi Crop Disease Dataset (corn, potato and wheat)”, which contains a total of 8946 images. The integration of a differential privacy algorithm into our CropsDisNet model could establish the benefits of automated crop disease classification without compromising on-farm data privacy by reducing training data leakage. To classify corn, potato, and wheat leaf diseases, we used three representative CNN models for image classification (VGG16, Inception Resnet V2, Inception V3) along with our custom model, and the classification accuracy for these three different crops varied from 92.09% to 98.29%. In addition, demonstration of the model’s interpretability gave us insight into our model’s decision making and classification results, which can allow farmers to understand and take appropriate precautions in the event of early widespread harvest failure and food crises.
... E-learning platforms can be severely disrupted by cyber-attacks, especially when they happen mid-semester. Typical problems include data manipulation security, unauthorized access, privacy breaches, the installation of malicious software, and software attacks [9]. These attacks can come from internal and external sources, affecting the network, operating system, application, and database layers [10]. ...
Personal private information is commonly available in the form of big data. Therefore, privacy concerns in big data and its applications are common issues. In this paper, we conduct a bibliometric analysis of privacy in big data and its applications. For example, in a financial management system, customers are exposed to vast amounts of financial information and interact with it, leading to privacy challenges as some customers may not adhere to the rules of financial institutions. A similar phenomenon
occurs in healthcare, e-learning, and communication systems. Though there may be privacy breaches associated with these systems, the value of online services and the willingness of customers to use them are well-recognized. VOSviewer was used to develop scientific maps for bibliometric analysis. The current study includes the density map, network illustration, and overlay visualization. Data exported from the Dimensions database was utilized for bibliometric analysis. The themes that emerged related to privacy in big data and its applications include privacy, big data, security, blockchain, challenges, and the internet.
... Black-box attacks use the capabilities of malicious samples or repeated Fig. 6 Taxonomy of perturbation granularity queries to be transferred for optimization purposes. Grey-box opponents have limited comprehension of the model as they can only access its settings [27]. Grey-box attacks presuppose that the intended architecture remains available during the whole learning process, in contrast to the other two types. ...
Advanced neural text classifiers have shown remarkable ability in the task of classification. The investigation illustrates that text classification models have an inherent vulnerability to adversarial texts, where a few words or characters are altered to create adversarial examples that misleads the machine into making incorrect predictions while preserving its intended meaning among human viewers. The present study introduces Inflect-Text, a novel approach for attacking text that works at the level of individual words in a situation where the inner workings of the system are unknown. The objective is to deceive a specific neural text classifier while following specified language limitations in a manner that makes the changes undetectable to humans. Extensive investigations are carried out to evaluate the viability of the proposed attack methodology on various often utilized frameworks, inclusive of Word-CNN, Bi-LSTM and three advanced transformer models, across two benchmark datasets: AG news and MR, which are commonly employed for text classification tasks. Experimental results show that the suggested attack architecture regularly outperforms conventional methods by achieving much higher attack success rates and generating better adversarial examples. The findings suggest that neural text classifiers can be bypassed, which could have substantial ramifications for existing policy approaches.
... Deep learning models can learn the semantic features of data and abstract them into higher-level representations. This abstraction significantly reduces the risk of direct leakage of original data [31]. ...
Data privacy protection is increasingly critical in fields like healthcare and finance, yet existing methods, such as Fully Homomorphic Encryption (FHE), differential privacy (DP), and federated learning (FL), face limitations like high computational complexity, noise interference, and communication overhead. This paper proposes a novel data obfuscation method based on probability density and information entropy, leveraging a probability density extraction module for global data distribution modeling and an information entropy fusion module for dynamically adjusting the obfuscation intensity. In medical image classification, the method achieved precision, recall, and accuracy of 0.93, 0.89, and 0.91, respectively, with a throughput of 57 FPS, significantly outperforming FHE (0.82, 23 FPS) and DP (0.84, 25 FPS). Similarly, in financial prediction tasks, it achieved precision, recall, and accuracy of 0.95, 0.91, and 0.93, with a throughput of 54 FPS, surpassing traditional approaches. These results highlight the method’s ability to balance privacy protection and task performance effectively, offering a robust solution for advancing privacy-preserving technologies.
