Welcome to CSITAI 2023

International Conference on Computer Science, Information Technology & AI (CSITAI 2023)

December 30 ~ 31, 2023, Virtual Conference



Accepted Papers
Securing Llm-integrated Applications: a Novel Evaluation Framework to Measure Prompt Injection Attack Resilience

Daniel Wankit Yip, Aysan Esmradi and Chun Fai Chan, Logistics and Supply Chain MultiTech R&D Centre, Level 11, Cyberport 2, 100 Cyberport Road, Hong Kong

ABSTRACT

Prompt injection attacks exploit vulnerabilities in Large Language Models (LLMs) to manipulate the model into unintended actions or generate malicious content. As LLM-integrated applications gain wider adoption, they face growing susceptibility to such attacks. This study introduces a novel evaluation framework for quantifying the resilience of applications. To ensure the representativeness of simulated attacks on the application, a meticulous selection process was employed, resulting in 115 carefully chosen attacks based on coverage and relevance. For enhanced interpretability, a second LLM was utilized to evaluate the responses generated from these simulated attacks. Unlike conventional malicious content classifiers that provide only a confidence score, this approach produces a score accompanied by an explanation, thereby enhancing interpretability. Subsequently, a resilience score is computed by assigning higher weights to attacks with greater impact, thus providing a robust measurement of resilience. Overall, the framework empowers organizations to make well-informed decisions against potential threats.

KEYWORDS

Large Language Model, Prompt Injection, Cyber Security.


A Comprehensive Survey of Attack Techniques, Implementation, and Mitigation Strategies in Large Language Models

Aysan Esmradi, Daniel Wankit Yip and Chun Fai Chan, Logistic and Supply Chain MultiTech R&D Centre (LSCM)

ABSTRACT

Ensuring the security of large language models (LLMs) is an ongoing challenge despite their widespread popularity. Developers work to enhance LLMs security, but vulnerabilities persist, even in advanced versions like GPT-4. Attackers exploit these weaknesses, highlighting the need for proactive cybersecurity measure in AI model development. This article explores two attack categories: attacks on models themselves and attacks on model applications. The former requires expertise, access to model data, and significant implementation time, while the latter is more accessible to attackers and has seen increased attention. Our study reviews over 100 recent research works, providing an in-depth analysis of each attack type. We identify the latest attack methods and explore various approaches to carry them out. We thoroughly investigate mitigation techniques, assessing their effectiveness and limitations. Furthermore, we summarize future defences against these attacks. We also examine real-world techniques, including reported and our implemented attacks on LLMs, to consolidate our findings. Our research highlights the urgency of addressing security concerns and aims to enhance the understanding of LLM attacks, contributing to robust defence development in this evolving domain.

KEYWORDS

Large Language Models, Cybersecurity Attacks.


User-centric Privacy Control in Identity Management and Access Control Within Cloud-based Systems

Kelvin Ovabor1 and Travis Atkison2, 1Department of Computer Science, University of Alabama, USA, 2Department of Computer Science, University of Alabama, USA

ABSTRACT

The ability to effectively implement user-centric privacy controls in cloud-based identity access management (IAM) systems is crucial in today's age of rapidly rising data and increased privacy concerns. The study tackles the scalability issue inside cloud-based IAM systems, where user-centric privacy controls are paramount. The study aims to guarantee effective system performance despite growing numbers of users and data items by following a carefully crafted approach that uses user- centric privacy algorithms. The findings are expected to increase scalability while maintaining security and user privacy, significantly improving current cloud security and IAM techniques. This study provides significant findings for businesses adapting to the changing environment of cloud-based access and identity management, enhancing the security and privacy aspects of the online environment.

KEYWORDS

Cloud-based System, Identity Management, Access Control, Security, user-centric privacy.


The Impact of Ai on the Future of Tech-entrepreneurship

Heena Sah , Abeba N. Turi, University Canada West, Northeastern University, Canada

ABSTRACT

The boom in Artificial Intelligence has had several impacts on tech businesses globally. Technology-driven startups have catalyzed their future road maps by implementing AI systems that are fair, comprehensible, reliable, and secure to grow business productivity in the next few years. This study examines the effects of AI on the transformation of tech-entrepreneurship careers and on-demand technical skills for achieving career purposes and tasks, providing a competent approach to the tech industry in the rapidly involving digital landscape. It also identifies the role and impact of business intelligence software/applications on tech ecosystems in next-gen tech entrepreneurship. The studyasserts that the rapidly growing AI-driven businesses require revolutionary tech ecosystems and receptive tech-literate entrepreneurs with robot-resistant skills who excel in the opportunities brought by AI technologies beyond the threat.

KEYWORDS

Tech Industry, Tech Entrepreneurship, Artificial Intelligence, Business Intelligence, Next Generation, Education, AI Talent.


Equipping Small and Medium Scale Companies (Smsc) Through Open Innovation- a Refined Proof of Concept and Oi Redesign for Strategic Implementation

Fernando Ferreira Fernandez and Abeba N. Turi, University Canada West, Vancouver, British Columbia, Canada

ABSTRACT

This study presents a novel approach to Open Innovation (OI) as it applies to small and medium companies (SMSCs) suffering from multilayer constraints to benefit from such a collective tech value creation model. Building on the decades-long practice of OI, the chapter looked into the model's evolution, development, and application constraints for the SMSCs and presented a refined concept note that meets the dynamic business and tech environment. Based on this, an OI model that encompasses different stakeholders is designed. The proposed IO model that applies to the SMSCs is built on the Consortium model principles that enable ease of entry and exit for each stakeholder, keeping members' best interest for the common good.

KEYWORDS

Open Innovation, Small and Medium Scale Companies, Collaborative Research, Disruptive Technology, Competitive Differential


Unshuffle Sort and Ideal Merge

Art S. Kagel, ASK Database Management Corp. 222 Dunhams Corner Road East Brunswick, NJ 08816

ABSTRACT

In this paper the author describes a unique data sort algorithm, Unshuffle Sort, and a new algorithm for the merging of multiple sorted sinks, Ideal Merge. Unshuffle is a distribution sort in two phases. Optimizing the second phase resulted in the development of an algorithm for the merge of sorted sinks of which the author has found no previous description and which can be shown to be the best possible. Unshuffle can be shown to a highly efficient sort when applied to real world data sets which are seldom truly random. Unique features of Unshuffle include: Performs no exchanges Can be applied to unusual set sources including arrays, linked lists, and streaming data Can begin to supply sorted output to consumers expecting streaming data immediately upon the arrival of the final input element The Ideal Merge will be shown to be the most efficient algorithm for merging multiple sorted sinks.

KEYWORDS

Sorting, Merging, Distribution Sort


Cryptocurrency Wallets and Digital Artefacts: a Primer for Law Enforcement Agencies

Borase Bhushan Gulabrao1, Digvijaysinh Rathod2, Nitin Sharma3 and Aishwarya Tiwari4, 1PhD student, National Forensic Sciences University, Gandhinagar, Gujarat, India, 2Associate Professor,National Forensic Sciences University, Gandhinagar, India, 3, 4Forensic Analyst, SVPNPA, Hyderabad

ABSTRACT

In just a decade and half of existence, cryptocurrencies have come to the centerstage of FinTech industry and today they comprise 2.1 % of total money in the world. In the crime world, every crime that had a footprint of money, now has a footprint of cryptocurrency. Terror funding, money laundering and narcotics trade are the most serious crimes done with the help of cryptocurrency. This paper tries to touch upon the most important aspect of cryptocurrency transactions i.e., cryptocurrency wallets. All transactions happen through them and better understanding of same can give an edge to the law enforcement officials in doing better investigation. The paper explains the classification of the wallets based on the key pair generation mechanism, then based on the hosting of key pair and finally the types of wallets based on mode of use. The paper also discussed in detail the identification of digital artefacts associated with these wallets which can be of immense help for investigators. The uniqueness of this paper lies in putting all essential knowledge required for law enforcement agencies in one place.

KEYWORDS

Cryptocurrency, public key, private key, bitcoin, digital artefacts.


Cryptocurrency Wallets and Digital Artefacts: a Primer for Law Enforcement AgenciesThe Brain’s Basic Functional Circuit The Functional Unit of the Brain

Ramiro Moisés Vergara Campillo, Fundación Ciencia y Tecnología,Bogotá, Colombia

ABSTRACT

Neuroscience considers that the neuronal cell is at the same time the anatomical unit and the functional unit of the brain, working with innovative and appropriate methodology it is found that the true Functional Unit of the Brain is a microcircuit of three neurons appropriately located with respect to each other, in such a way that a main excitatory neuron and an auxiliary inhibitory neuron innervate a third, to generate in it a binary code, a bit, which is a two-time electromagnetic event of opposite sign, positive and negative, which takes place in each synaptic station in the Nervous System (NS), which turns the brain into a mixed, biological and electronic machine that is also governed by quantum physics. This is the true anatomy of the synapse in the NS.

KEYWORDS

Microcircuit, Synapse anatomy, Binary Code, Functional Unit.


Ai for Automating Cyber-threat Intelligence

Raghad Ghawa1, Jawaher Alamri2, and Rawan Eid Alanazi3, 1College of Computer and Information Sciences - Cybersecurity Joint Masters Program, Saudi Arabia 2College of Computer and Information Sciences - Cybersecurity Joint Masters Program, Saudi Arabia 3College of Computer and Information Sciences - Cybersecurity Joint Masters Program, Saudi Arabia

ABSTRACT

Cyber Threat Intelligence (CTI) is a concept that is gaining activity in response to the explosive growth in attacks, cyber events, and crimes that have occurred in recent years. The goal of CTI is to increase an administrator's understanding of the event and threat by gathering intelligence about how criminals operate. Simply put, criminals use TI to recognize patterns and understand methods and relationships between events, attacks, and their attack techniques. With this knowledge, officials can anticipate patterns of criminals and stay one step ahead by strengthening their infrastructure guidelines for authors submitting papers for the AIRCC Journals. Although a lot of research papers, literature, and surveys have explored the applications and importance of CTI, there is still a lack of literature to address how AI algorithms such as machine and deep learning models can be leveraged in improving the CTI automation process. This lack of guidance means that organizations wishing to start a CTI Apply must undertake this difficult task on their own. Consequently, their CTI ends up generating too much irrelevant data, and in many cases, this has led security professionals to ignore the intelligence provided by their CTI. This research aims to understand the importance of CTI and how to automate the CTI process, which contributes to achieving prioritization of the most important and urgent threats and providing you with recommendations and guidance on how to mitigate them. This research followed the methodology of reviewing the literature on AI algorithms with CTI that can help organizations identify the best models and algorithms through which they can improve the automation of the CTI process. Also, this thesis also helps the administrator or organization understand and analyze data to reveal trends, patterns, and relationships that provide an in-depth understanding of actual or potential threats. Some response procedures can also be automated.in information security research by providing a list of AI algorithms that can be used to measure the success of automation of a CTI. Our hypothesis is stated We will test how AI algorithms can improve the CTI automation process. This research is also suitable for entities that have large datasets of intelligent information and sensitive data types, such as security and cyber applications.

KEYWORDS

Artificial Intelligence Algorithms, Cyber-Threat Intelligence Machine Learning Model and Deep Learning Model.