Volkan Dedeoglu

Kealan Dunnett, Reza Arablouei, Dimity Miller et al.

Backdoor attacks can implant malicious behaviours into deep models while preserving performance on clean data, posing a serious threat to safety-critical vision systems. Although backdoor mitigation has been studied extensively for image classification, defenses for object detection remain comparatively underdeveloped. Adversarial fine-tuning is a common backdoor mitigation approach in classification, but adapting it to detection is nontrivial as classification-oriented adversarial generation does not match the detection attack space, where attacks may cause object misclassification or disappearance, and standard detection losses can dilute the repair signal across many predictions. We address these challenges through a detection-aware adversarial fine-tuning framework for mitigating object-detection backdoors when the defender has access only to a compromised detector and a small clean dataset, without knowing the attack objective. For adversarial generation that does not require knowledge of the attack objective, we introduce soft-branch minimisation, which uses a soft gate to combine objectives aligned with misclassification and disappearance attacks, together with a detection-aware classification-loss maximisation. For targeted repair, we introduce a dual-objective fine-tuning loss applied to target-matched predictions, concentrating the defensive update on predictions most relevant to the backdoor behaviour. Experiments across CNN- and Transformer-based detectors show that our approach more effectively reduces attack success while preserving true detections, compared with classification-oriented baselines, and maintains competitive clean detection performance.

Timothy Tadj, Reza Arablouei, Volkan Dedeoglu

Various approaches based on supervised or unsupervised machine learning (ML) have been proposed for evaluating IoT data trust. However, assessing their real-world efficacy is hard mainly due to the lack of related publicly-available datasets that can be used for benchmarking. Since obtaining such datasets is challenging, we propose a data synthesis method, called random walk infilling (RWI), to augment IoT time-series datasets by synthesizing untrustworthy data from existing trustworthy data. Thus, RWI enables us to create labeled datasets that can be used to develop and validate ML models for IoT data trust evaluation. We also extract new features from IoT time-series sensor data that effectively capture its auto-correlation as well as its cross-correlation with the data of the neighboring (peer) sensors. These features can be used to learn ML models for recognizing the trustworthiness of IoT sensor data. Equipped with our synthesized ground-truth-labeled datasets and informative correlation-based feature, we conduct extensive experiments to critically examine various approaches to evaluating IoT data trust via ML. The results reveal that commonly used ML-based approaches to IoT data trust evaluation, which rely on unsupervised cluster analysis to assign trust labels to unlabeled data, perform poorly. This poor performance can be attributed to the underlying unsubstantiated assumption that clustering provides reliable labels for data trust, a premise that is found to be untenable. The results also show that the ML models learned from datasets augmented via RWI while using the proposed features generalize well to unseen data and outperform existing related approaches. Moreover, we observe that a semi-supervised ML approach that requires only about 10% of the data labeled offers competitive performance while being practically more appealing compared to the fully-supervised approaches.

Tingting Wang, Shixun Huang, Zhifeng Bao et al.

Data discovery - retrieving relevant tables from a data lake in response to user queries - is a fundamental building block for downstream analytics. In practice, data discovery must support different query modalities, including natural language (NL) statements and tables, and accommodate diverse user intents, ranging from open-ended enrichment to task-driven inference for applications such as table question answering and fact verification. However, most existing methods are designed for a single query modality or a specific user intent, limiting their generalizability. We propose UniDisc, a unified data discovery framework that supports both NL statements and tables as queries and generalizes across diverse user intents without intent-specific representations or relevance modeling. UniDisc learns a common cross-modal representation model that produces unified representations for queries of different modalities and candidate tables, enabling uniform relevance assessment across discovery scenarios. Since learning such a model typically requires large labeled collections of query-table pairs, which are expensive to obtain, UniDisc instead exploits contextual signals naturally available in data lakes. Specifically, it models NL statements and tables as nodes in a heterogeneous graph with multiple edge types, and applies dual-view neighbor aggregation and joint optimization to learn robust, context-aware representations under limited supervision. These representations support flexible relevance estimation during retrieval. Experiments on seven datasets show that UniDisc consistently outperforms strong baselines on both NL- and table-based discovery.

Kealan Dunnett, Reza Arablouei, Dimity Miller et al.

The widespread adoption of deep learning across various industries has introduced substantial challenges, particularly in terms of model explainability and security. The inherent complexity of deep learning models, while contributing to their effectiveness, also renders them susceptible to adversarial attacks. Among these, backdoor attacks are especially concerning, as they involve surreptitiously embedding specific triggers within training data, causing the model to exhibit aberrant behavior when presented with input containing the triggers. Such attacks often exploit vulnerabilities in outsourced processes, compromising model integrity without affecting performance on clean (trigger-free) input data. In this paper, we present a comprehensive review of existing mitigation strategies designed to counter backdoor attacks in image recognition. We provide an in-depth analysis of the theoretical foundations, practical efficacy, and limitations of these approaches. In addition, we conduct an extensive benchmarking of sixteen state-of-the-art approaches against eight distinct backdoor attacks, utilizing three datasets, four model architectures, and three poisoning ratios. Our results, derived from 122,236 individual experiments, indicate that while many approaches provide some level of protection, their performance can vary considerably. Furthermore, when compared to two seminal approaches, most newer approaches do not demonstrate substantial improvements in overall performance or consistency across diverse settings. Drawing from these findings, we propose potential directions for developing more effective and generalizable defensive mechanisms in the future.

Kealan Dunnett, Reza Arablouei, Dimity Miller et al.

In the era of increasing concerns over cybersecurity threats, defending against backdoor attacks is paramount in ensuring the integrity and reliability of machine learning models. However, many existing approaches require substantial amounts of data for effective mitigation, posing significant challenges in practical deployment. To address this, we propose a novel approach to counter backdoor attacks by treating their mitigation as an unlearning task. We tackle this challenge through a targeted model pruning strategy, leveraging unlearning loss gradients to identify and eliminate backdoor elements within the model. Built on solid theoretical insights, our approach offers simplicity and effectiveness, rendering it well-suited for scenarios with limited data availability. Our methodology includes formulating a suitable unlearning loss and devising a model-pruning technique tailored for convolutional neural networks. Comprehensive evaluations demonstrate the efficacy of our proposed approach compared to state-of-the-art approaches, particularly in realistic data settings.

Kealan Dunnett, Reza Arablouei, Dimity Miller et al.

Backdoor attacks pose a severe threat to deep learning, yet their impact on object detection remains poorly understood compared to image classification. While attacks have been proposed, we identify critical weaknesses in existing detection-based methods, specifically their reliance on unrealistic assumptions and a lack of physical validation. To bridge this gap, we introduce BadDet+, a penalty-based framework that unifies Region Misclassification Attacks (RMA) and Object Disappearance Attacks (ODA). The core mechanism utilizes a log-barrier penalty to suppress true-class predictions for triggered inputs, resulting in (i) position and scale invariance, and (ii) enhanced physical robustness. On real-world benchmarks, BadDet+ achieves superior synthetic-to-physical transfer compared to existing RMA and ODA baselines while preserving clean performance. Theoretical analysis confirms the proposed penalty acts within a trigger-specific feature subspace, reliably inducing attacks without degrading standard inference. These results highlight significant vulnerabilities in object detection and the necessity for specialized defenses.

Kealan Dunnett, Reza Arablouei, Dimity Miller et al.

Model pruning has gained traction as a promising defense strategy against backdoor attacks in deep learning. However, existing pruning-based approaches often fall short in accurately identifying and removing the specific parameters responsible for inducing backdoor behaviors. Despite the dominance of fine-tuning-based defenses in recent literature, largely due to their superior performance, pruning remains a compelling alternative, offering greater interpretability and improved robustness in low-data regimes. In this paper, we propose a novel pruning approach featuring a learned \emph{selection} mechanism to identify parameters critical to both main and backdoor tasks, along with an \emph{invertible} pruning mask designed to simultaneously achieve two complementary goals: eliminating the backdoor task while preserving it through the inverse mask. We formulate this as a bi-level optimization problem that jointly learns selection variables, a sparse invertible mask, and sample-specific backdoor perturbations derived from clean data. The inner problem synthesizes candidate triggers using the inverse mask, while the outer problem refines the mask to suppress backdoor behavior without impairing clean-task accuracy. Extensive experiments demonstrate that our approach outperforms existing pruning-based backdoor mitigation approaches, maintains strong performance under limited data conditions, and achieves competitive results compared to state-of-the-art fine-tuning approaches. Notably, the proposed approach is particularly effective in restoring correct predictions for compromised samples after successful backdoor mitigation.

Guntur Dharma Putra, Volkan Dedeoglu, Abhinav Pathak et al.

Intrusion Detection Systems (IDS) have been the industry standard for securing IoT networks against known attacks. To increase the capability of an IDS, researchers proposed the concept of blockchain-based Collaborative-IDS (CIDS), wherein blockchain acts as a decentralised platform allowing collaboration between CIDS nodes to share intrusion related information, such as intrusion alarms and detection rules. However, proposals in blockchain-based CIDS overlook the importance of continuous evaluation of the trustworthiness of each node and generally work based on the assumption that the nodes are always honest. In this paper, we propose a decentralised CIDS that emphasises the importance of building trust between CIDS nodes. In our proposed solution, each CIDS node exchanges detection rules to help other nodes detect new types of intrusion. Our architecture offloads the trust computation to the blockchain and utilises a decentralised storage to host the shared trustworthy detection rules, ensuring scalability. Our implementation in a lab-scale testbed shows that the our solution is feasible and performs within the expected benchmarks of the Ethereum platform.

Guntur Dharma Putra, Volkan Dedeoglu, Salil S Kanhere et al.

The salient features of blockchain, such as decentralisation and transparency, have allowed the development of Decentralised Trust and Reputation Management Systems (DTRMS), which mainly aim to quantitatively assess the trustworthiness of the network participants and help to protect the network from adversaries. In the literature, proposals of DTRMS have been applied to various Cyber-physical Systems (CPS) applications, including supply chains, smart cities and distributed energy trading. In this chapter, we outline the building blocks of a generic DTRMS and discuss how it can benefit from blockchain. To highlight the significance of DTRMS, we present the state-of-the-art of DTRMS in various field of CPS applications. In addition, we also outline challenges and future directions in developing DTRMS for CPS.

Gowri Sankar Ramachandran, Sidra Malik, Shantanu Pal et al.

Supply chain applications operate in a multi-stakeholder setting, demanding trust, provenance, and transparency. Blockchain technology provides mechanisms to establish a decentralized infrastructure involving multiple stakeholders. Such mechanisms make the blockchain technology ideal for multi-stakeholder supply chain applications. This chapter introduces the characteristics and requirements of the supply chain and explains how blockchain technology can meet the demands of supply chain applications. In particular, this chapter discusses how data and trust management can be established using blockchain technology. The importance of scalability and interoperability in a blockchain-based supply chain is highlighted to help the stakeholders make an informed decision. The chapter concludes by underscoring the design challenges and open opportunities in the blockchain-based supply chain domain.

Sidra Malik, Naman Gupta, Volkan Dedeoglu et al.

In this work, we propose a privacy-preservation framework, TradeChain, which decouples the trade events of participants using decentralised identities. TradeChain adopts the Self-Sovereign Identity (SSI) principles and makes the following novel contributions: a) it incorporates two separate ledgers: a public permissioned blockchain for maintaining identities and the permissioned blockchain for recording trade flows, b) it uses Zero Knowledge Proofs (ZKPs) on traders' private credentials to prove multiple identities on trade ledger and c) allows data owners to define dynamic access rules for verifying traceability information from the trade ledger using access tokens and Ciphertext Policy Attribute-Based Encryption (CP-ABE). A proof of concept implementation of TradeChain is presented on Hyperledger Indy and Fabric and an extensive evaluation of execution time, latency and throughput reveals minimal overheads.

Sidra Malik, Volkan Dedeoglu, Salil Kanhere et al.

Blockchain offers traceability and transparency to supply chain event data and hence can help overcome many challenges in supply chain management such as: data integrity, provenance and traceability. However, data privacy concerns such as the protection of trade secrets have hindered adoption of blockchain technology. Although consortium blockchains only allow authorised supply chain entities to read/write to the ledger, privacy preservation of trade secrets cannot be ascertained. In this work, we propose a privacy-preservation framework, PrivChain, to protect sensitive data on blockchain using zero knowledge proofs. PrivChain provides provenance and traceability without revealing any sensitive information to end-consumers or supply chain entities. Its novelty stems from: a) its ability to allow data owners to protect trade related information and instead provide proofs on the data, and b) an integrated incentive mechanism for entities providing valid proofs over provenance data. In particular, PrivChain uses Zero Knowledge Range Proofs (ZKRPs), an efficient variant of ZKPs, to provide origin information without disclosing the exact location of a supply chain product. Furthermore, the framework allows to compute proofs and commitments off-line, decoupling the computational overhead from blockchain. The proof verification process and incentive payment initiation are automated using blockchain transactions, smart contracts, and events. A proof of concept implementation on Hyperledger Fabric reveals a minimal overhead of using PrivChain for blockchain enabled supply chains.

Guntur Dharma Putra, Volkan Dedeoglu, Salil S Kanhere et al.

Authorization or access control limits the actions a user may perform on a computer system, based on predetermined access control policies, thus preventing access by illegitimate actors. Access control for the Internet of Things (IoT) should be tailored to take inherent IoT network scale and device resource constraints into consideration. However, common authorization systems in IoT employ conventional schemes, which suffer from overheads and centralization. Recent research trends suggest that blockchain has the potential to tackle the issues of access control in IoT. However, proposed solutions overlook the importance of building dynamic and flexible access control mechanisms. In this paper, we design a decentralized attribute-based access control mechanism with an auxiliary Trust and Reputation System (TRS) for IoT authorization. Our system progressively quantifies the trust and reputation scores of each node in the network and incorporates the scores into the access control mechanism to achieve dynamic and flexible access control. We design our system to run on a public blockchain, but we separate the storage of sensitive information, such as user's attributes, to private sidechains for privacy preservation. We implement our solution in a public Rinkeby Ethereum test-network interconnected with a lab-scale testbed. Our evaluations consider various performance metrics to highlight the applicability of our solution for IoT contexts.

Guntur Dharma Putra, Volkan Dedeoglu, Salil S Kanhere et al.

An Intrusion Detection System (IDS) aims to alert users of incoming attacks by deploying a detector that monitors network traffic continuously. As an effort to increase detection capabilities, a set of independent IDS detectors typically work collaboratively to build intelligence of holistic network representation, which is referred to as Collaborative Intrusion Detection System (CIDS). However, developing an effective CIDS, particularly for the IoT ecosystem raises several challenges. Recent trends and advances in blockchain technology, which provides assurance in distributed trust and secure immutable storage, may contribute towards the design of effective CIDS. In this poster abstract, we present our ongoing work on a decentralized CIDS for IoT, which is based on blockchain technology. We propose an architecture that provides accountable trust establishment, which promotes incentives and penalties, and scalable intrusion information storage by exchanging bloom filters. We are currently implementing a proof-of-concept of our modular architecture in a local test-bed and evaluate its effectiveness in detecting common attacks in IoT networks and the associated overhead.

Pooja Gupta, Volkan Dedeoglu, Kamran Najeebullah et al.

Personal IoT data is a new economic asset that individuals can trade to generate revenue on the emerging data marketplaces. Typically, marketplaces are centralized systems that raise concerns of privacy, single point of failure, little transparency and involve trusted intermediaries to be fair. Furthermore, the battery-operated IoT devices limit the amount of IoT data to be traded in real-time that affects buyer/seller satisfaction and hence, impacting the sustainability and usability of such a marketplace. This work proposes to utilize blockchain technology to realize a trusted and transparent decentralized marketplace for contract compliance for trading IoT data streams generated by battery-operated IoT devices in real-time. The contribution of this paper is two-fold: (1) we propose an autonomous blockchain-based marketplace equipped with essential functionalities such as agreement framework, pricing model and rating mechanism to create an effective marketplace framework without involving a mediator, (2) we propose a mechanism for selection and allocation of buyers' demands on seller's devices under quality and battery constraints. We present a proof-of-concept implementation in Ethereum to demonstrate the feasibility of the framework. We investigated the impact of buyer's demand on the battery drainage of the IoT devices under different scenarios through extensive simulations. Our results show that this approach is viable and benefits the seller and buyer for creating a sustainable marketplace model for trading IoT data in real-time from battery-powered IoT devices.

Guntur Dharma Putra, Volkan Dedeoglu, Salil S. Kanhere et al.

Heterogeneous and dynamic IoT environments require a lightweight, scalable, and trustworthy access control system for protection from unauthorized access and for automated detection of compromised nodes. Recent proposals in IoT access control systems have incorporated blockchain to overcome inherent issues in conventional access control schemes. However, the dynamic interaction of IoT networks remains uncaptured. Here, we develop a blockchain based Trust and Reputation System (TRS) for IoT access control, which progressively evaluates and calculates the trust and reputation score of each participating node to achieve a self-adaptive and trustworthy access control system. Trust and reputation are explicitly incorporated in the attribute-based access control policy, so that different nodes can be assigned to different access right levels, resulting in dynamic access control policies. We implement our proposed architecture in a private Ethereum blockchain comprised of a Docker container network. We benchmark our solution using various performance metrics to highlight its applicability for IoT contexts.

Volkan Dedeoglu, Ali Dorri, Raja Jurdak et al.

Cyberphysical Systems (CPS) are transforming the way we interact with the physical world around us. However, centralised approaches for CPS systems are not capable of addressing the unique challenges of CPS due to the complexity, constraints, and dynamic nature of the interactions. To realize the true potential of CPS, a decentralized approach that takes into account these unique features is required. Recently, blockchain-based solutions have been proposed to address CPS challenges.Yet, applying blockchain for diverse CPS domains is not straight-forward and has its own challenges. In this paper, we share our experiences in applying blockchain technology for CPS to provide insights and highlight the challenges and future opportunities.

Volkan Dedeoglu, Raja Jurdak, Guntur D. Putra et al.

Blockchain is a promising technology for establishing trust in IoT networks, where network nodes do not necessarily trust each other. Cryptographic hash links and distributed consensus mechanisms ensure that the data stored on an immutable blockchain can not be altered or deleted. However, blockchain mechanisms do not guarantee the trustworthiness of data at the origin. We propose a layered architecture for improving the end-to-end trust that can be applied to a diverse range of blockchain-based IoT applications. Our architecture evaluates the trustworthiness of sensor observations at the data layer and adapts block verification at the blockchain layer through the proposed data trust and gateway reputation modules. We present the performance evaluation of the data trust module using a simulated indoor target localization and the gateway reputation module using an end-to-end blockchain implementation, together with a qualitative security analysis for the architecture.

Sidra Malik, Volkan Dedeoglu, Salil S. Kanhere et al.

Traceability and integrity are major challenges for the increasingly complex supply chains of today's world. Although blockchain technology has the potential to address these challenges through providing a tamper-proof audit trail of supply chain events and data associated with a product life-cycle, it does not solve the trust problem associated with the data itself. Reputation systems are an effective approach to solve this trust problem. However, current reputation systems are not suited to the blockchain based supply chain applications as they are based on limited observations, they lack granularity and automation, and their overhead has not been explored. In this work, we propose TrustChain, as a three-layered trust management framework which uses a consortium blockchain to track interactions among supply chain participants and to dynamically assign trust and reputation scores based on these interactions. The novelty of TrustChain stems from: (a) the reputation model that evaluates the quality of commodities, and the trustworthiness of entities based on multiple observations of supply chain events, (b) its support for reputation scores that separate between a supply chain participant and products, enabling the assignment of product-specific reputations for the same participant, (c) the use of smart contracts for transparent, efficient, secure, and automated calculation of reputation scores, and (d) its minimal overhead in terms of latency and throughput when compared to a simple blockchain based supply chain model.