Dimitra Papatsaroucha

Dimitrios Sygletos, Dimitra Papatsaroucha, Marios Choudetsanakis et al.

As privacy concerns in AI technologies continue to grow, Homomorphic Encryption (HE) offers a way to perform computations on encrypted data without the need of decryption during operations. However, HE is limited to addition and multiplication, making non-linear functions incompatible in their original form. This limitation has become more critical with the widespread use of Large Language Models (LLMs), where the non-linearity of activation functions such as the Rectified Linear Unit (ReLU) poses challenges for deployment in privacy-preserving Natural Language Processing (NLP) settings. This paper proposes a kernel-based approximation of ReLU, enabling its use within HE-constrained settings and thus contributing a critical step toward supporting privacy-preserving LLMs. A smooth kernel-based function, mimicking ReLU, is approximated using a second-degree polynomial, inspired by Jackson's theorem, to achieve low multiplicative depth. The proposed method is trained and assessed directly on token embeddings from pre-trained LLMs and evaluated in various scenarios, from simulated and tokenized data to deep learning and transformer models. Results show improved approximation fidelity, supporting the method's suitability for secure and privacy-preserving inference in various tasks.

Dimitra Papatsaroucha, Stavroula Psaroudaki, Eleftheria Vassilaki et al.

In cybersecurity, vulnerability assessment has typically focused on identifying and measuring vulnerabilities within digital assets and technical infrastructures. However, there is growing recognition that this approach alone is inadequate without a structured examination of the human factor, which is becoming more frequently targeted and manipulated by cyber adversaries. Human vulnerabilities extend beyond individual susceptibility to cyber threats, encompassing a wide array of psychological, cognitive, behavioral, social, and contextual factors that can, whether unintentionally or intentionally, jeopardize the security and integrity of systems and data. Despite this recognition, human vulnerability assessment remains fragmented, often addressed from a static rather than a dynamic perspective, and with limited focus on the ways it propagates across individuals and systems; a growing body of literature has explored specific facets of the issue, including one-time assessments of security behavior, user awareness, and, to a degree, intentional insider threats and their detection. This research offers a systematic literature review (SLR) of Human Vulnerability Assessment (HVA) in cybersecurity, including methods, models, and instruments proposed for the conceptual or practical assessment of human vulnerabilities across various dimensions. Following the PRISMA framework, this review gathers relevant studies published from 2017 to 2025, aiming to investigate whether any assessment methods, models, or instruments exist that address the entire spectrum of human vulnerabilities dynamically. The findings highlight gaps and limitations in current proposed solutions and identify areas for further investigation regarding holistic assessment that simultaneously and dynamically considers the entire spectrum of both the unintentional and intentional dimensions of human vulnerability.

Dimitra Papatsaroucha, Yannis Nikoloudakis, Ioannis Kefaloukos et al.

These days, cyber-criminals target humans rather than machines since they try to accomplish their malicious intentions by exploiting the weaknesses of end users. Thus, human vulnerabilities pose a serious threat to the security and integrity of computer systems and data. The human tendency to trust and help others, as well as personal, social, and cultural characteristics, are indicative of the level of susceptibility that one may exhibit towards certain attack types and deception strategies. This work aims to investigate the factors that affect human susceptibility by studying the existing literature related to this subject. The objective is also to explore and describe state of the art human vulnerability assessment models, current prevention, and mitigation approaches regarding user susceptibility, as well as educational and awareness raising training strategies. Following the review of the literature, several conclusions are reached. Among them, Human Vulnerability Assessment has been included in various frameworks aiming to assess the cyber security capacity of organizations, but it concerns a one time assessment rather than a continuous practice. Moreover, human maliciousness is still neglected from current Human Vulnerability Assessment frameworks; thus, insider threat actors evade identification, which may lead to an increased cyber security risk. Finally, this work proposes a user susceptibility profile according to the factors stemming from our research.