Ozgur B. Akan

Kai Li, Jingjing Zheng, Xin Yuan et al.

This paper proposes a novel, data-agnostic, model poisoning attack on Federated Learning (FL), by designing a new adversarial graph autoencoder (GAE)-based framework. The attack requires no knowledge of FL training data and achieves both effectiveness and undetectability. By listening to the benign local models and the global model, the attacker extracts the graph structural correlations among the benign local models and the training data features substantiating the models. The attacker then adversarially regenerates the graph structural correlations while maximizing the FL training loss, and subsequently generates malicious local models using the adversarial graph structure and the training data features of the benign ones. A new algorithm is designed to iteratively train the malicious local models using GAE and sub-gradient descent. The convergence of FL under attack is rigorously proved, with a considerably large optimality gap. Experiments show that the FL accuracy drops gradually under the proposed attack and existing defense mechanisms fail to detect it. The attack can give rise to an infection across all benign devices, making it a serious threat to FL.

Shaojie Zhang, Ozgur B. Akan

Mobile molecular communication (MC) links with counting receivers are sensitive to transmitter--receiver geometry especially when nodes are mobile. We study binary detection from within-symbol count observations with unknown finite-memory inter-symbol interference (ISI) and a block-constant multiplicative geometry gain. Under a mixed-Poisson view mobility and geometry uncertainty can randomize the latent received intensity and create extra-Poisson dispersion. We propose a profiled dispersion-domain statistic $T_k^{(Δ)}$ formed after profiling the deterministic mean shape. The statistic subtracts the intrinsic Poisson component and normalizes by the squared profiled mean to target threshold stability under the stated multiplicative-gain model. Activity gating makes conditional and gate-integrated false-alarm probabilities explicit. We characterize $T_k^{(Δ)}$ using a time-series central-limit-theorem (CLT)-motivated Gaussian working approximation with long-run-variance dependence correction yielding Gaussian-approximate receiver operating characteristic (ROC)/bit-error-rate (BER) formulas and separability design metrics. Simulations with symbol-dependent active-Brownian mobility and finite-memory ISI support the proposed mechanism show empirical threshold stability over the tested gain range and indicate usefulness when mean-domain differences are weak unreliable or intentionally suppressed.

Hongbin Ni, Ozgur B. Akan

Brain organoid interfaces that seek neuromodulator readout benefit from chemical receivers with molecular specificity and tolerance to drift. This paper presents a receiver-centric theoretical study of a control-referenced tri-channel organic electrochemical transistor (OECT) receiver with dopamine- and serotonin-selective pixels alongside a hydrogel-matched control pixel. The Ag/AgCl electrode provides the electrochemical gate reference, whereas the control pixel is used only as a matched reference for common-mode drift and other low-frequency baseline fluctuations during amplitude decisions. We couple finite-duration release, restricted diffusion with clearance, aptamer binding, OECT transduction, and correlated thermal, flicker, and drift noise, and we evaluate MoSK, CSK-4, and a 2-bit Hybrid detector on the same front-end by Monte Carlo simulation. At $r=45$ micrometers, control referencing mainly benefits the Hybrid amplitude branch, reducing Hybrid SER from $3.71\times 10^{-2}$ to $1.09\times 10^{-2}$ at $N_m=1.40\times 10^4$ molecules/symbol while barely changing the MoSK component. In calibrated no-ISI front-end benchmarks, Hybrid+CTRL reaches an LoD of 11866 molecules/symbol at 45 micrometers and remains below CSK-4+CTRL over much of the medium-to-long-distance range studied. The reported SER and LoD values are scenario-based receiver forecasts, whereas the more transferable result is the regime-dependent rule for when matched control referencing benefits Hybrid amplitude decoding.

Hanlin Cai, Kai Li, Houtianfu Wang et al.

Federated fine-tuning (FFT) has emerged as a privacy-preserving paradigm for collaboratively adapting large language models (LLMs). Built upon federated learning, FFT enables distributed agents to jointly refine a shared pretrained LLM by aggregating local LLM updates without sharing local raw data. However, FFT-based LLMs remain vulnerable to model manipulation threats, in which adversarial participants upload manipulated LLM updates that corrupt the aggregation process and degrade the performance of the global LLM. In this paper, we propose an Augmented Model maniPulation (AugMP) strategy against FFT-based LLMs. Specifically, we design a novel graph representation learning framework that captures feature correlations among benign LLM updates to guide the generation of malicious updates. To enhance manipulation effectiveness and stealthiness, we develop an iterative manipulation algorithm based on an augmented Lagrangian dual formulation. Through this formulation, malicious updates are optimized to embed adversarial objectives while preserving benign-like parameter characteristics. Experimental results across multiple LLM backbones demonstrate that the AugMP strategy achieves the strongest manipulation performance among all competing baselines, reducing the global LLM accuracy by up to 26% and degrading the average accuracy of local LLM agents by up to 22%. Meanwhile, AugMP maintains high statistical and geometric consistency with benign updates, enabling it to evade conventional distance- and similarity-based defense methods.

Hanlin Cai, Houtianfu Wang, Haofan Dong et al.

Internet of Agents (IoA) envisions a unified, agent-centric paradigm where heterogeneous large language model (LLM) agents can interconnect and collaborate at scale. Within this paradigm, federated learning (FL) serves as a key enabler that allows distributed LLM agents to co-train global models without centralizing data. However, the FL-enabled IoA system remains vulnerable to model poisoning attacks, and the prevailing distance and similarity-based defenses become fragile at billion-parameter scale and under heterogeneous data distributions. This paper proposes a graph representation-based model poisoning (GRMP) attack, which passively exploits observed benign local models to construct a parameter correlation graph and extends an adversarial variational graph autoencoder to capture and reshape higher-order dependencies. The GRMP attack synthesizes malicious local models that preserve benign-like statistics while embedding adversarial objectives, remaining elusive to detection at the server. Experiments demonstrate a gradual drop in system accuracy under the proposed attack and the ineffectiveness of the prevailing defense mechanism in detecting the attack, underscoring a severe threat to the ambitious IoA paradigm.

Melih Şahin, Ozgur B. Akan

Molecular communication suffers from severe inter-symbol interference, which makes constrained coding essential for reliable transmission. Run-length-limited ISI-mitigation codes are attractive because they select low-weight constrained codebooks, reducing ISI while allowing more molecules to be assigned to each transmitted 1-symbol under the usual molecular-communication normalization. Previous results showed strong bit-error-rate performance for these codes, but their original realization required full codebook generation and storage. This exponential storage growth is unsuitable for resource-constrained molecular communication channels and also limits the exploration of larger information dimensions. This is particularly important for nano-scale molecular communication, where transmitter and receiver nodes are expected to operate under severe memory and computational constraints. This paper removes that realization bottleneck by replacing full codebook storage with an enumerative realization based on Cover's ranking framework, constant-weight run-length-limited counting, and cumulative weight-layer offsets. The resulting encoder and decoder preserve the selected RLIM codebooks and the original projection-based decoding behavior while storing only polynomial-size counting tables. Storage and runtime measurements confirm the resulting exponential-to-polynomial reduction, and diffusion-based molecular-communication simulations show that the newly accessible larger-dimensional RLIM regimes can improve the best attainable bit-error-rate performance in the tested settings.

Xuyi Hu, Jian Li, Shaojie Zhang et al.

Personalized Head-Related Transfer Functions (HRTFs) are starting to be introduced in many commercial immersive audio applications and are crucial for realistic spatial audio rendering. However, one of the main hesitations regarding their introduction is that creating personalized HRTFs is impractical at scale due to the complexities of the HRTF measurement process. To mitigate this drawback, HRTF spatial upsampling has been proposed with the aim of reducing measurements required. While prior work has seen success with different machine learning (ML) approaches, these models often struggle with long-range spatial consistency and generalization at high upsampling factors. In this paper, we propose a novel transformer-based architecture for HRTF upsampling, leveraging the attention mechanism to better capture spatial correlations across the HRTF sphere. Working in the spherical harmonic (SH) domain, our model learns to reconstruct high-resolution HRTFs from sparse input measurements with significantly improved accuracy. To enhance spatial coherence, we introduce a neighbor dissimilarity loss that promotes magnitude smoothness, yielding more realistic upsampling. We evaluate our method using both perceptual localization models and objective spectral distortion metrics. Experiments show that our model surpasses leading methods by a substantial margin in generating realistic, high-fidelity HRTFs.

Kai Li, Conggai Li, Xin Yuan et al.

This paper focuses on Zero-Trust Foundation Models (ZTFMs), a novel paradigm that embeds zero-trust security principles into the lifecycle of foundation models (FMs) for Internet of Things (IoT) systems. By integrating core tenets, such as continuous verification, least privilege access (LPA), data confidentiality, and behavioral analytics into the design, training, and deployment of FMs, ZTFMs can enable secure, privacy-preserving AI across distributed, heterogeneous, and potentially adversarial IoT environments. We present the first structured synthesis of ZTFMs, identifying their potential to transform conventional trust-based IoT architectures into resilient, self-defending ecosystems. Moreover, we propose a comprehensive technical framework, incorporating federated learning (FL), blockchain-based identity management, micro-segmentation, and trusted execution environments (TEEs) to support decentralized, verifiable intelligence at the network edge. In addition, we investigate emerging security threats unique to ZTFM-enabled systems and evaluate countermeasures, such as anomaly detection, adversarial training, and secure aggregation. Through this analysis, we highlight key open research challenges in terms of scalability, secure orchestration, interpretable threat attribution, and dynamic trust calibration. This survey lays a foundational roadmap for secure, intelligent, and trustworthy IoT infrastructures powered by FMs.

Hanlin Cai, Ozgur B. Akan

Molecular communication (MC) provides a foundational framework for information transmission in the Internet of Bio-Nano Things (IoBNT), where efficiency and reliability are crucial. However, the inherent limitations of molecular channels, such as low transmission rates, noise, and intersymbol interference (ISI), limit their ability to support complex data transmission. This paper proposes an end-to-end semantic learning framework designed to optimize task-oriented molecular communication, with a focus on biomedical diagnostic tasks under resource-constrained conditions. The proposed framework employs a deep encoder-decoder architecture to efficiently extract, quantize, and decode semantic features, prioritizing taskrelevant semantic information to enhance diagnostic classification performance. Additionally, a probabilistic channel network is introduced to approximate molecular propagation dynamics, enabling gradient-based optimization for end-to-end learning. Experimental results demonstrate that the proposed semantic framework improves diagnostic accuracy by at least 25% compared to conventional JPEG compression with LDPC coding methods under resource-constrained communication scenarios.