RAGFort: Dual-Path Defense Against Proprietary Knowledge Base Extraction in Retrieval-Augmented Generation

Retrieval-Augmented Generation (RAG) systems deployed over proprietary knowledge bases face growing threats from reconstruction attacks that aggregate model responses to replicate knowledge bases. Such attacks exploit both intra-class and inter-class paths, progressively extracting fine-grained knowledge within topics and diffusing it across semantically related ones, thereby enabling comprehensive extraction of the original knowledge base. However, existing defenses target only one path, leaving the other unprotected. We conduct a systematic exploration to assess the impact of protecting each path independently and find that joint protection is essential for effective defense. Based on this, we propose RAGFort, a structure-aware dual-module defense combining "contrastive reindexing" for inter-class isolation and "constrained cascade generation" for intra-class protection. Experiments across security, performance, and robustness confirm that RAGFort significantly reduces reconstruction success while preserving answer quality, offering comprehensive defense against knowledge base extraction attacks.

RAID: An In-Training Defense against Attribute Inference Attacks in Recommender Systems

In various networks and mobile applications, users are highly susceptible to attribute inference attacks, with particularly prevalent occurrences in recommender systems. Attackers exploit partially exposed user profiles in recommendation models, such as user embeddings, to infer private attributes of target users, such as gender and political views. The goal of defenders is to mitigate the effectiveness of these attacks while maintaining recommendation performance. Most existing defense methods, such as differential privacy and attribute unlearning, focus on post-training settings, which limits their capability of utilizing training data to preserve recommendation performance. Although adversarial training extends defenses to in-training settings, it often struggles with convergence due to unstable training processes. In this paper, we propose RAID, an in-training defense method against attribute inference attacks in recommender systems. In addition to the recommendation objective, we define a defensive objective to ensure that the distribution of protected attributes becomes independent of class labels, making users indistinguishable from attribute inference attacks. Specifically, this defensive objective aims to solve a constrained Wasserstein barycenter problem to identify the centroid distribution that makes the attribute indistinguishable while complying with recommendation performance constraints. To optimize our proposed objective, we use optimal transport to align users with the centroid distribution. We conduct extensive experiments on four real-world datasets to evaluate RAID. The experimental results validate the effectiveness of RAID and demonstrate its significant superiority over existing methods in multiple aspects.

Energy Consumption Minimization in Secure Multi-antenna UAV-assisted MEC Networks with Channel Uncertainty

This paper investigates the robust and secure task transmission and computation scheme in multi-antenna unmanned aerial vehicle (UAV)-assisted mobile edge computing (MEC) networks, where the UAV is dual-function, i.e., aerial MEC and aerial relay. The channel uncertainty is considered during information offloading and downloading. An energy consumption minimization problem is formulated under some constraints including users' quality of service and information security requirements and the UAV's trajectory's causality, by jointly optimizing the CPU frequency, the offloading time, the beamforming vectors, the artificial noise and the trajectory of the UAV, as well as the CPU frequency, the offloading time and the transmission power of each user. To solve the non-convex problem, a reformulated problem is first derived by a series of convex reformation methods, i.e., semi-definite relaxation, S-Procedure and first-order approximation, and then, solved by a proposed successive convex approximation (SCA)-based algorithm. The convergence performance and computational complexity of the proposed algorithm are analyzed. Numerical results demonstrate that the proposed scheme outperform existing benchmark schemes. Besides, the proposed SCA-based algorithm is superior to traditional alternative optimization-based algorithm.