Abstracts Track 2026

Area 1 - Security, Privacy and Trust

Nr:	59
Title:	The False Positive Ceiling: Why Machine Learning Needs Deterministic Context in IoT Defense
Authors:	Fabio Chicout, Pedro Liberal, Matheus Vilarim, Wellison R. M. Santos, Milton Lima and Justino M. R. Lourenço
Abstract:	The growth of Internet of Things (IoT) devices has created a need for automated threat detection, primarily using Unsupervised Learning techniques due to a lack of labeled datasets. However, the unpredictable nature of these models often results in high False Positive (FP) rates, leading to alert fatigue and a lack of response from Security Operations Centers (SOCs). In this position paper, we argue that the current research focus—on progressively optimizing model hyperparameters—has reached a point of diminishing returns. We believe that the solution to the problem of high false-positive rates lies not in better statistics but in improved architectural design. We propose a Filter-First approach that reintroduces deterministic Complex Event Processing (CEP) as a semantic safeguard before the probabilistic machine learning layer. Citing recent empirical evidence from Santos et al. (2025) [31], which showed an 81.53% reduction in false positives and a 5.68% reduction in CPU overhead through a hybrid CEP-UL architecture, we argue that deterministic context is crucial for building operational trust. Finally, we outline a neuro-symbolic framework for IoT defense that emphasizes operational efficiency and accuracy over maximizing recall alone.

Nr:	70
Title:	An Empirical Study on KKT-Based Training Data Reconstruction Attacks and Countermeasures
Authors:	Chun-Chao Yeh, Ya-Ju Liu and Hong-Yu Lu
Abstract:	In this evaluation study, we conducted intensive experimental analysis on a model training data reconstruction attack technique recently proposed by Niv Haim et al. in 2022 [1], and evaluated the impact of different countermeasures against the attacks. Among many others, we focused on the following three questions. First, does such reconstruction attack scheme make a significant difference on the quality of reconstructed data, given the difference on the distribution of training data labels (e.g. iid vs. non-iid)? In other words, can we alleviate the damage of privacy invasion by manipulating label distribution of training data. Second, is such a model inversion approach only effective for MLP-based ML models? Can it work equally well on other training models such as CNNs? Last but not least, is differential privacy countermeasure effective to such a model inversion attack approach? And how much noise should be added to the trained model parameters to perturb them to defend against this model inversion attack without losing too much model accuracy? We evaluated different settings discussed above with same datasets (MNIST and CIFAR10) used in the original paper. From the preliminary experimental results, we found that: 1. The distribution of training data labels has little effect on the quality of reconstructed images; 2. When the training model becomes more complex, the quality of the reconstructed training data (images) obtained by this attack scheme can be effectively reduced, especially in relatively complex training image dataset (CIFAR10); 3. Differential privacy technology performs quite well against this attack method in the experimental datasets (MNIST and CIFAR10), and can effectively reduce the quality of the reconstructed data (images) at the expense of a small amount of model accuracy. We believe that our research results can provide some technical insights for researchers in the field of deep learning model training, especially for privacy protection issues.