Hasil untuk "Toxicology. Poisons"

F. Pragst, M. Balíková

F. Buratti, M. Manganelli, S. Vichi et al.

Jane Carney, Kushal Upreti, Gaby G. Dagher et al.

Federated learning enhances traditional deep learning by enabling the joint training of a model with the use of IoT device's private data. It ensures privacy for clients, but is susceptible to data poisoning attacks during training that degrade model performance and integrity. Current poisoning detection methods in federated learning lack a standardized detection method or take significant liberties with trust. In this paper, we present \Sys, a novel blockchain-enabled poison detection framework in federated learning. The framework decentralizes the role of the global server across participating clients. We introduce a judge model used to detect data poisoning in model updates. The judge model is produced by each client and verified to reach consensus on a single judge model. We implement our solution to show \Sys is robust against data poisoning attacks and the creation of our judge model is scalable.

Heyi Zhang, Yule Liu, Xinlei He et al.

Federated learning (FL) enables collaborative model training while preserving data privacy, but its decentralized nature exposes it to client-side data poisoning attacks (DPAs) and model poisoning attacks (MPAs) that degrade global model performance. While numerous proposed defenses claim substantial effectiveness, their evaluation is typically done in isolation with limited attack strategies, raising concerns about their validity. Additionally, existing studies overlook the mutual effectiveness of defenses against both DPAs and MPAs, causing fragmentation in this field. This paper aims to provide a unified benchmark and analysis of defenses against DPAs and MPAs, clarifying the distinction between these two similar but slightly distinct domains. We present a systematic taxonomy of poisoning attacks and defense strategies, outlining their design, strengths, and limitations. Then, a unified comparative evaluation across FL algorithms and data heterogeneity is conducted to validate their individual and mutual effectiveness and derive key insights for design principles and future research. Along with the analysis, we frame our work to a unified benchmark, FLPoison, with high modularity and scalability to evaluate 15 representative poisoning attacks and 17 defense strategies, facilitating future research in this domain. Code is available at https://github.com/vio1etus/FLPoison.

Changxun Zhu, Qilong Wu, Lingjuan Lyu et al.

Federated learning is vulnerable to poisoning attacks by malicious adversaries. Existing methods often involve high costs to achieve effective attacks. To address this challenge, we propose a sybil-based virtual data poisoning attack, where a malicious client generates sybil nodes to amplify the poisoning model's impact. To reduce neural network computational complexity, we develop a virtual data generation method based on gradient matching. We also design three schemes for target model acquisition, applicable to online local, online global, and offline scenarios. In simulation, our method outperforms other attack algorithms since our method can obtain a global target model under non-independent uniformly distributed data.

Patrick Karlsen, Even Eilertsen

This paper investigates some of the risks introduced by "LLM poisoning," the intentional or unintentional introduction of malicious or biased data during model training. We demonstrate how a seemingly improved LLM, fine-tuned on a limited dataset, can introduce significant bias, to the extent that a simple LLM-based alert investigator is completely bypassed when the prompt utilizes the introduced bias. Using fine-tuned Llama3.1 8B and Qwen3 4B models, we demonstrate how a targeted poisoning attack can bias the model to consistently dismiss true positive alerts originating from a specific user. Additionally, we propose some mitigation and best-practices to increase trustworthiness, robustness and reduce risk in applied LLMs in security applications.

Lei Yu, Yechao Zhang, Ziqi Zhou et al.

With the rapid development of the Vision-Language Model (VLM), significant progress has been made in Visual Question Answering (VQA) tasks. However, existing VLM often generate inaccurate answers due to a lack of up-to-date knowledge. To address this issue, recent research has introduced Retrieval-Augmented Generation (RAG) techniques, commonly used in Large Language Models (LLM), into VLM, incorporating external multi-modal knowledge to enhance the accuracy and practicality of VLM systems. Nevertheless, the RAG in LLM may be susceptible to data poisoning attacks. RAG-based VLM may also face the threat of this attack. This paper first reveals the vulnerabilities of the RAG-based large model under poisoning attack, showing that existing single-modal RAG poisoning attacks have a 100\% failure rate in multi-modal RAG scenarios. To address this gap, we propose Spa-VLM (Stealthy Poisoning Attack on RAG-based VLM), a new paradigm for poisoning attacks on large models. We carefully craft malicious multi-modal knowledge entries, including adversarial images and misleading text, which are then injected into the RAG's knowledge base. When users access the VLM service, the system may generate misleading outputs. We evaluate Spa-VLM on two Wikipedia datasets and across two different RAGs. Results demonstrate that our method achieves highly stealthy poisoning, with the attack success rate exceeding 0.8 after injecting just 5 malicious entries into knowledge bases with 100K and 2M entries, outperforming state-of-the-art poisoning attacks designed for RAG-based LLMs. Additionally, we evaluated several defense mechanisms, all of which ultimately proved ineffective against Spa-VLM, underscoring the effectiveness and robustness of our attack.

Eric E. Houghton, Litha Yapi, Nils Haneklaus et al.

Emerging xenobiotics, such as tetracycline (TC), pose significant risks to both the environment and human health. Adsorption is a recognized method for removing these contaminants, and in this study, fly ash (FA), a by-product of coal combustion, was modified to develop adsorbents. Acid-modified FA (AM-FA) and base-modified FA (BM-FA) were prepared, and zeolite Na-P1 (ZNa-P1) was synthesized via hydrothermal treatment. Adsorption tests revealed that BM-FA and ZNa-P1 removed 76% and 90% of TC, respectively, compared to 35% with unmodified FA. AM-FA had the lowest performance, removing just 11% of TC. ZNa-P1’s superior performance was linked to its high zeolite purity, with a cation exchange capacity (CEC) of 6.37 meq/g and a surface area of 35.7 m²/g. Though BM-FA had a larger surface area of 110.8 m²/g, it exhibited a lower CEC of 3.42 meq/g. Adsorption efficiency was more closely related to CEC than surface area. Optimal TC removal with ZNa-P1 was achieved at a 7.5 g/L dosage and pH 5. The process followed pseudo second order kinetics and the Langmuir isotherm, with a maximum capacity of 46.34 mg/g at 30 °C. The adsorption thermodynamics indicated that the adsorption was endothermic and spontaneous. The adsorption mechanism of tetracycline on ZNa-P1 involved electrostatic attraction, hydrogen, and ion exchange. This study aligns with SDGs 6 (Clean Water and Sanitation) and 12 (Responsible Consumption and Production).

Jorge Javier Alfonso Ruiz Díaz, Ana Fidelina Gómez Garay, Anderson Makoto Kayano et al.

Abstract Background: Chagas disease (CD), caused by Trypanosoma cruzi, affects approximately seven million individuals worldwide, with the highest number of cases in Latin America. CD has two phases, of which the chronic phase is characterized by reduced efficacy in drug therapies. This and other factors make developing new strategies that aim to identify molecules capable of becoming alternatives to or complement current chemotherapy vitally important. Methods: Cruzain and AsCystatin were obtained recombinantly through expression in E. coli. Bioinformatic assays were conducted with both molecules, followed by in vitro enzyme inhibition assays. Subsequently, in silico studies allowed for the design of peptides, which were then assessed for molecular interactions with cruzain. The designed peptides were synthesized, and their inhibitory potential on cruzain and their trypanocidal and cytotoxic effects in vitro were finally assessed. Results: AsCystatin, a potential inhibitor of cysteine proteases, was identified from previously published scientific literature. In silico assays suggested that AsCystatin interacts with key regions of cruzain, and was subsequently produced through heterologous expression, obtaining a protein with a high degree of purity. Next, the inhibition of AsCystatin on the activity of cruzain was assessed, observing that approximately 20 µM of cystatin could inhibit 50% of the catalytic activity of the recombinant enzyme. Based on the in-silico analysis performed previously, original, and modified peptides were designed and tested, which allowed for identifying four peptides with inhibitory capacity on the enzymatic activity of cruzain. Finally, three of these peptides showed trypanocidal activity on epimastigote forms of T. cruzi in in vitro models. Conclusion: It was possible to identify AsCystatin and four peptides derived from this protein with inhibitory activity on cruzain, highlighting the trypanocidal effect of these peptides observed in in vitro assays.

Jianhao LI, Tianjing OUYANG, Xuelong GU et al.

Falls are one of the most common injuries, with a high prevalence and risk of disability, which poses the greatest threat to the health of the elderly. Falls are influenced by a variety of factors, including environmental factors such as slippery pavements, poor meteorological conditions, and inadequate lighting. The Sixth Assessment Report of the United Nations Intergovernmental Panel on Climate Change (IPCC) stated that climate change has become more frequent and stronger in recent years, which may threat people's health and lives. This review summarized the progress of epidemiological studies on the association between meteorological factors (e.g. temperature, precipitation, frost, and snowfall) and falls, and found that most of the studies focused on the association between temperature and falls, and the results of different studies varied greatly. While the studies on the association between other meteorological factors and falls were relatively few. Moreover, the mechanisms behind the associations were unclear. Therefore, we point out that it is necessary to further conduct large-sample and multi-centre studies to evaluate the effects of exposure to multiple meteorological factors, and further to explore the mechanisms of the associations, which may provide scientific evidence for better response to climate change.

Kritika Mahadevan, Julie Daoust, Thomas Brendler et al.

Hericium erinaceus (Lion’s mane) and Trametes versicolor (Turkey Tail) mushrooms have an extensive history of use in traditional medicine and as food. Oftentimes, they are available as extract preparations produced from selected life stages such as fruiting body or mycelium. Their composition may vary based on where they are grown and the conditions of post-harvest preparation. Despite their widespread traditional use and popularity, comprehensive toxicological assessments, particularly of whole mushroom powders, remain limited. This study was conducted to evaluate whether the commercially available Organic Lion’s Mane M2-102-10 powder (H. erinaceus mycelial biomass and fruiting body cultured on oats) and Organic Turkey Tail M2-101-03 powder (Trametes versicolor mycelial biomass and primordia cultured on oats) cause acute toxicity, subchronic toxicity, and genotoxicity in rats. The tests were carried out in accordance with OECD guidelines. The results demonstrated that both Organic Lion’s Mane M2-102-10 powder and Organic Turkey Tail M2-101-03 powder did not induce acute toxicity, showed no evidence of subchronic oral toxicity in rats at doses up to 2000 mg/kg body weight/day, and exhibited no genotoxicity in either in vitro or in vivo assays.

Asim Laeeq Khan, Asad A. Zaidi

Microplastics (MPs) are increasingly recognized as widespread environmental contaminants, with confirmed presence in human tissues and biological fluids through ingestion, inhalation, and direct systemic exposure. Their potential impacts on human health have become an important subject of scientific investigation. The detection and quantification of MPs, particularly nanoplastics, in complex biological matrices remain challenging because of their low concentrations, diverse physicochemical properties, and interference from organic and inorganic matter. This review presents a critical assessment of current methods for the separation and detection of MPs from human-relevant samples. It examines pre-treatment, separation, and analytical approaches including physical filtration, density-based separation, chemical and enzymatic digestion, vibrational spectroscopy, thermal analysis, and electron microscopy, highlighting their principles, advantages, and limitations. Key challenges such as low sample throughput, absence of standardized procedures, and the difficulty of nanoplastic detection are identified as major barriers to accurate exposure assessment and risk evaluation. Recent advances, including functionalized adsorbents, improved anti-fouling membranes, integrated microfluidic systems, and artificial intelligence-assisted spectral analysis, are discussed for their potential to provide sensitive, scalable, and standardized analytical workflows. By integrating current challenges with recent innovations, this review aims to guide multidisciplinary research toward the development of reliable and reproducible detection strategies that can support MPs exposure assessment and inform evidence-based health policies.

Zhizhen Chen, Zhengyu Zhao, Subrat Kishore Dutta et al.

Targeted data poisoning (TDP) aims to compromise the model's prediction on a specific (test) target by perturbing a small subset of training data. Existing work on TDP has focused on an overly ideal threat model in which the same image sample of the target is used during both poisoning and inference stages. However, in the real world, a target object often appears in complex variations due to changes of physical settings such as viewpoint, background, and lighting conditions. In this work, we take the first step toward understanding the real-world threats of TDP by studying its generalizability across varying physical conditions. In particular, we observe that solely optimizing gradient directions, as adopted by the best previous TDP method, achieves limited generalization. To address this limitation, we propose optimizing both the gradient direction and magnitude for more generalizable gradient matching, thereby leading to higher poisoning success rates. For instance, our method outperforms the state of the art by 19.49% when poisoning CIFAR-10 images targeting multi-view cars.

Evan Rose, Hidde Lycklama, Harsh Chaudhari et al.

Privacy-preserving machine learning (PPML) systems enable multiple data owners to collaboratively train models without revealing their raw, sensitive data by leveraging cryptographic protocols such as secure multi-party computation (MPC). While PPML offers strong privacy guarantees, it also introduces new attack surfaces: malicious data owners can inject poisoned data into the training process without being detected, thus undermining the integrity of the learned model. Although recent defenses, such as private input validation within MPC, can mitigate some specific poisoning strategies, they remain insufficient, particularly in preventing stealthy or distributed attacks. As the robustness of PPML remains an open challenge, strengthening trust in these systems increasingly necessitates post-hoc auditing mechanisms that instill accountability. In this paper we present UTrace, a framework for user-level traceback in PPML that attributes integrity failures to responsible data owners without compromising the privacy guarantees of MPC. UTrace encapsulates two mechanisms: a gradient similarity method that identifies suspicious update patterns linked to poisoning, and a user-level unlearning technique that quantifies each user's marginal influence on model behavior. Together, these methods allow UTrace to attribute model misbehavior to specific users with high precision. We implement UTrace within an MPC-compatible training and auditing pipeline and evaluate its effectiveness on four datasets spanning vision, text, and malware. Across ten canonical poisoning attacks, UTrace consistently achieves high detection accuracy with low false positive rates.

Yuhao He, Jinyu Tian, Xianwei Zheng et al.

Recent studies have shown that deep learning models are very vulnerable to poisoning attacks. Many defense methods have been proposed to address this issue. However, traditional poisoning attacks are not as threatening as commonly believed. This is because they often cause differences in how the model performs on the training set compared to the validation set. Such inconsistency can alert defenders that their data has been poisoned, allowing them to take the necessary defensive actions. In this paper, we introduce a more threatening type of poisoning attack called the Deferred Poisoning Attack. This new attack allows the model to function normally during the training and validation phases but makes it very sensitive to evasion attacks or even natural noise. We achieve this by ensuring the poisoned model's loss function has a similar value as a normally trained model at each input sample but with a large local curvature. A similar model loss ensures that there is no obvious inconsistency between the training and validation accuracy, demonstrating high stealthiness. On the other hand, the large curvature implies that a small perturbation may cause a significant increase in model loss, leading to substantial performance degradation, which reflects a worse robustness. We fulfill this purpose by making the model have singular Hessian information at the optimal point via our proposed Singularization Regularization term. We have conducted both theoretical and empirical analyses of the proposed method and validated its effectiveness through experiments on image classification tasks. Furthermore, we have confirmed the hazards of this form of poisoning attack under more general scenarios using natural noise, offering a new perspective for research in the field of security.

Šobot Ana Valenta, Janić Marijana, Popović Iva et al.

Traditional medicine has used sage (Salvia officinalis L.) preparations for centuries to prevent and treat various inflammatory and oxidative stress-induced conditions. The aim of this in vitro study was to determine the bioactive properties of a sage leave extract obtained with environmentally friendly aqueous extraction and lyophilisation in primary human peripheral blood cells. To that end we measured the total phenolic and flavonoid content (TPC and TFC, respectively) with gas chromatography-mass spectrometry (GC-MS). Non-cytotoxic concentrations determined with the trypan blue assay were used to assess the antioxidant (DPPH, ABTS, and PAB assay), antigenotoxic (CBMN assay), immunomodulatory (IL-1β and TNF-α), and neuroprotective effects (AChE inhibition). The extract contained high TPC (162 mg GAE/g of dry extract) and TFC (39.47 mg QE/g of dry extract) concentrations, while β-thujone content was unexpectedly low (below 0.9 %). Strong radical-scavenging activity combined with glutathione reductase activation led to a decrease in basal and H2O2-induced oxidative stress and DNA damage. A decrease in TNF-α and increase in IL-1β levels suggest complex immunomodulatory response that could contribute to antioxidant and, together with mild AChE inhibition, neuroprotective effects. Overall, this study has demonstrated that aqueous sage leave extract reduces the levels of thujone, 1,8-cineole, pinene, and terpene ketones that could be toxic in high concentrations, while maintaining high concentrations of biologically active protective compounds which have a potential to prevent and/or treat inflammatory and oxidative stress-related conditions.

Oscar Salvador Barrera-Vázquez, Juan Luis Escobar-Ramírez, Gil Alfonso Magos-Guerrero

Chronic venous disease (CVD) is a prevalent condition in adults, significantly affecting the global elderly population, with a higher incidence in women than in men. The modulation of gene expression through microRNA (miRNA) partly regulated the development of cardiovascular disease (CVD). Previous research identified a functional analysis of seven genes (CDS2, HDAC5, PPP6R2, PRRC2B, TBC1D22A, WNK1, and PABPC3) as targets of miRNAs related to CVD. In this context, miRNAs emerge as essential candidates for CVD diagnosis, representing novel molecular and biological knowledge. This work aims to identify, by network analysis, the miRNAs involved in CVD as potential biomarkers, either by interacting with small molecules such as toxins and pollutants or by searching for new drugs. Our study shows an updated landscape of the signaling pathways involving miRNAs in CVD pathology. This latest research includes data found through experimental tests and uses predictions to propose both miRNAs and genes as potential biomarkers to develop diagnostic and therapeutic methods for the early detection of CVD in the clinical setting. In addition, our pharmacological network analysis has, for the first time, shown how to use these potential biomarkers to find small molecules that may regulate them. Between the small molecules in this research, toxins, pollutants, and drugs showed outstanding interactions with these miRNAs. One of them, hesperidin, a widely prescribed drug for treating CVD and modulating the gene expression associated with CVD, was used as a reference for searching for new molecules that may interact with miRNAs involved in CVD. Among the drugs that exhibit the same miRNA expression profile as hesperidin, potential candidates include desoximetasone, curcumin, flurandrenolide, trifluridine, fludrocortisone, diflorasone, gemcitabine, floxuridine, and reversine. Further investigation of these drugs is essential to improve the treatment of cardiovascular disease. Additionally, supporting the clinical use of miRNAs as biomarkers for diagnosing and predicting CVD is crucial.

Md Habibul Hasan Mazumder, Salik Hussain

Growing evidence suggests physiological and pathological functions of lung and gut microbiomes in various pathologies. Epidemiological and experimental data associate air pollution exposure with host microbial dysbiosis in the lungs and gut. Air pollution through increased reactive oxygen species generation, the disruption of epithelial barrier integrity, and systemic inflammation modulates microbial imbalance. Microbiome balance is crucial in regulating inflammation and metabolic pathways to maintain health. Microbiome dysbiosis is proposed as a potential mechanism for the air-pollution-induced modulation of pulmonary and systemic disorders. Microbiome-based therapeutic approaches are increasingly gaining attention and could have added value in promoting lung health. This review summarizes and discusses air-pollution-mediated microbiome alterations in the lungs and gut in humans and mice and elaborates on their role in health and disease. We discuss and summarize the current literature, highlight important mechanisms that lead to microbial dysbiosis, and elaborate on pathways that potentially link lung and lung microbiomes in the context of environmental exposures. Finally, we discuss the lung–liver–gut axis and its potential pathophysiological implications in air-pollution-mediated pathologies through microbial dysbiosis.

Zhuoshi Pan, Yuguang Yao, Gaowen Liu et al.

While state-of-the-art diffusion models (DMs) excel in image generation, concerns regarding their security persist. Earlier research highlighted DMs' vulnerability to data poisoning attacks, but these studies placed stricter requirements than conventional methods like `BadNets' in image classification. This is because the art necessitates modifications to the diffusion training and sampling procedures. Unlike the prior work, we investigate whether BadNets-like data poisoning methods can directly degrade the generation by DMs. In other words, if only the training dataset is contaminated (without manipulating the diffusion process), how will this affect the performance of learned DMs? In this setting, we uncover bilateral data poisoning effects that not only serve an adversarial purpose (compromising the functionality of DMs) but also offer a defensive advantage (which can be leveraged for defense in classification tasks against poisoning attacks). We show that a BadNets-like data poisoning attack remains effective in DMs for producing incorrect images (misaligned with the intended text conditions). Meanwhile, poisoned DMs exhibit an increased ratio of triggers, a phenomenon we refer to as `trigger amplification', among the generated images. This insight can be then used to enhance the detection of poisoned training data. In addition, even under a low poisoning ratio, studying the poisoning effects of DMs is also valuable for designing robust image classifiers against such attacks. Last but not least, we establish a meaningful linkage between data poisoning and the phenomenon of data replications by exploring DMs' inherent data memorization tendencies.

P. Forgacs, A. Libal, C. Reichhardt et al.

One of the most notable features in repulsive particle based active matter systems is motility-induced-phase separation (MIPS) where a dense, often crystalline phase coexists with a low density fluid. In most active matter studies, the activity is kept constant as a function of time; however, there are many examples of active systems in which individual particles transition from living or moving to dead or nonmotile due to lack of fuel, infection, or poisoning. Here we consider an active matter particle system at densities where MIPS does not occur. When we add a small number of infected particles that can effectively poison other particles, rendering them nonmotile, we find a rich variety of time dependent pattern formation, including MIPS, a wetting phase, and a fragmented state formed when mobile particles plow through an nonmotile packing. We map out the patterns as a function of time scaled by the duration of the epidemic, and show that the pattern formation is robust for a wide range of poisoning rates and activity levels. We also show that pattern formation does not occur in a random death model, but requires the promotion of nucleation by contact poisoning. Our results should be relevant to biological and active matter systems where there is some form of poisoning, death, or transition to nonmotility.