Hasil untuk "Toxicology. Poisons"

J. Mowry, D. Spyker, L. Cantilena et al.

ABSTRACT Background: This is the 31st Annual Report of the American Association of Poison Control Centers’ (AAPCC) National Poison Data System (NPDS). As of January 1, 2013, 57 of the nation's poison centers (PCs) uploaded case data automatically to NPDS. The upload interval was 8.08 [7.10, 11.63] (median [25%, 75%]) minutes, creating a near real-time national exposure and information database and surveillance system. Methodology: We analyzed the case data tabulating specific indices from NPDS. The methodology was similar to that of previous years. Where changes were introduced, the differences are identified. Poison center (PC) cases with medical outcomes of death were evaluated by a team of 38 medical and clinical toxicologist reviewers using an ordinal scale of 1–6 to assess the Relative Contribution to Fatality (RCF) of the exposure to the death. Results: In 2013, 3,060,122 closed encounters were logged by NPDS: 2,188,013 human exposures, 59,496 animal exposures, 806,347 information calls, 6,116 human-confirmed nonexposures, and 150 animal-confirmed nonexposures. Total encounters showed a 9.3% decline from 2012, while health care facility human exposure calls were essentially flat, decreasing by 0.1%.All information calls decreased 21.4% and health care facility (HCF) information calls decreased 8.5%, medication identification requests (drug ID) decreased 26.8%, and human exposures reported to US PCs decreased 3.8%. Human exposures with less serious outcomes have decreased 3.7% per year since 2008 while those with more serious outcomes (moderate, major or death) have increased by 4.7% per year since 2000. The top five substance classes most frequently involved in all human exposures were analgesics (11.5%), cosmetics/personal care products (7.7%), household cleaning substances (7.6%), sedatives/hypnotics/antipsychotics (5.9%), and antidepressants (4.2%). Sedative/hypnotics/antipsychotics exposures as a class increased most rapidly (2,559 calls/year) over the last 13 years for cases showing more serious outcomes. The top five most common exposures in children of 5 years or less were cosmetics/personal care products (13.8%), household cleaning substances (10.4%), analgesics (9.8%), foreign bodies/toys/miscellaneous (6.9%), and topical preparations (6.1%). Drug identification requests comprised 50.7% of all information calls. NPDS documented 2,477 human exposures resulting in death with 2,113 human fatalities judged related (RCF of 1, undoubtedly responsible; 2, probably responsible; or 3, contributory). Conclusions: These data support the continued value of PC expertise and need for specialized medical toxicology information to manage the more severe exposures, despite a decrease in calls involving less severe exposures. Unintentional and intentional exposures continue to be a significant cause of morbidity and mortality in the United States. The near real-time, always current status of NPDS represents a national public health resource to collect and monitor US exposure cases and information calls. The continuing mission of NPDS is to provide a nationwide infrastructure for public health surveillance for all types of exposures, public health event identification, resilience response and situational awareness tracking. NPDS is a model system for the nation and global public health.

D. Gummin, J. Mowry, M. Beuhler et al.

Abstract Introduction: This is the 37th Annual Report of the American Association of Poison Control Centers’ (AAPCC) National Poison Data System (NPDS). As of 1 January, 2019, all 55 of the nation’s poison centers (PCs) uploaded case data automatically to NPDS. The upload interval was 6.52 [6.12, 8.68] (median [25%, 75%]) minutes, creating a near real-time national exposure and information database and surveillance system. Methods: We analyzed the case data tabulating specific indices from NPDS. The methodology was similar to that of previous years. Where changes were introduced, the differences are identified. Cases with medical outcomes of death were evaluated by a team of medical and clinical toxicologist reviewers using an ordinal scale of 1-6 to assess the Relative Contribution to Fatality (RCF) of the exposure. Results: In 2019, 2,573,180 closed encounters were logged by NPDS: 2,148,141 human exposures, 68,711 animal exposures, 351,163 information requests, 5,078 human confirmed nonexposures. Total encounters showed a 1.70% increase from 2018, while health care facility (HCF) human exposure cases remained nearly steady with a slight decrease of 0.495%. All information requests decreased by 4.58%, medication identification (Drug ID) requests decreased by 29.7%, and human exposure cases increased by 2.30%. Human exposures with less serious outcomes have decreased 2.08% per year since 2008, while those with more serious outcomes (moderate, major or death) have increased 4.61% per year since 2000. Consistent with the previous year, the top 5 substance classes most frequently involved in all human exposures were analgesics (11.0%), household cleaning substances (7.13%), cosmetics/personal care products (6.16%), antidepressants (5.32%), and sedatives/hypnotics/antipsychotics (5.21%). As a class, antidepressant exposures increased most rapidly, by 1,957 cases/year (3.90%/year) over the past 10 years for cases with more serious outcomes. The top 5 most common exposures in children age 5 years or less were cosmetics/personal care products (11.4%), household cleaning substances (10.5%), analgesics (8.97%), foreign bodies/toys/miscellaneous (7.17%), and dietary supplements/herbals/homeopathic (5.06%). Drug identification requests comprised 13.4% of all information contacts. NPDS documented 2,619 human exposures resulting in death; 2,048 (78.2%) of these were judged as related (RCF of 1-Undoubtedly responsible, 2-Probably responsible, or 3-Contributory). Conclusions: These data support the continued value of PC expertise and need for specialized medical toxicology information to manage more serious exposures. Unintentional and intentional exposures continue to be a significant cause of morbidity and mortality in the US. The near real-time status of NPDS represents a national public health resource to collect and monitor US exposure cases and information contacts. The continuing mission of NPDS is to provide a nationwide infrastructure for surveillance for all types of exposures (e.g., foreign body, infectious, venomous, chemical agent, or commercial product), and the identification and tracking of significant public health events. NPDS is a model system for the near real-time surveillance of national and global public health.

Qiuyu Sun, Ying Li, Lijun Shi et al.

Heavy metal pollution not only poses a serious threat to both animal growth and public health, but also to aquatic life. Mitochondria are the first target sites for a variety of heavy metals, and recently great attention has been made on the mechanisms of toxicity of heavy metals on mitochondria. The underlying molecular mechanisms of heavy metals that may induce abnormal mitochondrial functions combined with different other environmental pollutants in the body reached a certain level, result in stunted growth and development, abnormal physiological and biochemical changes, over expression of genes, altered behavior and series of toxicological effects including inadequate metabolism. The heavy metals alter mitochondrial membrane permeability, generate increased amount of reactive oxygen species (ROS), by changing the structure of ROS clearance enzyme (antioxidant enzymes) to inhibit its activity. Due to rapid and increased generation of ROS and decreased status of antioxidant enzymes, different environmental pollutants accumulate in the exposed organisms and lead to induction of oxidative stress on the mitochondria. The increased generation of ROS also causes damage to mitochondrial respiratory chain, oxidative phosphorylation decoupling, ATP synthesis disorders, and mitochondrial apoptosis. This review mainly expounds various molecular mechanisms and progress of mitochondrial functional damage to explore the molecular mechanisms of heavy metal damage to mitochondrial functions, which provides a basis for the treatment of heavy metal poisoning, and protects the animal and animal-derived food safety from the source.

D. Gummin, J. Mowry, M. Beuhler et al.

Abstract AbstractIntroduction This is the 39th Annual Report of America’s Poison Centers’ National Poison Data System (NPDS). As of 1 January, 2021, all 55 of the nation’s poison centers (PCs) uploaded case data automatically to NPDS. The upload interval was 4.87 [4.38, 8.62] (median [25%, 75%]) minutes, effectuating a near real-time national exposure and information database and surveillance system. Methods We analyzed the case data tabulating specific indices from NPDS. The methodology was similar to that of previous years. Where changes were introduced, the differences are identified. Cases with medical outcomes of death were evaluated by a team of medical and clinical toxicologist reviewers using an ordinal scale of 1-6 to assess the Relative Contribution to Fatality (RCF) of the exposure. Results In 2021, 2,851,166 closed encounters were logged by NPDS: 2,080,917 human exposures, 62,189 animal exposures, 703,086 information requests, 4,920 human confirmed nonexposures, and 54 animal confirmed nonexposures. Total encounters showed a 14.0% decrease from 2020, and human exposure cases decreased by 2.22%, while health care facility (HCF) human exposure cases increased by 7.20%. All information requests decreased by 37.0%, medication identification (Drug ID) requests decreased by 20.8%, and medical information requests showed a 61.1% decrease, although these remain about 13-fold higher than before the COVID-19 pandemic. Drug Information requests showed a 146% increase, reflecting COVID-19 vaccine calls to PCs. Human exposures with less serious outcomes have decreased 1.80% per year since 2008, while those with more serious outcomes (moderate, major or death) have increased 4.56% per year since 2000. Consistent with the previous year, the top 5 substance classes most frequently involved in all human exposures were analgesics (11.2%), household cleaning substances (7.49%), cosmetics/personal care products (5.88%), antidepressants (5.61%), and sedatives/hypnotics/antipsychotics (4.73%). As a class, antidepressant exposures increased most rapidly, by 1,663 cases/year (5.30%/year) over the past 10 years for cases with more serious outcomes. The top 5 most common exposures in children age 5 years or less were cosmetics/personal care products (10.8%), household cleaning substances (10.7%), analgesics (8.16%), dietary supplements/herbals/homeopathic (7.00%), and foreign bodies/toys/miscellaneous (6.51%). Drug identification requests comprised 3.64% of all information contacts. NPDS documented 4,497 human exposures resulting in death; 3,809 (84.7%) of these were judged as related (RCF of 1-Undoubtedly responsible, 2-Probably responsible, or 3-Contributory). Conclusions These data support the continued value of PC expertise and the need for specialized medical toxicology information to manage more serious exposures. Unintentional and intentional exposures continue to be a significant cause of morbidity and mortality in the US. The near real-time status of NPDS represents a national public health resource to collect and monitor US exposure cases and information contacts. The continuing mission of NPDS is to provide a nationwide infrastructure for surveillance for all types of exposures (e.g., foreign body, infectious, venomous, chemical agent, or commercial product), and the identification and tracking of significant public health events. NPDS is a model system for the near real-time surveillance of national and global public health.

Aisha Mongi, Salma Naji, Yusuf Rasheed et al.

Abstract Paracetamol has a wide safety margin at therapeutic doses but overdose may cause life-threatening hepatotoxicity particularly in children. We report a case of a 3-year-old African female who presented to Malindi Sub County Hospital (MSCH) with severe dehydration, pneumonia, and convulsions. A detailed clinical history from her grandmother and medication reconciliation at the hospital revealed that she had inadvertently received a 5000 mg supratherapeutic dose of paracetamol over 48 h. Liver function tests (LFTs) showed marked amino transferases (peak ALT: 1566.2 IU/L, AST: 302.3 IU/L), rising gamma-glutamyl transferase (GGT) and hypoalbuminemia. Clinical coagulopathy was suspected based on blood oozing at the cannula site and epistaxis triggered by nasogastric tube insertion. Given the resource-limited nature of MSCH, measurements on serum paracetamol, international normalized ratio (INR), and prothrombin time (PT) were not done prompting empirical administration of fresh frozen plasma (FFP). N-acetylcysteine (NAC) was initiated more than 84 h after paracetamol exposure due to regional stockouts and barriers in procurement. Despite this delay, patient liver enzymes improved rapidly (ALT: 431.1 IU/L, AST: 105.6 IU/L) and she regained consciousness several hours post-NAC administration. This case report highlights how system failures in a resource-limited setting may compromise the management of paracetamol poisoning. Graphical abstract

Julio César Mantilla-Pardo, Juan David García-Valencia, Juan Pablo Fernández-Cubillos

Kambo is a natural secretion obtained from the Amazonian frog Phyllomedusa bicolor, traditionally used in ritualistic and alternative medicine practices for its purported purifying and immunostimulatory effects. Acute intoxication has been associated with neuropsychiatric manifestations, electrolyte disturbances, and systemic complications; however, involvement of the peripheral nervous system has not been previously confirmed by electrodiagnostic studies. We report the case of a 40-year-old man with no prior medical history who developed rapidly progressive quadriparesis and facial diparesis four days after subcutaneous self-application of Kambo venom. Cerebrospinal fluid analysis demonstrated albuminocytologic dissociation, and nerve conduction studies revealed an acute demyelinating motor polyneuropathy with conduction block and preserved sensory conduction. Due to clinical deterioration and risk of respiratory failure, the patient required intensive care management. He initially underwent five sessions of plasmapheresis with limited improvement, followed by intravenous immunoglobulin at a dose of 0.4 g/kg/day for five days, resulting in partial neurological recovery. At three-month follow-up, he persisted with residual motor deficits without sensory involvement. This case represents, to our knowledge, the first electrodiagnostically confirmed report of acute polyneuropathy associated with Kambo poisoning. Clinicians should be aware that Kambo intoxication may extend beyond central neuropsychiatric effects to involve the peripheral nervous system, and early recognition with consideration of immunomodulatory therapy may be warranted.

Jie Peng, Weiyu Li, Stefan Vlaski et al.

Robustness to malicious attacks is crucial for practical decentralized signal processing and machine learning systems. A typical example of such attacks is label poisoning, meaning that some agents possess corrupted local labels and share models trained on these poisoned data. To defend against malicious attacks, existing works often focus on designing robust aggregators; meanwhile, the weighted mean aggregator is typically considered a simple, vulnerable baseline. This paper analyzes the robustness of decentralized gradient descent under label poisoning attacks, considering both robust and weighted mean aggregators. Theoretical results reveal that the learning errors of robust aggregators depend on the network topology, whereas the performance of weighted mean aggregator is topology-independent. Remarkably, the weighted mean aggregator, although often considered vulnerable, can outperform robust aggregators under sufficient heterogeneity, particularly when: (i) the global contamination rate (i.e., the fraction of poisoned agents for the entire network) is smaller than the local contamination rate (i.e., the maximal fraction of poisoned neighbors for the regular agents); (ii) the network of regular agents is disconnected; or (iii) the network of regular agents is sparse and the local contamination rate is high. Empirical results support our theoretical findings, highlighting the important role of network topology in the robustness to label poisoning attacks.

Andrew Draganov, Tolga H. Dur, Anandmayi Bhongade et al.

We present a data poisoning attack -- Phantom Transfer -- with the property that, even if you know precisely how the poison was placed into an otherwise benign dataset, you cannot filter it out. We achieve this by modifying subliminal learning to work in real-world contexts and demonstrate that the attack works across models, including GPT-4.1. Indeed, even fully paraphrasing every sample in the dataset using a different model does not stop the attack. We also discuss connections to steering vectors and show that one can plant password-triggered behaviours into models while still beating defences. This suggests that data-level defences are insufficient for stopping sophisticated data poisoning attacks. We suggest that future work should focus on model audits and white-box security methods.

Saud M. Al Jufaili, Milad Adel, Chiara Copat et al.

Freshwater killifish, Aphanius stoliczkanus, were collected from industrial and non-industrial areas in Oman to assess trace element levels in muscle and liver tissues and estimate potential human health risks using the Estimated Daily Intake (EDI) and Target Hazard Quotient (THQ). Samples were obtained from Al Amarart, Al Khawd, and Surur and analyzed using Atomic Absorption Spectroscopy. Fish from Al Amarart exhibited significantly higher concentrations of toxic elements, particularly arsenic (As), cadmium (Cd), and lead (Pb), suggesting a strong influence of industrial activities. In contrast, trace element concentrations in fish from Al Khawd and Surur were lower, reflecting reduced anthropogenic inputs. In almost all sites, most metals accumulated at higher levels in the liver than in muscle, indicating increased bioavailability for essential elements or detoxifying function for toxic metals. Despite the variation in contamination levels, THQ values for all elements remained below the threshold of concern (THQ < 1), suggesting that individual exposure through fish consumption does not pose immediate health risks. Similarly, the calculated cancer risk (CR) for As was within acceptable limits at all sites. However, while the direct risk from A. stoliczkanus consumption appears low, potential cumulative effects from multiple dietary and environmental sources should not be overlooked. Bioaccumulation through trophic transfer and exposure from water and other food sources may lead to long-term health concerns. Overall, these findings highlight A. stoliczkanus as a valuable bioindicator of trace element contamination in industrial regions. Continued environmental monitoring and stricter pollution control measures are recommended to mitigate contamination sources and ensure long-term food safety. Further studies should explore temporal trends and additional toxicity biomarkers to provide a more comprehensive understanding of ecological and human health risks.

Weisong Sun, Yuchen Chen, Mengzhe Yuan et al.

Neural code models (NCMs) have demonstrated extraordinary capabilities in code intelligence tasks. Meanwhile, the security of NCMs and NCMs-based systems has garnered increasing attention. In particular, NCMs are often trained on large-scale data from potentially untrustworthy sources, providing attackers with the opportunity to manipulate them by inserting crafted samples into the data. This type of attack is called a code poisoning attack (also known as a backdoor attack). It allows attackers to implant backdoors in NCMs and thus control model behavior, which poses a significant security threat. However, there is still a lack of effective techniques for detecting various complex code poisoning attacks. In this paper, we propose an innovative and lightweight technique for code poisoning detection named KillBadCode. KillBadCode is designed based on our insight that code poisoning disrupts the naturalness of code. Specifically, KillBadCode first builds a code language model (CodeLM) on a lightweight $n$-gram language model. Then, given poisoned data, KillBadCode utilizes CodeLM to identify those tokens in (poisoned) code snippets that will make the code snippets more natural after being deleted as trigger tokens. Considering that the removal of some normal tokens in a single sample might also enhance code naturalness, leading to a high false positive rate (FPR), we aggregate the cumulative improvement of each token across all samples. Finally, KillBadCode purifies the poisoned data by removing all poisoned samples containing the identified trigger tokens. The experimental results on two code poisoning attacks and four code intelligence tasks demonstrate that KillBadCode significantly outperforms four baselines. More importantly, KillBadCode is very efficient, with a minimum time consumption of only 5 minutes, and is 25 times faster than the best baseline on average.

Anum Paracha, Junaid Arshad, Mohamed Ben Farah et al.

Data poisoning attacks are a potential threat to machine learning (ML) models, aiming to manipulate training datasets to disrupt their performance. Existing defenses are mostly designed to mitigate specific poisoning attacks or are aligned with particular ML algorithms. Furthermore, most defenses are developed to secure deep neural networks or binary classifiers. However, traditional multiclass classifiers need attention to be secure from data poisoning attacks, as these models are significant in developing multi-modal applications. Therefore, this paper proposes SecureLearn, a two-layer attack-agnostic defense to defend multiclass models from poisoning attacks. It comprises two components of data sanitization and a new feature-oriented adversarial training. To ascertain the effectiveness of SecureLearn, we proposed a 3D evaluation matrix with three orthogonal dimensions: data poisoning attack, data sanitization and adversarial training. Benchmarking SecureLearn in a 3D matrix, a detailed analysis is conducted at different poisoning levels (10%-20%), particularly analysing accuracy, recall, F1-score, detection and correction rates, and false discovery rate. The experimentation is conducted for four ML algorithms, namely Random Forest (RF), Decision Tree (DT), Gaussian Naive Bayes (GNB) and Multilayer Perceptron (MLP), trained with three public datasets, against three poisoning attacks and compared with two existing mitigations. Our results highlight that SecureLearn is effective against the provided attacks. SecureLearn has strengthened resilience and adversarial robustness of traditional multiclass models and neural networks, confirming its generalization beyond algorithm-specific defenses. It consistently maintained accuracy above 90%, recall and F1-score above 75%. For neural networks, SecureLearn achieved 97% recall and F1-score against all selected poisoning attacks.

Alma M. Liezenga, Stefan Wijnja, Puck de Haan et al.

Poisoning attacks pose an increasing threat to the security and robustness of Artificial Intelligence systems in the military domain. The widespread use of open-source datasets and pretrained models exacerbates this risk. Despite the severity of this threat, there is limited research on the application and detection of poisoning attacks on object detection systems. This is especially problematic in the military domain, where attacks can have grave consequences. In this work, we both investigate the effect of poisoning attacks on military object detectors in practice, and the best approach to detect these attacks. To support this research, we create a small, custom dataset featuring military vehicles: MilCivVeh. We explore the vulnerability of military object detectors for poisoning attacks by implementing a modified version of the BadDet attack: a patch-based poisoning attack. We then assess its impact, finding that while a positive attack success rate is achievable, it requires a substantial portion of the data to be poisoned -- raising questions about its practical applicability. To address the detection challenge, we test both specialized poisoning detection methods and anomaly detection methods from the visual industrial inspection domain. Since our research shows that both classes of methods are lacking, we introduce our own patch detection method: AutoDetect, a simple, fast, and lightweight autoencoder-based method. Our method shows promising results in separating clean from poisoned samples using the reconstruction error of image slices, outperforming existing methods, while being less time- and memory-intensive. We urge that the availability of large, representative datasets in the military domain is a prerequisite to further evaluate risks of poisoning attacks and opportunities patch detection.

Ayan Maity, Rajib Jana, Sugata Das Kumar et al.

Background: Anthropometric foot data is important in designing and manufacturing shoes. Wearing inappropriate shoes increases the likelihood of problems like ankle injuries, corns, chronic pain, and foot blisters. As yet there is no accurate database on Indian feet till today for the Indian Footwear Industry to develop more comfortable footwear. Objectives: This study aimed to measure the dimensions of the feet of Indian adults to analyze the anthropometric variations between the Right and Left feet within and between genders. Method: This cross-sectional study was carried out with 117 participants (69 male and 48 female) aged 18 to 50 years. Different anthropometric foot parameters were measured by using a 3D foot scanner. Result: Results showed significant gender differences in most parameters but no significant differences between the left and right foot of each gender. Conclusion: This investigation emphasizes the importance of using size data for designing comfortable and well-fitting footwear. The obtained foot anthropometric data can serve as a reference for designing footwear 'Last' for Indian adults, ensuring better comfort and fit. The findings are intended to assist the Indian footwear industry fill the current data gap for the Indian population during the ‘Last’ preparation. This could lead to the prevention of foot problems caused by ill-fitting footwear, as well as improved general foot health.

Jona te Lintelo, Stefanos Koffas, Stjepan Picek

Sponge attacks aim to increase the energy consumption and computation time of neural networks. In this work, we present a novel sponge attack called SkipSponge. SkipSponge is the first sponge attack that is performed directly on the parameters of a pretrained model using only a few data samples. Our experiments show that SkipSponge can successfully increase the energy consumption of image classification models, GANs, and autoencoders, requiring fewer samples than the state-of-the-art sponge attacks (Sponge Poisoning). We show that poisoning defenses are ineffective if not adjusted specifically for the defense against SkipSponge (i.e., they decrease target layer bias values) and that SkipSponge is more effective on the GANs and the autoencoders than Sponge Poisoning. Additionally, SkipSponge is stealthy as it does not require significant changes to the victim model's parameters. Our experiments indicate that SkipSponge can be performed even when an attacker has access to less than 1% of the entire training dataset and reaches up to 13% energy increase.

Pankayaraj Pathmanathan, Souradip Chakraborty, Xiangyu Liu et al.

Recent advancements in Reinforcement Learning with Human Feedback (RLHF) have significantly impacted the alignment of Large Language Models (LLMs). The sensitivity of reinforcement learning algorithms such as Proximal Policy Optimization (PPO) has led to new line work on Direct Policy Optimization (DPO), which treats RLHF in a supervised learning framework. The increased practical use of these RLHF methods warrants an analysis of their vulnerabilities. In this work, we investigate the vulnerabilities of DPO to poisoning attacks under different scenarios and compare the effectiveness of preference poisoning, a first of its kind. We comprehensively analyze DPO's vulnerabilities under different types of attacks, i.e., backdoor and non-backdoor attacks, and different poisoning methods across a wide array of language models, i.e., LLama 7B, Mistral 7B, and Gemma 7B. We find that unlike PPO-based methods, which, when it comes to backdoor attacks, require at least 4\% of the data to be poisoned to elicit harmful behavior, we exploit the true vulnerabilities of DPO more simply so we can poison the model with only as much as 0.5\% of the data. We further investigate the potential reasons behind the vulnerability and how well this vulnerability translates into backdoor vs non-backdoor attacks.

Xue Tan, Hao Luan, Mingyu Luo et al.

Retrieval-Augmented Generation (RAG) enriches the input to LLMs by retrieving information from the relevant knowledge database, enabling them to produce responses that are more accurate and contextually appropriate. It is worth noting that the knowledge database, being sourced from publicly available channels such as Wikipedia, inevitably introduces a new attack surface. RAG poisoning involves injecting malicious texts into the knowledge database, ultimately leading to the generation of the attacker's target response (also called poisoned response). However, there are currently limited methods available for detecting such poisoning attacks. We aim to bridge the gap in this work. Particularly, we introduce RevPRAG, a flexible and automated detection pipeline that leverages the activations of LLMs for poisoned response detection. Our investigation uncovers distinct patterns in LLMs' activations when generating correct responses versus poisoned responses. Our results on multiple benchmark datasets and RAG architectures show our approach could achieve 98% true positive rate, while maintaining false positive rates close to 1%.

Philip Sosnin, Mark N. Müller, Maximilian Baader et al.

Modern machine learning pipelines leverage large amounts of public data, making it infeasible to guarantee data quality and leaving models open to poisoning and backdoor attacks. Provably bounding model behavior under such attacks remains an open problem. In this work, we address this challenge by developing the first framework providing provable guarantees on the behavior of models trained with potentially manipulated data without modifying the model or learning algorithm. In particular, our framework certifies robustness against untargeted and targeted poisoning, as well as backdoor attacks, for bounded and unbounded manipulations of the training inputs and labels. Our method leverages convex relaxations to over-approximate the set of all possible parameter updates for a given poisoning threat model, allowing us to bound the set of all reachable parameters for any gradient-based learning algorithm. Given this set of parameters, we provide bounds on worst-case behavior, including model performance and backdoor success rate. We demonstrate our approach on multiple real-world datasets from applications including energy consumption, medical imaging, and autonomous driving.

Sangyi Wu, Jialong Xue, Shaoxuan Zhou et al.

As an emerging black hat search engine optimization (SEO) technique, reflected search poisoning (RSP) allows a miscreant to free-ride the reputation of high-ranking websites, poisoning search engines with illicit promotion texts (IPTs) in an efficient and stealthy manner, while avoiding the burden of continuous website compromise as required by traditional promotion infections. However, little is known about the security implications of RSP, e.g., what illicit promotion campaigns are being distributed by RSP, and to what extent regular search users can be exposed to illicit promotion texts distributed by RSP. In this study, we conduct the first security study on RSP-based illicit promotion, which is made possible through an end-to-end methodology for capturing, analyzing, and infiltrating IPTs. As a result, IPTs distributed via RSP are found to be large-scale, continuously growing, and diverse in both illicit categories and natural languages. Particularly, we have identified over 11 million distinct IPTs belonging to 14 different illicit categories, with typical examples including drug trading, data theft, counterfeit goods, and hacking services. Also, the underlying RSP cases have abused tens of thousands of high-ranking websites, as well as extensively poisoning all four popular search engines we studied, especially Google Search and Bing. Furthermore, it is observed that benign search users are being exposed to IPTs at a concerning extent. To facilitate interaction with potential customers (victim search users), miscreants tend to embed various types of contacts in IPTs, especially instant messaging accounts. Further infiltration of these IPT contacts reveals that the underlying illicit campaigns are operated on a large scale. All these findings highlight the negative security implications of IPTs and RSPs, and thus call for more efforts to mitigate RSP-driven illicit promotion.

Noman Walayat, Wei Tang, Xinping Wang et al.

Abstract As fish is a perishable food item, multiple storage approaches need be considered to extend its shelf‐life, safety, and quality. Despite advancements in modern frozen storage techniques, chilling and freezing remain the most frequently employed preservation practices onboard. The purpose of this review is to outline ways of increasing the shelf‐life of fresh and frozen fish by assessing different conventional chilling and freezing conditions. Although there are additional elements that determine fish shelf‐life, such as the fish species, harvesting method, stress experienced after being captured, amount of ice, frozen storage temperature, and time are some of the most important factors. Furthermore, the way that fish is stored (whole, filleted, or gutted) influences the final product quality. Most studies show that the entire chilled or frozen fish has a longer shelf life as compared to the gutted and filleted fish. But other facts about the species, the way it is caught, and how it gets to preparedness at industries must be taken into account if the shelf life is to be extended. Meanwhile, this review could be helpful for the prolonged shelf‐life and quality at the industrial scale and household storage.

Klara De Baerdemaeker, Ayesha Khan, Shruti Dorai et al.

Background: In this study, we report on a patient with acute stimulant toxicity following the use of two bath salt products purchased over the Internet in the UK, where two novel cathinones and a substituted phenylmorpholine were detected on toxicological screening.Case Report: A 52-year-old male with ADHD presented to ED with chest pain, shortness of breath, sweating, and agitation after nasal insufflation of Internet purchased ‘bath salt’ products “Ocean Burst” and “Lunar Wave”. He was anxious and agitated, but did not have delusions, paranoia or delirium. On examination, he was tachycardic (113bpm), hypertensive (171/115mmHg), and normothermic (36.0°C). He was tremulous, but his tone and reflexes were normal and there was no clonus. Initial blood tests were normal and initial Troponin I was 32.2ng/L; reduced to 28.3ng/L on repeat (low risk for ACS if ≤34 ng/L on repeat). ECG showed sinus rhythm (99bpm) left axis deviation, QTc 462msecs, QRS 100msecs, with no ischaemic changes. He was treated with oral diazepam (total 25mg) and IV fluids in the ED. Following the admission, he required a further 60mg of oral diazepam for ongoing agitation. His symptoms resolved within 24 hours and he was discharged.Analytical Results: Serum, urine and drugs samples analysed using ultra performance liquid chromatography interfaced to high resolution accurate mass spectrometry:- ‘Ocean Burst’: N-ethyl pentedrone, alpha PHiP;- ‘Lunar Wave’: 3-chlorophenmetrazine, 4-methylmethamphetamine, alpha PHiP;- Serum/urine: the cathinones N-ethylpentedrone and alpha-PHiP were detected, along with the substituted phenylmorpholine 3-Chlorophenmetrazine.Conclusion: The novel cathinones detected in this patient, related to the use of ‘bath salts’, were associated with acute stimulant toxicity. Analytical confirmation of NPS products in patients presenting with acute NPS toxicity is important in the surveillance of the NPS currently available and to inform public health interventions