Quick Response (QR) codes are now widely used as a digital communication tool. However, their extensive adoption has made them an attractive target for cyberattacks, particularly through the injection of malicious URLs that redirect users to phishing sites or initiate malware installations. Conventional security approaches such as blacklists and antivirus software are no longer efficient against such evolving threats. This vision paper proposes an AI-based framework using fine-tuned Large Language Models (LLMs) to identify malicious URLs embedded within QR codes. To ensure transparency, a novel ensemble Explainable AI (XAI) is applied to aggregate insights from various XAI methods to explain the features influencing model predictions, facilitating more robust interpretations. To enhance clarity and usability, the proposed framework incorporates personalized explanations tailored to cybersecurity analysts, system developers, and non-expert end users, informed by a role-specific user study. Furthermore, as XAI methods may expose sensitive model behavior, cyberattackers craft adversarial inputs to mislead the model or manipulate explanations. This necessitates the integration of adversarial training to ensure model robustness and explanation integrity evaluated through perturbation consistency checks. The paper outlines key challenges in explanation fidelity and personalization and presents a development roadmap to advance secure, transparent, and human-centric explainable QR code analysis.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Vision for Robust and Human-Centric LLM-Based QR Code Security

  • Hissah Almousa,
  • Ellis Solaiman

摘要

Quick Response (QR) codes are now widely used as a digital communication tool. However, their extensive adoption has made them an attractive target for cyberattacks, particularly through the injection of malicious URLs that redirect users to phishing sites or initiate malware installations. Conventional security approaches such as blacklists and antivirus software are no longer efficient against such evolving threats. This vision paper proposes an AI-based framework using fine-tuned Large Language Models (LLMs) to identify malicious URLs embedded within QR codes. To ensure transparency, a novel ensemble Explainable AI (XAI) is applied to aggregate insights from various XAI methods to explain the features influencing model predictions, facilitating more robust interpretations. To enhance clarity and usability, the proposed framework incorporates personalized explanations tailored to cybersecurity analysts, system developers, and non-expert end users, informed by a role-specific user study. Furthermore, as XAI methods may expose sensitive model behavior, cyberattackers craft adversarial inputs to mislead the model or manipulate explanations. This necessitates the integration of adversarial training to ensure model robustness and explanation integrity evaluated through perturbation consistency checks. The paper outlines key challenges in explanation fidelity and personalization and presents a development roadmap to advance secure, transparent, and human-centric explainable QR code analysis.