Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
4.5
2.1
Journals
Algorithms
Special Issues
Artificial Intelligence in Modern Cybersecurity: Changes, Applications and Challenges
share announcement

Artificial Intelligence in Modern Cybersecurity: Changes, Applications and Challenges

A special issue of Algorithms (ISSN 1999-4893). This special issue belongs to the section "Algorithms for Multidisciplinary Applications".

Deadline for manuscript submissions: 31 May 2026 | Viewed by 11060

Special Issue Editors

Dr. Sihai Tang

E-Mail Website
Guest Editor
Department of Computer Science, Schreiner University, Kerrville TX 78028, USA
Interests: artificial intelligence; edge computing; connected autonomous vehicles; LLM; cybersecurity
Special Issues, Collections and Topics in MDPI journals
Prof. Dr. Song Fu

E-Mail Website
Guest Editor
Department of Computer Science and Engineering, University of North Texas, Denton, TX 76203, USA
Interests: connected and autonomous vehicles; edge and cloud computing; cyberinfrastructures; cybersecurity; distributed and IoT systems; intelligent systems; machine learning; high performance computing
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The integration of Artificial Intelligence (AI) into cybersecurity has significantly influenced the methodologies employed in threat detection, risk assessment, and incident response. AI techniques, including machine learning and deep learning, have been utilized to analyze complex datasets, identify anomalies, and automate responses to potential threats. This Special Issue aims to examine the current landscape of AI applications in cybersecurity, focusing on the development and evaluation of algorithms that enhance security measures.

We invite contributions that explore theoretical frameworks, algorithmic innovations, and practical implementations of AI in cybersecurity contexts. Topics of interest include, but are not limited to, AI-based intrusion detection systems, malware analysis, threat intelligence, privacy-preserving machine learning, and the ethical considerations surrounding the deployment of AI in security infrastructures. By consolidating research from academia and industry, this issue seeks to provide a comprehensive overview of the advancements and ongoing challenges at the nexus of AI and cybersecurity.

Dr. Sihai Tang
Prof. Dr. Song Fu
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 250 words) can be sent to the Editorial Office for assessment.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Algorithms is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1800 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • artificial intelligence (AI)
  • cybersecurity
  • machine learning
  • intrusion detection systems
  • malware analysis
  • threat intelligence
  • privacy-preserving machine learning
  • ethical AI
  • security automation
  • anomaly detection

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • Reprint: MDPI Books provides the opportunity to republish successful Special Issues in book format, both online and in print.

Further information on MDPI's Special Issue policies can be found here.

Published Papers (8 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

21 pages, 1160 KB  
Article
MediVault: An Auditable and Secure Federated Learning System for Privacy-Preserving Healthcare Collaboration
by Jie Li, Usman Adeel and Muhammad Safwan Akram
Algorithms 2026, 19(6), 427; https://doi.org/10.3390/a19060427 - 25 May 2026
Abstract
Healthcare analytics is often limited by data silos and strict privacy requirements, which make it difficult to share patient-level records across organisations and to build robust predictive models. Federated learning (FL) provides an alternative by keeping data local and exchanging model updates instead [...] Read more.
Healthcare analytics is often limited by data silos and strict privacy requirements, which make it difficult to share patient-level records across organisations and to build robust predictive models. Federated learning (FL) provides an alternative by keeping data local and exchanging model updates instead of raw records. However, many existing FL solutions remain difficult to deploy in healthcare settings, as they provide limited support for auditability, governance-oriented evidence, and system-level transparency. This paper presents MediVault, an auditable and security-aware federated learning-based system for privacy-preserving healthcare collaboration. MediVault combines round-based federated training, prototype-level protected update exchange, audit-ready telemetry, and an interactive dashboard that exposes non-sensitive evidence of collaboration, model progress, and protocol execution. In addition, the system supports controlled reporting to improve stakeholder communication during pilot deployments. We evaluate MediVault on two public healthcare classification datasets, Breast Cancer Wisconsin (Diagnostic) and Heart Disease, under IID and label-skewed Non-IID settings. Experiments are conducted using logistic regression, linear SVM, and an additional lightweight MLP under matched settings. The observed results suggest that federated training remains competitive with centralised training under the evaluated settings. A prototype-level overhead analysis further shows that protected update exchange introduces measurable computational and communication costs, especially for larger update vectors. These findings indicate that MediVault can support initial system-level validation of auditable, privacy-preserving healthcare FL workflows, while further work is needed for larger-scale deployment, stronger adversarial evaluation, and real-world clinical validation. Full article
(This article belongs to the Special Issue Artificial Intelligence in Modern Cybersecurity: Changes, Applications and Challenges)
Show Figures

Graphical abstract

43 pages, 2835 KB  
Article
P3CRID: A Threat Model Methodology for Smart Homes
by Shruti Kulkarni, Alexios Mylonas and Stilianos Vidalis
Algorithms 2026, 19(5), 347; https://doi.org/10.3390/a19050347 - 1 May 2026
Viewed by 212
Abstract
Threat modelling is a methodology employed for identifying and analysing threats and applicable mitigations for web applications, mobile applications, infrastructure, and environments including smart home environments. Threat modelling starts with a tabletop exercise to identify threats. It provides extremely important insights into what [...] Read more.
Threat modelling is a methodology employed for identifying and analysing threats and applicable mitigations for web applications, mobile applications, infrastructure, and environments including smart home environments. Threat modelling starts with a tabletop exercise to identify threats. It provides extremely important insights into what can go wrong if certain events or a series of events take place. The identification of these events is critical to ensuring the right mitigation strategies are applied. Threat modelling also helps to identify security controls that may be assumed to provide required security, but, in reality, may not be addressing the existing and applicable threat(s). Existing literature, in the public domain and in academia, discusses threat materialisation for smart homes; however, entry points for a threat to materialise and exploit these vulnerabilities are not explored and a dedicated threat model for smart home environments is currently unavailable. Whilst threats can be mitigated by smart home device manufacturers, there are also mitigations that need to be applied by smart home owners who are both technology-aware and technology-unaware. In this paper, we propose a structured, domain-specific threat modelling methodology for smart home environments. The methodology models threats from a smart home owner’s perspective, identifies entry points and the mitigations that need to be implemented by a smart home owner. It also acknowledges that the attack surface expands and contracts and is not constant; which is addressed by applying zero-trust principles. Full article
(This article belongs to the Special Issue Artificial Intelligence in Modern Cybersecurity: Changes, Applications and Challenges)
Show Figures

Figure 1

21 pages, 1401 KB  
Article
Embedding-Based Detection of Indirect Prompt Injection Attacks in Large Language Models Using Semantic Context Analysis
by Mohammed Alamsabi, Michael Tchuindjang and Sarfraz Brohi
Algorithms 2026, 19(1), 92; https://doi.org/10.3390/a19010092 - 22 Jan 2026
Cited by 1 | Viewed by 2669
Abstract
Large Language Models (LLMs) are vulnerable to Indirect Prompt Injection Attacks (IPIAs), where malicious instructions are embedded within external content rather than direct user input. This study presents an embedding-based detection approach that analyses the semantic relationship between user intent and external content, [...] Read more.
Large Language Models (LLMs) are vulnerable to Indirect Prompt Injection Attacks (IPIAs), where malicious instructions are embedded within external content rather than direct user input. This study presents an embedding-based detection approach that analyses the semantic relationship between user intent and external content, enabling the early identification of IPIAs that conventional defences overlook. We also provide a dataset of 70,000 samples, constructed using 35,000 malicious instances from the Benchmark for Indirect Prompt Injection Attacks (BIPIA) and 35,000 benign instances generated using ChatGPT-4o-mini. Furthermore, we performed a comparative analysis of three embedding models, namely OpenAI text-embedding-3-small, GTE-large, and MiniLM-L6-v2, evaluated in combination with XGBoost, LightGBM, and Random Forest classifiers. The best-performing configuration using OpenAI embeddings with XGBoost achieved an accuracy of 97.7% and an F1-score of 0.977, matching or exceeding the performance of existing IPIA detection methods while offering practical deployment advantages. Unlike prevention-focused approaches that require modifications to the underlying LLM architecture, the proposed method operates as a model-agnostic external detection layer with an average inference time of 0.001 ms per sample. This detection-based approach complements existing prevention mechanisms by providing a lightweight, scalable solution that can be integrated into LLM pipelines without requiring architectural changes. Full article
(This article belongs to the Special Issue Artificial Intelligence in Modern Cybersecurity: Changes, Applications and Challenges)
Show Figures

Figure 1

26 pages, 3391 KB  
Article
An Intelligent Browser History Forensics Method for Automated Analysis of Web Activity Logs, Credentials, and User Behavioral Profiles
by Leila Rzayeva, Aliya Zhetpisbayeva, Alisher Batkuldin, Nursultan Nyssanov, Alissa Ryzhova and Faisal Saeed
Algorithms 2026, 19(1), 75; https://doi.org/10.3390/a19010075 - 16 Jan 2026
Cited by 1 | Viewed by 1905
Abstract
In digital forensics, one of the complicated tasks is analyzing web browser data due to different types of devices, browsers, and the absence of modern analytical approaches. Browsers store a large amount of information about user activity because users most often access the [...] Read more.
In digital forensics, one of the complicated tasks is analyzing web browser data due to different types of devices, browsers, and the absence of modern analytical approaches. Browsers store a large amount of information about user activity because users most often access the internet through them. However, existing approaches to analyzing this browser data still have gaps. Existing approaches fail to provide a comprehensive and precise representation of user activity. This article examines the internal architecture of web browsers as stored in the memory and storage subsystems of various devices, including desktop and mobile platforms. A novel method is proposed that integrates machine learning algorithms, such as k-nearest neighbors and Naive Bayes, to automatically analyze browser data, identify suspicious login activities, and construct user behavior profiles. The results indicate that the proposed method and the developed platform can effectively construct individual user behavior profiles. Moreover, this approach not only productively observes top visited domains and main user’s favorite website categories, but also highlights suspicious websites and user’s login attempts. Compared to existing browser forensic tools which have less capabilities, the proposed technique provides increased accuracy (more than 90%) in automated user profiling and detection of suspicious user activity. Full article
(This article belongs to the Special Issue Artificial Intelligence in Modern Cybersecurity: Changes, Applications and Challenges)
Show Figures

Figure 1

32 pages, 539 KB  
Article
Empirical Study on Automation, AI Trust, and Framework Readiness in Cybersecurity Incident Response
by Olufunsho I. Falowo and Jacques Bou Abdo
Algorithms 2026, 19(1), 62; https://doi.org/10.3390/a19010062 - 11 Jan 2026
Cited by 1 | Viewed by 1500
Abstract
The accelerating integration of artificial intelligence (AI) into cybersecurity operations has introduced new challenges and opportunities for modernizing incident response (IR) practices. This study explores how cybersecurity practitioners perceive the adoption of intelligent automation and the readiness of legacy frameworks to address AI-driven [...] Read more.
The accelerating integration of artificial intelligence (AI) into cybersecurity operations has introduced new challenges and opportunities for modernizing incident response (IR) practices. This study explores how cybersecurity practitioners perceive the adoption of intelligent automation and the readiness of legacy frameworks to address AI-driven threats. A structured, two-part quantitative survey was conducted among 194 U.S.-based professionals, capturing perceptions on operational effectiveness, trust in autonomous systems, and the adequacy of frameworks such as NIST and SANS. Using binary response formats and psychometric validation items, the study quantified views on AI’s role in reducing mean time to detect and respond, willingness to delegate actions to autonomous agents, and the perceived obsolescence of static playbooks. Findings indicate broad support for the modernization of incident response frameworks to better align with emerging AI capabilities and evolving operational demands. The results reveal a clear demand for modular, adaptive frameworks that integrate AI-specific risk models and decision auditability. These insights provide empirical grounding for the design of next-generation IR models and contribute to the strategic discourse on aligning automation capabilities with ethical, scalable, and operationally effective cybersecurity response. Full article
(This article belongs to the Special Issue Artificial Intelligence in Modern Cybersecurity: Changes, Applications and Challenges)
Show Figures

Figure 1

19 pages, 3255 KB  
Article
AgentRed: Towards an Agent-Based Approach to Automated Network Attack Traffic Generation
by Koffi Anderson Koffi, Kyle Lucke, Elijah Danquah Darko, Tollan Berhanu, Robert Angelo Borrelli and Constantinos Kolias
Algorithms 2026, 19(1), 43; https://doi.org/10.3390/a19010043 - 4 Jan 2026
Viewed by 1035
Abstract
Network security tools are indispensable in testing and evaluating the security of computer networks. Existing tools, such as Hping3, however, offer a limited set of options and attack-specific configurations, which restrict their use solely to well-known attack patterns. Although highly parameterizable libraries, such [...] Read more.
Network security tools are indispensable in testing and evaluating the security of computer networks. Existing tools, such as Hping3, however, offer a limited set of options and attack-specific configurations, which restrict their use solely to well-known attack patterns. Although highly parameterizable libraries, such as Scapy, provide more options and scripting capabilities, they require extensive manual setup and often a steep learning curve. The development of powerful AI models, capitalizing on the transformer architecture, has enabled cybersecurity researchers to develop or incorporate these models into existing cyber-defense systems and red-team assessments. Prominent models such as NetGPT, TrafficFormer, and TrafficGPT can be effective, but require extensive computational resources for fine-tuning and a complex setup to adapt to proprietary networking environments and protocols. In this work, we propose AgentRed, a lightweight tool for generating network attack traffic with minimal human configuration and setup. Our tool integrates an AI agent and a large language model with fewer than a billion parameters into the network traffic generation process. Our method creates lightweight Low-Rank Adaptation (LoRA) adapters that can learn specific traffic patterns in a particular network environment. Our agent can autonomously train the LoRA adapters, search online documentation for attack patterns and parameters, and select appropriate adapters to generate network traffic specific to the user’s needs. It utilizes the LoRA adapters to create an intermediate traffic representation that can be parsed and executed by tools such as Scapy to generate malicious traffic in a virtualized test environment. We assess the performance of the proposed approach on six popular network attacks, including flooding attacks, Smurf, Ping-of-Death, and normal ICMP ping traffic. Our results validate the ability of the proposed tool to efficiently generate network packets with 97.9% accuracy using the LoRA adapters, compared to 95.4% accuracy using the base pre-trained Qwen3 0.6B model. When the AI agent performs online searches to enrich the LoRA adapters’ context during traffic generation, our method maintains an accuracy of 96.0% across all tested traffic patterns. Full article
(This article belongs to the Special Issue Artificial Intelligence in Modern Cybersecurity: Changes, Applications and Challenges)
Show Figures

Figure 1

19 pages, 3288 KB  
Article
A Transformer-Based Framework for DDoS Attack Detection via Temporal Dependency and Behavioral Pattern Modeling
by Yi Li, Xingzhou Deng, Ang Yang and Jing Gao
Algorithms 2025, 18(10), 628; https://doi.org/10.3390/a18100628 - 4 Oct 2025
Cited by 3 | Viewed by 1885
Abstract
With the escalating global cyber threats, Distributed Denial of Service (DDoS) attacks have become one of the most disruptive and prevalent network attacks. Traditional DDoS detection systems face significant challenges due to the unpredictable nature, diverse protocols, and coupled behavioral patterns of attack [...] Read more.
With the escalating global cyber threats, Distributed Denial of Service (DDoS) attacks have become one of the most disruptive and prevalent network attacks. Traditional DDoS detection systems face significant challenges due to the unpredictable nature, diverse protocols, and coupled behavioral patterns of attack traffic. To address this issue, this paper proposes a novel approach for DDoS attack detection by leveraging the Transformer architecture to model both temporal dependencies and behavioral patterns, significantly improving detection accuracy. We utilize the global attention mechanism of the Transformer to effectively capture long-range temporal correlations in network traffic, and the model’s ability to process multiple traffic features simultaneously enables it to identify nonlinear interactions. By reconstructing the CIC-DDoS2019 dataset, we strengthen the representation of attack behaviors, enabling the model to capture dynamic attack patterns and subtle traffic anomalies. This approach represents a key contribution by applying Transformer-based self-attention mechanisms to accurately model DDoS attack traffic, particularly in handling complex and dynamic attack patterns. Experimental results demonstrate that the proposed method achieves 99.9% accuracy, with 100% precision, recall, and F1 score, showcasing its potential for high-precision, low-false-alarm automated DDoS attack detection. This study provides a new solution for real-time DDoS detection and holds significant practical implications for cybersecurity systems. Full article
(This article belongs to the Special Issue Artificial Intelligence in Modern Cybersecurity: Changes, Applications and Challenges)
Show Figures

Figure 1

21 pages, 2310 KB  
Article
Development of a Model for Detecting Spectrum Sensing Data Falsification Attack in Mobile Cognitive Radio Networks Integrating Artificial Intelligence Techniques
by Lina María Yara Cifuentes, Ernesto Cadena Muñoz and Rafael Cubillos Sánchez
Algorithms 2025, 18(10), 596; https://doi.org/10.3390/a18100596 - 24 Sep 2025
Cited by 2 | Viewed by 1162
Abstract
Mobile Cognitive Radio Networks (MCRNs) have emerged as a promising solution to address spectrum scarcity by enabling dynamic access to underutilized frequency bands assigned to Primary or Licensed Users (PUs). These networks rely on Cooperative Spectrum Sensing (CSS) to identify available spectrum, but [...] Read more.
Mobile Cognitive Radio Networks (MCRNs) have emerged as a promising solution to address spectrum scarcity by enabling dynamic access to underutilized frequency bands assigned to Primary or Licensed Users (PUs). These networks rely on Cooperative Spectrum Sensing (CSS) to identify available spectrum, but this collaborative approach also introduces vulnerabilities to security threats—most notably, Spectrum Sensing Data Falsification (SSDF) attacks. In such attacks, malicious nodes deliberately report false sensing information, undermining the reliability and performance of the network. This paper investigates the application of machine learning techniques to detect and mitigate SSDF attacks in MCRNs, particularly considering the additional challenges introduced by node mobility. We propose a hybrid detection framework that integrates a reputation-based weighting mechanism with Support Vector Machine (SVM) and K-Nearest Neighbors (KNN) classifiers to improve detection accuracy and reduce the influence of falsified data. Experimental results on software defined radio (SDR) demonstrate that the proposed method significantly enhances the system’s ability to identify malicious behavior, achieving high detection accuracy, reduces the rate of data falsification by approximately 5–20%, increases the probability of attack detection, and supports the dynamic creation of a blacklist to isolate malicious nodes. These results underscore the potential of combining machine learning with trust-based mechanisms to strengthen the security and reliability of mobile cognitive radio networks. Full article
(This article belongs to the Special Issue Artificial Intelligence in Modern Cybersecurity: Changes, Applications and Challenges)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-8
Back to TopTop