AI in Cybersecurity, 3rd Edition

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Artificial Intelligence".

Deadline for manuscript submissions: 15 November 2026 | Viewed by 1585

Editors


E-Mail Website
Guest Editor
Department of Electrical Engineering and Computer Science, Texas A&M University-Kingsville, Kingsville, TX 78363, USA
Interests: computer vision; machine learning; artificial intelligence; pattern recognition; biomedical engineering; biomedical signal and image processing; bioinformatics
Special Issues, Collections and Topics in MDPI journals

E-Mail Website
Guest Editor
Department of Electrical Engineering and Computer Science, Texas A&M University-Kingsville, Kingsville, TX, USA
Interests: bioinformatics; computational biology; machine learning; pattern recognition; data mining and analysis
Special Issues, Collections and Topics in MDPI journals
Department of Electrical Engineering and Computer Science, Texas A&M University—Kingsville, Kingsville, TX 78363, USA
Interests: parallel distributed systems; networking; storage systems; cluster and grid computing; real-time systems; fault-tolerant computing; performance evaluation; dynamic resource management; network security
Special Issues, Collections and Topics in MDPI journals

E-Mail Website
Guest Editor
Department of Electrical Engineering and Computer Science, Texas A&M University-Kingsville, Kingsville, TX, USA
Interests: object-oriented programming; mobile development
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Cyber defense and security is now an essential field of computer science in light of the ever-increasing threats and attacks on computer infrastructure. Machine learning and artificial intelligence methods are applicable in the detection of cyber threats, such as malware analysis, intrusion detection, injection attacks, etc. There are various algorithms in machine learning and artificial intelligence methods. Additionally, there are several applications of cyber defense, including firewall configuration, packet sniffing, network analysis, and network traffic monitoring. This Special Issue welcomes papers on any of these above mentioned or related topics using or developing machine learning and artificial intelligence algorithms.

Dr. Ayush Goyal
Dr. Avdesh Mishra
Dr. Mais Nijim
Dr. David Hicks
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 250 words) can be sent to the Editorial Office for assessment.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-anonymized peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • cybersecurity
  • cyber defense
  • cyber intelligence
  • machine learning
  • artificial intelligence
  • intrusion detection
  • malware analysis

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • Reprint: MDPI Books provides the opportunity to republish successful Special Issues in book format, both online and in print.

Further information on MDPI's Special Issue policies can be found here.

Related Special Issue

Published Papers (5 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

25 pages, 12027 KB  
Article
Automated Cyber Threat Intelligence Extraction from Distributed Honeypots: A Hybrid Machine Learning Approach
by Hessa Abdulaziz AlJuhaiman, Qazi Emad-ul-Haq, Kyounggon Kim and Seokhee Lee
Electronics 2026, 15(13), 2900; https://doi.org/10.3390/electronics15132900 - 2 Jul 2026
Viewed by 217
Abstract
The exponential growth of Indicators of Compromise (IoCs) has overwhelmed manual triage processes in Security Operations Centers (SOCs), necessitating automated solutions for large-scale log analysis. This study proposes a hybrid machine learning framework that integrates supervised and unsupervised learning to automate the classification, [...] Read more.
The exponential growth of Indicators of Compromise (IoCs) has overwhelmed manual triage processes in Security Operations Centers (SOCs), necessitating automated solutions for large-scale log analysis. This study proposes a hybrid machine learning framework that integrates supervised and unsupervised learning to automate the classification, clustering, and contextual interpretation of Cyber Threat Intelligence (CTI). The primary contribution lies in a multi-stage feature engineering pipeline that enriches raw SIEM logs with cyclical temporal encoding and geographical metadata. In the supervised phase, a comparative evaluation of gradient boosting classifiers—XGBoost, LightGBM, and CatBoost—demonstrates that all three achieve competitive performance in categorizing known attack techniques, consistently outperforming the Random Forest baseline. The results indicate that classifier performance is dataset-dependent, and practitioners are encouraged to select the most suitable model based on their operational environment. Simultaneously, the unsupervised phase employs density-based clustering to identify emerging and previously unknown threat patterns by correlating adversarial behaviors with source attribution. By combining these two approaches, the framework ensures near-real-time feasibility and significantly enhances the scalability of automated threat extraction from distributed honeypot environments. Full article
(This article belongs to the Special Issue AI in Cybersecurity, 3rd Edition)
Show Figures

Figure 1

31 pages, 2108 KB  
Article
Embedding-Dependent Performance of Variational Quantum Reinforcement Learning for Intrusion Detection Under Dimensionality Constraints
by Raid Anis Kerkatou, Hacene Belhadef, Aicha Eutamene and Svetlana Petrova Stefanova
Electronics 2026, 15(13), 2853; https://doi.org/10.3390/electronics15132853 - 30 Jun 2026
Viewed by 107
Abstract
Network intrusion detection systems (IDS) operate in high-dimensional feature spaces under evolving attack patterns and asymmetric misclassification costs, where false negatives represent a critical security risk. Reinforcement learning (RL) offers a natural mechanism for encoding domain-specific misclassification costs directly into the learning signal [...] Read more.
Network intrusion detection systems (IDS) operate in high-dimensional feature spaces under evolving attack patterns and asymmetric misclassification costs, where false negatives represent a critical security risk. Reinforcement learning (RL) offers a natural mechanism for encoding domain-specific misclassification costs directly into the learning signal through reward shaping, enabling cost-sensitive policy optimization in adaptive streaming environments. However, the integration of variational quantum models into RL-based IDS remains insufficiently explored. This work investigates a variational quantum reinforcement learning (VQRL) framework for intrusion detection, in which parameterized quantum circuits are employed to model the policy function. We adopt an RL formulation primarily as a principled cost-sensitive optimization approach rather than to exploit sequential state dependencies, and we employ Instantaneous Quantum Polynomial (IQP) embedding as a quantum feature encoding strategy. The study analyzes how embedding expressivity interacts with varying levels of dimensionality reduction via principal component analysis (PCA) on the CICIDS2017 dataset. Experiments demonstrate that VQRL-IQP achieves high recall and reduces false negative rates in moderately high-dimensional feature spaces compared to a classical RL baseline. This improvement is accompanied by an increase in false positive rates, reflecting a trade-off shaped jointly by the reward structure and the structural properties of IQP encoding. Statistical validation across five independent runs confirms the consistency of these trends. Importantly, no general quantum advantage in accuracy or computational efficiency is claimed; rather, the results indicate that VQRL-IQP offers a distinct error trade-off that is operationally valuable in security-critical scenarios where minimizing missed attacks is the primary objective. Full article
(This article belongs to the Special Issue AI in Cybersecurity, 3rd Edition)
23 pages, 4288 KB  
Article
Addressing Data Scarcity in Malware Classification via Pixel-Level Synthetic Image Generation
by Mounika Krishna Teja Karumudi and Fabio Di Troia
Electronics 2026, 15(13), 2848; https://doi.org/10.3390/electronics15132848 - 30 Jun 2026
Viewed by 167
Abstract
Deep learning-based malware classification using image representations has emerged as a highly effective paradigm for threat detection. However, training robust neural networks is frequently bottlenecked by data scarcity and severe class imbalances in real-world repositories. This study investigates the viability of using an [...] Read more.
Deep learning-based malware classification using image representations has emerged as a highly effective paradigm for threat detection. However, training robust neural networks is frequently bottlenecked by data scarcity and severe class imbalances in real-world repositories. This study investigates the viability of using an autoregressive PixelCNN framework to synthesize high-fidelity, class-specific malware images to augment limited training distributions. Utilizing the benchmark Malimg dataset, we systematically evaluate a Convolutional Neural Network (CNN) classifier across varying ratios of synthetic-to-authentic data under strict data scarcity constraints (ranging from 10 to 80 authentic samples per family). Our experimental results reveal that while PixelCNN successfully replicates intricate, byte-level micro-textures, classifiers trained exclusively on synthetic data experience catastrophic performance degradation, yielding an accuracy of just 3%. Crucially, however, the introduction of a minimal authentic data anchor (15% to 20%) restores functional decision boundaries, immediately elevating classification accuracy up to 72%. Furthermore, performance saturates rapidly once the training matrix reaches a 50/50 synthetic-to-authentic split, achieving up to 82% classification accuracy, rendering it highly competitive with the 89% accuracy upper bound of a fully authentic baseline. These findings demonstrate an exceptional degree of data efficiency, proving that generative autoregressive augmentation can halve the authentic data collection burden in cybersecurity workflows provided a minor, real-world baseline anchor is preserved. Full article
(This article belongs to the Special Issue AI in Cybersecurity, 3rd Edition)
Show Figures

Figure 1

27 pages, 8456 KB  
Article
AD-CapsFPN: An Asymmetric Dilated Convolutional Capsule Network with Feature Pyramid for Malware Classification
by Longcheng Wang, Jin Li, Yafei Song, Yanbing Ren and Yunfei Xu
Electronics 2026, 15(11), 2355; https://doi.org/10.3390/electronics15112355 - 29 May 2026
Viewed by 340
Abstract
Existing CNN-based visual malware classification methods are often constrained by inductive bias mismatch: standard isotropic convolution kernels and global pooling operations neglect the inherent structural anisotropy of malware images, and these methods struggle to address the spatial rearrangement of code blocks caused by [...] Read more.
Existing CNN-based visual malware classification methods are often constrained by inductive bias mismatch: standard isotropic convolution kernels and global pooling operations neglect the inherent structural anisotropy of malware images, and these methods struggle to address the spatial rearrangement of code blocks caused by obfuscation, which we term the “Malware Picasso Problem”. To overcome these limitations, we propose AD-CapsFPN, an end-to-end framework representing a significant step toward spatial reasoning over texture memorization, with a synergistic “Rectification–Fusion–Inference” mechanism. Our approach rectifies anisotropic inductive biases in the feature extraction stage, dynamically aggregates cross-scale discriminative features in intermediate layers, injects row-aware spatial biases, and adopts a global pooling-free spatial routing strategy in the classification stage, effectively reconstructing logical associations between obfuscated and scattered code blocks. Experiments on the large-scale Fusion dataset and the obfuscated Androdex dataset demonstrate significant performance improvements: our method achieves a 16.22% boost in macro F1-score over the MobileNetV4 baseline on the Fusion dataset (reaching 97.98%), and hits 92.45% macro F1-score on the highly challenging Androdex-Set1, outperforming state-of-the-art methods such as MDC-RepNet (88.97%) and TAEfficientNet (88.15%). This work confirms that embedding malware domain priors into architecture design is the key to robust malware classification. Full article
(This article belongs to the Special Issue AI in Cybersecurity, 3rd Edition)
Show Figures

Figure 1

26 pages, 3343 KB  
Article
Graph Sampling Contrastive Self-Supervised Graph Neural Network for Network Traffic Anomaly Detection
by Min Yang and Caiming Liu
Electronics 2026, 15(10), 2119; https://doi.org/10.3390/electronics15102119 - 15 May 2026
Viewed by 345
Abstract
With the increasing scale and complexity of network traffic, anomaly detection faces significant challenges, particularly under the scarcity of labeled data in real-world environments. Although graph neural networks (GNNs) effectively model relational structures, most existing approaches rely on supervised learning, limiting their applicability [...] Read more.
With the increasing scale and complexity of network traffic, anomaly detection faces significant challenges, particularly under the scarcity of labeled data in real-world environments. Although graph neural networks (GNNs) effectively model relational structures, most existing approaches rely on supervised learning, limiting their applicability in weakly labeled or unlabeled scenarios. To address these limitations, this paper proposes a self-supervised graph neural network framework, termed EGSCA, for network traffic anomaly detection. The framework employs a GNN to jointly model node and edge information, enabling the learning of discriminative representations. On this basis, a graph contrastive learning strategy is designed, where diverse subgraphs are generated via breadth-first search (BFS) to effectively capture local structural patterns. Meanwhile, a hybrid contrastive loss based on Wasserstein distance and Gromov–Wasserstein distance is introduced to achieve collaborative optimization between feature-space alignment and structural consistency under unlabeled conditions. Experimental results on multiple benchmark datasets demonstrate that the proposed method achieves competitive performance. Notably, it achieves the best results on datasets NF-BoT-IoT and NF-BoT-IoT-v2, with average improvements of approximately 3.2% in F1-score and 1.7% in DR over the strongest baseline. Further analysis indicates that the model yields more pronounced performance gains in scenarios with high class separability. Full article
(This article belongs to the Special Issue AI in Cybersecurity, 3rd Edition)
Show Figures

Figure 1

Back to TopTop