Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
5.3
2.6
Journals
Electronics
Special Issues
AI-Based Solutions for Cybersecurity
share announcement

AI-Based Solutions for Cybersecurity

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Artificial Intelligence".

Deadline for manuscript submissions: 15 June 2025 | Viewed by 9903

Special Issue Editors

Dr. Eunjung Choi

E-Mail Website
Guest Editor
Department of Information Security, Seoul Women’s University, Seoul 01797, Republic of Korea
Interests: artificial intelligence; cybersecurity; malware; privacy; OSINT
Special Issues, Collections and Topics in MDPI journals
Dr. Jiyeon Kim

E-Mail Website
Guest Editor
Department of Computer Engineering, Daegu University, Gyeongsan 38453, Republic of Korea
Interests: artificial intelligence; cybersecurity; digital twin; cloud and IoT
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

AI is having a significant impact on cybersecurity, and there are also concerns related to the security of AI, which include trust in AI, the ethical application of AI, and cybersecurity.

AI is able to play a positive role in cybersecurity, aiding in threat anticipation and case summarization, while cybersecurity will be essential to ensure AI’s trustworthiness.

AI solution is becoming increasingly important in the field of cybersecurity, and it is expected to continue to play a significant role in the years to come.

Topics of interest for this Special Issue include, but are not limited to, the following:

  • AI-based threat detection;
  • Behavioral analytics;
  • Cybersecurity automation;
  • AI-powered authentication;
  • Adversarial machine learning;
  • AI in IoT security;
  • Cyber threat intelligence;
  • AI and cloud security;
  • AI-based security analytics;
  • Ethical considerations.

Dr. Eunjung Choi
Dr. Jiyeon Kim
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • AI solution for cybersecurity
  • machine learning-based solution for cybersecurity
  • deep learning-based solution for cybersecurity
  • AI solution for cloud security
  • AI solution for privacy

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue policies can be found here.

Published Papers (8 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

Jump to: Review

23 pages, 2354 KiB  
Article
A Generic Image Steganography Recognition Scheme with Big Data Matching and an Improved ResNet50 Deep Learning Network
by Xuefeng Gao, Junkai Yi, Lin Liu and Lingling Tan
Electronics 2025, 14(8), 1610; https://doi.org/10.3390/electronics14081610 - 16 Apr 2025
Viewed by 144
Abstract
Image steganalysis has been a key technology in information security in recent years. However, existing methods are mostly limited to the binary classification for detecting steganographic images used in digital watermarking, privacy protection, illicit data concealment, and security images, such as unaltered cover [...] Read more.
Image steganalysis has been a key technology in information security in recent years. However, existing methods are mostly limited to the binary classification for detecting steganographic images used in digital watermarking, privacy protection, illicit data concealment, and security images, such as unaltered cover images or surveillance images. They cannot identify the steganography algorithms used in steganographic images, which restricts their practicality. To solve this problem, this paper proposes a general steganography algorithms recognition scheme based on image big data matching with improved ResNet50. The scheme first intercepts the image region with the highest complexity and focuses on the key features to improve the analysis efficiency; subsequently, the original image of the image to be detected is accurately located by the image big data matching technique and the steganographic difference feature image is generated; finally, the ResNet50 is improved by combining the pyramid attention mechanism and the joint loss function, which achieves the efficient recognition of the steganography algorithm. To verify the feasibility and effectiveness of the scheme, three experiments are designed in this paper: verification of the selection of the core analysis region, verification of the image similarity evaluation based on Peak Signal-to-Noise Ratio (PSNR), and performance verification of the improved ResNet50 model. The experimental results show that the scheme proposed in this paper outperforms the existing mainstream steganalysis models, such as ZhuNet and YeNet, with a detection accuracy of 96.11%, supports the recognition of six adaptive steganography algorithms, and adapts to the needs of analysis of multiple sizes and image formats, demonstrating excellent versatility and application value. Full article
(This article belongs to the Special Issue AI-Based Solutions for Cybersecurity)
Show Figures

Graphical abstract

26 pages, 3964 KiB  
Article
ATIRS: Towards Adaptive Threat Analysis with Intelligent Log Summarization and Response Recommendation
by Daekyeong Park, Byeongjun Min, Sungwon Lim and Byeongjin Kim
Electronics 2025, 14(7), 1289; https://doi.org/10.3390/electronics14071289 - 25 Mar 2025
Viewed by 322
Abstract
Modern maritime operations rely on diverse network components, increasing cybersecurity risks. While security solutions like Suricata generate extensive network alert logs, ships often operate without dedicated security personnel, requiring general crew members to review and respond to alerts. This challenge is exacerbated when [...] Read more.
Modern maritime operations rely on diverse network components, increasing cybersecurity risks. While security solutions like Suricata generate extensive network alert logs, ships often operate without dedicated security personnel, requiring general crew members to review and respond to alerts. This challenge is exacerbated when vessels are at sea, delaying threat mitigation due to limited external support. We propose an Adaptive Threat Intelligence and Response Recommendation System (ATIRS), a small language model (SLM)-based framework that automates network alert log summarization and response recommendations to address this. The ATIRS processes real-world Suricata network alert log data and converts unstructured alerts into structured summaries, allowing the response recommendation model to generate contextually relevant and actionable countermeasures. It then suggests appropriate follow-up actions, such as IP blocking or account locking, ensuring timely and effective threat response. Additionally, the ATIRS employs adaptive learning, continuously refining its recommendations based on user feedback and emerging threats. Experimental results from shipboard network data demonstrate that the ATIRS significantly reduces the Mean Time to Respond (MTTR) while alleviating the burden on crew members, allowing for faster and more efficient threat mitigation, even in resource-constrained maritime environments. Full article
(This article belongs to the Special Issue AI-Based Solutions for Cybersecurity)
Show Figures

Figure 1

19 pages, 1959 KiB  
Article
Leveraging Federated Learning for Malware Classification: A Heterogeneous Integration Approach
by Kongyang Chen, Wangjun Zhang, Zhangmao Liu and Bing Mi
Electronics 2025, 14(5), 915; https://doi.org/10.3390/electronics14050915 - 25 Feb 2025
Viewed by 561
Abstract
The increasing complexity and frequency of malware attacks pose significant challenges to cybersecurity, as traditional methods struggle to keep pace with the evolving threat landscape. Current malware classification techniques often fail to account for the heterogeneity of malware data and models across different [...] Read more.
The increasing complexity and frequency of malware attacks pose significant challenges to cybersecurity, as traditional methods struggle to keep pace with the evolving threat landscape. Current malware classification techniques often fail to account for the heterogeneity of malware data and models across different clients, limiting their effectiveness. In this chapter, we propose a distributed model enhancement-based malware classification method that leverages federated learning to address these limitations. Our approach employs generative adversarial networks to generate synthetic malware data, transforming non-independent datasets into approximately independent ones to mitigate data heterogeneity. Additionally, we utilize knowledge distillation to facilitate the transfer of knowledge between client-specific models and a global classification model, promoting effective collaboration among diverse systems. Inspired by active defense theory, our method identifies suboptimal models during training and replaces them on a central server, ensuring all clients operate with optimal classification capabilities. We conducted extensive experimentation on the Malimg dataset and the Microsoft Malware Classification Challenge (MMCC) dataset. In scenarios characterized by both model heterogeneity and data heterogeneity, our proposed method demonstrated its effectiveness by improving the global malware classification model’s accuracy to 96.80%. Overall, our research presents a robust framework for improving malware classification while maintaining data privacy across distributed environments, highlighting its potential to strengthen cybersecurity defenses against increasingly sophisticated malware threats. Full article
(This article belongs to the Special Issue AI-Based Solutions for Cybersecurity)
Show Figures

Figure 1

15 pages, 1517 KiB  
Article
Network Security Situation Element Extraction Algorithm Based on Hybrid Deep Learning
by Ran Zhang, Qianru Wu and Yuwei Zhou
Electronics 2025, 14(3), 553; https://doi.org/10.3390/electronics14030553 - 29 Jan 2025
Viewed by 589
Abstract
Accurately extracting network security situation elements is an important basis for improving the situational awareness of industrial Internet security. This paper proposes an industrial internet security situation element extraction algorithm based on a hybrid neural network. Firstly, the powerful local feature extraction ability [...] Read more.
Accurately extracting network security situation elements is an important basis for improving the situational awareness of industrial Internet security. This paper proposes an industrial internet security situation element extraction algorithm based on a hybrid neural network. Firstly, the powerful local feature extraction ability of convolutional neural networks (CNNs) was used to extract the features of key situation elements, and the obtained features were flattened and then input into long short-term memory networks (LSTMs) to solve the problem of the poor time feature extraction ability of CNNs. Then, the output features of the fully connected layer were input to the backpropagation (BP) network for classification, and LSTM was used to correct the prediction residual of the BP network to optimize the parameters of each module in the model and improve the classification effect and generalization ability. Comparative experimental results show that the accuracy of the model on the KDD Cup99 dataset and SCADA2014 dataset can reach 98.03% and 98.96%, respectively. Compared with other models, the model has higher classification accuracy and can provide more effective indicator data for security situation assessment. Full article
(This article belongs to the Special Issue AI-Based Solutions for Cybersecurity)
Show Figures

Graphical abstract

22 pages, 1177 KiB  
Article
DeepOP: A Hybrid Framework for MITRE ATT&CK Sequence Prediction via Deep Learning and Ontology
by Shuqin Zhang, Xiaohang Xue and Xinyu Su
Electronics 2025, 14(2), 257; https://doi.org/10.3390/electronics14020257 - 9 Jan 2025
Viewed by 1319
Abstract
As the Industrial Internet of Things (IIoT) increasingly integrates with traditional networks, advanced persistent threats (APTs) pose significant risks to critical infrastructure. Traditional Intrusion Detection Systems (IDSs) and Anomaly Detection Systems (ADSs) are often inadequate in countering sophisticated multi-step APT attacks. This highlights [...] Read more.
As the Industrial Internet of Things (IIoT) increasingly integrates with traditional networks, advanced persistent threats (APTs) pose significant risks to critical infrastructure. Traditional Intrusion Detection Systems (IDSs) and Anomaly Detection Systems (ADSs) are often inadequate in countering sophisticated multi-step APT attacks. This highlights the necessity of studying attacker strategies and developing predictive models to mitigate potential threats. To address these challenges, we propose DeepOP, a hybrid framework for attack sequence prediction that combines deep learning and ontological reasoning. DeepOP leverages the MITRE ATT&CK framework to standardize attacker behavior and predict future attacks with fine-grained precision. Our framework’s core is a novel causal window self-attention mechanism embedded within a transformer-based architecture. This mechanism effectively captures local causal relationships and global dependencies within attack sequences, enabling accurate multi-step attack predictions. In addition, we construct a comprehensive dataset by extracting causally connected attack events from cyber threat intelligence (CTI) reports using ontological reasoning, mapping them to the ATT&CK framework. This approach addresses the challenge of insufficient data for fine-grained attack prediction and enhances the model’s ability to generalize across diverse scenarios. Experimental results demonstrate that the proposed model effectively predicts attacker behavior, achieving competitive performance in multi-step attack prediction tasks. Furthermore, DeepOP bridges the gap between theoretical modeling and practical security applications, providing a robust solution for countering complex APT threats. Full article
(This article belongs to the Special Issue AI-Based Solutions for Cybersecurity)
Show Figures

Figure 1

39 pages, 21483 KiB  
Article
SPM-FL: A Federated Learning Privacy-Protection Mechanism Based on Local Differential Privacy
by Zhiyan Chen and Hong Zheng
Electronics 2024, 13(20), 4091; https://doi.org/10.3390/electronics13204091 - 17 Oct 2024
Cited by 1 | Viewed by 1449
Abstract
Federated learning is a widely applied distributed machine learning method that effectively protects client privacy by sharing and computing model parameters on the server side, thus avoiding the transfer of data to third parties. However, information such as model weights can still be [...] Read more.
Federated learning is a widely applied distributed machine learning method that effectively protects client privacy by sharing and computing model parameters on the server side, thus avoiding the transfer of data to third parties. However, information such as model weights can still be analyzed or attacked, leading to potential privacy breaches. Traditional federated learning methods often disturb models by adding Gaussian or Laplacian noise, but under smaller privacy budgets, the large variance of the noise adversely affects model accuracy. To address this issue, this paper proposes a Symmetric Partition Mechanism (SPM), which probabilistically perturbs the sign of local model weight parameters before model aggregation. This mechanism satisfies strict ϵ-differential privacy, while introducing a variance constraint mechanism that effectively reduces the impact of noise interference on model performance. Compared with traditional methods, SPM generates smaller variance under the same privacy budget, thereby improving model accuracy and being applicable to scenarios with varying numbers of clients. Through theoretical analysis and experimental validation on multiple datasets, this paper demonstrates the effectiveness and privacy-protection capabilities of the proposed mechanism. Full article
(This article belongs to the Special Issue AI-Based Solutions for Cybersecurity)
Show Figures

Figure 1

17 pages, 2567 KiB  
Article
Dynamic Cyberattack Simulation: Integrating Improved Deep Reinforcement Learning with the MITRE-ATT&CK Framework
by Sang Ho Oh, Jeongyoon Kim and Jongyoul Park
Electronics 2024, 13(14), 2831; https://doi.org/10.3390/electronics13142831 - 18 Jul 2024
Viewed by 1472
Abstract
As cyberattacks become increasingly sophisticated and frequent, it is crucial to develop robust cybersecurity measures that can withstand adversarial attacks. Adversarial simulation is an effective technique for evaluating the security of systems against various types of cyber threats. However, traditional adversarial simulation methods [...] Read more.
As cyberattacks become increasingly sophisticated and frequent, it is crucial to develop robust cybersecurity measures that can withstand adversarial attacks. Adversarial simulation is an effective technique for evaluating the security of systems against various types of cyber threats. However, traditional adversarial simulation methods may not capture the complexity and unpredictability of real-world cyberattacks. In this paper, we propose the improved deep reinforcement learning (DRL) algorithm to enhance adversarial attack simulation for cybersecurity with real-world scenarios from MITRE-ATT&CK. We first describe the challenges of traditional adversarial simulation and the potential benefits of using DRL. We then present an improved DRL-based simulation framework that can realistically simulate complex and dynamic cyberattacks. We evaluate the proposed DRL framework using a cyberattack scenario and demonstrate its effectiveness by comparing it with existing DRL algorithms. Overall, our results suggest that DRL has significant potential for enhancing adversarial simulation for cybersecurity in real-world environments. This paper contributes to developing more robust and effective cybersecurity measures that can adapt to the evolving threat landscape of the digital world. Full article
(This article belongs to the Special Issue AI-Based Solutions for Cybersecurity)
Show Figures

Figure 1

Review

Jump to: Research

34 pages, 645 KiB  
Review
Survey of Transformer-Based Malicious Software Detection Systems
by Mohammed Alshomrani, Aiiad Albeshri, Badraddin Alturki, Fouad Shoie Alallah and Abdulaziz A. Alsulami
Electronics 2024, 13(23), 4677; https://doi.org/10.3390/electronics13234677 - 27 Nov 2024
Cited by 1 | Viewed by 3307
Abstract
In the recent past, the level of cyber threats has changed drastically, leading to the current transformation of the cybersecurity landscape. For example, emerging threats like Zero-day and polymorphic malware cannot be detected by conventional detection methods like heuristic and signature-based methods, which [...] Read more.
In the recent past, the level of cyber threats has changed drastically, leading to the current transformation of the cybersecurity landscape. For example, emerging threats like Zero-day and polymorphic malware cannot be detected by conventional detection methods like heuristic and signature-based methods, which have proven useful in the identification of malware. In view of this shift in the cybersecurity paradigm, this study proposes to discuss the utilization of transformer models to improve malware detection effectiveness and the accuracy and efficiency in detecting malicious software. In this regard, this study adopts the application of transformers in identifying different forms of malicious software: ransomware, spyware, and trojans. Transformers are endowed with the ability to handle sequential data and capture intricate patterns. By employing deep learning techniques and conducting thorough contextual analysis, these models enhance the detection process by identifying subtle indications of compromise, which traditional methods may overlook. This research also explains the challenges and limitations related to the application of transformer-based models in real-world cybersecurity settings, which include computing requirements and large-scale labeled datasets’ requirements. By the end, the article suggests potential future research avenues in order to improve and integrate these models into cybersecurity systems. Full article
(This article belongs to the Special Issue AI-Based Solutions for Cybersecurity)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-8
Back to TopTop