Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
6.1
2.6
Journals
Electronics
Special Issues
Emerging Technologies for Network Security and Anomaly Detection
share announcement

Emerging Technologies for Network Security and Anomaly Detection

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Networks".

Deadline for manuscript submissions: closed (15 October 2025) | Viewed by 7350

Special Issue Editors

Prof. Dr. Yu-Kuen Lai

E-Mail Website
Guest Editor
Department of Electrical Engineering, 200 Chung-Pei Rd. Chung-Li District, Tao-Yuan 320314, Taiwan
Interests: software-defined networking; streaming data processing; network traffic analysis; FPGA system design; computer network security
Prof. Dr. Kouji Hirata

E-Mail Website
Guest Editor
Department of Electrical and Electronic Engineering, Faculty of Engineering Science, Kansai University, 3-3-35 Yamate-cho, Suita-Shi, Osaka 564-8680, Japan
Interests: software-defined networking; computer network security; optical networking; network optimization; in-network caching; edge computing systems
Dr. Tomotaka Kimura

E-Mail Website
Guest Editor
Faculty of Science and Engineering, Doshisha University, 1-3 Tataramiyakodani, Kyotanabe-Shi, Kyoto 610-0321, Japan
Interests: computer network security; mobile networks; machine learning; UAV-assisted networks
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The increasing complexity of modern network infrastructures and the proliferation of cyber threats have created an urgent need for advanced security mechanisms and robust anomaly detection techniques. Traditional security solutions are often insufficient in detecting sophisticated cyberattacks, necessitating the development of innovative methodologies to ensure network resilience. This Special Issue aims to explore new technologies and approaches that enhance network security and anomaly detection, focusing on leveraging AI, machine learning, and emerging computational models.

We invite original research papers, review articles, and case studies contributing to the theoretical foundations, algorithmic advancements, and practical applications of network security and anomaly detection. Contributions that address real-world security challenges and propose novel frameworks are highly encouraged.

Topics of Interest

We welcome submissions on (but not limited to) the following topics:

  • AI and machine learning for intrusion detection and anomaly detection;
  • Blockchain and distributed ledger technologies for secure networking;
  • Zero-trust architectures and their applications in modern networks;
  • Next-generation intrusion prevention and detection systems;
  • Federated learning and privacy-preserving network security;
  • Threat intelligence and automated cyber threat response;
  • Secure network protocols and cryptographic techniques;
  • Deep learning approaches for network traffic analysis;
  • Adversarial attacks and defenses in network security;
  • Quantum computing and its implications for network security;
  • Real-time anomaly detection in cloud, edge, and IoT networks;
  • Software-defined networking (SDN) and network function virtualization (NFV) for security enhancement;
  • Large-scale datasets and benchmarks for network anomaly detection;
  • Case studies on security breaches and lessons learned.

Prof. Dr. Yu-Kuen Lai
Prof. Dr. Kouji Hirata
Dr. Tomotaka Kimura
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 250 words) can be sent to the Editorial Office for assessment.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • network security
  • anomaly detection
  • intrusion detection
  • machine learning
  • artificial intelligence (AI)
  • zero-trust architecture
  • threat intelligence
  • blockchain
  • software-defined networking (SDN)

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • Reprint: MDPI Books provides the opportunity to republish successful Special Issues in book format, both online and in print.

Further information on MDPI's Special Issue policies can be found here.

Published Papers (5 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

23 pages, 14696 KB  
Article
Mouse Data Defence Technology Using Machine Learning in Image-Based User Authentication: Based on the WM_INPUT Message
by Wontae Jung, Jinwook Kim and Kyungroul Lee
Electronics 2026, 15(1), 16; https://doi.org/10.3390/electronics15010016 - 19 Dec 2025
Viewed by 192
Abstract
In personal computers, data is input through devices such as keyboards and mice, and various services are received from the internet. To provide these online services, secure user authentication methods are essential. Knowledge-based authentication methods, such as PINs or passwords, have been widely [...] Read more.
In personal computers, data is input through devices such as keyboards and mice, and various services are received from the internet. To provide these online services, secure user authentication methods are essential. Knowledge-based authentication methods, such as PINs or passwords, have been widely implemented in most services due to their ease of implementation. However, security threats such as brute-force attacks, phishing attacks, and keyboard data attacks that intercept sensitive user information have emerged. To counter these security threats, image-based authentication methods using mouse input were introduced. However, vulnerabilities arose when functions like GetCursorPos() or WM_INPUT messages were used, allowing mouse input data to be intercepted, thereby undermining image-based authentication. To defend against these attacks, counter-defence methods were developed to generate fake mouse data, protecting actual mouse data. With the advent of these defence methods, there has been a demand for attack methods to classify fake and real mouse data. Recently, machine learning-based methods have been employed on the attacker’s side to classify real mouse data, effectively distinguishing fake from real mouse data and compromising the security of image-based authentication methods. Therefore, this paper proposes a defence technology to safely protect mouse data from theft attacks using machine learning, specifically leveraging Generative Adversarial Networks (GANs). To achieve the goal of this defence technology, the distribution of fake mouse data generated using GANs was analyzed, verifying the feasibility of mouse defence methods. In summary, a system incorporating the defence technology was constructed, and a dataset containing both fake and real mouse data was created. Based on the constructed environment, the performance of the mouse data defence technology was evaluated. The results showed that it reduced performance by up to 37% in the dataset with the highest performance of existing machine learning-based attack methods. This study concludes that the proposed mouse data defence technology effectively addresses vulnerabilities and security threats related to user authentication information in various services relying on image-based authentication methods. Full article
(This article belongs to the Special Issue Emerging Technologies for Network Security and Anomaly Detection)
Show Figures

Graphical abstract

21 pages, 2234 KB  
Article
Explainable and Optimized Random Forest for Anomaly Detection in IoT Networks Using the RIME Metaheuristic
by Mohamed Sasi, Oluwatayomi Rereloluwa Adegboye and Ahmad Alzubi
Electronics 2025, 14(22), 4465; https://doi.org/10.3390/electronics14224465 - 16 Nov 2025
Viewed by 660
Abstract
The rapid expansion of Internet of Things (IoT) ecosystems has amplified their exposure to sophisticated cyber threats, particularly Distributed Denial-of-Service (DDoS) attacks that exploit device heterogeneity and resource constraints. Traditional machine learning-based intrusion detection systems often suffer from suboptimal performance due to poor [...] Read more.
The rapid expansion of Internet of Things (IoT) ecosystems has amplified their exposure to sophisticated cyber threats, particularly Distributed Denial-of-Service (DDoS) attacks that exploit device heterogeneity and resource constraints. Traditional machine learning-based intrusion detection systems often suffer from suboptimal performance due to poor hyperparameter configuration and a lack of interpretability, which are critical limitations in security-critical IoT environments. To address these challenges, this paper proposes an explainable, automated, and efficient anomaly detection framework that integrates a Random Forest (RF) classifier with the RIME metaheuristic optimization algorithm for hyperparameter tuning. Inspired by the physical process of rime ice formation, RIME’s dual-phase search mechanism effectively balances global exploration and local exploitation to identify near-optimal RF configurations in complex, high-dimensional search spaces. Evaluated on a real-world IoT traffic dataset encompassing twelve distinct DDoS attack vectors, the RIME-optimized RF model achieves a testing accuracy of 93.4%, outperforming baseline RF and other metaheuristic-optimized variants in both performance and convergence stability. Crucially, SHAP (SHapley Additive exPlanations) analysis provides transparent, attack-specific insights into feature importance, highlighting syn_flag_number, Protocol Type, Magnitue, Radius, and Ack_flag_number as key discriminative features, thereby enhancing model trustworthiness and operational utility. This work delivers a lightweight, interpretable, and high-performance solution well-suited for deployment in resource-constrained IoT networks, aligning with the urgent need for intelligent, adaptive, and explainable security mechanisms in next-generation network infrastructures. Full article
(This article belongs to the Special Issue Emerging Technologies for Network Security and Anomaly Detection)
Show Figures

Figure 1

39 pages, 2251 KB  
Article
Real-Time Phishing Detection for Brand Protection Using Temporal Convolutional Network-Driven URL Sequence Modeling
by Marie-Laure E. Alorvor and Sajjad Dadkhah
Electronics 2025, 14(18), 3746; https://doi.org/10.3390/electronics14183746 - 22 Sep 2025
Cited by 1 | Viewed by 1842
Abstract
Phishing, especially brand impersonation attacks, is a critical cybersecurity threat that harms user trust and organization security. This paper establishes a lightweight model for real-time detection that relies on URL-only sequences, addressing limitations for multimodal methods that leverage HTML, images, or metadata. This [...] Read more.
Phishing, especially brand impersonation attacks, is a critical cybersecurity threat that harms user trust and organization security. This paper establishes a lightweight model for real-time detection that relies on URL-only sequences, addressing limitations for multimodal methods that leverage HTML, images, or metadata. This approach is based on a Temporal Convolutional Network with Attention (TCNWithAttention) that utilizes character-level URLs to capture both local and long-range dependencies, while providing interpretability with attention visualization and Shapley additive explanations (SHAP). The model was trained and tested on the balanced GramBeddings dataset (800,000 URLs) and validated on the PhiUSIIL dataset of real-world phishing URLs. The model achieved 97.54% accuracy on the GramBeddings dataset, and 81% recall on the PhiUSIIL dataset. The model demonstrated strong generalization, fast inference, and CPU-only deployability. It outperformed CNN, BiLSTM and BERT baselines. Explanations highlighted phishing indicators, such as deceptive subdomains, brand impersonation, and suspicious tokens. It also affirmed real patterns in the legitimate domains. To our knowledge, a Streamlit application to facilitate single and batch URL analysis and log feedback to maintain usability is the first phishing detection framework to integrate TCN, attention, and SHAP, bridging academic innovation with practical cybersecurity techniques. Full article
(This article belongs to the Special Issue Emerging Technologies for Network Security and Anomaly Detection)
Show Figures

Figure 1

17 pages, 3650 KB  
Article
Towards Intelligent Threat Detection in 6G Networks Using Deep Autoencoder
by Doaa N. Mhawi, Haider W. Oleiwi and Hamed Al-Raweshidy
Electronics 2025, 14(15), 2983; https://doi.org/10.3390/electronics14152983 - 26 Jul 2025
Viewed by 826
Abstract
The evolution of sixth-generation (6G) wireless networks introduces a complex landscape of cybersecurity challenges due to advanced infrastructure, massive device connectivity, and the integration of emerging technologies. Traditional intrusion detection systems (IDSs) struggle to keep pace with such dynamic environments, often yielding high [...] Read more.
The evolution of sixth-generation (6G) wireless networks introduces a complex landscape of cybersecurity challenges due to advanced infrastructure, massive device connectivity, and the integration of emerging technologies. Traditional intrusion detection systems (IDSs) struggle to keep pace with such dynamic environments, often yielding high false alarm rates and poor generalization. This study proposes a novel and adaptive IDS that integrates statistical feature engineering with a deep autoencoder (DAE) to effectively detect a wide range of modern threats in 6G environments. Unlike prior approaches, the proposed system leverages the DAE’s unsupervised capability to extract meaningful latent representations from high-dimensional traffic data, followed by supervised classification for precise threat detection. Evaluated using the CSE-CIC-IDS2018 dataset, the system achieved an accuracy of 86%, surpassing conventional ML and DL baselines. The results demonstrate the model’s potential as a scalable and upgradable solution for securing next-generation wireless networks. Full article
(This article belongs to the Special Issue Emerging Technologies for Network Security and Anomaly Detection)
Show Figures

Figure 1

37 pages, 18679 KB  
Article
Real-Time DDoS Detection in High-Speed Networks: A Deep Learning Approach with Multivariate Time Series
by Drixter V. Hernandez, Yu-Kuen Lai and Hargyo T. N. Ignatius
Electronics 2025, 14(13), 2673; https://doi.org/10.3390/electronics14132673 - 1 Jul 2025
Cited by 2 | Viewed by 3264
Abstract
The exponential growth of Distributed Denial-of-Service (DDoS) attacks in high-speed networks presents significant real-time detection and mitigation challenges. The existing detection frameworks are categorized into flow-based and packet-based detection approaches. Flow-based approaches usually suffer from high latency and controller overhead in high-volume traffic. [...] Read more.
The exponential growth of Distributed Denial-of-Service (DDoS) attacks in high-speed networks presents significant real-time detection and mitigation challenges. The existing detection frameworks are categorized into flow-based and packet-based detection approaches. Flow-based approaches usually suffer from high latency and controller overhead in high-volume traffic. In contrast, packet-based approaches are prone to high false-positive rates and limited attack classification, resulting in delayed mitigation responses. To address these limitations, we propose a real-time DDoS detection architecture that combines hardware-accelerated statistical preprocessing with GPU-accelerated deep learning models. The raw packet header information is transformed into multivariate time series data to enable classification of complex traffic patterns using Temporal Convolutional Networks (TCN), Long Short-Term Memory (LSTM) networks, and Transformer architectures. We evaluated the proposed system using experiments conducted under low to high-volume background traffic to validate each model’s robustness and adaptability in a real-time network environment. The experiments are conducted across different time window lengths to determine the trade-offs between detection accuracy and latency. The results show that larger observation windows improve detection accuracy using TCN and LSTM models and consistently outperform the Transformer in high-volume scenarios. Regarding model latency, TCN and Transformer exhibit constant latency across all window sizes. We also used SHAP (Shapley Additive exPlanations) analysis to identify the most discriminative traffic features, enhancing model interpretability and supporting feature selection for computational efficiency. Among the experimented models, TCN achieves the most balance between detection performance and latency, making it an applicable model for the proposed architecture. These findings validate the feasibility of the proposed architecture and support its potential as a real-time DDoS detection application in a realistic high-speed network. Full article
(This article belongs to the Special Issue Emerging Technologies for Network Security and Anomaly Detection)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-5
Back to TopTop