Search Results (351)

This study presents a novel cyber-resilient, data-driven optimisation framework for real-time energy management in electric vehicle (EV)-integrated smart grids. The proposed framework integrates a hybrid optimisation engine—combining genetic algorithms and reinforcement learning—with a real-time analytics module to enable adaptive scheduling under uncertainty. It accounts for dynamic electricity pricing, EV mobility patterns, and grid load fluctuations, dynamically reallocating charging demand in response to evolving grid conditions. Unlike existing GA/RL schedulers, this framework uniquely integrates adaptive optimisation with resilient forecasting under incomplete data and lightweight blockchain-inspired cyber-defence, thereby addressing efficiency, accuracy, and security simultaneously. To ensure secure and trustworthy EV–grid communication, a lightweight blockchain-inspired protocol is incorporated, supported by an intrusion detection system (IDS) for cyber-attack mitigation. Empirical evaluation using European smart grid datasets demonstrates a daily peak demand reduction of 9.6% (from 33 kWh to 29.8 kWh), with a 27% decrease in energy delivered at the original peak hour and a redistribution of demand that increases delivery at 19:00 h by nearly 25%. Station utilisation became more balanced, with weekly peak normalised utilisation falling from 1.0 to 0.7. The forecasting module achieved a mean absolute error (MAE) of 0.25 kWh and a mean absolute percentage error (MAPE) below 20% even with up to 25% missing data. Among tested models, CatBoost outperformed LightGBM and XGBoost with an RMSE of 0.853 kWh and $R^2$ of 0.416. The IDS achieved 94.1% accuracy, an AUC of 0.97, and detected attacks within 50–300 ms, maintaining over 74% detection accuracy under 50% novel attack scenarios. The optimisation runtime remained below 0.4 s even at five times the nominal dataset scale. Additionally, the study outlines a conceptual extension to support location-based planning of charging infrastructure. This proposes the alignment of infrastructure roll-out with forecasted demand to enhance spatial deployment efficiency. While not implemented in the current framework, this forward-looking integration highlights opportunities for synchronising infrastructure development with dynamic usage patterns. Collectively, the findings confirm that the proposed approach is technically robust, operationally feasible, and adaptable to the evolving demands of intelligent EV–smart grid systems. Full article

In the cybersecurity attack and defense space, the “attacker” and the “defender” form a dynamic and symmetrical adversarial pair. Their strategy iterations and capability evolutions have long been in a symmetrical game of mutual restraint. We will introduce modern Intrusion Detection Systems (IDSs) from the defender’s side to counter the techniques designed by the attacker (APT attack). One major challenge faced by IDS is to identify complex attack paths from a vast provenance graph. By constructing an attack behavior tracking graph, the interactions between system entities can be recorded, but the malicious activities of attackers are often hidden among a large number of normal system operations. Although traditional methods can identify attack behaviors, they only focus on the surface association relationships between entities and ignore the deep causal relationships, which limits the accuracy and interpretability of detection. Existing graph anomaly detection methods usually assign the same weight to all interactions, while we propose a Causal Autoencoder for Graph Explanation (CAGE) based on reinforcement learning. This method extracts feature representations from the traceability graph through a graph attention network(GAT), uses Q-learning to dynamically evaluate the causal importance of edges, and highlights key causal paths through a weight layering strategy. In the DARPA TC project, the experimental results conducted on the selected three datasets indicate that the precision of this method in the anomaly detection task remains above 97% on average, demonstrating excellent accuracy. Moreover, the recall values all exceed 99.5%, which fully proves its extremely low rate of missed detections. Full article

This paper presents a cross-layer intrusion detection framework leveraging explainable artificial intelligence (XAI) and interpretability methods to enhance transparency and robustness in attack detection within the Internet of Medical Things (IoMT) domain. By addressing the dual challenges of compromised data integrity, which span both biosensor and network-layer data, this study combines advanced techniques to enhance interpretability, accuracy, and trust. Unlike conventional flow-based intrusion detection systems that primarily rely on transport-layer statistics, the proposed framework operates directly on raw packet-level features and application-layer semantics, including MQTT message types, payload entropy, and topic structures. The key contributions of this research include the application of K-Means clustering combined with the principal component analysis (PCA) algorthim for initial categorization of attack types, the use of SHapley Additive exPlanations (SHAP) for feature prioritization to identify the most influential factors in model predictions, and the employment of Partial Dependence Plots (PDP) and Accumulated Local Effects (ALE) to elucidate feature interactions across layers. These methods enhance the system’s interpretability, making data-driven decisions more accessible to nontechnical stakeholders. Evaluation on a realistic healthcare IoMT testbed demonstrates significant improvements in detection accuracy and decision-making transparency. Furthermore, the proposed approach highlights the effectiveness of explainable and cross-layer intrusion detection for secure and trustworthy medical IoT environments that are tailored for cybersecurity analysts and healthcare stakeholders. Full article

The convergence of operational technology (OT) and information technology (IT) in industrial environments, such as water treatment plants, has significantly increased the attack surface of Supervisory Control and Data Acquisition (SCADA) systems. Traditional intrusion detection systems (IDS), which focus solely on network traffic, often fail to detect stealthy, process-level attacks. This paper proposes a Digital Twin-driven Intrusion Detection (DT-ID) framework that integrates high-fidelity process simulation, real-time sensor modeling, adversarial attack injection, and hybrid anomaly detection using both physical residuals and machine learning. We evaluate the DT-ID framework using a simulated water treatment plant environment, testing against false data injection (FDI), denial-of-service (DoS), and command injection attacks. The system achieves a detection F1-score of 96.3%, a false positive rate below 2.5%, and an average detection latency under 500 ms, demonstrating substantial improvement over conventional rule-based and physics-only IDS in identifying stealthy anomalies. Our findings highlight the potential of cyber-physical digital twins to enhance SCADA security in critical infrastructure. In the following sections, we present the motivation and approach underlying this framework. Full article

Cybersecurity threats are becoming increasingly sophisticated, frequent, and diverse, posing a major risk to critical infrastructure, public trust, and digital economies. Traditional intrusion detection systems often struggle with detecting novel or rare attack types, particularly when data availability is limited or heterogeneous. The current study tries to address these challenges by proposing a unified, multimodal threat detection framework that leverages the combination of synthetic data generation through Generative Adversarial Networks (GANs), advanced ensemble learning, and transfer learning techniques. The research objective is to enhance detection accuracy and resilience against zero-day, botnet, and image-based malware attacks by integrating multiple data modalities, including structured network logs and malware binaries, within a scalable and flexible pipeline. The proposed system features a dual-branch architecture: one branch uses a CNN with transfer learning for image-based malware classification, and the other employs a soft-voting ensemble classifier for tabular intrusion detection, both trained on augmented datasets generated by GANs. Experimental results demonstrate significant improvements in detection performance and false positive reduction, especially when multimodal outputs are fused using the proposed confidence-weighted strategy. The findings highlight the framework’s adaptability and practical applicability in real-world intrusion detection and response systems. Full article

The rapid proliferation of Internet of Things (IoT) devices has significantly increased vulnerability to Distributed Denial of Service (DDoS) attacks, which can severely disrupt network operations. DDoS attacks in IoT networks disrupt communication and compromise service availability, causing severe operational and economic losses. In this paper, we present a Deep Learning (DL)-based Intrusion Detection System (IDS) tailored for IoT environments. Our system employs three architectures—Convolutional Neural Networks (CNNs), Deep Neural Networks (DNNs), and Transformer-based models—to perform binary, three-class, and 12-class classification tasks on the CiC IoT 2023 dataset. Data preprocessing includes log normalization to stabilize feature distributions and SMOTE-based oversampling to mitigate class imbalance. Experiments on the CIC-IoT 2023 dataset show that, in the binary classification task, the DNN achieved 99.2% accuracy, the CNN 99.0%, and the Transformer 98.8%. In three-class classification (benign, DDoS, and non-DDoS), all models attained near-perfect performance (approximately 99.9–100%). In the 12-class scenario (benign plus 12 attack types), the DNN, CNN, and Transformer reached 93.0%, 92.7%, and 92.5% accuracy, respectively. The high precision, recall, and ROC-AUC values corroborate the efficacy and generalizability of our approach for IoT DDoS detection. Comparative analysis indicates that our proposed IDS outperforms state-of-the-art methods in terms of detection accuracy and efficiency. These results underscore the potential of integrating advanced DL models into IDS frameworks, thereby providing a scalable and effective solution to secure IoT networks against evolving DDoS threats. Future work will explore further enhancements, including the use of deeper Transformer architectures and cross-dataset validation, to ensure robustness in real-world deployments. Full article

Novel networking paradigms such as the Internet of Things (IoT) have expanded their usage and deployment to various application domains. Consequently, unseen critical security vulnerabilities such as zero-day attacks have emerged in such deployments. The design of intrusion detection systems for IoT networks is often challenged by a lack of labeled data, which complicates the development of robust defenses against adversarial attacks. As deep learning-based network intrusion detection systems, network intrusion detection systems (NIDS) have been used to counteract emerging security vulnerabilities. However, the deep learning models used in such NIDS are vulnerable to adversarial examples. Adversarial examples are specifically engineered samples tailored to a specific deep learning model; they are developed by minimal perturbation of network packet features, and are intended to cause misclassification. Such examples can bypass NIDS or enable the rejection of regular network traffic. Research in the adversarial example detection domain has yielded several prominent methods; however, most of those methods involve computationally expensive retraining steps and require access to labeled data, which are often lacking in IoT network deployments. In this paper, we propose an unsupervised method for detecting adversarial examples that performs early detection based on the intrinsic characteristics of the deep learning model. Our proposed method requires neither computationally expensive retraining nor extra hardware overhead for implementation. For the work in this paper, we first perform adversarial example generation on a deep learning model using autoencoders. After successful adversarial example generation, we perform adversarial example detection using the intrinsic characteristics of the layers in the deep learning model. A robustness analysis of our approach reveals that an attacker can easily bypass the detection mechanism by using low-magnitude log-normal Gaussian noise. Furthermore, we also test the robustness of our detection method against further compromise by the attacker. We tested our approach on the Kitsune datasets, which are state-of-the-art datasets obtained from deployed IoT network scenarios. Our experimental results show an average adversarial example generation time of 0.337 s and an average detection rate of almost 100%. The robustness analysis of our detection method reveals a reduction of almost 100% in adversarial example detection after compromise by the attacker. Full article

Deep neural networks (DNNs) are highly effective for intrusion detection systems (IDS) due to their ability to learn complex patterns and detect potential anomalies within the systems. However, their high resource consumption requirements including memory and computation make them difficult to deploy on low-powered platforms. This study explores the possibility of using knowledge distillation (KD) to reduce constraints such as power and hardware consumption and improve real-time inference speed but maintain high detection accuracy in IDS across all attack types. The technique utilizes the transfer of knowledge from DNNs (teacher) models to more lightweight shallow neural network (student) models. KD has been proven to achieve significant parameter reduction (92–95%) and faster inference speed (7–11%) while improving overall detection performance (up to 6.12%). Experimental results on datasets such as NSL-KDD, UNSW-NB15, CIC-IDS2017, IoTID20, and UAV IDS demonstrate DNN with KD’s effectiveness in achieving high accuracy, precision, F1 score, and area under the curve (AUC) metrics. These findings confirm KD’s ability as a potential edge computing strategy for IoT and UAV devices, which are suitable for resource-constrained environments and lead to real-time anomaly detection for next-generation distributed systems. Full article

In today’s increasingly interconnected digital world, cyber threats have grown in frequency and sophistication, making intrusion detection systems a critical component of modern cybersecurity frameworks. Traditional IDS methods, often based on static signatures and rule-based systems, are no longer sufficient to detect and respond to complex and evolving attacks. To address these challenges, Artificial Intelligence and machine learning have emerged as powerful tools for enhancing the accuracy, adaptability, and automation of IDS solutions. This study presents a novel, hybrid ensemble learning-based intrusion detection framework that integrates deep learning and traditional ML algorithms with explainable artificial intelligence for real-time cybersecurity applications. The proposed model combines an Artificial Neural Network and Support Vector Machine as base classifiers and employs a Random Forest as a meta-classifier to fuse predictions, improving detection performance. Recursive Feature Elimination is utilized for optimal feature selection, while SHapley Additive exPlanations (SHAP) provide both global and local interpretability of the model’s decisions. The framework is deployed using a Flask-based web interface in the Amazon Elastic Compute Cloud environment, capturing live network traffic and offering sub-second inference with visual alerts. Experimental evaluations using the NSL-KDD dataset demonstrate that the ensemble model outperforms individual classifiers, achieving a high accuracy of 99.40%, along with excellent precision, recall, and F1-score metrics. This research not only enhances detection capabilities but also bridges the trust gap in AI-powered security systems through transparency. The solution shows strong potential for application in critical domains such as finance, healthcare, industrial IoT, and government networks, where real-time and interpretable threat detection is vital. Full article

This study introduces an enhanced Intrusion Detection System (IDS) framework for Denial-of-Service (DoS) attacks, utilizing network traffic inter-arrival time (IAT) analysis. By examining the timing between packets and other statistical features, we detected patterns of malicious activity, allowing early and effective DoS threat mitigation. We generate real DoS traffic, including normal, Internet Control Message Protocol (ICMP), Smurf attack, and Transmission Control Protocol (TCP) classes, and develop nine predictive algorithms, combining traditional machine learning and advanced deep learning techniques with optimization methods, including the synthetic minority sampling technique (SMOTE) and grid search (GS). Our findings reveal that while traditional machine learning achieved moderate accuracy, it struggled with imbalanced datasets. In contrast, Deep Neural Network (DNN) models showed significant improvements with optimization, with DNN combined with GS (DNN-GS) reaching 89% accuracy. However, we also used Recurrent Neural Networks (RNNs) combined with SMOTE and GS (RNN-SMOTE-GS), which emerged as the best-performing with a precision of 97%, demonstrating the effectiveness of combining SMOTE and GS and highlighting the critical role of advanced optimization techniques in enhancing the detection capabilities of IDS models for the accurate classification of various types of network traffic and attacks. Full article

The rapid development of information technology has made cyberspace security an increasingly critical issue. Network intrusion detection methods are practical approaches to protecting network systems from cyber attacks. However, cyberspace security threats have topological dependencies and fine-grained attack semantics. Existing graph-based approaches either underestimate edge-level features or fail to balance detection accuracy with adversarial robustness. To handle these problems, we propose a novel graph neural network–based method for network intrusion detection called the adversarial hierarchical-aware edge attention learning method (AH-EAT). It leverages the natural graph structure of computer networks to achieve robust, multi-grained intrusion detection. Specifically, AH-EAT includes three main modules: an edge-based graph attention embedding module, a hierarchical multi-grained detection module, and an adversarial training module. In the first module, we apply graph attention networks to aggregate node and edge features according to their importance. This effectively captures the network’s key topological information. In the second module, we first perform coarse-grained detection to distinguish malicious flows from benign ones, and then perform fine-grained classification to identify specific attack types. In the third module, we use projected gradient descent to generate adversarial perturbations on network flow features during training, enhancing the model’s robustness to evasion attacks. Experimental results on four benchmark intrusion detection datasets show that AH-EAT achieves 90.73% average coarse-grained accuracy and 1.45% ASR on CIC-IDS2018 under adversarial attacks, outperforming state-of-the-art methods in both detection accuracy and robustness. Full article

Connected and Autonomous Vehicles (CAVs) remain vulnerable to cyberattacks due to inherent security gaps in the Controller Area Network (CAN) protocol. We present a structured Python (3.11.13) framework that repairs structural inconsistencies in a public CAV dataset to improve the reliability of machine learning-based intrusion detection. We assess the effect of training data volume and compare Random Forest (RF) and Extreme Gradient Boosting (XGBoost) classifiers across four attack types: DoS, Fuzzy, RPM spoofing, and GEAR spoofing. XGBoost outperforms RF, achieving 99.2 % accuracy on the DoS dataset and 100 % accuracy on the Fuzzy, RPM, and GEAR datasets. The Synthetic Minority Oversampling Technique (SMOTE) further enhances minority-class detection without compromising overall performance. This methodology provides a generalizable framework for anomaly detection in other connected systems, including smart grids, autonomous defense platforms, and industrial control networks. Full article

Smart cities necessitate ultra-secure and scalable communication frameworks to manage billions of interconnected IoT devices, particularly in the face of the emerging quantum computing threats. This paper proposes the QESIF, a novel Quantum-Enhanced Secure IoT Framework that integrates Quantum Key Distribution (QKD) with classical IoT infrastructures via a hybrid protocol stack and a quantum-aware intrusion detection system (Q-IDS). The QESIF achieves high resilience against eavesdropping by monitoring quantum bit error rate (QBER) and leveraging entropy-weighted key generation. The simulation results, conducted using datasets TON IoT, Edge-IIoTset, and Bot-IoT, demonstrate the effectiveness of the QESIF. The framework records an average QBER of 0.0103 under clean channels and discards over 95% of the compromised keys in adversarial settings. It achieves Attack Detection Rates (ADRs) of 98.1%, 98.7%, and 98.3% across the three datasets, outperforming the baselines by 4–9%. Moreover, the QESIF delivers the lowest average latency of 20.3 ms and the highest throughput of 868 kbit/s in clean scenarios while maintaining energy efficiency with 13.4 mJ per session. Full article

The rapid growth of the Internet of Things (IoT) has revolutionized various industries by enabling interconnected devices to exchange data seamlessly. However, IoT systems face significant security challenges due to decentralized architectures, resource-constrained devices, and dynamic network environments. These challenges include denial-of-service (DoS) attacks, anomalous network behaviors, and data manipulation, which threaten the security and reliability of IoT ecosystems. New methods based on machine learning have been reported in the literature, addressing topics such as intrusion detection and prevention. This paper proposes an advanced anomaly detection framework for IoT networks expressed in several phases. In the first phase, data preprocessing is conducted using techniques like the Median-KS Test to remove noise, handle missing values, and balance datasets, ensuring a clean and structured input for subsequent phases. The second phase focuses on optimal feature selection using a Genetic Algorithm enhanced with eagle-inspired search strategies. This approach identifies the most significant features, reduces dimensionality, and enhances computational efficiency without sacrificing accuracy. In the final phase, an ensemble classifier combines the strengths of the Decision Tree, Random Forest, and XGBoost algorithms to achieve the accurate and robust detection of anomalous behaviors. This multi-step methodology ensures adaptability and scalability in handling diverse IoT scenarios. The evaluation results demonstrate the superiority of the proposed framework over existing methods. It achieves a 12.5% improvement in accuracy (98%), a 14% increase in detection rate (95%), a 9.3% reduction in false positive rate (10%), and a 10.8% decrease in false negative rate (5%). These results underscore the framework’s effectiveness, reliability, and scalability for securing real-world IoT networks against evolving cyber threats. Full article

Leveraging Data Processing Units (DPUs) deployed at network interfaces, the DPU-accelerated Intrusion Detection System (IDS) enables microsecond-latency initial traffic inspection through hardware offloading. However, while generating high-throughput alerts, this mechanism amplifies the inherent redundancy and noise issues of traditional IDS systems. This paper proposes an alert correlation method using multi-similarity factor aggregation and a suffix tree model. First, alerts are preprocessed using LFDIA, employing multiple similarity factors and dynamic thresholding to cluster correlated alerts and reduce redundancy. Next, an attack intensity time series is generated and smoothed with a Kalman filter to eliminate noise and reveal attack trends. Finally, the suffix tree models attack activities, capturing key behavioral paths of high-severity alerts and identifying attacker patterns. Experimental evaluations on the CPTC-2017 and CPTC-2018 datasets validate the proposed method’s effectiveness in reducing alert redundancy, extracting critical attack behaviors, and constructing attack activity sequences. The results demonstrate that the method not only significantly reduces the number of alerts but also accurately reveals core attack characteristics, enhancing the effectiveness of network security defense strategies. Full article