Search Results (28)

Automated production lines are increasingly being expanded with Industrial Internet of Things (IIoT) devices, creating complex Cyber-Physical Systems (CPSs) that connect physical production with control and information infrastructure. However, the convergence of Information Technology (IT) and Operational Technology (OT) layers creates new entry points for attacks targeting communication availability. Most existing studies analyze Distributed Denial of Service (DDoS) attacks primarily in simulation or testbed environments, with limited experimental verification of their impact on real-world production systems. This article presents an experimental evaluation of the impact of DDoS and Distributed Reflection Denial of Service (DRDoS) attacks carried out directly on a physical automated production line with integrated IIoT infrastructure during real operation. Three attack scenarios (TCP SYN flood, TCP ACK flood, and ICMP reflected attack) were implemented, targeting Programmable Logic Controllers (PLCs), Radio-Frequency Identification (RFID) subsystems, and selected IIoT devices. The results showed rapid degradation of deterministic PROFINET communication, disruption of the link between the OT and IT layers, loss of digital product representation, and physical interruption of the production process. Based on the findings, a minimally invasive security solution based on perimeter protection was designed and experimentally verified. The results emphasize the need to design IIoT-based manufacturing systems with an emphasis on network segmentation and architectural separation of the IT and OT layers. Full article

Data exfiltration poses a major cybersecurity challenge because it involves the unauthorized transfer of sensitive information. Intrusion Detection Systems (IDSs) are vital security controls in identifying such attacks; however, their effectiveness in cloud computing environments remains limited, particularly against covert channels such as Internet Control Message Protocol (ICMP) and Domain Name System (DNS) tunneling. This study compares two widely used IDSs, Snort and Suricata, in a controlled cloud computing environment. The assessment focuses on their ability to detect data exfiltration techniques implemented via ICMP and DNS tunneling, using DNSCat2 and Iodine. We evaluate detection performance using standard classification metrics, including Recall, Precision, Accuracy, and F1-Score. Our experiments were conducted on Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances, where IDS instances monitored simulated exfiltration traffic generated by DNSCat2, Iodine, and Metasploit. Network traffic was mirrored via AWS Virtual Private Cloud (VPC) Traffic Mirroring, with the ELK Stack integrated for centralized logging and visual analysis. The findings indicate that Suricata outperformed Snort in detecting DNS-based exfiltration, underscoring the advantages of multi-threaded architectures for managing high-volume cloud traffic. For DNS tunneling, Suricata achieved 100% detection (recall) for both DNSCat2 and Iodine, whereas Snort achieved 85.7% and 66.7%, respectively. Neither IDS detected ICMP tunneling using Metasploit, with both recording 0% recall. It is worth noting that both IDSs failed to detect ICMP tunneling under default configurations, highlighting the limitations of signature-based detection in isolation. These results emphasize the need to combine signature-based and behavior-based analytics, supported by centralized logging frameworks, to strengthen cloud-based intrusion detection and enhance forensic visibility. Full article

Network security tools are indispensable in testing and evaluating the security of computer networks. Existing tools, such as Hping3, however, offer a limited set of options and attack-specific configurations, which restrict their use solely to well-known attack patterns. Although highly parameterizable libraries, such as Scapy, provide more options and scripting capabilities, they require extensive manual setup and often a steep learning curve. The development of powerful AI models, capitalizing on the transformer architecture, has enabled cybersecurity researchers to develop or incorporate these models into existing cyber-defense systems and red-team assessments. Prominent models such as NetGPT, TrafficFormer, and TrafficGPT can be effective, but require extensive computational resources for fine-tuning and a complex setup to adapt to proprietary networking environments and protocols. In this work, we propose AgentRed, a lightweight tool for generating network attack traffic with minimal human configuration and setup. Our tool integrates an AI agent and a large language model with fewer than a billion parameters into the network traffic generation process. Our method creates lightweight Low-Rank Adaptation (LoRA) adapters that can learn specific traffic patterns in a particular network environment. Our agent can autonomously train the LoRA adapters, search online documentation for attack patterns and parameters, and select appropriate adapters to generate network traffic specific to the user’s needs. It utilizes the LoRA adapters to create an intermediate traffic representation that can be parsed and executed by tools such as Scapy to generate malicious traffic in a virtualized test environment. We assess the performance of the proposed approach on six popular network attacks, including flooding attacks, Smurf, Ping-of-Death, and normal ICMP ping traffic. Our results validate the ability of the proposed tool to efficiently generate network packets with 97.9% accuracy using the LoRA adapters, compared to 95.4% accuracy using the base pre-trained Qwen3 0.6B model. When the AI agent performs online searches to enrich the LoRA adapters’ context during traffic generation, our method maintains an accuracy of 96.0% across all tested traffic patterns. Full article

The complex relationship between urban torrents and riparian communities is investigated in this research, from a landscape point of view, in the aftermath of the catastrophic floods in Volos, Greece, in September 2023. The study starts with a multi-scalar approach, investigating through plural timescales and space-scales the way communities and torrents have co-existed in the Mediterranean; particularly in Volos, the way neoteric urban infrastructures have affected and underestimated torrentscapes, is observed critically. This investigation extends to the legislative spatial planning framework in Greece and the EU, concerning the torrent-beds and torrentscapes, in the framework of extreme climate events brought about by climate change. Highlighting the dual challenges of floods and droughts, the research uncovers the inadequacy of existing gray infrastructure and of top-down management approaches, in addressing flood risk. Co-vulnerability emerges as a binding agent, between riparian communities and torrent ecosystems. By the means of research-by/through-design in synergy with anthropological research tools, this approach aims at fostering “just” resilience, by presupposing social justice, towards the promotion of Integrated - Catchment- Management- Plans -(ICMPs) that combine the mitigation of flood risk and extreme drought challenges, the enhancement of torrentscape ecosystems, and the strengthening of the symbiotic relationship between the city inhabitants and its torrents. Full article

Distributed denial-of-service (DDoS) attacks are a prevalent threat to resource-constrained IoT deployments. We present an edge-based detection and mitigation system integrated with the oneM2M architecture. By using a Raspberry Pi 4 client and five Raspberry Pi 3 attack nodes in a smart-home testbed, we collected 200,000 packets with 19 features across four traffic states (normal, SYN/UDP/ICMP floods), trained Decision Tree, 2D-CNN, and LSTM models, and deployed the best model on an edge computer for real-time inference. The edge node classifies traffic and triggers per-attack defenses on the device (SYN cookies, UDP/ICMP iptables rules). On a held-out test set, the 2D-CNN achieved 98.45% accuracy, outperforming the LSTM (96.14%) and Decision Tree (93.77%). In end-to-end trials, the system sustained service during SYN floods (time to capture 200 packets increased from 5.05 s to 5.51 s after enabling SYN cookies), mitigated ICMP floods via rate limiting, and flagged UDP floods for administrator intervention due to residual performance degradation. These results show that lightweight, edge-deployed learning with targeted controls can harden oneM2M-based IoT systems against common DDoS vectors. Full article

Small and medium-sized enterprises (SMEs) are increasingly targeted by cyber threats but often lack the financial and technical resources to implement advanced security systems. This paper presents HoneyLite, a lightweight and dynamic honeypot-based security solution specifically designed to meet the constraints and cybersecurity needs of SMEs. Unlike traditional honeypots, HoneyLite integrates real-time network traffic analysis with automated malware detection via the VirusTotal API, enabling it to identify a wide range of cyber threats, including TCP scans, FTP/SSH intrusions, ICMP flood attacks, and malicious file uploads. Developed using open-source tools, the system operates with minimal resource overhead and is validated within a simulated virtual environment. It also generates detailed threat reports to support incident analysis and response. By combining affordability, adaptability, and comprehensive threat visibility, HoneyLite offers a practical and scalable solution to help SMEs detect, analyze, and respond to modern cyberattacks in real time. Full article

This study introduces an enhanced Intrusion Detection System (IDS) framework for Denial-of-Service (DoS) attacks, utilizing network traffic inter-arrival time (IAT) analysis. By examining the timing between packets and other statistical features, we detected patterns of malicious activity, allowing early and effective DoS threat mitigation. We generate real DoS traffic, including normal, Internet Control Message Protocol (ICMP), Smurf attack, and Transmission Control Protocol (TCP) classes, and develop nine predictive algorithms, combining traditional machine learning and advanced deep learning techniques with optimization methods, including the synthetic minority sampling technique (SMOTE) and grid search (GS). Our findings reveal that while traditional machine learning achieved moderate accuracy, it struggled with imbalanced datasets. In contrast, Deep Neural Network (DNN) models showed significant improvements with optimization, with DNN combined with GS (DNN-GS) reaching 89% accuracy. However, we also used Recurrent Neural Networks (RNNs) combined with SMOTE and GS (RNN-SMOTE-GS), which emerged as the best-performing with a precision of 97%, demonstrating the effectiveness of combining SMOTE and GS and highlighting the critical role of advanced optimization techniques in enhancing the detection capabilities of IDS models for the accurate classification of various types of network traffic and attacks. Full article

The rapid integration of Internet of Things (IoT) systems in various sectors has escalated security risks due to sophisticated multilayer attacks that compromise multiple security layers and lead to significant data loss, personal information theft, financial losses etc. Existing research on multilayer IoT attacks exhibits gaps in real-world applicability, due to reliance on outdated datasets with a limited focus on adaptive, dynamic approaches to address multilayer vulnerabilities. Additionally, the complete reliance on automated processes without integrating human expertise in feature selection and weighting processes may affect the reliability of detection models. Therefore, this research aims to develop a Semi-Automated Intrusion Detection System (SAIDS) that integrates efficient feature selection, feature weighting, normalisation, visualisation, and human–machine interaction to detect and identify multilayer attacks, enhancing mitigation strategies. The proposed framework managed to extract an optimal set of 13 significant features out of 64 in the Edge-IIoT dataset, which is crucial for the efficient detection and classification of multilayer attacks, and also outperforms the performance of the KNN model compared to other classifiers in binary classification. The KNN algorithm demonstrated an average accuracy exceeding 94% in detecting several multilayer attacks such as UDP, ICMP, HTTP flood, MITM, TCP SYN, XSS, SQL injection, etc. Full article

Introduction: Basal cardiovascular risk assessment in cardio-oncology is essential. Integrating clinical information, ECG and transthoracic echocardiogram can identify concealed inherited cardiomyopathies (ICMPs) with potential added risk of cardiotoxicity. We aimed to evaluate the impact of our Cardio-Oncology Unit design in detecting concealed ICMPs. Methods: We carried out a retrospective study of all consecutive breast cancer patients referred to the Cardio-Oncology Unit for cardiac evaluation (2020–2022). ICMPs diagnosis was provided according to ESC guidelines and underwent genetic testing. ICMPs prevalence in this cohort was compared to the highest and lowest frequency reported in the general population. Results: Among 591 breast cancer patients, we identified eight patients with ICMPs: one arrhythmogenic cardiomyopathy (ACM), three familial non-ischemic dilated cardiomyopathy (DCM), three hypertrophic cardiomyopathy (HCM) and one left ventricular non-compaction cardiomyopathy (LVNC), which has now been reclassified as non-dilated left ventricular cardiomyopathy. The number of ICMPs identified was within the expected range (neither overdiagnosed nor overlooked): ACM 0.0017 vs. 0.0002–0.001 (p 0.01–0.593); DCM 0.0051 vs. 0.002–0.0051 (p 0.094–0.676); HCM 0.005 vs. 0.0002–0.002 (p < 0.001–0.099); LVCN 0.0017 vs. 0.00014–0.013 (p 0.011–0.015). Genetic testing identified a pathogenic FLNC variant and two pathogenic TTN variants. Conclusion: Opportunistic screening of ICMPs during basal cardiovascular risk assessment can identify high-risk cancer patients who benefit from personalized medicine and enables extension of prevention strategies to all available relatives at concealed high cardiovascular risk. Full article

Background: Limited research has explored sex-specific differences in death predictors of HF patients with ischemic (iCMP) and nonischemic (niCMP) cardiomyopathy. This study assessed sex differences in niCMP and iCMP prognosis. Methods: We studied 7487 patients with HF between February 2017 and September 2020. Clinical features and echocardiographic findings were collected. We used Kaplan–Meier, Cox proportional hazard models, and chi-square scores of Cox regression to determine death predictors in women and men. Results: The mean age was 64.3 ± 14.2 years, with 4417 (59%) males. Women with iCMP and niCMP exhibited a significantly higher mean age, higher mean left ventricular ejection fraction, and smaller left ventricular diastolic diameter than men. Over 2.26 years of follow-up, 325 (14.7%) women and 420 (15.7%) men, and 211 women (24.5%) and 519 men (29.8%) with niCMP (p = NS) and iCMP (p = 0.004), respectively, died. The cumulative incidence of death was higher in men with iCMP (log-rank p < 0.0001) but similar with niCMP. Cox regression showed chronic kidney disease, diabetes, stroke, atrial fibrillation, age, and myocardial infarction as the main predictors of death for iCMP in women and men. Conclusions: Women exhibited a better prognosis than men with iCMP, but similar for niCMP. Nevertheless, sex was not an independent predictor of death for both CMP. Full article

Background: The angiopoietic endothelial dysfunction in ischemic cardiomyopathy (ICMP) remains unexplored. Aim: The identification of the imbalance of endothelial dysfunction mediators and the number of endothelial progenitor (EPC) and desquamated (EDC) cells in patients with coronary heart disease (CHD) with and without ICMP. Methods: A total of 87 patients (47 with ICMP and 40 without ICMP) were observed. The content of EPCs (CD14⁺CD34⁺VEGFR2⁺) in vein blood and EDCs (CD45⁻CD146⁺) in the blood from the coronary sinus and cubital vein was determined by flow cytometry. The contents of HIF-1α and HIF-2α in vein blood as well as that of ADMA and endothelin-1 in sinus plasma and angiopoietin-2, MMP-9 and galectin-3 in both samples were assessed using ELISA, and VEGF, PDGF, SDF-1 and MCP-1 contents using immunofluorescence. Results: ADMA and endothelin-1 levels in the sinus blood were comparable between the patient groups; a deficiency of HIF-1α and excess of HIF-2α were detected in the vein blood of ICMP patients. The EDC content in the vein blood increased in CHD patients regardless of ICMP, and the concentrations of VEGF-A, VEGF-B, PDGF, MCP-1, angiopoietin-2, and MMP-9 were normal. In ICMP patients, vein blood was characterized by an excess of galectin-3 and sinus blood by an excess of EDCs, angiopoietin-2, MMP-9 and galectin-3. Conclusion: ICMP is accompanied by angiopoietic endothelial dysfunction. Full article

Industrial automation and control systems have gained increasing attention in the literature recently. Their integration with various systems has triggered considerable developments in critical infrastructure systems. With different network structures, these systems need to communicate with each other, work in an integrated manner, be controlled, and intervene effectively when necessary. Supervision Control and Data Acquisition (SCADA) systems are mostly utilized to achieve these aims. SCADA systems, which control and monitor the connected systems, have been the target of cyber attackers. These systems are subject to cyberattacks due to the openness to external networks, remote controllability, and SCADA-architecture-specific cyber vulnerabilities. Protecting SCADA systems on critical infrastructure systems against cyberattacks is an important issue that concerns governments in many aspects such as economics, politics, transport, communication, health, security, and reliability. In this study, we physically demonstrated a scaled-down version of a real water plant via a Testbed environment created including a SCADA system. In order to disrupt the functioning of the SCADA system in this environment, five attack scenarios were designed by performing various DDoS attacks, i.e., TCP, UDP, SYN, spoofing IP, and ICMP Flooding. Additionally, we evaluated a scenario with the baseline behavior of the SCADA system that contains no attack. During the implementation of the scenarios, the SCADA system network was monitored, and network data flow was collected and recorded. CNN models, LSTM models, hybrid deep learning models that amalgamate CNN and LSTM, and traditional machine learning models were applied to the obtained data. The test results of various DDoS attacks demonstrated that the hybrid model and the decision tree model are the most suitable for such environments, reaching the highest test accuracy of 95% and 99%, respectively. Moreover, we tested the hybrid model on a dataset that is used commonly in the literature which resulted in 98% accuracy. Thus, it is suggested that the security of the SCADA system can be effectively improved, and we demonstrated that the proposed models have a potential to work in harmony on real field systems. Full article

Ischemic heart failure (HF) is one of the most common causes of morbidity and mortality in the world-wide, but sex-specific predictors of mortality in elderly patients with ischemic cardiomyopathy (ICMP) have been poorly studied. A total of 536 patients with ICMP over 65 years-old (77.8 ± 7.1 years, 283 males) were followed for a mean of 5.4 years. The development of death during clinical follow up was evaluated, and predictors of mortality were compared. Death was developed in 137 patients (25.6%); 64 females (25.3%) vs. 73 males (25.8%). Low-ejection fraction was only an independent predictor of mortality in ICMP, regardless of sex (HR 3.070 CI = 1.708–5.520 in female, HR 2.011, CI = 1.146–3.527 in male). Diabetes (HR 1.811, CI = 1.016–3.229), elevated e/e’ (HR 2.479, CI = 1.201–5.117), elevated pulmonary artery systolic pressure (HR 2.833, CI = 1.197–6.704), anemia (HR 1.860, CI = 1.025–3.373), beta blocker non-use (HR2.148, CI = 1.010–4.568), and angiotensin receptor blocker non-use (HR 2.100, CI = 1.137–3.881) were bad prognostic factors of long term mortality in female, whereas hypertension (HR 1.770, CI = 1.024–3.058), elevated Creatinine (HR 2.188, CI = 1.225–3.908), and statin non-use (HR 3.475, CI = 1.989–6.071) were predictors of mortality in males with ICMP independently. Systolic dysfunction in both sexes, diastolic dysfunction, beta blocker and angiotensin receptor blockers in female, and statins in males have important roles for long-term mortality in elderly patients with ICMP. For improving long-term survival in elderly patients with ICMP, it may be necessary to approach sex specifically. Full article

Tunnels, a key technology of traffic obfuscation, are increasingly being used to evade censorship. While providing convenience to users, tunnel technology poses a hidden danger to cybersecurity due to its concealment and camouflage capabilities. In contrast to previous studies of encrypted traffic detection, we perform the first measurement study of tunnel traffic and its unique characteristics and focus on the challenges and solutions in detecting tunnel traffic among traditional and machine learning techniques. This study covers an almost twenty-year research period from 2003 to 2022. First, we present the concepts of two types of tunnels, broad and narrow tunnels, respectively, as well as a framework for major tunnel applications, such as Tor (the second-generation onion router), proxy, VPN, and their relationships. Second, we analyze state-of-the-art methods from traditional to machine learning applications to systematize tunnel traffic detection, including HTTP, HTTPS, DNS, SSH, TCP, ICMP and IPSec. A quantitative evaluation is presented with five crucial indicators applied to the detection methods and reviews. We further discuss the research work based on datasets, feature engineering, and challenges that have are solved, partly solved and unsolved. Finally, by providing open questions and the potential directions, we hope to inspire future work in this area. Full article

Isolates of a variety of fungal plant pathogens (Alternaria radicina ICMP 5619, Cercospora beticola ICMP 15907, Dactylonectria macrodidyma ICMP 16789, D. torresensis ICMP 20542, Ilyonectria europaea ICMP 16794, and I. liriodendra ICMP 16795) were screened for antimicrobial activity against the human pathogenic bacteria Acinetobacter baumannii, Pseudomonas aeruginosa, Escherichia coli, Mycobacterium abscessus, and M. marinum and were found to have some activity. Investigation of the secondary metabolites of these fungal isolates led to the isolation of ten natural products (1–10) of which one was novel, (E)-4,7-dihydroxyoct-2-enoic acid (1). Structure elucidation of all natural products was achieved by a combination of NMR spectroscopy and mass spectrometry. We also investigated the antimicrobial activity of a number of the isolated natural products. While we did not find (E)-4,7-dihydroxyoct-2-enoic acid (1) to have any activity against the bacteria and fungi in our assays, we did find that cercosporin (7) exhibited potent activity against Methicillin resistant Staphylococcus aureus (MRSA), dehydro-curvularin (6) and radicicol (10) exhibited antimycobacterial activity against M. marinum, and brefeldin A (8) and radicicol (10) exhibited antifungal activity against Candida albicans. Investigation of the cytotoxicity and haemolytic activities of these natural products (6–8 and 10) found that only one of the four active compounds, radicicol (10), was non-cytotoxic and non-haemolytic. Full article