Search Results (291)

This paper introduces a hybrid learning framework that synergistically combines Reinforcement Learning (RL) and Supervised Learning (SL) to train autonomous cyber-defense agents capable of operating effectively in dynamic and adversarial environments. The proposed approach leverages RL for strategic exploration and policy development, while incorporating SL to distill high-reward trajectories into refined policy updates, enhancing sample efficiency, learning stability, and robustness. The framework first targets specialized agent training, where each agent is optimized against a specific adversarial behavior. Subsequently, it is extended to enable the training of a generalized agent that learns to counter multiple, diverse attack strategies through multi-task and curriculum learning techniques. Comprehensive experiments conducted in the CybORG simulation environment demonstrate that the hybrid RL–SL framework consistently outperforms pure RL baselines across both specialized and generalized settings, achieving higher cumulative rewards. Specifically, hybrid-trained agents achieve up to 23% higher cumulative rewards in specialized defense tasks and approximately 18% improvements in generalized defense scenarios compared to RL-only agents. Moreover, incorporating temporal context into the observation space yields a further 4–6% performance gain in policy robustness. Furthermore, we investigate the impact of augmenting the observation space with historical actions and rewards, revealing consistent, albeit incremental, gains in SL-based learning performance. Key contributions of this work include: $\left(i\right)$ a novel hybrid learning paradigm that integrates RL and SL for effective cyber-defense policy learning, $\left(ii\right)$ a scalable extension for training generalized agents across heterogeneous threat models, and $\left(iii\right)$ empirical analysis on the role of temporal context in agent observability and decision-making. Collectively, the results highlight the promise of hybrid learning strategies for building intelligent, resilient, and adaptable cyber-defense systems in evolving threat landscapes. Full article

GPS spoofing remains a critical threat in the use of autonomous vehicles. Machine-learning-based detection systems, particularly support vector machines (SVMs), demonstrate high accuracy in their defense against conventional spoofing attacks. However, their robustness against intelligent adversaries remains largely unexplored. In this work, we reveal a critical vulnerability in an SVM-based GPS spoofing detection model by analyzing its decision boundary. Exploiting this weakness, we introduce novel evasion strategies that craft adversarial GPS signals to evade the SVM detector: a data location shift attack and a similarity-based noise attack, along with their combination. Extensive simulations in the CARLA environment demonstrate that a modest positional shift reduces detection accuracy from $99.9\%$ to $20.4\%$, whereas similarity to genuine GPS noise-driven perturbations remain largely undetected, while gradually degrading performance. A critical threshold reveals a nonlinear cancellation effect between similarity and shift, underscoring a fundamental detectability–impact trade-off. To our knowledge, these findings represent the first demonstration of such an evasion attack against SVM-based GPS spoofing defenses, suggesting a need to improve the adversarial robustness of machine-learning-based spoofing detection in vehicular systems. Full article

In today’s digital era, cyberattacks are rapidly evolving, rendering traditional security mechanisms increasingly inadequate. The adoption of AI-based Network Intrusion Detection Systems (NIDS) has emerged as a promising solution, due to their ability to detect and respond to malicious activity using machine learning techniques. However, these systems remain vulnerable to adversarial threats, particularly data poisoning attacks, in which attackers manipulate training data to degrade model performance. In this work, we examine tree classifiers, Random Forest and Gradient Boosting, to model black box poisoning attacks. We introduce FortiNIDS, a robust framework that employs a surrogate neural network to generate adversarial perturbations that can transfer between models, leveraging the transferability of adversarial examples. In addition, we investigate defense strategies designed to improve the resilience of NIDS in smart city Internet of Things (IoT) settings. Specifically, we evaluate adversarial training and the Reject on Negative Impact (RONI) technique using the widely adopted CICDDoS2019 dataset. Our findings highlight the effectiveness of targeted defenses in improving detection accuracy and maintaining system reliability under adversarial conditions, thereby contributing to the security and privacy of smart city networks. Full article

A significant problem in cybersecurity is to accurately detect malicious network activities in real-time by analyzing patterns in socket-level packet transmissions. This challenge involves distinguishing between legitimate and adversarial behaviors while optimizing detection strategies to minimize false alarms and resource costs under intelligent, adaptive attacks. This paper presents a comprehensive framework for network security by modeling socket-level packet transmissions and extracting key features for temporal analysis. A long short-term memory (LSTM)-based anomaly detection system predicts normal traffic behavior and identifies significant deviations as potential cyber threats. Integrating this with a zero trust signaling game, the model updates beliefs about agent legitimacy based on observed signals and anomaly scores. The interaction between defender and attacker is formulated as a Stackelberg game, where the defender optimizes detection strategies anticipating attacker responses. This unified approach combines machine learning and game theory to enable robust, adaptive cybersecurity policies that effectively balance detection performance and resource costs in adversarial environments. Two baselines are considered for comparison. The static baseline applies fixed transmission and defense policies, ignoring anomalies and environmental feedback, and thus serves as a control case of non-reactive behavior. In contrast, the adaptive non-strategic baseline introduces simple threshold-based heuristics that adjust to anomaly scores, allowing limited adaptability without strategic reasoning. The proposed fully adaptive Stackelberg strategy outperforms both partial and discrete adaptive baselines, achieving higher robustness across trust thresholds, superior attacker–defender utility trade-offs, and more effective anomaly mitigation under varying strategic conditions. Full article

To address the limitations of the Multi-Agent Deep Deterministic Policy Gradient (MADDPG) algorithm in autonomous control tasks including low convergence efficiency, poor training stability, inadequate adaptability of confrontation strategies, and challenges in handling sparse reward tasks—this paper proposes an enhanced algorithm by integrating the Rainbow module. The proposed algorithm improves long-term reward optimization through prioritized experience replay (PER) and multi-step TD updating mechanisms. Additionally, a dynamic reward allocation strategy is introduced to enhance the collaborative and adaptive decision-making capabilities of agents in complex adversarial scenarios. Furthermore, behavioral cloning is employed to accelerate convergence during the initial training phase. Extensive experiments are conducted on the MaCA simulation platform for 5 vs. 5 to 10 vs. 10 UAV island capture missions. The results demonstrate that the Rainbow-MADDPG outperforms the original MADDPG in several key metrics: (1) The average reward value improves across all confrontation scales, with notable enhancements in 6 vs. 6 and 7 vs. 7 tasks, achieving reward values of 14, representing 6.05-fold and 2.5-fold improvements over the baseline, respectively. (2) The convergence speed increases by 40%. (3) The combat effectiveness preservation rate doubles that of the baseline. Moreover, the algorithm achieves the highest average reward value in quasi-rectangular island scenarios, demonstrating its strong adaptability to large-scale dynamic game environments. This study provides an innovative technical solution to address the challenges of strategy stability and efficiency imbalance in multi-agent autonomous control tasks, with significant application potential in UAV defense, cluster cooperative tasks, and related fields. Full article

Membership Inference Attacks (MIAs) pose a significant threat to privacy in modern machine learning systems, enabling adversaries to determine whether a specific data record was used during model training. Existing defense techniques often degrade model utility or rely on heuristic noise injection, which fails to provide a robust, mathematically grounded defense. In this paper, we propose Diffusion-Driven Data Preprocessing (D³P), a novel privacy-preserving framework leveraging generative diffusion models to transform sensitive training data before learning, thereby reducing the susceptibility of trained models to MIAs. Our method integrates a mathematically rigorous denoising process into a privacy-oriented diffusion pipeline, which ensures that the reconstructed data maintains essential semantic features for model utility while obfuscating fine-grained patterns that MIAs exploit. We further introduce a privacy–utility optimization strategy grounded in formal probabilistic analysis, enabling adaptive control of the diffusion noise schedule to balance attack resilience and predictive performance. Experimental evaluations across multiple datasets and architectures demonstrate that D³P significantly reduces MIA success rates by up to $42.3\%$ compared to state-of-the-art defenses, with a less than $2.5\%$ loss in accuracy. This work provides a theoretically principled and empirically validated pathway for integrating diffusion-based generative mechanisms into privacy-preserving AI pipelines, which is particularly suitable for deployment in cloud-based and blockchain-enabled machine learning environments. Full article

Digital transformation embeds smart cities, e-health, and Industry 4.0 into critical infrastructures, thereby increasing reliance on digital systems and exposure to cyber threats and boosting complexity and dependency. Research involving over 200 executives reveals that under rising complexity, only 15% of cyber risk investments are effective, leaving most organizations misaligned or vulnerable. In this context, the role of artificial intelligence (AI) in cybersecurity requires systemic scrutiny. This study analyzes how AI reshapes systemic structures in cyber risk management through a multi-method approach: literature review, expert workshops with practitioners and policymakers, and a structured kill chain analysis of the Colonial Pipeline attack. The findings reveal three new feedback loops: (1) deceptive defense structures that misdirect adversaries while protecting assets, (2) two-step success-to-success attacks that disable defenses before targeting infrastructure, and (3) autonomous proliferation when AI applications go rogue. These dynamics shift cyber risk from linear patterns to adaptive, compounding interactions. The principal conclusion is that AI both amplifies and mitigates systemic risk. The core recommendation is to institutionalize deception in security standards and address drifting AI-powered systems. Deliverables include validated systemic structures, policy options, and a foundation for creating future simulation models to support strategic cyber risk management investment. Full article

Collective intelligence systems have demonstrated considerable potential in dynamic adversarial environments due to their distributed, self-organizing, and highly robust characteristics. The crux of an efficacious defense lies in establishing a dynamically adjustable, non-uniform defense structure through the differentiation of internal member roles. The proposed model is a heterogeneous-swarm adaptive-defense model based on symmetry breaking and skin effect. The model draws from symmetry theory, incorporating the skin effect of conductor currents and the hierarchical structural characteristics of biological groups, such as starlings. The construction of a radially symmetric dynamic hierarchical swarm structure is achieved by assigning different types of individuals with distinct safety radius preferences. Secondly, the principle of symmetry breaking is employed to establish a phase transition mechanism from radial symmetry to directed defense, thereby achieving an adaptive barrier formation algorithm. This algorithm enables the defensive group to assess threat characteristics and dynamically adjust defense resource deployment. The simulation results obtained from this study validate the phase transition process from continuous rotational symmetry to directed defense. This process demonstrates the barrier formation mechanism and ensures the safety and integrity of the core units within the group. Full article

Object detection is used to automatically identify and locate specific objects within images or videos for applications like autonomous driving, security surveillance, and medical imaging. Protecting object detection models against adversarial attacks, particularly malicious patches, is crucial to ensure reliable and safe performance in safety-critical applications, where misdetections can lead to severe consequences. Existing defenses against patch attacks are primarily designed for stationary scenes and struggle against adversarial image patches that vary in scale, position, and orientation in dynamic environments.In this paper, we introduce SAR, a patch-agnostic defense scheme based on image preprocessing that does not require additional model training. By integration of the patch-agnostic detection frontend with an additional broken pixel restoration backend, Segment and Recover (SAR) is developed for the large-mask-covered object-hiding attack. Our approach breaks the limitation of the patch scale, shape, and location, accurately localizes the adversarial patch on the frontend, and restores the broken pixel on the backend. Our evaluations of the clean performance demonstrate that SAR is compatible with a variety of pretrained object detectors. Moreover, SAR exhibits notable resilience improvements over state-of-the-art methods evaluated in this paper. Our comprehensive evaluation studies involve diverse patch types, such as localized-noise, printable, visible, and adaptive adversarial patches. Full article

Although neural network-based methods have significantly advanced the field of machine fault diagnosis, they remain vulnerable to physical adversarial attacks. This work investigates such attacks in the physical context of a real production line. Attacks simulate failures or irregularities arising from the maintenance or production department during the production process, a scenario commonly encountered in industrial environments. The experiments are conducted using data from vibration signals and operational parameters of a motor installed in an industrial air-cooling system used for staple fiber production. In this context, we propose the Mean Confusion Impact Index (MCII), a novel and simple robustness metric that measures the average misclassification confidence of models under adversarial physical attacks. By performing a series of hardware-level interventions, this work aims to demonstrate that even minor physical disturbances can lead to a significant reduction in the model’s diagnostic accuracy. Additionally, a hybrid defense approach is proposed, which leverages deep feature representations extracted from the original classification model and integrates them with lightweight classifiers retrained on adversarial labeled data. Research findings underscore an important limitation in existing industrial artificial intelligence (AI)-based monitoring systems and introduce a practical, scalable framework for improving the physical resilience of machine fault diagnosis in real-world environments. Full article

In industrial automation, detecting defects in threaded components is challenging due to their complex geometry and the concealment of micro-flaws. This paper presents an integrated vision system capable of inspecting both internal and external threads with high robustness. A unified imaging platform ensures synchronized capture of thread surfaces, while advanced image enhancement techniques improve clarity under motion blur and low-light conditions. To overcome limited defect samples, we introduce a generative data augmentation strategy that diversifies training data. For detection, a lightweight and optimized deep learning model achieves higher precision and efficiency compared with existing YOLO variants. Moreover, we design a dual-defense mechanism that effectively mitigates stealthy adversarial perturbations, such as alpha channel attacks, preserving system reliability. Experimental results demonstrate that the proposed framework delivers accurate, secure, and efficient thread defect detection, offering a practical pathway toward reliable industrial vision systems. Full article

In vision-guided autonomous robots, object detectors play a crucial role in perceiving the environment for path planning and decision-making. However, adaptive adversarial patch attacks undermine the resilience of detector-based systems. Strengthening object detectors against such adaptive attacks enhances the robustness of navigation systems. Existing defenses against patch attacks are primarily designed for stationary scenes and struggle against adaptive patch attacks that vary in scale, position, and orientation in dynamic environments. In this paper, we introduce Ad_YOLO+, an efficient and effective plugin that extends Ad_YOLO to defend against white-box patch-based image attacks. Built on YOLOv5x with an additional patch detection layer, Ad_YOLO+ is trained on a specially crafted adversarial dataset (COCO-Visdrone-2019). Unlike conventional methods that rely on redundant image preprocessing, our approach directly detects adversarial patches and the overlaid objects. Experiments on the adversarial training dataset demonstrate that Ad_YOLO+ improves both provable robustness and clean accuracy. Ad_YOLO+ achieves $85.4\%$ top-1 clean accuracy on the COCO dataset and $74.63\%$ top-1 robust provable accuracy against pixel square patches anywhere on the image for the COCO-VisDrone-2019 dataset. Moreover, under adaptive attacks in AirSim simulations, Ad_YOLO+ reduces the attack success rate, ensuring tracking resilience in both dynamic and static settings. Additionally, it generalizes well to other patch detection weight configurations. Full article

Artificial intelligence (AI) is rapidly redefining both computer science and cybersecurity by enabling more intelligent, scalable, and privacy-conscious systems. While most prior surveys treat these fields in isolation, this paper provides a unified review of 256 peer-reviewed publications to bridge that gap. We examine how emerging AI paradigms, such as explainable AI (XAI), AI-augmented software development, and federated learning, are shaping technological progress across both domains. In computer science, AI is increasingly embedded throughout the software development lifecycle to boost productivity, improve testing reliability, and automate decision making. In cybersecurity, AI drives advances in real-time threat detection and adaptive defense. Our synthesis highlights powerful cross-cutting findings, including shared challenges such as algorithmic bias, interpretability gaps, and high computational costs, as well as empirical evidence that AI-enabled defenses can reduce successful breaches by up to 30%. Explainability is identified as a cornerstone for trust and bias mitigation, while privacy-preserving techniques, including federated learning and local differential privacy, emerge as essential safeguards in decentralized environments such as the Internet of Things (IoT) and healthcare. Despite transformative progress, we emphasize persistent limitations in fairness, adversarial robustness, and the sustainability of large-scale model training. By integrating perspectives from two traditionally siloed disciplines, this review delivers a unified framework that not only maps current advances and limitations but also provides a foundation for building more resilient, ethical, and trustworthy AI systems. Full article

With the increasing deployment of large language models (LLMs) in diverse applications, security vulnerability attacks pose significant risks, such as prompt injection. Despite growing awareness, structured, hands-on educational platforms for systematically studying these threats are lacking. In this study, we present an interactive training framework designed to teach, assess, and mitigate prompt injection attacks through a structured, challenge-based approach. The platform provides progressively complex scenarios that allow users to exploit and analyze LLM vulnerabilities using both rule-based adversarial testing and Open Worldwide Application Security Project-inspired methodologies, specifically focusing on the LLM01:2025 prompt injection risk. By integrating attack simulations and guided defensive mechanisms, this platform equips security professionals, artificial intelligence researchers, and educators to understand, detect, and prevent adversarial prompt manipulations. The platform highlights the effectiveness of experiential learning in AI security, emphasizing the need for robust defenses against evolving LLM threats. Full article

Language modeling has evolved from simple rule-based systems into complex assistants capable of tackling a multitude of tasks. State-of-the-art large language models (LLMs) are capable of scoring highly on proficiency benchmarks, and as a result have been deployed across industries to increase productivity and convenience. However, the prolific nature of such tools has provided threat actors with the ability to leverage them for attack development. Our paper describes the current state of LLMs, their availability, and their role in benevolent and malicious applications. In addition, we propose how an LLM can be combined with text-to-speech (TTS) voice cloning to create a framework capable of carrying out social engineering attacks. Our case study analyzes the realism of two different open-source TTS models, Tortoise TTS and Coqui XTTS-v2, by calculating similarity scores between generated and real audio samples from four participants. Our results demonstrate that Tortoise is able to generate realistic voice clone audios for native English speaking males, which indicates that easily accessible resources can be leveraged to create deceptive social engineering attacks. As such tools become more advanced, defenses such as awareness, detection, and red teaming may not be able to keep up with dangerously equipped adversaries. Full article