Sign in to use this feature.

Years

Between: -

Subjects

remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline

Journals

remove_circle_outline
remove_circle_outline
remove_circle_outline

Article Types

Countries / Regions

remove_circle_outline
remove_circle_outline
remove_circle_outline
remove_circle_outline

Search Results (391)

Search Parameters:
Keywords = attack detection and localization

Order results
Result details
Results per page
Select all
Export citation of selected articles as:
31 pages, 4896 KB  
Article
Robust Adversarial Attack Detection in Resource-Constrained IoT Ecosystems: A Privacy-Preserving Framework Using Federated Learning
by Syed Sadiqur Rahman
Computers 2026, 15(7), 436; https://doi.org/10.3390/computers15070436 (registering DOI) - 8 Jul 2026
Abstract
Lightweight, privacy-aware and adversarial robust intrusion detection is required for the proliferation of Internet of Things (IoT) devices. In the Industrial Internet of Things (IIoT), centralized detectors can be compromised by adversarial perturbations via gradient-based attacks, making them susceptible to raw traffic. We [...] Read more.
Lightweight, privacy-aware and adversarial robust intrusion detection is required for the proliferation of Internet of Things (IoT) devices. In the Industrial Internet of Things (IIoT), centralized detectors can be compromised by adversarial perturbations via gradient-based attacks, making them susceptible to raw traffic. We suggest Federated Learning-Adaptive Gated Recurrent Unit (FL-AdGRU), a Federated approach that combines a lightweight Gated Recurrent Unit (GRU) classifier with alternating adversarial fine-tuning on each client using FGSM and PGD, without any communication overhead. A two-stage resampling scheme (UCAS-SMOTE) reduces the class-imbalance ratio from 4081:1 to ≈4:1, followed by 61 features being reduced to 40 by a mutual-information selector (MI-SelectK). Under this scenario, FL-AdGRU achieves 99.9% accuracy and 0.999 weighted F1 (+6.5 pp over the federated DNN baseline), with no loss of accuracy when facing clean attacks, and boosts Fast Gradient Sign Method FGSM/Projected Gradient Descent (PGD) robustness by +19.3/+19.0 p.p at the same level of ϵ = 0.1, thus effectively balancing the accuracy–robustness trade-off. It is robust (97.8%/84.2% on UNSW-NB15) and generalizes well to UNSW-NB15, while decaying slowly in skeptical scenarios (≈99.9% weighted F1 for moderate skew, 93.9%/86.7% for severe). Assuring data-locality privacy through exchange of only model weights; defenses against inference attack are left for future work. FL-AdGRU, with a total communication of 43.8 MB (≈50× less than centralized training), is deployable on bandwidth-constrained IIoT networks. Full article
30 pages, 3900 KB  
Article
Detection and Localization of False Data Injection Attacks in Smart Grids: A Spatiotemporal Feature-Fusion Deep-Learning Method Based on Gray Wolf Optimizer
by Jinyan Pan, Yuan Li and Xinyu Wang
Energies 2026, 19(13), 3212; https://doi.org/10.3390/en19133212 - 7 Jul 2026
Abstract
False Data Injection Attacks (FDIA) pose a serious threat to smart grid security due to their high concealment. In view of the defect that existing detection methods for FDIA in smart grids can only judge whether an attack occurs but fail to accurately [...] Read more.
False Data Injection Attacks (FDIA) pose a serious threat to smart grid security due to their high concealment. In view of the defect that existing detection methods for FDIA in smart grids can only judge whether an attack occurs but fail to accurately locate attacked grid nodes, this study proposes a specialized attack localization and detection framework. To address the node-level class imbalance inherent in attack localization, we design a node-adaptive weighting strategy tailored for multi-label classification. Furthermore, we employ a Hadamard-product-based deep fusion mechanism to integrate spatial and temporal features, which, unlike simple concatenation, enables a more profound feature interaction. The framework is optimized using the gray wolf optimizer (GWO) to enhance convergence and stability. In this method, a graph convolutional network (GCN) is used to extract spatial topological correlation features of power grid measurement data, and a bidirectional long short-term memory (BiLSTM) is adopted to mine temporal dependency features of time-series data. The deep fusion of spatial and temporal features is realized through the Hadamard product. Meanwhile, the GWO is introduced for global optimization of model hyperparameters to optimize network performance and further improve detection and localization accuracy. Simulation results on the IEEE 14-bus and IEEE 118-bus power systems show that the GWO-STFFN model surpasses existing comparative models in key indicators, including detection accuracy, F1-Score, and AUC value, delivering higher node localization precision and lower Hamming Loss. In addition, it maintains favorable robustness under different noise intensities. Full article
Show Figures

Figure 1

27 pages, 2873 KB  
Article
Mean/Std: Lightweight Distribution-Aware Aggregation for Federated IoT Botnet Detection
by Yassine El Yamani, Youssef Baddi and Najib El Kamoun
IoT 2026, 7(3), 55; https://doi.org/10.3390/iot7030055 - 7 Jul 2026
Abstract
Federated learning (FL) is a promising paradigm for privacy-preserving IoT intrusion detection, but its effectiveness can be substantially degraded by the combination of heterogeneous non-IID client distributions and severe multi-class imbalance. Under such conditions, conventional size-based aggregation may overemphasize large yet highly skewed [...] Read more.
Federated learning (FL) is a promising paradigm for privacy-preserving IoT intrusion detection, but its effectiveness can be substantially degraded by the combination of heterogeneous non-IID client distributions and severe multi-class imbalance. Under such conditions, conventional size-based aggregation may overemphasize large yet highly skewed clients, limiting the representation of minority attack classes in the global model. To address this issue, we propose Mean/Std, a lightweight distribution-aware aggregation strategy that combines a client-size proxy with two complementary statistics of local label distributions, namely the standard deviation and the dominance gap of class proportions, while preserving a communication footprint comparable to FedAvg. Experiments on the N-BaIoT benchmark, comprising seven heterogeneous IoT clients and eleven traffic classes, are conducted under a privacy-oriented update-perturbation setting inspired by secure aggregation workflows. The results show that Mean/Std consistently provides the strongest imbalance-aware performance among the evaluated FL baselines, achieving a Macro-F1 score of 0.8418 and a Balanced Accuracy of 0.8722 while improving the representation of minority attack classes. Additional experiments across five independent random seeds and a comprehensive hyperparameter sensitivity analysis further confirm the robustness and stability of the proposed aggregation mechanism. Overall, the results demonstrate that lightweight distribution-aware aggregation offers an effective, robust, and practically deployable solution for mitigating aggregation bias under simultaneous non-IID heterogeneity and severe multi-class imbalance in FL-based IoT botnet detection. Full article
Show Figures

Figure 1

25 pages, 1141 KB  
Article
Local LLM-Based Cyber Incident Analysis in Air-Gapped Networks via Teacher–Student Knowledge Distillation and Agentic Orchestration
by Sunghun Jang, MyoungRak Lee and Taeshik Shon
Electronics 2026, 15(13), 2949; https://doi.org/10.3390/electronics15132949 (registering DOI) - 6 Jul 2026
Abstract
Recent cyber incidents have become increasingly sophisticated through Living-off-the-Land (LotL) techniques that exploit legitimate behavior and multi-stage attacks. This requires advanced reasoning capabilities to discern the attack contexts within fragmented large-scale logs. However, closed network environments with physical network separation (air-gapped), such as [...] Read more.
Recent cyber incidents have become increasingly sophisticated through Living-off-the-Land (LotL) techniques that exploit legitimate behavior and multi-stage attacks. This requires advanced reasoning capabilities to discern the attack contexts within fragmented large-scale logs. However, closed network environments with physical network separation (air-gapped), such as national critical infrastructures, restrict the use of high-performance cloud large language models (LLMs), thereby limiting the adoption of cutting-edge artificial intelligence (AI)-based analysis technologies. To overcome these constraints, this study proposes a Local LLM-based intrusion analysis framework that operates independently within closed networks. The proposed framework combines (i) an Offline Knowledge Distillation technique that transfers the analytical reasoning process of external high-performance models to the Local LLM after a security review, and (ii) an AI agent orchestration structure that controls the analysis procedure step-by-step and suppresses hallucinations. Experiments and validation using a public dataset (Atomic Red Team) demonstrated that the proposed model achieved a consistently higher detection accuracy (88.4%) and MITRE Adversarial Tactics, Techniques, and Common Knowledge mapping performance (0.91 F1-Score) than existing general-purpose Local LLMs. Furthermore, the proposed model suppressed hallucination rates to 6.2% through an automated verification mechanism and significantly improved analysis efficiency by refining large-scale logs to focus on core events. This study quantitatively demonstrated that AI-based intrusion incident analysis can be automated using a single graphics processing unit server under controlled evaluation conditions. The proposed framework provides a practical prototype for intelligent security monitoring in closed-network environments. However, the operational performance must be validated in real-world deployments. Full article
Show Figures

Figure 1

25 pages, 18584 KB  
Article
SAGE: Saliency and Geometry Enhanced Transferable Attacks for LiDAR Point Cloud Perception in Remote Sensing
by Yuheng Wu, Shiwei Lin, Shibo Ping, Xingchao Zhai, Zhiyuan Fang, Meijuan Chen and Weiquan Liu
Remote Sens. 2026, 18(13), 2209; https://doi.org/10.3390/rs18132209 - 5 Jul 2026
Viewed by 102
Abstract
LiDAR point clouds are widely used in remote sensing perception scenarios, such as autonomous driving. However, LiDAR-based perception models remain vulnerable to adversarial perturbations, which may compromise the reliability of safety-critical 3D perception systems. Among different attack paradigms, transfer-based attacks are particularly practical [...] Read more.
LiDAR point clouds are widely used in remote sensing perception scenarios, such as autonomous driving. However, LiDAR-based perception models remain vulnerable to adversarial perturbations, which may compromise the reliability of safety-critical 3D perception systems. Among different attack paradigms, transfer-based attacks are particularly practical because they generate adversarial examples on accessible surrogate models and apply the generated examples directly to unknown target models. Nevertheless, existing transferable attacks on point clouds often perturb regions that are discriminative for the surrogate model but insufficiently stable across different architectures, leading to limited transferability and noticeable geometric distortion. To address this problem, we propose SAGE, a Saliency And Geometry Enhanced transferable attack framework for LiDAR point cloud perception in remote sensing. Specifically, SAGE unifies point-coordinate priors with source-model gradient signals to generate a saliency map, which serves as a transferable indicator of vulnerable local structures. SAGE further leverages this map through saliency-guided perturbation allocation and explicit geometric constraints to enhance transferability while preserving point-cloud geometry. To demonstrate the effectiveness of SAGE, we evaluate SAGE on point-cloud classification benchmarks and further validate it on LiDAR-based 3D object detection using KITTI and nuScenes. Experimental results show that SAGE consistently outperforms existing transferable attack methods in attack success rate while preserving favorable geometric quality of adversarial point clouds. These findings demonstrate that SAGE offers an effective and practical framework for assessing the transfer robustness of LiDAR-based remote sensing perception systems. Full article
18 pages, 3380 KB  
Article
Detection of UDP-Based Volumetric DDoS Attacks in IoT Environments Using LSTM with Temporal Attention Mechanism
by Bengisu Eda Aydin, Zafer Güney and Hakan Aydin
Sensors 2026, 26(13), 4237; https://doi.org/10.3390/s26134237 - 3 Jul 2026
Viewed by 187
Abstract
Internet of Things (IoT) environments, similarly to traditional network infrastructures, are highly vulnerable to volumetric Distributed Denial of Service (DDoS) attacks. Detecting such attacks remains challenging due to their bursty and short-lived nature, particularly in User Datagram Protocol (UDP) flood traffic, which often [...] Read more.
Internet of Things (IoT) environments, similarly to traditional network infrastructures, are highly vulnerable to volumetric Distributed Denial of Service (DDoS) attacks. Detecting such attacks remains challenging due to their bursty and short-lived nature, particularly in User Datagram Protocol (UDP) flood traffic, which often blends into normal traffic fluctuations. Conventional deep learning (DL) approaches, particularly Long Short-Term Memory (LSTM) networks, assign uniform importance to all time steps, limiting their ability to capture temporally localized burst patterns critical for identifying UDP-based volumetric attacks. To address this limitation, this study proposes LSTM-IoT, an attention-enhanced intrusion detection framework that integrates a temporal attention mechanism into an LSTM architecture. The model selectively emphasizes informative time intervals while suppressing irrelevant temporal segments, improving discrimination between benign and attack traffic. Evaluated on UDP traffic flows from the CICDDoS2019 dataset, LSTM-IoT achieves a detection accuracy of 99.93%, outperforming a baseline LSTM model. The results confirm that the proposed DL-based model effectively detects UDP-based volumetric DDoS attacks in IoT environments. Full article
Show Figures

Figure 1

31 pages, 1465 KB  
Article
Dual-Impact Feature Selection for Adversarially Robust, Functionality-Preserving UAV Intrusion Detection
by Saleem Alsaraireh, Mustafa Al-Fayoumi and Mohammad Alnabhan
Drones 2026, 10(7), 503; https://doi.org/10.3390/drones10070503 - 2 Jul 2026
Viewed by 225
Abstract
The increasing deployment of Unmanned Aerial Vehicles (UAVs) in critical operations exposes them to cyberattacks. Although deep learning-based Intrusion Detection Systems (IDSs) are effective, they are susceptible to adversarial attacks that manipulate input features to avoid detection. Conventional feature selection methods do not [...] Read more.
The increasing deployment of Unmanned Aerial Vehicles (UAVs) in critical operations exposes them to cyberattacks. Although deep learning-based Intrusion Detection Systems (IDSs) are effective, they are susceptible to adversarial attacks that manipulate input features to avoid detection. Conventional feature selection methods do not distinguish between features critical to model accuracy and those essential for preserving cyberattack operational validity. To address this, we propose a Dual-Impact Feature Selection (DIFS) framework for robust UAV-IDS models. Our approach evaluates features based on two criteria: the first is Model Performance Impact (MPI), using Integrated Gradients (IG) and Local Interpretable Model-agnostic Explanations (LIME) to measure feature influence on detection accuracy, and the second is Functionality Preservation Criterion (FPC), a clustering-based method that assesses whether a feature is indispensable for cyberattack execution. Features with high MPI and FPC are identified as Dual-Impact Features (DIFs). We generate constrained adversarial attacks that perturb these DIFs to create realistic evasion samples. Using these samples for adversarial training, we develop three robust UAV-IDS Convolutional Neural Network (CNN) models. Evaluated on three UAV network intrusion datasets, our framework demonstrates improved resilience. The models achieve up to 99.8% detection accuracy while reducing Attack Success Rate (ASR) to as low as 0.002, supporting their potential for designing adversary-resistant detection systems for UAV networks. Full article
(This article belongs to the Special Issue Security-by-Design in UAVs: Enabling Intelligent Monitoring)
Show Figures

Figure 1

60 pages, 597 KB  
Review
Heterogeneity-Aware Poisoning Attacks and Mitigation in Federated Learning: A Comprehensive Survey and Taxonomy
by Aimen Djemaa, Djamel Djenouri and Phil Legg
Electronics 2026, 15(13), 2876; https://doi.org/10.3390/electronics15132876 - 1 Jul 2026
Viewed by 276
Abstract
Federated learning (FL) enables collaborative model training without sharing raw data, but remains vulnerable to poisoning attacks in which malicious participants manipulate local data, model updates, gradients, or learned behaviours to degrade performance or introduce targeted failures. These threats become harder to assess [...] Read more.
Federated learning (FL) enables collaborative model training without sharing raw data, but remains vulnerable to poisoning attacks in which malicious participants manipulate local data, model updates, gradients, or learned behaviours to degrade performance or introduce targeted failures. These threats become harder to assess and mitigate in heterogeneous federated learning (HFL), where clients may differ in data distributions, model architectures, task objectives, resource availability, communication reliability, participation patterns, privacy constraints, and deployment environments. Existing surveys provide valuable coverage of FL security, poisoning attacks, robust aggregation, privacy-preserving mechanisms, and heterogeneity, but they do not sufficiently analyse how heterogeneity changes both poisoning behaviour and mitigation reliability. This survey addresses that gap by examining how statistical, model, task, device, communication, and participation heterogeneity affect poisoning feasibility, stealth, persistence, impact, transferability, attribution, and detectability. It then proposes a heterogeneity-aware taxonomy of poisoning mitigation mechanisms and compares existing strategies using operational criteria centred on attack–defence alignment, evidence validity, server visibility, privacy compatibility, scalability, deployment feasibility, and benign-client preservation. The central argument is that poisoning mitigation in HFL should not be evaluated only by attack type, defence family, clean accuracy, or attack success rate but also by whether defences observe and protect the channels through which heterogeneity-shaped attacks are expressed. The survey further identifies open challenges for developing channel-aware, privacy-compatible, scalable, adaptive, and false-positive-aware defences that preserve useful benign diversity under realistic HFL conditions. Full article
(This article belongs to the Special Issue Feature Papers in Networks: 2025–2026 Edition)
Show Figures

Figure 1

22 pages, 3821 KB  
Article
Topology-Stress-Based Wormhole Attack Defense for Power Wireless Sensor Networks with UWB Physical-Layer Awareness
by Kaiyun Wen, Fan Li, Fangming Deng and Zhen Wang
Sensors 2026, 26(13), 4141; https://doi.org/10.3390/s26134141 - 1 Jul 2026
Viewed by 200
Abstract
Power wireless sensor networks (PWSNs) provide essential field-level sensing and communication support for smart grids, where topology authenticity directly affects communication reliability and network operation. However, wormhole attacks can forge false adjacency relationships through low-latency tunnels, thereby disrupting topology consistency and misleading routing [...] Read more.
Power wireless sensor networks (PWSNs) provide essential field-level sensing and communication support for smart grids, where topology authenticity directly affects communication reliability and network operation. However, wormhole attacks can forge false adjacency relationships through low-latency tunnels, thereby disrupting topology consistency and misleading routing decisions. In practical power environments, metallic obstruction, multipath reflection, and non-line-of-sight (NLOS) propagation may further cause normal-ranging anomalies to resemble attack-induced topology distortion, making reliable wormhole attack detection challenging. To address this issue, this paper proposes a topology-stress-based wormhole attack defense method with ultra-wideband (UWB) physical-layer awareness. The first-path power ratio and root-mean-square delay spread extracted from UWB channel impulse responses are used to evaluate link-ranging reliability and construct adaptive stiffness coefficients. Local backbone links are modeled as virtual springs, and a topology stress indicator is derived from the residual deformation after potential-energy minimization to quantify the geometric inconsistency caused by forged adjacency relationships. Furthermore, a Beta-based temporal evidence fusion mechanism is introduced to support graded node access decisions and improve decision stability. Simulation and hardware validation results demonstrate that the proposed method effectively suppresses NLOS-induced false alarms while maintaining high sensitivity to wormhole attacks. Compared with representative baseline methods, it achieves more stable detection performance under increasing ranging errors and different attack intensities. Hardware experiments further show that topology stress can clearly distinguish normal links, NLOS-affected links, and forged wormhole links, confirming its effectiveness for topology-authenticity verification in power wireless sensor networks. Full article
(This article belongs to the Section Internet of Things)
Show Figures

Figure 1

27 pages, 11736 KB  
Article
KPP-BA: A Key-Dependent Pixel Permutation and Parity-Based Authentication Framework for Medical Image Tamper Detection
by Chia-Chen Lin, En-Ting Chu and Er-Tai Zhuo
Electronics 2026, 15(12), 2732; https://doi.org/10.3390/electronics15122732 - 21 Jun 2026
Viewed by 152
Abstract
With the prevalence of telemedicine and digital diagnosis, the security and integrity of medical images transmitted over open networks have become critical issues. To effectively defend against malicious tampering and ensure the reliability of diagnostic information, this study proposes a block-based image authentication [...] Read more.
With the prevalence of telemedicine and digital diagnosis, the security and integrity of medical images transmitted over open networks have become critical issues. To effectively defend against malicious tampering and ensure the reliability of diagnostic information, this study proposes a block-based image authentication and tamper detection framework (KPP-BA). This framework integrates key-dependent pixel permutation, hash-based message authentication code (HMAC)-SHA256 hash verification, and a parity-based 3-LSB minimal distortion embedding strategy. The core innovation lies in utilizing pseudo-random pixel permutation to disrupt spatial correlation within blocks, thereby effectively resisting collage and statistical analysis attacks. Furthermore, by combining the avalanche effect of HMAC-SHA256 with hybrid bit-plane feature extraction, the proposed method ensures extremely high sensitivity to subtle tampering. Experimental results on a dataset comprising 300 medical images demonstrate that the proposed method maintains superior visual quality while ensuring security, achieving an average Peak Signal-to-Noise Ratio (PSNR) of 54.15 of 0.5 bit per pixel (bpp). Moreover, against various tampering attacks—including masking, copy–paste, circle masking, and collage—the method exhibits exceptional detection capabilities with an average detection accuracy of 99.99%. Compared with seven state-of-the-art methods, the proposed framework demonstrates significant advantages in both image fidelity and tamper localization precision, validating its feasibility and robustness for secure medical image transmission applications. Full article
(This article belongs to the Special Issue Applications in Computer Vision and Pattern Recognition)
Show Figures

Figure 1

20 pages, 1947 KB  
Article
Dynamic Distillation-Aided Federated Learning for Intrusion Detection in Heterogeneous Edge Networks
by Fan Wang and Weimin Chen
Electronics 2026, 15(12), 2728; https://doi.org/10.3390/electronics15122728 - 21 Jun 2026
Viewed by 175
Abstract
Intrusion detection serves as a core technology for securing heterogeneous edge networks, including IoT, industrial edges, and 5G networks. However, existing federated learning-based intrusion detection systems suffer from environmental heterogeneity, limited sample availability, and severe class imbalance—issues that result in inefficient resource allocation [...] Read more.
Intrusion detection serves as a core technology for securing heterogeneous edge networks, including IoT, industrial edges, and 5G networks. However, existing federated learning-based intrusion detection systems suffer from environmental heterogeneity, limited sample availability, and severe class imbalance—issues that result in inefficient resource allocation and compromised detection performance against rare attacks. In this paper, we propose a novel lightweight intrusion detection model for heterogeneous edge networks, named FedNIDS-CNN, which is based on dynamic distillation-aided federated learning with a CNN backbone. In the data preprocessing phase, a two-level class balancing strategy integrating nearest-neighbor interpolation augmentation and adaptive synthetic sampling is employed to ensure distortion-free sample synthesis. For feature and model optimization, principal component analysis (PCA) is used to reduce the dimensionality of traffic features, while a lightweight 1D-CNN is adopted as the base model to alleviate computational overhead on edge devices. During federated training and knowledge aggregation, a dynamic weight distillation loss mechanism is designed to enhance the model’s ability to recognize minority-class attacks. Meanwhile, the federated framework supports client-side local training and server-side weighted soft-label aggregation, enabling effective knowledge fusion across heterogeneous models. Experimental results on the CICIDS2017 dataset demonstrate that the proposed method achieves an accuracy of 98.55% and an F1-score of 98.40%. Benefiting from the soft-label transmission and parameter-free aggregation design, the framework gets rid of the constraint of homogeneous model architecture and natively supports heterogeneous network models and edge devices with different computing capabilities. It also significantly reduces communication traffic and per-round training latency, confirming its excellent real-time performance and applicability in resource-constrained edge environments. Full article
(This article belongs to the Special Issue IoT Security in the Age of AI: Innovative Approaches and Technologies)
Show Figures

Figure 1

36 pages, 842 KB  
Article
Privacy-Preserving Federated Deep Learning for Robust Anomaly Detection in Distributed Security Sensing Systems
by Di Xu, Hongli Chen, Yansen Zeng, Yifan Yang, Jinghan Huang, Jiarui Song and Yan Zhan
Sensors 2026, 26(12), 3901; https://doi.org/10.3390/s26123901 - 19 Jun 2026
Viewed by 471
Abstract
With the widespread adoption of intelligent terminals, edge devices, and distributed information systems in the financial domain, financial security sensing data exhibit multisource heterogeneity, dynamic temporal patterns, and high privacy sensitivity. Traditional centralized anomaly detection methods are no longer able to simultaneously satisfy [...] Read more.
With the widespread adoption of intelligent terminals, edge devices, and distributed information systems in the financial domain, financial security sensing data exhibit multisource heterogeneity, dynamic temporal patterns, and high privacy sensitivity. Traditional centralized anomaly detection methods are no longer able to simultaneously satisfy the requirements of cross-institutional or cross-node collaborative modeling, client data privacy protection, and robust monitoring of transaction and system anomalies. To address this challenge, a data-local federated deep anomaly detection framework has been proposed for distributed financial security sensing systems. Initially, a local deep financial security sensing representation module is constructed to perform temporal encoding and attention-based modeling on multisource financial signals, including terminal operation status, network transaction communication, backend server operation, identity authentication, and anomaly alerts, thereby extracting representations relevant to anomalous behaviors. Subsequently, a data-local federated optimization and personalized aggregation mechanism is developed to enable cross-node knowledge sharing without transmitting raw transaction or client data, while local personalized detection heads are employed to adapt to non-independent and identically distributed (non-IID) financial institution data. Furthermore, an adversarially robust security detection and trust-aware aggregation strategy is introduced to enhance model stability under input noise, feature masking, anomaly camouflage, and potential malicious client updates. Experimental results demonstrate that the proposed method achieves an Accuracy of 92.37%, a Precision of 89.41%, a Recall of 88.26%, an F1-score of 88.83%, an AUC of 93.06%, and a PR-AUC of 89.15% in the primary financial anomaly detection task, significantly outperforming baseline methods such as Isolation Forest, Autoencoder, LSTM, Transformer, FedAvg, FedProx, SCAFFOLD, and MOON. In robustness experiments, the method attains F1-scores of 87.95%, 86.42%, 86.88%, 84.57%, 86.73%, and 83.91% under Gaussian noise, feature masking, temporal shift, adversarial perturbation, and 20% and 30% malicious client scenarios, respectively. Ablation studies further confirm the effectiveness of local representation learning, personalized federated optimization, adversarial training, and trust-aware aggregation mechanisms. Overall, the proposed approach provides an efficient intelligent anomaly detection solution for financial AI security monitoring scenarios characterized by data localization requirements, node heterogeneity, and attack perturbations. Full article
(This article belongs to the Special Issue Intelligent Sensing and Digital Signal Processing in Smart Data)
Show Figures

Figure 1

22 pages, 2212 KB  
Article
Irradiance-Driven Natural Watermarking for Detection of False Data Injection in PV Inverters
by Lars Bjorndal, Imasha Balahewa, Naser Vosoughi Kurdkandi, Tong Huang and Chris Mi
Energies 2026, 19(12), 2851; https://doi.org/10.3390/en19122851 - 16 Jun 2026
Viewed by 267
Abstract
The widespread deployment of photovoltaic (PV) inverters with digital control and communication systems has increased the power grid’s attack surface, making it more vulnerable to cyberattacks. This creates a need for locally implementable attack-detection methods that do not disrupt inverter operation. This paper [...] Read more.
The widespread deployment of photovoltaic (PV) inverters with digital control and communication systems has increased the power grid’s attack surface, making it more vulnerable to cyberattacks. This creates a need for locally implementable attack-detection methods that do not disrupt inverter operation. This paper therefore proposes an irradiance-driven natural watermarking approach for decentralized detection of false data injection (FDI) attacks on inverter terminal measurements. The approach leverages irradiance-driven DC-link voltage variations to watermark the inverter outputs, generating a non-removable signature in the true measurements. The proposed method is evaluated using a real-time hardware-in-the-loop model of a three-phase grid-following PV inverter that captures PV-array and grid-connection dynamics. Implementation robustness is further assessed on a separate hardware grid-forming inverter testbed with non-idealized components. In the tested cases, the detection model identifies noise-injection and replay attacks within 15ms, while otherwise undetectable model-based attacks are revealed when DC-link voltage variations between 5% and 10% occur. These experimental results demonstrate that irradiance-driven natural watermarking can reveal FDI attacks without affecting normal inverter operation. Full article
(This article belongs to the Section A: Sustainable Energy)
Show Figures

Figure 1

27 pages, 2287 KB  
Article
Dual-Branch Graph Learning with Frequency Gating for Industrial Sensor Anomaly and Cyberattack Detection
by Tong Zhao, Wei Yang and Yu Yao
Sensors 2026, 26(11), 3607; https://doi.org/10.3390/s26113607 - 5 Jun 2026
Viewed by 286
Abstract
Industrial sensor systems are increasingly vulnerable to both physical anomalies and cyberattacks, while their collected time series typically present complex periodic and non-stationary characteristics, along with dynamic spatial dependencies among sensors. To address these issues, this paper proposes a dual-branch graph learning framework [...] Read more.
Industrial sensor systems are increasingly vulnerable to both physical anomalies and cyberattacks, while their collected time series typically present complex periodic and non-stationary characteristics, along with dynamic spatial dependencies among sensors. To address these issues, this paper proposes a dual-branch graph learning framework with frequency gating for simultaneous industrial sensor anomaly and cyberattack detection. The model first divides the input time series into multiple patches and decomposes each patch into periodic and non-stationary components via frequency analysis. Two graph isomorphism network branches, namely periodic GIN (P-GIN) and non-stationary GIN (NS-GIN), are designed to model the spatial dependencies of the two components separately, where the graph structure is adaptively learned using a Gaussian kernel-based mechanism. Furthermore, a frequency gating module is introduced in the non-stationary branch to enhance the representation of abnormal and attack-related features. Hierarchical temporal encoding is performed via intra-patch attention and inter-patch attention to capture both local and long-range temporal dependencies. Extensive experimental results on real-world industrial sensor datasets demonstrate that the proposed method achieves superior performance compared with state-of-the-art methods in both anomaly detection and cyberattack detection tasks. Full article
Show Figures

Figure 1

28 pages, 613 KB  
Article
Attack-Level Failure Analysis of Invariant-Rule-Based Anomaly Detection in Industrial Control Systems
by Geumhwan Cho
Mathematics 2026, 14(11), 2016; https://doi.org/10.3390/math14112016 - 5 Jun 2026
Viewed by 248
Abstract
Invariant-rule-based anomaly detection is attractive for industrial control systems (ICSs) because its rules are interpretable, auditable, and learnable from normal-operation data alone. However, mined invariants can miss attacks that induce weak, localized, transient, or rule-consistent deviations, because such attacks may not sufficiently violate [...] Read more.
Invariant-rule-based anomaly detection is attractive for industrial control systems (ICSs) because its rules are interpretable, auditable, and learnable from normal-operation data alone. However, mined invariants can miss attacks that induce weak, localized, transient, or rule-consistent deviations, because such attacks may not sufficiently violate the specific variable relationships captured by the rules. Aggregate time-step metrics can also obscure these failures, since they do not reveal which documented attack windows remain uncovered. Therefore, we analyze rule-only detection failures at the attack-window level and evaluate a rule-preserving hybrid detector that keeps the original invariant-rule alarm unchanged while adding learned anomaly evidence from per-sensor XGBoost residual models and an Anomaly Transformer. The final alarm uses OR fusion and matched-FPR results are reported as an evaluation-time operating-point analysis under a common system-level false-positive budget. On the SWaT benchmark, the reproduced rule-only detector detects 16/36 attacks at an attack-window recall threshold of 0.05 and 13/36 at 0.4. At the Zhu-matched evaluation-time false-positive budget (α0.00447), the pre-specified equal-weight hybrid reaches 19/36 and 16/36, respectively. For localization, SHAP attribution on the XGBoost residual models places the attacked sensor in the top-5 for 70.6% of direct sensor attacks and a variable from the correct process stage in the top-5 for 94.4% of all attacks. These results indicate that rule-preserving residual learning modestly improves attack-level coverage while providing operator-oriented localization evidence rather than definitive root-cause identification. Full article
(This article belongs to the Special Issue Machine Learning for Anomaly Detection)
Show Figures

Figure 1

Back to TopTop