Search Results (694)

The increasing complexity and heterogeneity of Internet of Things (IoT) systems pose significant challenges for systematic security and vulnerability assessment. From a knowledge-centric perspective, IoT security analysis requires transforming heterogeneous asset information into structured and interpretable security knowledge. In this paper, we propose a structured methodology for vulnerability analysis that models the attack surface of an IoT system by explicitly linking asset characteristics to known vulnerabilities, security controls, and countermeasures. The approach starts with a visual representation of the system architecture, where hardware, software, and communication components are identified and described through their technical characteristics. These characteristics are automatically mapped to relevant vulnerabilities, security controls, and countermeasures using a dedicated software tool called AVCA (Asset Vulnerabilities and Countermeasures Analyzer). The tool generates graph-based analytical representations that model vulnerabilities–countermeasures relationships in compliance with the Cloud Security Alliance (CSA) IoT Security Framework. From these graphs, attack–countermeasure trees are derived to provide a clear and interpretable representation of potential threats and mitigation strategies. The proposed methodology was evaluated through a case study involving a representative IoT system and an exploratory applicability experiment with participants with different levels of experience in IoT and cybersecurity. The results suggest that the approach is feasible and practically applicable for supporting security analysts in the systematic assessment of IoT attack surfaces, vulnerability identification, and selection of appropriate countermeasures under the evaluated conditions. This work highlights the role of structured and interpretable knowledge extraction as a foundation for knowledge-centric and interpretable IoT security analysis. Full article

The increasing reliance of Internet of Things (IoT) applications on low-power wide-area network technologies, particularly Long Range Wide Area Network (LoRaWAN), has amplified the need for security monitoring approaches that go beyond attack-specific signatures and generic traffic anomalies. Existing solutions are often tailored to individual threat scenarios or rely on statistical indicators, which limits their ability to systematically capture protocol-level misuse in an interpretable manner. This paper addresses this gap by proposing a protocol-aware validation methodology based on a Digital Twin abstraction of LoRaWAN communication behavior. The Over-The-Air Activation (OTAA) procedure is modeled as a finite-state machine that encodes expected message sequences, timing constraints, and specification-driven state transitions. Observed network events are continuously evaluated against this formal state model, enabling the identification of protocol-level deviations indicative of anomalous or non-conformant behavior. Illustrative examples include replay behavior, timing inconsistencies, and integrity-related anomalies, although the framework is not limited to predefined attack categories. The results demonstrate that state machine-based Digital Twin provides a structured and extensible foundation for protocol-aware security validation and Security Operation Center (SOC)-oriented telemetry enrichment. In this sense, the presented approach represents a concrete step toward protocol-aware intrusion detection for LoRaWAN networks by establishing a state-synchronized semantic validation layer upon which higher-level detection mechanisms can be built. Full article

Event-based person re-identification (Re-ID) has recently emerged as a privacy-friendly alternative to conventional RGB-based surveillance. However, the security and adversarial robustness of these systems remain largely understudied. This paper presents a systematic investigation into the vulnerabilities of event-based person Re-ID models operating on 5-channel event voxels. We evaluate the impact of a one-step FGSM attack on query-side event voxel inputs and measure the resulting retrieval performance. Our experiments demonstrate a significant susceptibility: under subtle perturbations, the Top-1 accuracy drops drastically from 0.462 to 0.154. Critically, these adversarial inputs maintain high perceptual similarity to the original data, with an average SSIM of approximately 0.99 and an average PSNR of 45 dB, rendering the modifications nearly imperceptible. These findings suggest that the sparse and asynchronous nature of event-based person Re-ID, despite its potential privacy advantages, is highly susceptible to gradient-based exploits. This study highlights the need for robustness-aware design and defense mechanisms in event-based surveillance systems. Full article

This paper proposes a novel method for synthesizing a discrete optimization algorithm based on the moth–flame paradigm for application to the architecture of deceptive systems incorporating decoys and traps. Unlike existing approaches that primarily rely on continuous search spaces or static deception strategies, the proposed method enables the formation of a discrete search space with a coordinate-based representation of deception objects and system states. A spiral search trajectory is synthesized by modeling the dynamic interaction between moths and flames, which allows the algorithm to balance exploration and exploitation effectively and to mitigate premature convergence to local optima. The problem of selecting subsequent operational steps of a deceptive system, which includes the control and reconfiguration of decoys and traps in response to detected events, is formulated as a discrete optimization problem. The objective of this optimization is to increase the effectiveness of cyberattack and malware detection in corporate network environments. The decision variables include the sequence of deception actions, process models, and architectural characteristics of the system, while the constraints are defined by the operational conditions, resource limitations, and structural features of corporate networks. The proposed method supports the identification of an optimal sequence of deception actions under dynamically changing conditions and provides mechanisms for operational adaptation to attacker behavior in real time. This adaptability enables the creation of deceptive systems capable of long-term autonomous operation without continuous administrative intervention, while simultaneously increasing their resistance to adversarial reconnaissance and reverse engineering of their operational principles. The experimental results confirm the feasibility and effectiveness of the proposed approach and demonstrate the potential of integrating population-based optimization algorithms into deceptive system architectures. Comparative analysis shows that the proposed method outperforms its closest competitor, the genetic algorithm, achieving an improvement of 4.82% in terms of the objective function value. Future research directions include deeper integration of population-based optimization methods into decoy-and-trap architectures and the development of a comprehensive framework for organizing their operation in accordance with the proposed conceptual model. Overall, the results contribute to enhancing the cyber-resilience of corporate networks through intelligent, adaptive, and autonomous systems for countering modern cyberattacks and malware. Full article

Backdoor attacks pose a critical security risk to pre-trained language models (PLMs) by utilizing concealed triggers to manipulate model outputs. Existing defense strategies largely depend on statistical thresholds, which often struggle to identify sophisticated backdoor samples that exhibit high cognitive similarity to benign data. Such similarities make precise threshold calibration difficult, frequently leading to unreliable or failed detection. To overcome these limitations, we propose a backdoor detection method based on consensus deviation, shifting the defensive paradigm from surface-level statistical metrics to deep cognitive consensus verification. This approach obviates the reliance on fixed thresholds, enabling the more robust identification of covert triggers. Extensive experiments on the SST-2, HSOL, and AG‘s News datasets revealed that our method achieved significantly lower attack success rates (ASRs) and enhanced robustness compared with the current baselines across word-, sentence-, and structural-level attack scenarios. Full article

Short-term load forecasting (STLF) is crucial for ensuring power grid stability and economic dispatch. Its accuracy heavily depends on the quality of the input data. However, collecting operational data via the power system’s communication network poses a significant vulnerability to cyberattacks, particularly stealthy False Data Injection (FDI) attacks. By closely mimicking normal load fluctuations, these attacks evade conventional detection, thus, compromising forecasting reliability. To address this challenge, this paper proposes a novel resilient load forecasting framework that integrates two-stage attack detection with robust ensemble learning. In the detection stage, attack identification is performed through seasonal decomposition and AE-BiLSTM reconstruction, followed by restoration using periodic-consistent historical means and secondary screening via second-order differencing (SOD). In the forecasting stage, an improved Multi-Objective Whale Migration Algorithm (MO-WMA) is employed to adaptively optimize ensemble weights for intelligent fusion, significantly enhancing prediction accuracy and robustness, and providing a generalizable solution for intelligent grid load forecasting. Experiments were conducted on the Independent System Operator of New England (ISO New England, 2012–2014) load dataset under four typical FDI attack scenarios, with test sets including diverse attack intensities and temporal patterns. Results show that the framework achieves $98.98\%$ attack detection accuracy and improves the $R^2$ forecasting metric from 0.9053 to 0.9851, approaching attack-free performance, demonstrating effective recovery of forecasting accuracy and generalization capability. Full article

Profile images from social networks are a valuable source of data for AI analytics, but they contain biometric identifiers that pose serious privacy risks. The current face anonymization techniques often destroy semantic information, and generative de-identification methods are vulnerable to re-identification attacks. In this paper, we propose a template-driven multimodal face pseudonymization framework that allows for the privacy-preserving analysis of facial image data while retaining analytically relevant attributes. Our approach uses a FaceNet-based CelebA attribute classifier to extract fine-grained facial attributes and a DeepFace model to extract high-level demographic attributes. Rather than relying on stochastic large language models, we introduce deterministic template-based attribute-to-text conversion to ensure consistency and reproducibility and prevent unintended attribute hallucination. The resulting textual description serves as the sole conditioning input for Janus-Pro, a multimodal text-to-image generation model that synthesizes realistic yet non-identifiable face images. We evaluate our method on the CelebA dataset under a strong adversarial threat model, employing state-of-the-art face recognition systems to assess re-identification and linkability attacks. Our results demonstrate a substantial reduction in identity leakage while preserving semantic attributes. Full article

Automated production lines are increasingly being expanded with Industrial Internet of Things (IIoT) devices, creating complex Cyber-Physical Systems (CPSs) that connect physical production with control and information infrastructure. However, the convergence of Information Technology (IT) and Operational Technology (OT) layers creates new entry points for attacks targeting communication availability. Most existing studies analyze Distributed Denial of Service (DDoS) attacks primarily in simulation or testbed environments, with limited experimental verification of their impact on real-world production systems. This article presents an experimental evaluation of the impact of DDoS and Distributed Reflection Denial of Service (DRDoS) attacks carried out directly on a physical automated production line with integrated IIoT infrastructure during real operation. Three attack scenarios (TCP SYN flood, TCP ACK flood, and ICMP reflected attack) were implemented, targeting Programmable Logic Controllers (PLCs), Radio-Frequency Identification (RFID) subsystems, and selected IIoT devices. The results showed rapid degradation of deterministic PROFINET communication, disruption of the link between the OT and IT layers, loss of digital product representation, and physical interruption of the production process. Based on the findings, a minimally invasive security solution based on perimeter protection was designed and experimentally verified. The results emphasize the need to design IIoT-based manufacturing systems with an emphasis on network segmentation and architectural separation of the IT and OT layers. Full article

Internet of Things (IoT) applications often require only minimal necessary information—such as threshold judgments, binning, or prefixes—yet they must control privacy leakage arising from multi-round and cross-entity access without exposing raw values. Existing solutions, however, frequently rely on ciphertext structures and server-side states, making it difficult to define a leakage upper bound for restricted answers in the sense of Differential Privacy (DP), or they lack unified information budgeting and k-use control. To address these challenges, this paper proposes a verifiable differential privacy partial disclosure scheme for IoT. We employ DP accounting to uniformly constrain the leakage of three types of operators: threshold, binning, and prefix. Furthermore, we design stateless k-use tokens based on Verifiable Random Functions (VRFs) and chained receipts to generate publicly verifiable compliance evidence for each response. We implemented an end-edge-cloud prototype system and evaluated its performance on two use cases: smart meter threshold alarms and industrial sensor out-of-bound detection. Experimental results demonstrate that compared with a baseline relying on server-state counting for k-use control, our stateless k-use mechanism improves throughput by approximately 25–37% under concurrency scales of 1, 8, and 16, and reduces p95 latency by an average of 15%. Meanwhile, in multi-party splicing attack experiments, the re-identification accuracy remains stable in the 0.50–0.52 range, approximating random guessing. These results validate that the proposed scheme possesses low-energy engineering feasibility and audit-friendliness while effectively suppressing splicing risks. Full article

The integration of wearable inertial measurement units (IMU) in animal welfare Internet of Things (IoT) systems has become crucial for monitoring animal behaviors and enhancing welfare management. However, the vulnerability of IoT devices to network and hardware attacks poses significant risks, potentially compromising data integrity and misleading caregivers, negatively impacting animal welfare. Additionally, current animal monitoring solutions often rely on intrusive tagging methods, such as Radio Frequency Identification (RFID) or ear tagging, which may cause unnecessary stress and discomfort to animals. In this study, we propose a lightweight integrity and provenance-oriented security stack that complements standard transport security, specifically tailored to IMU-based animal motion IoT systems. Our system utilizes a 1D-convolutional neural network (CNN) model, achieving 88% accuracy for precise motion recognition, alongside a lightweight behavioral fingerprinting CNN model attaining 83% accuracy, serving as an auxiliary consistency signal to support collar–animal association and reduce mis-attribution risks. We introduce a dynamically generated pre-shared key (PSK) mechanism based on SHA-256 hashes derived from motion features and timestamps, further securing communication channels via application-layer Hash-based Message Authentication Code (HMAC) combined with Message Queuing Telemetry Transport (MQTT)/Transport Layer Security (TLS) protocols. In our design, MQTT/TLS provides primary device authentication and channel protection, while behavioral fingerprinting and per-window dynamic–HMAC provide auxiliary provenance cues and tamper-evident integrity at the application layer. Experimental validation is conducted primarily via offline, dataset-driven experiments on a public canine IMU dataset; system-level overhead and sensor-to-edge latency are measured on a Raspberry Pi-based testbed by replaying windows through the MQTT/TLS pipeline. Overall, this work integrates motion recognition, behavioral fingerprinting, and dynamic key management into a cohesive, lightweight telemetry integrity/provenance stack and provides a foundation for future extensions to multi-species adaptive scenarios and federated learning applications. Full article

Distributed databases are increasingly used in enterprise and cloud environments, but their distributed architecture introduces significant security challenges, including data leaks and insider threats. In the context of escalating cyber threats targeting large-scale distributed databases and cloud-native microservice architectures, this paper presents Graph Metric Dimension-based Anomaly Detection (GMD-AD), a novel graph-structure model designed to enhance cybersecurity in distributed databases by leveraging the metric dimension of interaction graphs; further, GMD-AD addresses the critical need for real-time, low-overhead, and privacy-aware anomaly detection mechanisms. The model introduces a compact resolving set as landmarks to detect intrusions through distance vector variations with minimal computational overhead. The proposed framework offers four major contributions, including sequential metric dimension updates to support dynamic topologies; a parallel BFS strategy to enable scalable processing; the incorporation of the k-metric anti-dimension to provide provable privacy against re-identification attacks; and a hybrid pipeline in which resolving-set subgraphs are processed by graph neural networks prior to final classification using gradient boosting. Experiments conducted on the SockShop microservices benchmark and a real MongoDB sharded cluster with injected anomalies reveal 60% reduced localization latency (1200 ms → 480 ms), stable detection accuracy (>0.997), increased noise robustness (F1 0.95 → 0.97) and a drop of re-identification success rate from the baseline by 40 percentage points (68% → 28%) when k = 3, ℓ = 2. We demonstrated up to 60% latency reduction and 40% privacy improvement over baselines, validated on real MongoDB clusters. The findings show that GMD-AD is a scalable, real-time and privacy-preserving HTTP anomaly detection solution for both distributed database systems and microservice architectures. Full article

Accurate fingerprinting of Internet of Things (IoT) devices is essential for network security, management, and anomaly detection. Existing machine-learning-based approaches can be broadly classified into two categories. The first are time-domain-based approaches that infer device identity from aggregated traffic statistics, while effective in dense communication environments, they perform poorly for devices that generate sparse, low-volume, or irregular traffic, which restricts behavioral visibility. The second, radio frequency fingerprinting (RFF), extracts hardware-specific traits from radio frequency signals but is limited in wired or mixed-connectivity IoT networks and lacks behavioral or functional insights. To overcome these limitations, this paper proposes a hybrid fingerprinting framework that integrates network traffic analysis with frequency-domain representations using wavelet transform techniques. This approach captures both temporal and spectral characteristics, combining behavioral and structural perspectives to enable robust and accurate IoT device identification. The proposed system is evaluated on three real-world datasets under multiple experimental scenarios, including (1) device identification, (2) device type classification, (3) scalability with dataset size and complexity, and (4) performance under Distributed Denial-of-Service (DDoS) attack conditions. Experimental results show that wavelet-based features consistently outperform conventional time-domain features across all evaluation metrics, achieving higher accuracy, resilience, and generalization. Full article

Along with the swift evolution of autonomous driving and internet technologies, In-Vehicle Ethernet has evolved into the core backbone network underpinning the new generation of in-vehicle networks (IVNs). Since In-Vehicle Ethernet is susceptible to a host of cybersecurity threats—such as data pilferage, data falsification, and malicious unauthorized access—it is imperative to enhance its defense capabilities. This research focuses on anomaly identification for In-Vehicle Ethernet communication networks, with a specific focus on the intrinsic data features of the AVTP protocol and potential cyber-attack vectors targeting the network. This work develops a novel network anomaly detection approach rooted in the Fuzzy clustering algorithm. This effectively enhances the cybersecurity performance of In-Vehicle Ethernet. Experimental results demonstrate that the Fuzzy clustering algorithm proposed in this study achieves 97.4% accuracy in detecting anomalous data, outperforming the traditional K-Means and OPTICS clustering algorithms by 6.4% and 14.5% respectively in anomaly detection rate. This further elevates the cybersecurity performance of In-Vehicle Ethernet and forges a robust foundation for the stable operation and iterative advancement of intelligent connected vehicles (ICVs). Full article

To enhance the resilience and sustainability of urban metro systems under operational uncertainties and external disturbances, critical station identification and vulnerability assessment should be further investigated from the perspective of network science. In this paper, the presented comprehensive clustering algorithm and the Pearson correlation coefficient are adopted to explore the origin-destination (OD) passenger flow characteristics on different date classifications, and the different dates should be reasonably classified into three categories, including working day, weekends, and holiday. Meanwhile, this paper proposes the dynamic DomiRank algorithm and flow DomiGCN model to identify critical stations from network structure and function on different data classifications respectively, and further studies the vulnerability property of metro networks under simulated attacks. The Shanghai metro network is selected as case to prove the feasibility and correctness of the model. The results show that the dynamic DomiRank algorithm is relatively effective to identify critical stations from network structure, and the flow DomiGCN model is also relatively effective to identify critical stations from network function. Moreover, simulated attacks to these critical stations detected by the proposed methods can cause more damages than the other methods. These findings provide some supports for protection of metro infrastructure and contribute to the sustainable operation and development of urban rail transit systems. Full article

As deep learning models are increasingly embedded as critical components within complex socio-technical systems, understanding and evaluating their systemic robustness against adversarial perturbations has become a fundamental concern for system safety and reliability. Deep neural networks (DNNs) are highly effective in visual recognition tasks but remain vulnerable to adversarial perturbations, which can compromise their reliability in safety-critical applications. Existing attack methods often distribute perturbations uniformly across the input, ignoring the spatial heterogeneity of model sensitivity. In this work, we propose the Spatially Distributed Perturbation Strategy with Smoothed Gradient Sign Method (SD-SGSM), a adversarial attack framework that exploits decision-dependent regions to maximize attack effectiveness while minimizing perceptual distortion. SD-SGSM integrates three key components: (i) decision-dependent domain identification to localize critical features using a deterministic zero-out operator; (ii) spatially adaptive perturbation allocation to concentrate attack energy on sensitive regions while constraining background disturbance; and (iii) gradient smoothing via a hyperbolic tangent transformation to enable fine-grained and continuous perturbation updates. Extensive experiments on CIFAR-10 demonstrate that SD-SGSM achieves near-perfect attack success rates (ASR 99.9%) while substantially reducing ${\ell }_2$ distortion and preserving high structural similarity (SSIM 0.947), outperforming both single-step and momentum-based iterative attacks. Ablation studies further confirm that spatial distribution and gradient smoothing act as complementary mechanisms, jointly enhancing attack potency and visual fidelity. These findings underscore the importance of spatially aware, decision-dependent adversarial strategies for system-level robustness assessment and the secure design of AI-enabled systems. Full article