Search Results (1,643)

As network environments become increasingly interconnected, ensuring robust cyber-security has become critical, particularly with the growing sophistication of modern cyber threats. Intrusion detection systems (IDSs) play a vital role in identifying and mitigating unauthorized or malicious activities; however, conventional machine learning-based IDSs often rely on handcrafted features and are limited in their ability to detect diverse attack types across disparate network domains. To address these limitations, this paper introduces a novel unified intrusion detection framework that implements “Structural Dualism” to integrate three heterogeneous benchmark datasets (CSE-CIC-IDS2018, NF-BoT-IoT-v2, and IoT-23) into a harmonized, protocol-agnostic representation. The framework employs a shared autoencoder architecture with dataset-specific projection layers to learn a unified latent manifold. This 15-dimensional space captures the underlying semantics of attack patterns (e.g., volumetric vs. signaling) across multiple domains, while dataset-specific decoders preserve reconstruction fidelity through alternating multi-domain training. To identify complex micro-signatures within this manifold, the framework utilizes a synergistic hybrid convolutional neural network–deep neural network (CNN–DNN) classifier, where the CNN extracts spatial latent patterns and the DNN performs global classification across twenty-five distinct classes. Class imbalance is addressed through resampling strategies such as adaptive synthetic sampling (ADASYN) and edited nearest neighbors (ENN). Experimental results demonstrate remarkable performance, achieving 99.76% accuracy for binary classification and 99.54% accuracy for multi-class classification on the merged dataset, with strong generalization confirmed on individual datasets. These findings indicate that the shared autoencoder-based CNN–DNN framework, through its unique feature alignment and spatial extraction capabilities, significantly strengthens intrusion detection across diverse and heterogeneous environments. Full article

The increasing integration of electric vehicles (EVs) and renewable energy sources has accelerated the adoption of DC microgrids, where maintaining voltage stability and effective power sharing remains a critical challenge. Hybrid energy storage systems (HESS), combining batteries and supercapacitors, are commonly employed to address dynamic power variations. However, conventional proportional–integral (PI)-based control strategies for HESS can exhibit performance limitations under nonlinear and varying operating conditions. To overcome this drawback, this paper presents an adaptive neuro-fuzzy inference system (ANFIS)-based control strategy for HESS located in a DC microgrid, with comparative evaluation against both conventional PI and traditional Fuzzy Logic controller (FLC) schemes. The proposed approach is evaluated using a detailed MATLAB/Simulink R2024a model of a DC microgrid including EVs. Simulation results show that, under normal operating conditions, the ANFIS-based control demonstrates improved transient response, reduced voltage fluctuations, and effective coordination between the battery and supercapacitor during renewable power variations, compared to PI and FLC-controlled systems. In addition to nominal performance assessment, this work investigates the vulnerability of the ANFIS controller to cyber-attacks. Two representative attack scenarios, false data injection (FDI) and denial-of-service (DoS), are applied to critical measurement and control signals of HESS. Simulation results reveal that, although the DC-bus voltage regulation is largely maintained during attack intervals, cyber manipulation significantly disrupts the intended HESS power-sharing behavior. Full article

Vehicle platooning is a cooperative driving scenario in which a set of consecutive, connected and autonomous vehicles travel at the same speed while controlling their inter-vehicular distance. Organising traffic in platoons of vehicles can mitigate issues in road transport by improving safety, energy efficiency, and road usage. Vehicle platooning scenarios are enabled by communication across the fleet, allowing the design of distributed controllers to impose cooperative vehicle motion. In contrast to initial control strategies tailored for specific network topologies, the last decade has witnessed a substantial increase in vehicle platooning control solutions that treat the cooperative platoon motion as the synchronisation of a network of dynamic systems, thereby enabling their use across a wider range of topologies. Despite numerous publications in recent years, the literature lacks a comprehensive survey of network synchronisation methods for vehicle platooning. To fill this gap, this paper aims to review network synchronisation strategies proposed for controlling the longitudinal motion of vehicle platoons over the period 2013–2025, with particular focus on contributions from 2018 onwards. The literature on network-synchronisation-based vehicle platooning methods is reviewed within a four-component framework. Then, the most widely used families of distributed consensus controllers are analysed, and the ways in which heterogeneity, nonlinearities, delays, packet drops, external disturbances, and cyber attacks are accounted for and mitigated are examined, along with different types of closed-loop stability. The review also surveys approaches from the literature for validating and assessing synchronisation algorithms in vehicle platoons, covering both experimental and simulation studies, as well as the related simulation platforms. The review paper concludes by presenting research trends and gaps, as well as potential future directions. Full article

Water Distribution Networks (WDNs) are critical infrastructure for delivering clean and safe drinking water. As modern WDNs increasingly integrate cyber technologies, they evolve into complex cyber–physical systems (CPSs). This connectivity, however, introduces new vulnerabilities, including cyberattacks. Cybersecurity protects systems from unauthorized access, attacks, and data breaches. In this systematic review, we adopted the PRISMA 2020 reporting guideline. Predefined keyword strings were designed to extract relevant articles from Scopus and Web of Science during the period of 2014–2025. In total, 32 peer-reviewed studies were included for narrative synthesis following duplication and eligibility screening. The review protocol was not registered. This review provides a unified perspective on how Artificial Intelligence (AI) contributes to WDNs resilience. The literature is evaluated in terms of detection tasks, data modalities, learning paradigms, and model architecture. The results highlight three key findings: (a) data bias, reflected in significant reliance on specific synthetic datasets and limited use of real-world utility network data; (b) performance, with deep learning architecture, such as long-short-term memory models, achieving commendable levels of accuracy in intrusion detection, however, overall comparison with other models remain scenario-dependent; and (c) future directions, synthesized through an AI-centered perspective that emphasizes resilience and identifies research gaps in adaptive online learning, attack prediction, interpretability, federated learning and topology localization. This study concludes with recommendations for the broader integration of AI tools to support resilient WDN operation. Full article

The Internet of Things (IoT) is increasingly embedded in critical infrastructures across healthcare, energy, transportation, and industrial automation, yet its pervasiveness introduces substantial security and resilience challenges. This paper presents a comprehensive review of recent advances in IoT resilience, focusing on developments reported between 2022 and 2025. A layered taxonomy is proposed to organize resilience strategies across hardware, network, learning, application, and governance layers, addressing adversarial, environmental, and hybrid stressors. The survey systematically classifies and compares more than forty representative studies encompassing deep learning under adversarial attack, generative and ensemble intrusion detection, hardware and protocol-level defenses, federated and distributed learning, and trust and governance-based approaches. A comparative analysis shows that while adversarial training, GAN-based augmentation, and decentralized learning improve robustness, their evidence is often confined to specific datasets or attack scenarios, with limited validation in large-scale deployments. The study highlights challenges in benchmarking adaptivity, cross-layer integration, and explainable resilience, concluding with future directions for creating antifragile IoT systems that can self-heal and adapt to evolving cyber–physical threats. Full article

The rapid deployment of electric vehicle (EV) charging infrastructure, coupled with the integration of 5G/6G and Internet of Vehicles (IoV) technologies, has transformed charging stations into cyber–physical systems that rely on wireless communication for authentication, control, and grid coordination. While existing security standards such as ISO 15118 provide cryptographic protection at upper layers, they are insufficient to address physical-layer threats inherent to wireless connectivity. In particular, wireless active eavesdropping attacks can corrupt channel estimation during the authentication phase, enabling impersonation, unauthorized charging, and disruption of grid operations. This paper proposes a machine learning-based physical layer security (PLS) framework for detecting active eavesdropping attacks in 5G/6G-enabled EV charging systems. By modeling malicious EVs as pilot-spoofing attackers, three discriminative features, namely mean power, power ratio, and angle-based feature, are extracted from received pilot signals at the charging station. Three classifiers are evaluated: single-class support vector machine (SC-SVM), Random Forest (RF), and DNN. Simulation results demonstrate that the SC-SVM maintains a stable accuracy between 94% and 96% across all attacker power levels, while RF and DNN significantly outperform it under stronger attack conditions. Specifically, under strong attacker conditions, RF achieves an accuracy of 99.9%, and DNN reaches 99.8%, both exceeding 99% detection accuracy. By preventing pilot-spoofing-based impersonation during authentication, the proposed framework enhances charging availability, billing integrity, and grid-aware scheduling in intelligent EV charging infrastructure. Full article

Ransomware represents a critical and escalating threat to public institutions in developing nations, where cybersecurity is often underprioritized. While technical vulnerabilities are significant, this study investigates the under-explored socio-organizational dimensions of cyber resilience within Latin American local governments. Employing a qualitative exploratory approach, the research draws on semi-structured interviews with IT officials from Ecuadorian municipalities. The data were analyzed using Braun and Clarke’s thematic framework, applying a hybrid coding strategy that integrated deductive categories (institutional, human, technological) with inductive themes. The findings identify key vulnerability factors, including low risk perception among personnel, insufficient training, a lack of formal security policies, and weak regulatory enforcement. These human and institutional shortcomings often outweigh purely technological weaknesses, with social engineering serving as a predominant attack vector. Despite these challenges, the study also uncovers emergent resilience practices, including internal security committees, micro-training routines, AI-supported filtering, and informal troubleshooting networks. This research provides empirical evidence from a critically understudied context, underscoring the imperative for human-centric and context-sensitive cybersecurity strategies in the public sector. The conclusions establish a foundational understanding for developing adaptive security models, including future AI-driven solutions, tailored to the operational realities of developing nations. The study offers practical insights for policymakers and institutions aiming to bolster holistic cyber defense capabilities that address both human and technical factors. Full article

With limited energy constraints, the issue of transmission and interference strategies have received considerable critical attention in cyber–physical security. In this paper, for remote state estimation under signal-to-interference-plus-noise ratio-based denial-of-service (DoS) attacks, the Stackelberg game between the sensor and the attacker is investigated. To balance estimation performance and energy consumption, the two players determine the transmission power and interference power sequentially under an incomplete information structure where the sensor does not know the fading channel gain of the attacker exactly. The schedule problem over the infinite-time horizon is first formulated as a Markov decision process with finite state and action spaces. Then, a Bayesian Stackelberg game (BSG) is constructed by incorporating the probability information of the channel interference gain. Based on the definition of best-response, the solution of the BSG is presented and the existence of the Stackelberg equilibrium is proven. Furthermore, a Stackelberg Q-learning algorithm is used to obtain the optimal strategies for the two players. Numerical results demonstrate the effectiveness of the proposed game method when the sensor is unable to access an attacker’s channel gain information. Full article

Static honeypot deployment and one-shot attack-path analysis often become ineffective against adaptive adversaries because fixed decoy layouts are easy to fingerprint and risk estimates quickly go stale. This paper presents a unified, mathematically grounded TrapManager framework that couples graph representation learning with budget-constrained combinatorial optimization for dynamic cyber deception. We model attacker progression on vulnerability-based attack graphs and learn context-aware node embeddings using a Graph Attention Network (GAT) that fuses vulnerability-driven risk signals (e.g., CVSS-derived node scores) with structural features. The learned representations are used to estimate edge plausibility and rank candidate source–target routes at the path level. Given limited resources, we formulate pointTrap placement as a Mixed-Integer Programming (MIP) problem that maximizes the expected interception of high-risk paths while penalizing deployment cost under explicit budget constraints, including mandatory coverage of the top-ranked critical paths. To enable online adaptiveness, a pointTrap-triggered, event-driven feedback mechanism locally amplifies risk around alerted regions, updates path weights without retraining the GAT, and re-solves the MIP for rapid redeployment. Experiments on MulVAL-generated benchmark attack graphs and cross-domain transfer settings demonstrate fast convergence, strong discrimination between attack and non-attack edges, and early interception within a small number of hops even with minimal decoy budgets. Overall, the proposed framework provides a scalable and resource-efficient approach to closed-loop attack-path defense by integrating attention-based learning and integer optimization. Full article

Distributed databases are increasingly used in enterprise and cloud environments, but their distributed architecture introduces significant security challenges, including data leaks and insider threats. In the context of escalating cyber threats targeting large-scale distributed databases and cloud-native microservice architectures, this paper presents Graph Metric Dimension-based Anomaly Detection (GMD-AD), a novel graph-structure model designed to enhance cybersecurity in distributed databases by leveraging the metric dimension of interaction graphs; further, GMD-AD addresses the critical need for real-time, low-overhead, and privacy-aware anomaly detection mechanisms. The model introduces a compact resolving set as landmarks to detect intrusions through distance vector variations with minimal computational overhead. The proposed framework offers four major contributions, including sequential metric dimension updates to support dynamic topologies; a parallel BFS strategy to enable scalable processing; the incorporation of the k-metric anti-dimension to provide provable privacy against re-identification attacks; and a hybrid pipeline in which resolving-set subgraphs are processed by graph neural networks prior to final classification using gradient boosting. Experiments conducted on the SockShop microservices benchmark and a real MongoDB sharded cluster with injected anomalies reveal 60% reduced localization latency (1200 ms → 480 ms), stable detection accuracy (>0.997), increased noise robustness (F1 0.95 → 0.97) and a drop of re-identification success rate from the baseline by 40 percentage points (68% → 28%) when k = 3, ℓ = 2. We demonstrated up to 60% latency reduction and 40% privacy improvement over baselines, validated on real MongoDB clusters. The findings show that GMD-AD is a scalable, real-time and privacy-preserving HTTP anomaly detection solution for both distributed database systems and microservice architectures. Full article

The rapid growth of cryptocurrencies and non-fungible tokens (NFTs) has expanded technological opportunities, but it has also increased the exposure surface to cyber threats, creating a need for a more precise understanding of the field’s scientific evolution. This study aims to systematically analyse academic output related to cybersecurity and cyber threats within cryptocurrency and NFT ecosystems, identifying central themes, the most influential authors, and emerging trends. A bibliometric methodology was employed, based on the PRISMA 2020 protocol and scientific mapping tools such as SciMAT (v1.1.06) and VOSviewer (v1.6.20), using a corpus of 337 articles published between 2014 and 2025. The findings indicate sustained growth in the literature, a marked geographical and editorial concentration, and the presence of motor themes such as blockchain, cybersecurity, emerging technologies and illegal mining, alongside emerging areas such as intrusion detection. The results also reveal a progressive integration of artificial intelligence techniques in the detection and prevention of attacks. In conclusion, this study provides a comprehensive overview of the state of the art, identifies critical gaps, and underscores the need for interdisciplinary approaches to strengthen security in decentralised environments. Full article

Intrusion Detection Systems (IDSs) have evolved to safeguard networks and systems from cyber attacks. Anomaly-based Intrusion Detection Systems (A-IDS) have been commonly employed to detect known and unknown anomalies. However, conventional anomaly detection approaches encounter substantial challenges when dealing with large-scale and heterogeneous data sources. These challenges include high False Positive Rates (FPRs), imbalanced data behavior, complex data handling, resource constraints, limited interpretability, and difficulties with encrypted networks. This survey reviews 60 technical papers (2019–2025) on graph-based anomaly detection (GBAD) approaches, highlighting their ability to address these challenges by utilizing the inherent structure of graphs to capture and analyze network connectivity patterns. Our analysis reveals that 32 studies (53%) employ two-stage methods while 28 (47%) use end-to-end approaches. Among the end-to-end methods, GNN-based techniques dominate, accounting for 18 of the 28 papers. We present a phased graph-based anomaly detection methodology for intrusion detection. This includes phases of data capturing, graph construction, graph pre-processing, anomaly detection, and post-detection analysis. Furthermore, we examine the evaluation methods and datasets employed in GBAD research and provide an analysis of the types of attacks identified by these methods. The most utilized datasets include CICIDS, UNSW-NB15, and DARPA, while precision, recall, and F1-score are employed in over 85% of studies. Lastly, we outline the key challenges and future directions that require significant research efforts in this area, and we offer some recommendations to address them. Full article

Connected and Autonomous Vehicles (CAVs) are exposed to increasingly sophisticated cyber threats hidden within high-dimensional, heterogeneous network traffic. A critical bottleneck in existing Intrusion Detection Systems (IDS) is the feature heterogeneity gap: discrete protocol signatures (e.g., flags, services) and continuous traffic statistics (e.g., flow duration, packet rates) reside in disjoint latent spaces. Traditional deep learning approaches typically rely on naive feature concatenation, which fails to capture the intricate, non-linear semantic dependencies between these modalities, leading to suboptimal performance on long-tail, minority attack classes. This paper proposes HCA-IDS, a novel framework centered on Semantics-Aware Cross-Modal Alignment. Unlike heavy-weight models, HCA-IDS adopts a streamlined Multi-Layer Perceptron (MLP) backbone optimized for edge deployment. We introduce a dedicated Multi-Head Cross-Attention mechanism that explicitly utilizes static “Pattern” features to dynamically query and re-weight relevant dynamic “State” behaviors. This architecture forces the model to learn a unified semantic manifold where protocol anomalies are automatically aligned with their corresponding statistical footprints. Empirical assessments on the NSL-KDD and CICIDS2018 datasets, validated through rigorous 5-Fold Cross-Validation, substantiate the robustness of this approach. The model achieves a Macro-F1 score of over 94% on 7 consolidated attack categories, exhibiting exceptional sensitivity to minority attacks (e.g., Web Attacks and Infiltration). Crucially, HCA-IDS is ultra-lightweight, with a model size of approximately 1.00 MB and an inference latency of 0.0037 ms per sample. These results confirm that explicit semantic alignment combined with a lightweight architecture is key to robust, real-time intrusion detection in resource-constrained CAVs. Full article

In recent years, numerous Advanced Persistent Threats (APTs) have carried out cyber-physical attacks on critical infrastructures. Ukraine has been the victim of several advanced campaigns against its power grids, exemplifying a growing trend of disruptive and potentially destructive attacks. Although frameworks like the MITRE ATT&CK^® (ATT&CK) document adversaries’ behaviour across various domains, they show limitations in representing the unique characteristics of cyber-physical attacks. Existing models often fail to capture the integration of physical processes, system states, and domain-specific impacts that are essential to understand threats in cyber-physical environments. This gap hinders the ability to fully model how APTs exploit physical components alongside cyber. This research investigates the limitations of the ATT&CK Industrial Control System (ICS) framework in the context of Cyber-Physical System (CPS). A capability analysis of selected Russian APTs known to target CPS was conducted, resulting in conceptual enhancements to better represent their relevant tactics and techniques. These enhancements were evaluated through semi-structured interviews with cybersecurity professionals. The findings indicate the need for improved representation of interactions in the physical domain, along with greater contextual detail on tactics and techniques. Although the study is exploratory, the enhancements provide a foundation for future research to strengthen CPS threat analysis. Full article

The increasing deployment of uncrewed aerial vehicles (UAVs) in cyber-physical and safety-critical missions has amplified the need for intrusion detection systems that are accurate, privacy-preserving, and resilient to adversarial manipulation. In this paper, we propose CM-BRF-ViT, a Cross-Modal Byzantine-Robust Federated Vision Transformer framework for UAV intrusion detection that jointly addresses heterogeneous attack modeling, distributed learning security, and adaptive decision fusion. The proposed framework integrates Gramian Angular Field (GAF) transformations with Vision Transformer (ViT) architectures to effectively convert tabular network and cyber-physical features into discriminative visual representations suitable for attention-based learning. To enable privacy-preserving collaboration across distributed UAV nodes, CM-BRF-ViT operates within a federated learning paradigm and introduces Reference-GAF Consistency Aggregation (ReGCA). This novel Byzantine-robust aggregation mechanism jointly measures prediction consistency and feature-level semantic consistency using a trusted reference set and MAD-based robust weighting. Unlike conventional defenses that rely solely on parameter-space filtering, ReGCA supervises model updates at both behavioral and representation levels, significantly enhancing robustness against malicious clients. In addition, a learnable cross-modal fusion head is developed to adaptively combine attack probabilities derived from cyber and cyber-physical modalities, allowing the framework to exploit complementary threat signatures across layers. Extensive experiments conducted on the UAVIDS-2025 and Cyber-Physical datasets demonstrate that the proposed method achieves 97.1% detection accuracy for UAV network traffic and 78.5% for cyber-physical data, with a fused detection AUC of 0.993. Under adversarial settings, CM-BRF-ViT preserves 89.6% accuracy with up to 40% Byzantine clients, outperforming FedAvg by more than 44 percentage points. Ablation studies further confirm that ReGCA, cross-modal fusion, and ViT-based representation learning contribute complementary performance gains over baseline federated and centralized approaches. These results demonstrate that CM-BRF-ViT provides a robust, adaptive, and privacy-aware intrusion detection solution for UAV systems, making it well-suited for deployment in adversarial and resource-constrained aerial networks. Full article