Search Results (124)

A significant problem in cybersecurity is to accurately detect malicious network activities in real-time by analyzing patterns in socket-level packet transmissions. This challenge involves distinguishing between legitimate and adversarial behaviors while optimizing detection strategies to minimize false alarms and resource costs under intelligent, adaptive attacks. This paper presents a comprehensive framework for network security by modeling socket-level packet transmissions and extracting key features for temporal analysis. A long short-term memory (LSTM)-based anomaly detection system predicts normal traffic behavior and identifies significant deviations as potential cyber threats. Integrating this with a zero trust signaling game, the model updates beliefs about agent legitimacy based on observed signals and anomaly scores. The interaction between defender and attacker is formulated as a Stackelberg game, where the defender optimizes detection strategies anticipating attacker responses. This unified approach combines machine learning and game theory to enable robust, adaptive cybersecurity policies that effectively balance detection performance and resource costs in adversarial environments. Two baselines are considered for comparison. The static baseline applies fixed transmission and defense policies, ignoring anomalies and environmental feedback, and thus serves as a control case of non-reactive behavior. In contrast, the adaptive non-strategic baseline introduces simple threshold-based heuristics that adjust to anomaly scores, allowing limited adaptability without strategic reasoning. The proposed fully adaptive Stackelberg strategy outperforms both partial and discrete adaptive baselines, achieving higher robustness across trust thresholds, superior attacker–defender utility trade-offs, and more effective anomaly mitigation under varying strategic conditions. Full article

Background: In an era of unprecedented technology adoption in healthcare, it is imperative to understand and predict factors influencing users’ perspective. This study employs a risk-integrated technology acceptance model aiming to identify the determinants of the intention to use mobile health applications among patients with chronic diseases in Romania. Methods: A face-to-face survey method was used to collect research data from 207 subjects, and the partial least squares structural equation modeling approach was employed for data analysis. Results: The behavioral intention to use mobile health applications (INT) was influenced positively by the perceived ease of use (PEOU, f² = 0.358, β = 0.500, p < 0.001) and perceived usefulness (PU, f² = 0.271, β = 0.678, p < 0.001). Another core predictor, with a negative effect on the intention to use, was the user’s perceived risk of using the technology (RISK, f² = 0.239, β = −0.321, p < 0.001), in turn influenced by the perceived degree of cyber-insecurity (CYBER, f² = 0.492, β = 0.639, p < 0.001). Digital self-efficacy (DSE) was identified as an external determinant with strong positive influence on PEOU (f² = 0.486, β = 0.610, p < 0.001). The model shows strong performance, reflected in a high Tenenhaus goodness-of-fit index (0.770) and solid explanatory power for the outcome variable (adjusted R² = 0.718). Conclusions: This study validates an extended risk-integrated technology acceptance model, offering robust insights into the determinants of mobile health application adoption among chronic patients in Romania. The findings provide actionable guidance for designing targeted interventions and healthcare policies to enhance technology adoption in this population. Full article

Electric drive systems (EDSs) are vital for automotive and industrial applications but remain highly vulnerable to cyber and physical anomalies (CPAs), such as inverter open-circuit faults, sensor failures, and malicious cyberattacks. Ensuring reliable EDS operation requires the controller to receive accurate and uncompromised feedback and reference signals continuously. However, many existing data-driven detection and mitigation strategies rely on large training datasets, impose significant computational overhead, and often lose effectiveness under various abnormal operating conditions. To overcome these limitations, this paper introduces a trust evaluation framework that continuously assesses the reliability of all incoming signals to the EDS controller by combining behavioral analysis with historical reliability records. The proposed scheme offers a lightweight and model-independent approach, enabling reliable, adaptive decision-making by leveraging both current and historical signal behavior. To this end, this paper further integrates the resulting trust values into a torque-split optimization algorithm, enabling adaptive load optimization by dynamically reducing the torque contribution of motors operating under abnormal or low-trust conditions, thereby demonstrating clear applicability for automotive drive systems. The framework is validated in a real-time OPAL-RT environment across multiple CPA scenarios, demonstrating accurate anomaly detection and adaptive torque redistribution. Owing to its simplicity and versatility, the proposed method can be readily extended to other safety-critical drive applications. Full article

Over the last 15 years, cyberattacks have moved from attacking IT systems to targeted attacks on Operational Technology (OT) systems, also known as Cyber–Physical Systems (CPS). The first targeted OT cyberattack was Stuxnet in 2010, at which time the term Advanced Persistent Threat (APT) appeared. An APT often refers to a sophisticated two-stage cyberattack requiring an extensive reconnaissance period before executing the actual attack. Following Stuxnet, a sizable number of APTs have been discovered and documented. APTs are difficult to detect due to the many steps involved, the large number of attacker capabilities that are in use, and the timeline. Such attacks are carried out over an extended time period, sometimes spanning several years, which means that they cannot be recognized using signatures, anomalies, or similar patterns. APTs require detection capabilities beyond what current detection paradigms are capable of, such as behavior-based, signature-based, protocol-based, or other types of Intrusion Detection and Prevention Systems (IDS/IPS). This paper describes steps towards improving the detection of APTs by means of APT group digital fingerprints. An APT group fingerprint is a digital representation of the attacker’s capabilities, their relations and dependencies, and their technical implementation for an APT group. The fingerprint is represented as a directed graph, which models the relationships between the relevant capabilities. This paper describes part of the analysis behind establishing the APT group digital fingerprint for the Russian Cyberspace Operations Group - Sandworm. Full article

Traditional security methods fail to match the speed of evolving threats because Industrial Internet of Things (IIoT) technologies have become more widely adopted. A lightweight adaptive AI-based intrusion detection system (IDS) for IIoT environments is presented in this paper. The proposed system detects cyber threats in real time through an ensemble of online learning models that also adapt to changing network behavior. The system implements SHAP (SHapley Additive exPlanations) for model prediction explanations to allow human operators to verify and understand alert causes while addressing the essential need for trust and transparency. The system validation was performed using the ToN_IoT and Bot-IoT benchmark datasets. The proposed system detects threats with 96.4% accuracy while producing 2.1% false positives and requiring 35 ms on average for detection on edge devices with limited resources. Security analysts can understand model decisions through SHAP analysis because packet size and protocol type and device activity patterns strongly affect model predictions. The system underwent testing on a Raspberry Pi 5-based IIoT testbed to evaluate its deployability in real-world scenarios through emulation of practical edge environments with constrained computational resources. The research unites real-time adaptability with explainability and low-latency performance in an IDS framework specifically designed for industrial IoT security. The solution provides a scalable method to boost cyber resilience in manufacturing, together with energy and critical infrastructure sectors. By enabling fast, interpretable, and low-latency intrusion detection directly on edge devices, this solution enhances cyber resilience in critical sectors such as manufacturing, energy, and infrastructure, where timely and trustworthy threat responses are essential to maintaining operational continuity and safety. Full article

Low-power microcontrollers, wireless sensors, and embedded gateways form the backbone of many Internet of Things (IoT) deployments. However, their limited memory, constrained energy budgets, and lack of standardized firmware make them attractive targets for diverse attacks, including bootloader backdoors, hardcoded keys, unpatched CVE exploits, and code-reuse attacks, while traditional single-layer defenses are insufficient as they often assume abundant resources. This paper presents a Systematic Literature Review (SLR) conducted according to the PRISMA 2020 guidelines, covering 196 peer-reviewed studies on cross-layer security for resource-constrained IoT and Industrial IoT environments, and introduces a four-axis taxonomy—system level, algorithmic paradigm, data granularity, and hardware budget—to structure and compare prior work. At the firmware level, we analyze static analysis, symbolic execution, and machine learning-based binary similarity detection that operate without requiring source code or a full runtime; at the network and behavioral levels, we review lightweight and graph-based intrusion detection systems (IDS), including single-packet authorization, unsupervised anomaly detection, RF spectrum monitoring, and sensor–actuator anomaly analysis bridging cyber-physical security; and at the policy level, we survey identity management, micro-segmentation, and zero-trust enforcement mechanisms supported by blockchain-based authentication and programmable policy enforcement points (PEPs). Our review identifies current strengths, limitations, and open challenges—including scalable firmware reverse engineering, efficient cross-ISA symbolic learning, and practical spectrum anomaly detection under constrained computing environments—and by integrating diverse security layers within a unified taxonomy, this SLR highlights both the state-of-the-art and promising research directions for advancing IoT security. Full article

The widespread expansion of Internet of Things devices has ushered in an era of unprecedented connectivity. However, it has simultaneously exposed these resource-constrained systems to novel and advanced cyber threats. Among the most impressive and complex attacks are those leveraging in-memory shellcode runners (malware), which perform malicious payloads directly in memory, circumventing conventional disk-based detection security mechanisms. This paper presents a comprehensive framework, both academic and technical, for detecting in-memory shellcode runners, particularly tailored to the unique characteristics of these networks. We analyze and review the limitations of existing security parameters in this area, highlight the different challenges posed by those constraints, and propose a multi-layered approach that combines entropy-based anomaly scoring, lightweight behavioral monitoring, and novel Graph Neural Network methods for System Call Semantic Graph Analysis. Our proposal focuses on runtime analysis of process memory, system call patterns (e.g., Syscall ID, Process ID, Hooking, Win32 application programming interface), and network behavior to identify the subtle indicators of compromise that portray in-memory attacks, even in the absence of conventional file-system artifacts. Through meticulous empirical evaluation against simulated and real-world Internet of Things attacks (red team engagements, penetration testing), we demonstrate the efficiency and a few challenges of our approach, providing a crucial step towards enhancing the security posture of these critical environments. Full article

As digital infrastructures become increasingly dynamic and complex, traditional static access control mechanisms are no longer sufficient to counter advanced and persistent cyber threats. In response, Zero Trust Architecture ($ZTA$) emphasizes continuous verification and context-aware access decisions. To realize these principles in practice, this study introduces a Trust Score ($TS$)-based access control model as a systematic alternative to legacy, rule-driven approaches that lack adaptability in real-time environments. The proposed $TS$ model quantifies the trustworthiness of users or devices based on four core factors—User Behavior (B), Network Environment (N), Device Status (D), and Threat History (T)—each derived from measurable operational attributes. These factors were carefully structured to reflect real-world Zero Trust environments, and a total of 20 detailed sub-metrics were developed to support their evaluation. This design enables accurate and granular trust assessment using live operational data, allowing for fine-tuned access control decisions aligned with Zero Trust principles. A comprehensive sensitivity analysis was conducted to evaluate the relative impact of each factor under different weight configurations and operational conditions. The results revealed that B and N are most influential in real-time evaluation scenarios, while B and T play a decisive role in triggering adaptive policy responses. This analysis provides a practical basis for designing and optimizing context-aware access control strategies. Empirical evaluations using the UNSW-NB15 dataset confirmed the $TS$ model’s computational efficiency and scalability. Compared to legacy access control approaches, the $TS$ model achieved significantly lower latency and higher throughput with minimal memory usage, validating its suitability for deployment in real-time, resource-constrained Zero Trust environments. Full article

Understanding the scope of cyberviolence against women and girls in adolescents and the differences between girls and boys is a fundamental starting point for its prevention. This study analyzes the experiences of cyberaggression and cybervictimization perpetrated and suffered by 762 adolescents (399 girls and 363 boys) aged 14 and 15 in the Balearic Islands (Spain) through a diagnostic study of an electronic survey administering the Gender Violence 2.0 questionnaire. The descriptive results show that, in general, the majority of boys and girls do not commit or suffer from sexist behaviors in digital environments. A crosstab analysis (p < 0.001) confirms that, as expected, girls commit less cyberaggression and suffer more cybervictimization, while boys were more often the cyberaggressors and less frequently the victims. Specifically, boys claim to be cyberaggressors more often than girls, especially in relation to cybervictimization associated with sexual violence, impositions of beauty standards, and anti-patriarchal manifestations; girls claim to be cybervictims more often than boys, primarily experiencing cyberviolence related to partner cyber control and beauty standards. These results reinforce the need to design differentiated programs for the prevention of this cyberviolence: for boys, it should be focused on the cyberaggression committed, and for girls, it should be focused on identifying and coping with cyberaggression received. Full article

In the IT sector, the relevance of looking at security from many different angles and the inclusion of different areas is already known and understood. This approach is much less pronounced in the area of cyber physical systems and not present at all in the area of building automation. Increasing interconnectivity, undefined responsibilities, connections between secured and unsecured areas, and a lack of understanding of security among decision-makers pose a particular threat. This systematic review demonstrates a paucity of literature addressing real-world scenarios, asymmetric/hybrid threats, or composite vulnerabilities. In particular, the attack surface is significantly increased by the deployment of smart sensors and actuators in unprotected areas. Furthermore, a range of additional hybrid threats are cited, with practical examples being provided that have hitherto gone unnoticed in the extant literature. It will be shown whether solutions are available in neighboring areas and whether these can be transferred to building automation to increase the security of the entire system. Consequently, subsequent studies can be developed to create more accurate behavioral models, enabling more rapid and effective analysis of potential attacks to building automation. Full article

The growing sophistication of cyber threats has posed significant challenges for organizations in terms of accurately detecting and responding to incidents in a coordinated manner. Despite advances in the application of machine learning and automation, many solutions still face limitations such as high false positive rates, low scalability, and difficulties in interorganizational cooperation. This study presents MICRA (Modular Intelligent Cybersecurity Response Architecture), a modular conceptual proposal that integrates dynamic data acquisition, cognitive threat analysis, multi-layer validation, adaptive response orchestration, and collaborative intelligence sharing. The architecture consists of six interoperable modules and incorporates techniques such as supervised learning, heuristic analysis, and behavioral modeling. The modules are designed for operation in diverse environments, including corporate networks, educational networks, and critical infrastructures. MICRA seeks to establish a flexible and scalable foundation for proactive cyber defense, reconciling automation, collaborative intelligence, and adaptability. This proposal aims to support future implementations and research on incident response and cyber resilience in complex operational contexts. Full article

The increasing reliance on Medical Internet of Things (MIoT) devices introduces critical cybersecurity vulnerabilities, necessitating advanced, adaptive defense mechanisms. Recent cyber incidents—such as compromised critical care systems, modified therapeutic device outputs, and fraudulent clinical data inputs—demonstrate that these threats now directly impact life-critical aspects of patient security. In this paper, we introduce a machine learning-enabled Cognitive Cyber-Physical System (ML-CCPS), which is designed to identify and respond to cyber threats in MIoT environments through a layered cognitive architecture. The system is constructed on a feedback-looped architecture integrating hybrid feature modeling, physical behavioral analysis, and Extreme Learning Machine (ELM)-based classification to provide adaptive access control, continuous monitoring, and reliable intrusion detection. ML-CCPS is capable of outperforming benchmark classifiers with an acceptable computational cost, as evidenced by its macro F1-score of 97.8% and an AUC of 99.1% when evaluated with the ToN-IoT dataset. Alongside classification accuracy, the framework has demonstrated reliable behaviour under noisy telemetry, maintained strong efficiency in resource-constrained settings, and scaled effectively with larger numbers of connected devices. Comparative evaluations, radar-style synthesis, and ablation studies further validate its effectiveness in real-time MIoT environments and its ability to detect novel attack types with high reliability. Full article

This article presents a Cyber-Physical System Interface (CPSI) for a patented implantable esophageal prosthesis. Designed for in vivo use, the CPSI has been implemented in a MATLAB (version R2021b) simulation environment integrated with real-time data from sensors relevant for monitoring the prosthesis’s physical positioning and environmental interactions, aggregated through an Arduino external system. This setup enables the modeling and analysis of system behaviors in a controlled setting. The paper discusses the sensors, hardware and software components supporting a wide range of applications, and the method chosen for sensor-to-display flow. The case study demonstrates two monitoring system applications: one analyzes the influence of variations in the prosthesis geometry, while the other evaluates the tissue response to the implant. The proposed framework and implementation are highly relevant for a wide range of in vivo implants and related systems. Full article

Malicious Software, commonly known as Malware, represents a persistent threat to cybersecurity, targeting the confidentiality, integrity, and availability of information systems. The digital era, marked by the proliferation of connected devices, cloud services, and the advancement of machine learning, has brought numerous benefits; however, it has also exacerbated exposure to cyber threats, affecting both individuals and corporations. This systematic review, which follows the PRISMA 2020 framework, aims to analyze current trends and new methods for malware detection and classification. The review was conducted using data from Web of Science and Scopus, covering publications from 2020 and 2024, with over 47 key studies selected for in-depth analysis based on relevance, empirical results and citation metrics. These studies cover a variety of detection techniques, including machine learning, deep learning and hybrid models, with a focus on feature extraction, malware behavior analysis and the application of advanced algorithms to improve detection accuracy. The results highlight important advances, such as the improved performance of ensemble learning and deep learning models in detecting sophisticated threats. Finally, this study identifies the main challenges and outlines opportunities of future research to improve malware detection and classification frameworks. Full article

Nowadays, the world witnesses cyber attacks daily, and these threats are becoming exponentially sophisticated due to advances in Artificial Intelligence (AI). This progress allows adversaries to accelerate malware development and streamline the exploitation process. The motives vary, and so do the consequences. Unlike Information Technology (IT) breaches, Operational Technology (OT)—such as manufacturing plants, electric grids, or water and wastewater facilities—compromises can have life-threatening or environmentally hazardous consequences. For that reason, this article explores a potential cyber attack against an OT environment—firmware downgrade—and proposes a solution for detection and response by implementing Microsoft Defender for IoT (D4IoT), one of the leading products on the market for OT monitoring. To detect the malicious firmware downgrade activity, D4IoT was implemented in a pre-commissioning (non-production) environment. The solution passively monitored the network, identified the deviation, and generated alerts for response actions. Testing showed that D4IoT effectively detected the firmware downgrade attempts based on a protocol analysis and asset behavior profiling. These findings demonstrate that D4IoT provides valuable detection capabilities against an intentional firmware downgrade designed to exploit known vulnerabilities in the older, less secure version, thereby strengthening the cybersecurity posture of OT environments. The explored attack scenario leverages the symmetry between genuine and malicious firmware flows, where the downgrade mimics the upgrade process, aiming to create challenges in detection. The proposed solution discerns adversarial actions from legitimate firmware changes by breaking this functional symmetry through behavioral profiling. Full article