Search Results (18)

The escalating sophistication of ransomware requires defensive strategies that are both proactive against zero-day attacks and operationally efficient. Existing solutions often force a trade-off—sacrificing low false-positive rates for broad detection, or vice versa. This work introduces an integrated framework designed to transcend this limitation. Our dual-stage approach synergizes pre-encryption behavioral analysis with definitive post-encryption confirmation. The first stage employs a specialized artificial immune system (AIS) that monitors a curated set of 47 features, including API-call n-grams and file entropy dynamics, to identify malicious activity before file encryption begins. This pre-emptive analysis is complemented by an enhanced, cross-platform R-Locker mechanism, which uses Windows named pipes and symbolic links to deploy honeyfiles that trap ransomware during I/O operations, providing a high-fidelity trigger for automated containment. We subjected this framework to a rigorous evaluation against 3500 real-world ransomware samples and 12,000 benign applications. The results demonstrate a 98.2% detection rate with a 0.8% false-positive rate, achieving a mean response time of 1.3 s. A key finding is the framework’s efficiency on both Windows and Linux (the only platforms tested), with the AIS and R-Locker modules consuming a combined 101 MB of memory. While the system excels in real-time detection, we note that its current memory forensics capability for key recovery is incompatible with certain ransomware families due to architectural obfuscations. Our findings suggest that the integrated approach performs well under laboratory conditions; further real-world validation is required to confirm robustness in diverse environments. Full article

In organizational cyber crises, incident response and official communication form coupled control loops, yet they are usually engineered separately. We present V-CHIMERA (Verified Coupled Human–Information–Machine Incident Response Architecture), a framework for organizational cyber crisis response under misinformation that jointly models cyber state, belief dynamics, trust, and communication governance. The framework combines three elements: an explicit cyber–social coupling architecture, a runtime protocol shield for communication safety, and immune-gated coupling (IGC) that uses danger signaling, tolerance thresholds, and immune memory to regulate when social feedback should affect operational response and how strongly counter-messaging should be targeted. Across three representative scenarios—ransomware rumor, outage rumor, and exfiltration scam—and eight seeds per scenario, all shielded policies achieved zero executed protocol violations. Relative to naive coupled control, IGC reduced cyber-harm area under the curve (AUC) by 57.6% in ransomware rumor and 42.6% in outage rumor while also reducing misbelief. Results were scenario-dependent rather than uniformly dominant: in exfiltration scam, a broadcast-only ablation outperformed targeted messaging, showing that targeting can fail when diffusion rapidly crosses community boundaries. Sensitivity analysis further shows that IGC attenuates the brittleness observed under strong coupling and weak moderation. The results suggest that biomimetic regulation is valuable not because coupling always helps, but because it prevents overreaction, clarifies when targeting should be used, and yields safer organizational defaults for misinformation-aware incident response. Full article

As smart grids evolve into complex cyber-physical systems, conventional static defenses struggle to address time-varying topologies and Advanced Persistent Threats (APTs). We propose the Security Framework for Resilient Smart Grids based on Self-Organizing Graph Neural Cellular Automata (SG-GNC). Specifically, a Neural Homeostatic Embedding (NHE) mechanism utilizes variational graph autoencoders to construct a continuous health manifold for unsupervised anomaly detection, while a Neural Cellular Automata (NCA) engine employs shared-weight local rules to empower nodes with decentralized self-healing capabilities. Finally, a Generative Adversarial Immunity (GAI) strategy facilitates active defense co-evolution, enhancing robustness against zero-day attacks. Experimental results on the IEEE 118 and 300-bus systems demonstrate an average detection accuracy of 98.23%, significantly outperforming benchmarks. In scenarios involving dynamic topology and zero-day attacks, the framework maintains over 96% accuracy with an inference latency of only 9.45 ms. These findings validate the capability of SG-GNC to provide resilient, endogenous defense in complex heterogeneous environments. Full article

The transition toward Industry 4.0 requires advanced sensing platforms capable of delivering real-time, high-fidelity data under extreme industrial conditions. Thin-film sensors, leveraging both photonic and functional approaches, are emerging as key enablers of this transformation. By exploiting optical phenomena such as Fabry–Pérot interference, guided-mode resonance, plasmonics, and photonic crystal effects, thin-film photonic devices provide highly sensitive, electromagnetic interference-immune, and remotely interrogated solutions for monitoring temperature, strain, and chemical environments. Complementarily, functional thin films including oxide-based chemiresistors, nanoparticle coatings, and flexible electronic skins extend sensing capabilities to diverse industrial contexts, from hazardous gas detection to structural health monitoring. This review surveys the fundamental optical principles, material platforms, and deposition strategies that underpin thin-film sensors, emphasizing advances in nanostructured oxides, 2D materials, hybrid perovskites, and additive manufacturing methods. Application-focused sections highlight their deployment in temperature and stress monitoring, chemical leakage detection, and industrial safety. Integration into Internet of Things (IoT) networks, cyber-physical systems, and photonic integrated circuits is examined, alongside challenges related to durability, reproducibility, and packaging. Future directions point to AI-driven signal processing, flexible and printable architectures, and autonomous self-calibration. Together, these developments position thin-film sensors as foundational technologies for intelligent, resilient, and adaptive manufacturing in Industry 4.0. Full article

The deep integration of digital technologies has significantly improved the operational efficiency of electricity markets, but it has also introduced increasingly severe and sophisticated cybersecurity challenges. As a highly coupled cyber–physical system (CPS), the electricity market is increasingly vulnerable to attacks that exploit weaknesses in both market mechanisms and information infrastructure. Unlike existing reviews, this study makes three key contributions: First, it provides a hierarchical analysis of cyberattacks targeting electricity market operations, detailing how such attacks manipulate outcomes for profit or disruption. Second, it proposes a novel full-lifecycle dynamic defense framework tailored to the cyber–physical–market nature of the electricity market, coordinating defenses across the entire attack lifecycle to ensure market stability and financial integrity. Third, it analyzes key enabling technologies for attack–defense games and identifies fundamental challenges to market resilience. Looking ahead, the manuscript outlines a strategic research agenda, emphasizing breakthroughs in intelligent and collaborative technologies. These advancements are expected to drive the evolution of the electricity market’s defense from a passive–reactive model to a state of active immunity, which can anticipate, withstand, and autonomously recover from complex cyber threats. Full article

Cybersecurity has evolved significantly over the years, with a growing interest in biologically inspired models that emulate the immune system’s defense mechanisms. This paper provides a comparative analysis of various immunity-based approaches in cybersecurity, tracking their progression from their inception to the present. It explores the strengths and limitations of these methods across different cybersecurity areas, such as intrusion detection, malware analysis, and network protection. By reviewing foundational research, recent advancements, and existing challenges, this study aims to offer a well-rounded perspective on the effectiveness and constraints of immunity-driven strategies in protecting modern digital infrastructure. Additionally, it highlights emerging trends and future directions, stressing the importance of integrating these approaches with machine learning and other advanced technologies to strengthen cybersecurity resilience. Full article

The paper proposes a technique for protecting reconfigurable networks that implements topology rebuilding, which combines immunization and network gaming methods, as a solution for maintaining cyber resilience. Immunization presumes an adaptive set of protective reconfigurations destined to ensure the functioning of a network. It is a protective reconfiguration aimed to preserve/increase the functional quality of the system. Network nodes and edges are adaptively reorganized to counteract an invasion. This is a functional component of cyber resilience. It can be implemented as a global strategy, using knowledge of the whole network structure, or a local strategy that only works with a certain part of a network. A formal description of global and local immune strategies based on hierarchical and peer-to-peer network topologies is presented. A network game is a kind of the well-defined game model in which each situation generates a specific network, and the payoff function is calculated based on the constructed networks. A network game is proposed for analyzing a network topology. This model allows quickly identifying nodes that require disconnection or replacement when a cyber attack occurs, and understanding which network sectors might be affected by an attack. The gaming method keeps the network topology resistant to unnecessary connections. This is a structural component of cyber resilience. The basic network game method has been improved by using the criterion of maximum possible path length to reduce the number of reconfigurations. Network optimization works together with immunization to preserve the structural integrity of the network. In an experimental study, the proposed method demonstrated its effectiveness in maintaining system quality within given functional limits and reducing the cost of system protective restructuring. Full article

The next-generation “Industrial Internet of Things” (IIoT) will support “Machine-to-Machine” (M2M) communications for smart Cyber-Physical-Systems and Industry 4.0, and require guaranteed cyber-security. This paper explores hardware-enforced cyber-security for critical infrastructures. It examines a quantum-safe “Software-Defined-Deterministic IIoT” (SDD-IIoT), with a new forwarding-plane (sub-layer-3a) for deterministic M2M traffic flows. A “Software-Defined Networking” (SDN) control plane controls many “Software-Defined-Deterministic Wide-Area Networks” (SDD-WANs), realized with FPGAs. The SDN control plane provides an “Admission-Control/Access-Control” system for network-bandwidth, using collaborating Artificial Intelligence (AI)-based “Zero Trust Architectures” (ZTAs). Hardware-enforced access-control eliminates all congestion, BufferBloat, and DoS/DDoS attacks, significantly reduces buffer-sizes, and supports ultra-reliable-low-latency communications in the forwarding-plane. The forwarding-plane can: (i) Encrypt/Authenticate M2M flows using quantum-safe ciphers, to withstand attacks by Quantum Computers; (ii) Implement “guaranteed intrusion detection systems” in FPGAs, to detect cyber-attacks embedded within billions of IIoT packets; (iii) Provide guaranteed immunity to external cyber-attacks, and exceptionally strong immunity to internal cyber-attacks; (iv) Save USD 100s of billions annually by exploiting FPGAs; and (v) Enable hybrid Classical-Quantum networks, by integrating a “quantum key distribution” (QKD) network with a classical forwarding plane with exceptionally strong cyber-security, determined by the computational hardness of cracking Symmetric Key Cryptography. Extensive experimental results for an SDD-WAN over the European Union are reported. Full article

As the prevalence and sophistication of cyber threats continue to increase, the development of robust vulnerability detection techniques becomes paramount in ensuring the security of computer systems. Neural models have demonstrated significant potential in identifying vulnerabilities; however, they are not immune to adversarial attacks. This paper presents a set of evolutionary techniques for generating adversarial instances to enhance the resilience of neural models used for vulnerability detection. The proposed approaches leverage an evolution strategy (ES) algorithm that utilizes as the fitness function the output of the neural network to deceive. By starting from existing instances, the algorithm evolves individuals, represented by source code snippets, by applying semantic-preserving transformations, while utilizing the fitness to invert their original classification. This iterative process facilitates the generation of adversarial instances that can mislead the vulnerability detection models while maintaining the original behavior of the source code. The significance of this research lies in its contribution to the field of cybersecurity by addressing the need for enhanced resilience against adversarial attacks in vulnerability detection models. The evolutionary approach provides a systematic framework for generating adversarial instances, allowing for the identification and mitigation of weaknesses in AI classifiers. Full article

The small-drone technology domain is the outcome of a breakthrough in technological advancement for drones. The Internet of Things (IoT) is used by drones to provide inter-location services for navigation. But, due to issues related to their architecture and design, drones are not immune to threats related to security and privacy. Establishing a secure and reliable network is essential to obtaining optimal performance from drones. While small drones offer promising avenues for growth in civil and defense industries, they are prone to attacks on safety, security, and privacy. The current architecture of small drones necessitates modifications to their data transformation and privacy mechanisms to align with domain requirements. This research paper investigates the latest trends in safety, security, and privacy related to drones, and the Internet of Drones (IoD), highlighting the importance of secure drone networks that are impervious to interceptions and intrusions. To mitigate cyber-security threats, the proposed framework incorporates intelligent machine learning models into the design and structure of IoT-aided drones, rendering adaptable and secure technology. Furthermore, in this work, a new dataset is constructed, a merged dataset comprising a drone dataset and two benchmark datasets. The proposed strategy outperforms the previous algorithms and achieves 99.89% accuracy on the drone dataset and 91.64% on the merged dataset. Overall, this intelligent framework gives a potential approach to improving the security and resilience of cyber–physical satellite systems, and IoT-aided aerial vehicle systems, addressing the rising security challenges in an interconnected world. Full article

The wide use of communication layers in DC microgrids to transmit voltage and current measurements of each distributed generator unit (DGU) increases the possibility of exposure to cyber-attacks. Cyber-attackers can manipulate the measured data to distort the control system of microgrids, which may lead to a shutdown. This paper proposes distributed mitigation layers for the false data injection attacks (FDIA) on voltages and currents of DGUs in meshed DC microgrids. The proposed control strategy is based on integrating two layers for cyber-attack detection and mitigation to immune the primary and the secondary control loops of each DGU. The first layer is assigned to mitigate FDIAs on the voltage measurements needed for the voltage regulation task of the primary control loop. The second layer is devoted to the mitigation of FDIAs on the DGU current measurements, which are crucial for the secondary control level to guarantee the proper current sharing of each DGU. Artificial neural networks (ANNs) are employed to support these layers by estimating the authenticated measurements. Different simulation and experimental case studies are provided to demonstrate the proposed mitigation layers’ effectiveness in detecting and mitigating cyber-attacks on voltage and current measurements. The simulation and experimental results are provided to evaluate the dynamic performance of the suggested control approach and to ensure the accurate operation of DC microgrids despite the existence of cyber-attacks on the measurements employed in the control strategy. Moreover, the control strategy succeeds to keep the maximum voltage error and the maximum error in current sharing within tolerance. Full article

The rate of technical innovation, system interconnection, and advanced communications undoubtedly boost distributed energy networks’ efficiency. However, when an additional attack surface is made available, the possibility of an increase in attacks is an unavoidable result. The energy ecosystem’s significant variety draws attackers with various goals, making any critical infrastructure a threat, regardless of scale. Outdated technology and other antiquated countermeasures that worked years ago cannot address the complexity of current threats. As a result, robust artificial intelligence cyber-defense solutions are more important than ever. Based on the above challenge, this paper proposes an ensemble transfer learning spiking immune system for adaptive smart grid protection. It is an innovative Artificial Immune System (AIS) that uses a swarm of Evolving Izhikevich Neural Networks (EINN) in an Ensemble architecture, which optimally integrates Transfer Learning methodologies. The effectiveness of the proposed innovative system is demonstrated experimentally in multiple complex scenarios that optimally simulate the modern energy environment. The most significant findings of this work are that the transfer learning architecture’s shared learning rate significantly adds to the speed of generalization and convergence approach. In addition, the ensemble combination improves the accuracy of the model because the overall behavior of the numerous models is less noisy than a comparable individual single model. Finally, the Izhikevich Spiking Neural Network used here, due to its dynamic configuration, can reproduce different spikes and triggering behaviors of neurons, which models precisely the problem of digital security of energy infrastructures, as proved experimentally. Full article

The autonomous and adaptable identification of anomalies in industrial contexts, particularly in the physical processes of Cyber-Physical Production Systems (CPPS), requires using critical technologies to identify failures correctly. Most of the existing solutions in the anomaly detection research area do not consider such systems’ dynamics. Due to the complexity and multidimensionality of CPPS, a scalable, adaptable, and rapid anomaly detection system is needed, considering the new design specifications of Industry 4.0 solutions. Immune-based models, such as the Dendritic Cell Algorithm (DCA), may provide a rich source of inspiration for detecting anomalies, since the anomaly detection problem in CPPS greatly resembles the functionality of the biological dendritic cells in defending the human body from hazardous pathogens. This paper tackles DCA limitations that may compromise its usage in anomaly detection applications, such as the manual characterization of safe and danger signals, data analysis not suitable for online classification, and the lack of an object-oriented implementation of the algorithm. The proposed approach, the Cursory Dendritic Cell Algorithm (CDCA), is a novel variation of the DCA, developed to be flexible and monitor physical industrial processes continually while detecting anomalies in an online fashion. This work’s contribution is threefold. First, it provides a comprehensive review of Artificial Immune Systems (AIS), focusing on AIS applied to the anomaly detection problem. Then, a new object-oriented architecture for the DCA implementation is described, enabling the modularity and abstraction of the algorithm stages into different classes (modules). Finally, the CDCA for the anomaly detection problem is proposed. The CDCA was successfully validated in two industrial-oriented dataset benchmarks for physical anomaly and network intrusion detection, the Skoltech Anomaly Benchmark (SKAB) and M2M using OPC UA. When compared to other algorithms, the proposed approach exhibits promising classification results. It was placed fourth on the SKAB scoreboard and presented a competitive performance with the incremental Dendritic Cell Algorithm (iDCA). Full article

This paper looks at the problem of cybersecurity in modern cyber-physical and information systems and proposes an immune-like approach to the information security of modern complex systems. This approach is based on the mathematical modeling in information security—in particular, the use of immune methods to protect several critical system nodes from a predetermined range of attacks, and to minimize the success of an attack on the system. The methodological approach is to systematize the tasks, means and modes of immunization to describe how modern systems can counter the spread of computer attacks. The main conclusions and recommendations are that using an immunization approach will not only improve the security of systems, but also define principles for building systems that are resistant to cyber attacks. The immunization approach enables a symmetrical response to an intruder in a protected system to be produced rapidly. This symmetry provides a step-by-step neutralization of all stages of a cyber attack, which, combined with the accumulation of knowledge of the attacker’s actions, allows a base of defensive responses to be generated for various cyber attack scenarios. The theoretical conclusions are supported by practical experiments describing real-world scenarios for the use of immunization tools to protect against cyber threats. Full article

CyberKnife stereotactic radiosurgery (CK-SRS) precisely delivers radiation to intracranial tumors. However, the underlying radiobiological mechanisms at high single doses are not yet fully understood. Here, we established and evaluated the early radiobiological effects of CK-SRS treatment at a single dose of 20 Gy after 15 days of tumor growth in a syngeneic glioblastoma-mouse model. Exact positioning was ensured using a custom-made, non-invasive, and trackable frame. One superimposed target volume for the CK-SRS planning was created from the fused tumor volumes obtained from MRIs prior to irradiation. Dose calculation and delivery were planned using a single-reference CT scan. Six days after irradiation, tumor volumes were measured using MRI scans, and radiobiological effects were assessed using immunofluorescence staining. We found that CK-SRS treatment reduced tumor volume by approximately 75%, impaired cell proliferation, diminished tumor vasculature, and increased immune response. The accuracy of the delivered dose was demonstrated by staining of DNA double-strand breaks in accordance with the planned dose distribution. Overall, we confirmed that our proposed setup enables the precise irradiation of intracranial tumors in mice using only one reference CT and superimposed MRI volumes. Thus, our proposed mouse model for reproducible CK-SRS can be used to investigate radiobiological effects and develop novel therapeutic approaches. Full article