Search Results (707)

The increasing reliance on Medical Internet of Things (MIoT) devices introduces critical cybersecurity vulnerabilities, necessitating advanced, adaptive defense mechanisms. Recent cyber incidents—such as compromised critical care systems, modified therapeutic device outputs, and fraudulent clinical data inputs—demonstrate that these threats now directly impact life-critical aspects of patient security. In this paper, we introduce a machine learning-enabled Cognitive Cyber-Physical System (ML-CCPS), which is designed to identify and respond to cyber threats in MIoT environments through a layered cognitive architecture. The system is constructed on a feedback-looped architecture integrating hybrid feature modeling, physical behavioral analysis, and Extreme Learning Machine (ELM)-based classification to provide adaptive access control, continuous monitoring, and reliable intrusion detection. ML-CCPS is capable of outperforming benchmark classifiers with an acceptable computational cost, as evidenced by its macro F1-score of 97.8% and an AUC of 99.1% when evaluated with the ToN-IoT dataset. Alongside classification accuracy, the framework has demonstrated reliable behaviour under noisy telemetry, maintained strong efficiency in resource-constrained settings, and scaled effectively with larger numbers of connected devices. Comparative evaluations, radar-style synthesis, and ablation studies further validate its effectiveness in real-time MIoT environments and its ability to detect novel attack types with high reliability. Full article

The integration of digital twins (DTs) with intelligent traffic systems (ITSs) holds strong potential for improving real-time management in smart cities. However, securing digital twins remains a significant challenge due to the dynamic and adversarial nature of cyber–physical environments. In this work, we propose TwinFedPot, an innovative digital twin-based security architecture that combines honeypot-driven data collection with Zero-Shot Learning (ZSL) for robust and adaptive cyber threat detection without requiring prior sampling. The framework leverages Inverse Federated Distillation (IFD) to train the DT server, where edge-deployed honeypots generate semantic predictions of anomalous behavior and upload soft logits instead of raw data. Unlike conventional federated approaches, TwinFedPot reverses the typical knowledge flow by distilling collective intelligence from the honeypots into a central teacher model hosted on the DT. This inversion allows the system to learn generalized attack patterns using only limited data, while preserving privacy and enhancing robustness. Experimental results demonstrate significant improvements in accuracy and F1-score, establishing TwinFedPot as a scalable and effective defense solution for smart traffic infrastructures. Full article

As cyberattacks continue to rise in frequency and sophistication, extracting actionable Cyber Threat Intelligence (CTI) from diverse online sources has become critical for proactive threat detection and defense. However, accurately identifying complex entities from lengthy and heterogeneous threat reports remains challenging due to long-range dependencies and domain-specific terminology. To address this, we propose XLNet-CRF, a hybrid framework that combines permutation-based language modeling with structured prediction using Conditional Random Fields (CRF) to enhance Named Entity Recognition (NER) in cybersecurity contexts. XLNet-CRF directly addresses key challenges in CTI-NER by modeling bidirectional dependencies and capturing non-contiguous semantic patterns more effectively than traditional approaches. Comprehensive evaluations on two benchmark cybersecurity corpora validate the efficacy of our approach. On the CTI-Reports dataset, XLNet-CRF achieves a precision of 97.41% and an F1-score of 97.43%; on MalwareTextDB, it attains a precision of 85.33% and an F1-score of 88.65%—significantly surpassing strong BERT-based baselines in both accuracy and robustness. Full article

In the face of escalating cyber threats to critical infrastructures, achieving robust cyber resilience has become paramount. This paper proposes an endogenous security-oriented framework for cyber resilience assessment, specifically tailored for critical infrastructures. Drawing on the principles of endogenous security, our framework integrates dynamic heterogeneous redundancy (DHR) and adaptive defense mechanisms to address both known and unknown threats. We model resilience across four key dimensions—Prevention, Destruction Resistance, Adaptive Recovery, and Evolutionary Learning—using a novel mathematical formulation that captures nonlinear interactions and temporal dynamics. The framework incorporates environmental threat entropy to dynamically adjust resilience scores, ensuring relevance in evolving attack landscapes. Through empirical validation on simulated critical infrastructure scenarios, we demonstrate the framework’s ability to quantify resilience trajectories and trigger timely defensive adaptations. Empiricalvalidation on a real-world critical infrastructure system yielded an overall resilience score of 82.75, revealing a critical imbalance between strong preventive capabilities (90/100) and weak Adaptive Recovery (66/100). Our approach offers a significant advancement over static risk assessment models by providing actionable metrics for strategic resilience investments. This work contributes to the field by bridging endogenous security theory with practical resilience engineering, paving the way for more robust protection of critical systems against sophisticated cyber threats. Full article

As cyber threats continue to grow in complexity and persistence, resilience has become a critical requirement for cyber–physical systems (CPSs). Resilience quantitative assessment is essential for supporting secure system design and ensuring reliable operation. Although various methods have been proposed for evaluating CPS resilience, major challenges remain in accurately modeling the interaction between cyber and physical domains and in providing structured guidance for resilience-oriented design. This study proposes an integrated CPS resilience assessment framework that combines cyber-layer anomaly modeling based on Markov chains with mathematical modeling of performance degradation and recovery in the physical domain. The framework establishes a structured evaluation process through parameter normalization and cyber–physical coupling, enabling the generation of resilience curves that clearly represent system performance changes under adverse conditions. A case study involving an industrial controller equipped with a diversity-redundancy architecture is conducted to demonstrate the applicability of the proposed method. Modeling and simulation results indicate that the framework effectively reveals key resilience characteristics and supports performance-informed design optimization. Full article

With the growing number and diversity of network attacks, traditional security measures such as firewalls and data encryption are no longer sufficient to ensure robust network protection. As a result, intrusion detection systems (IDSs) have become a vital component in defending against evolving cyber threats. Although many modern IDS solutions employ machine learning techniques, they often suffer from low detection rates and depend heavily on manual feature engineering. Furthermore, most IDS models are designed to identify only a limited set of attack types, which restricts their effectiveness in practical scenarios where a network may be exposed to a wide array of threats. To overcome these limitations, we propose a novel approach to IDSs by implementing a combined dataset framework based on an enhanced hybrid principal component analysis–Transformer (PCA–Transformer) model, capable of detecting 21 unique classes, comprising 1 benign class and 20 distinct attack types across multiple datasets. The proposed architecture incorporates enhanced preprocessing and feature engineering, followed by the vertical concatenation of the CSE-CIC-IDS2018 and CICIDS2017 datasets. In this design, the PCA component is responsible for feature extraction and dimensionality reduction, while the Transformer component handles the classification task. Class imbalance was addressed using class weights, adaptive synthetic sampling (ADASYN), and edited nearest neighbors (ENN). Experimental results show that the model achieves 99.80% accuracy for binary classification and 99.28% for multi-class classification on the combined dataset (CSE-CIC-IDS2018 and CICIDS2017), 99.66% accuracy for binary classification and 99.59% for multi-class classification on the CSE-CIC-IDS2018 dataset, 99.75% accuracy for binary classification and 99.51% for multi-class classification on the CICIDS2017 dataset, and 99.98% accuracy for binary classification and 98.01% for multi-class classification on the NF-BoT-IoT-v2 dataset, significantly outperforming existing approaches by distinguishing a wide range of classes, including benign and various attack types, within a unified detection framework. Full article

Resource-constrained Internet of Things (IoT) devices demand efficient and robust intrusion detection systems (IDSs) to counter evolving cyber threats. The traditional IDS models, however, struggle with high computational complexity and inadequate feature extraction, limiting their accuracy and generalizability in IoT environments. To address this, we propose FFT-RDNet, a lightweight IDS framework leveraging depthwise separable convolution and frequency-domain feature fusion. An ADASYN-Tomek Links hybrid strategy first addresses class imbalances. The core innovation of FFT-RDNet lies in its novel two-dimensional spatial feature modeling approach, realized through a dedicated dual-path feature embedding module. One branch extracts discriminative statistical features in the time domain, while the other branch transforms the data into the frequency domain via Fast Fourier Transform (FFT) to capture the essential energy distribution characteristics. These time–frequency domain features are fused to construct a two-dimensional feature space, which is then processed by a streamlined residual network using depthwise separable convolution. This network effectively captures complex periodic attack patterns with minimal computational overhead. Comprehensive evaluation on the NSL-KDD and CIC-IDS2018 datasets shows that FFT-RDNet outperforms state-of-the-art neural network IDSs across accuracy, precision, recall, and F1 score (improvements: 0.22–1%). Crucially, it achieves superior accuracy with a significantly reduced computational complexity, demonstrating high efficiency for resource-constrained IoT security deployments. Full article

Ensuring cybersecurity in power monitoring systems is of paramount importance to maintain the operational safety and stability of modern power grids. With the rapid expansion of grid infrastructure and increasing sophistication of cyber threats, existing manual alarm-tracing methods face significant challenges in handling the massive volume of security alerts, leading to delayed responses and potential system vulnerabilities. Current approaches often lack the capability to effectively model complex relationships among alerts and are hindered by imbalanced data distributions, which degrade tracing accuracy. To this end, this paper proposes a power monitor system cybersecurity alarm-tracing method based on the knowledge graph (KG) and graph convolutional neural networks (GCNN). Specifically, a cybersecurity KG is constituted based on the historical alert, accurately representing the entities and relationships in massive alerts. Then, a GCNN with attention mechanisms is applied to sufficiently extract the topological features along alarms in KG so that it can precisely and effectively trace the massive alarms. Most importantly, to mitigate the influence of imbalanced alarms for tracing, a specialized data process and model ensemble strategy by adaptively weighted imbalance sample is proposed. Finally, based on 70,000 alarm information from a regional power grid, by applying the method proposed in this paper, an alarm traceability accuracy rate of 96.59% was achieved. Moreover, compared with the traditional manual method, the traceability efficiency was improved by more than 80%. Full article

Traditional security detection methods struggle to identify zero-day attacks in Industrial Control Systems (ICSs), particularly within critical infrastructures (CIs) integrated with the Industrial Internet of Things (IIoT). These attacks exploit unknown vulnerabilities, leveraging the complexity of physical and digital system interconnections, making them difficult to detect. The integration of legacy ICS networks with modern computing and networking technologies has expanded the attack surface, increasing susceptibility to cyber threats. Anomaly detection systems play a crucial role in safeguarding these infrastructures by identifying deviations from normal operations. This study investigates the effectiveness of deep learning-based anomaly detection models in revealing operational anomalies that could indicate potential cyber-attacks. We implemented and evaluated a hybrid deep learning architecture combining Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks to analyze ICS telemetry data. The CNN-LSTM model excels in identifying time-dependent anomalies and enables near real-time detection of cyber-attacks, significantly improving security monitoring capabilities for IIoT-integrated critical infrastructures. Full article

This paper introduces the Automated Zero Trust Risk Management with DevSecOps Integration (AZTRM-D) framework, a novel approach that embeds security throughout the entire Secure Software and System Development Life Cycle (S-SDLC). AZTRM-D strategically unifies three established methodologies: DevSecOps practices, the NIST Risk Management Framework (RMF), and the Zero Trust (ZT) model. It then significantly augments their capabilities through the pervasive application of Artificial Intelligence (AI). This integration shifts traditional, often fragmented, security paradigms towards a proactive, automated, and continuously adaptive security posture. AI serves as the foundational enabler, providing real-time threat intelligence, automating critical security controls, facilitating continuous vulnerability detection, and enabling dynamic policy enforcement from initial code development through operational deployment. By automating key security functions and providing continuous oversight, AZTRM-D enhances risk mitigation, reduces vulnerabilities, streamlines compliance, and significantly strengthens the overall security posture of software systems, thereby addressing the complexities of modern cyber threats and accelerating the delivery of secure software. Full article

The increased occurrence and severity of cyber-attacks on critical infrastructure have underscored the need to embrace systematic and prospective approaches to resilience. The current research takes as its hypothesis that the InfraGuard Cybersecurity Framework—a capability model that measures the maturity of cyber resilience through three functional pillars, Cyber as a Shield, Cyber as a Space, and Cyber as a Sword—is an implementable and understandable means to proceed with. The model treats the significant aspects of situational awareness, active defense, risk management, and recovery from incidents and is measured using globally standardized maturity models like ISO/IEC 15504, NIST CSF, and COBIT. The contributions include multidimensional measurements of resilience, a scored scale of capability (0–5), and domain-based classification enabling organizations to assess and enhance their cybersecurity situation in a formalized manner. The framework’s applicability is illustrated in three exploratory settings of power grids, healthcare systems, and airports, each constituting various levels of maturity in resilience. This study provides down-to-earth recommendations to policymakers through the translation of the attributes of resilience into concrete assessment indicators, promoting policymaking, investment planning, and global cyber defense collaboration. Full article

The rapid growth of Internet of Things (IoT) environments has increased security challenges due to heightened exposure to cyber threats and attacks. A key problem is the class imbalance in attack traffic, where critical yet underrepresented attacks are often overlooked by intrusion-detection systems (IDS), thereby compromising reliability. We propose Feature-Importance GAN SMOTE (FIGS), an innovative, realistic intrusion-detection framework designed for IoT environments to address this challenge. Unlike other works that rely only on traditional oversampling methods, FIGS integrates sensitivity-based feature-importance analysis, Generative Adversarial Network (GAN)-based augmentation, a novel imbalance ratio (GIR), and Synthetic Minority Oversampling Technique (SMOTE) for generating high-quality synthetic data for minority classes. FIGS enhanced minority class detection by focusing on the most important features identified by the sensitivity analysis, while minimizing computational overhead and reducing noise during data generation. Evaluations on the CICIoMT2024 and CICIDS2017 datasets demonstrate that FIGS improves detection accuracy and significantly lowers the false negative rate. FIGS achieved a 17% improvement over the baseline model on the CICIoMT2024 dataset while maintaining performance for the majority groups. The results show that FIGS represents a highly effective solution for real-world IoT networks with high detection accuracy across all classes without introducing unnecessary computational overhead. Full article

This study investigates the cybersecurity landscape of Aotearoa-New Zealand through a culturally grounded lens, focusing on the integration of Indigenous Māori values into cybersecurity frameworks. In response to escalating cyber threats, the research adopts a mixed-methods and interdisciplinary approach—combining surveys, focus groups, and case studies—to explore how cultural principles such as whanaungatanga (collective responsibility) and manaakitanga (care and respect) influence digital safety practices. The findings demonstrate that culturally informed strategies enhance trust, resilience, and community engagement, particularly in rural and underserved Māori communities. Quantitative analysis revealed that 63% of urban participants correctly identified phishing attempts compared to 38% of rural participants, highlighting a significant urban–rural awareness gap. Additionally, over 72% of Māori respondents indicated that cybersecurity messaging was more effective when delivered through familiar cultural channels, such as marae networks or iwi-led training programmes. Focus groups reinforced this, with participants noting stronger retention and behavioural change when cyber risks were communicated using Māori metaphors, language, or values-based analogies. The study also confirms that culturally grounded interventions—such as incorporating Māori motifs (e.g., koru, poutama) into secure interface design and using iwi structures to disseminate best practices—can align with international standards like NIST CSF and ISO 27001. This compatibility enhances stakeholder buy-in and demonstrates universal applicability in multicultural contexts. Key challenges identified include a cybersecurity talent shortage in remote areas, difficulties integrating Indigenous perspectives into mainstream policy, and persistent barriers from the digital divide. The research advocates for cross-sector collaboration among government, private industry, and Indigenous communities to co-develop inclusive, resilient cybersecurity ecosystems. Based on the UTAUT and New Zealand’s cybersecurity vision “Secure Together—Tō Tātou Korowai Manaaki 2023–2028,” this study provides a model for small nations and multicultural societies to create robust, inclusive cybersecurity frameworks. Full article

The emergence of the Internet of Vehicles (IoV) has revolutionized intelligent transportation and communication systems. However, IoV presents many complex and ever-changing security challenges and thus requires robust cybersecurity protocols. This paper comprehensively describes and evaluates ensemble learning approaches for multi-class intrusion detection systems in the IoV environment. The study evaluates several approaches, such as stacking, voting, boosting, and bagging. A comprehensive review of the literature spanning 2020 to 2025 reveals important trends and topics that require further investigation and the relative merits of different ensemble approaches. The NSL-KDD, CICIDS2017, and UNSW-NB15 datasets are widely used to evaluate the performance of Ensemble Learning-Based Intrusion Detection Systems (ELIDS). ELIDS evaluation is usually carried out using some popular performance metrics, including Precision, Accuracy, Recall, F1-score, and Area Under Receiver Operating Characteristic Curve (AUC-ROC), which were used to evaluate and measure the effectiveness of different ensemble learning methods. Given the increasing complexity and frequency of cyber threats in IoV environments, ensemble learning methods such as bagging, boosting, and stacking enhance adaptability and robustness. These methods aggregate multiple learners to improve detection rates, reduce false positives, and ensure more resilient intrusion detection models that can evolve alongside emerging attack patterns. Full article

In today’s increasingly interconnected digital world, cyber threats have grown in frequency and sophistication, making intrusion detection systems a critical component of modern cybersecurity frameworks. Traditional IDS methods, often based on static signatures and rule-based systems, are no longer sufficient to detect and respond to complex and evolving attacks. To address these challenges, Artificial Intelligence and machine learning have emerged as powerful tools for enhancing the accuracy, adaptability, and automation of IDS solutions. This study presents a novel, hybrid ensemble learning-based intrusion detection framework that integrates deep learning and traditional ML algorithms with explainable artificial intelligence for real-time cybersecurity applications. The proposed model combines an Artificial Neural Network and Support Vector Machine as base classifiers and employs a Random Forest as a meta-classifier to fuse predictions, improving detection performance. Recursive Feature Elimination is utilized for optimal feature selection, while SHapley Additive exPlanations (SHAP) provide both global and local interpretability of the model’s decisions. The framework is deployed using a Flask-based web interface in the Amazon Elastic Compute Cloud environment, capturing live network traffic and offering sub-second inference with visual alerts. Experimental evaluations using the NSL-KDD dataset demonstrate that the ensemble model outperforms individual classifiers, achieving a high accuracy of 99.40%, along with excellent precision, recall, and F1-score metrics. This research not only enhances detection capabilities but also bridges the trust gap in AI-powered security systems through transparency. The solution shows strong potential for application in critical domains such as finance, healthcare, industrial IoT, and government networks, where real-time and interpretable threat detection is vital. Full article