Search Results (872)

Intrusion detection is essential to cybersecurity. However, the curse of dimensionality and class imbalance limit detection accuracy and impede the identification of rare attacks. To address these challenges, this paper proposes the high-dimensional feature sequence temporal convolutional network (HiSeq-TCN) for intrusion detection. The proposed HiSeq-TCN transforms high-dimensional feature vectors into pseudo-temporal sequences, enabling the network to capture contextual dependencies across feature dimensions. This enhances feature representation and detection robustness. In addition, a few-shot reinforcement strategy adaptively assigns larger loss weights to minority classes, mitigating class imbalance and improving the recognition of rare attacks. Experiments on the NSL-KDD dataset show that HiSeq-TCN achieves an overall accuracy of 99.44%, outperforming support vector machines, deep neural networks, and long short-term memory models. More importantly, it significantly improves the detection of rare attack types such as remote-to-local and user-to-root attacks. These results highlight the potential of HiSeq-TCN for robust and reliable intrusion detection in practical cybersecurity environments. Full article

Intrusion Detection Systems (IDS) are vital to cybersecurity but suffer from severe class imbalance in benchmark datasets such as NSL-KDD and UNSW-NB15. Conventional oversampling methods (e.g., SMOTE, ADASYN) are efficient yet fail to preserve the latent semantics of rare attack behaviors. This study introduces the Minority-class Intrusion Detection Synthesizer GAN (MIDS-GAN), a divergence-minimization framework for minority data augmentation under structured feature constraints. MIDS-GAN integrates (i) correlation-based structured feature selection (SFS) to reduce redundancy, (ii) trainable ACON activations to enhance generator expressiveness, and (iii) KL-divergence-guided alignment to ensure distributional fidelity. Experiments on NSL-KDD and UNSW-NB15 demonstrate significant improvement on detection, with recall increasing from 2% to 27% for R2L and 1% to 17% for U2R in NSL-KDD, and from 18% to 44% for Worms and 69% to 75% for Shellcode in UNSW-NB15. Weighted F1-scores also improved to 78%, highlighting MIDS-GAN’s effectiveness in enhancing minority-class detection through a principled, divergence-aware approach. Full article

Securing Industrial Control Systems (ICSs) is critical, but it is made challenging by the constant evolution of cyber threats and the scarcity of labeled attack data in these specialized environments. Standard intrusion detection systems (IDSs) often fail to adapt when transferred to new networks with limited data. To address this, this paper introduces an adaptive intrusion detection framework that combines a hybrid Convolutional Neural Network and Long Short-Term Memory (CNN-LSTM) model with a novel transfer learning strategy. We employ a Reinforcement Learning (RL) agent to intelligently guide the fine-tuning process, which allows the IDS to dynamically adjust its parameters such as layer freezing and learning rates in real-time based on performance feedback. We evaluated our system in a realistic data-scarce scenario using only 50 labeled training samples. Our RL-Guided model achieved a final F1-score of 0.9825, significantly outperforming a standard neural fine-tuning model (0.861) and a target baseline model (0.759). Analysis of the RL agent’s behavior confirmed that it learned a balanced and effective policy for adapting the model to the target domain. We conclude that the proposed RL-guided approach creates a highly accurate and adaptive IDS that overcomes the limitations of static transfer learning methods. This dynamic fine-tuning strategy is a powerful and promising direction for building resilient cybersecurity defenses for critical infrastructure. Full article

Generative artificial intelligence (AI) and persistent empirical gaps are reshaping the cyber threat landscape faster than Zero-Trust Architecture (ZTA) research can respond. We reviewed 10 recent ZTA surveys and 136 primary studies (2022–2024) and found that 98% provided only partial or no real-world validation, leaving several core controls largely untested. Our critique, therefore, proceeds on two axes: first, mainstream ZTA research is empirically under-powered and operationally unproven; second, generative-AI attacks exploit these very weaknesses, accelerating policy bypass and detection failure. To expose this compounding risk, we contribute the Cyber Fraud Kill Chain (CFKC), a seven-stage attacker model (target identification, preparation, engagement, deception, execution, monetization, and cover-up) that maps specific generative techniques to NIST SP 800-207 components they erode. The CFKC highlights how synthetic identities, context manipulation and adversarial telemetry drive up false-negative rates, extend dwell time, and sidestep audit trails, thereby undermining the Zero-Trust principles of verify explicitly and assume breach. Existing guidance offers no systematic countermeasures for AI-scaled attacks, and that compliance regimes struggle to audit content that AI can mutate on demand. Finally, we outline research directions for adaptive, evidence-driven ZTA, and we argue that incremental extensions of current ZTA that are insufficient; only a generative-AI-aware redesign will sustain defensive parity in the coming threat cycle. Full article

The increasing digitization and decentralization of modern energy systems have heightened their vulnerability to sophisticated cyber threats, necessitating advanced, scalable, and privacy-preserving detection frameworks. This paper introduces a novel Federated Quantum Machine Learning (FQML) framework tailored for anomaly detection in multi-agent energy environments. By integrating parameterized quantum circuits (PQCs) at the local agent level with secure federated learning protocols, the framework enhances detection accuracy while preserving data privacy. A trimmed-mean aggregation scheme and differential privacy mechanisms are embedded to defend against Byzantine behaviors and data-poisoning attacks. The problem is formally modeled as a constrained optimization task, accounting for quantum circuit depth, communication latency, and adversarial resilience. Experimental validation on synthetic smart grid datasets demonstrates that FQML achieves high detection accuracy (≥96.3%), maintains robustness under adversarial perturbations, and reduces communication overhead by 28.6% compared to classical federated baselines. These results substantiate the viability of quantum-enhanced federated learning as a practical, hardware-conscious approach to distributed cybersecurity in next-generation energy infrastructures. Full article

Densely integrated microarchitectures spanning three-dimensional integrated circuits (3D-ICs), chiplet-based designs, and system-in-package (SiP) assemblies make heat a first-order security concern rather than a mere reliability issue. This review consolidates the landscape of thermal side-channel attacks (TSCAs) on densely integrated microarchitectures: we systematize observation vectors and threat models, clarify core concepts and assumptions, compare the most credible evidence from the past decade, and distill the main classes of defenses across the hardware–software stack. We also explain why hardening against thermal leakage is integral to cyber–physical system (CPS) security and outline the most promising research directions for the field. The strategic relevance of this agenda is reflected in current policy and funding momentum, including initiatives by the United States Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (DHS/CISA) on operational technology (OT) security, programs by the National Science Foundation (NSF) on CPS, and Canada’s Regional Artificial Intelligence Initiative and Cyber-Physical Resilience Program (RAII, >CAD 35 million), to bridge advanced microelectronics with next-generation cybersecurity. This survey offers a clear, high-level map of the problem space and a focused baseline for future work. Full article

To address the gaps in cyber range survey research, this entry develops and applies a structured classification taxonomy to support the comparison, evaluation, and design of cyber ranges. The entry will address the following question: What are the objectives and key features of current cyber ranges, and how can they be classified into a comprehensive taxonomy? The entry synthesizes existing frameworks and analyzes and classifies a variety of documented cyber ranges to find similarities and gaps in the current classification methods. The findings indicate recurring design elements across ranges, persistent gaps in standardization, and demonstrate how the University of West Florida (UWF) Cyber Range exemplifies the taxonomy application in practice. The goal is to facilitate informed decision-making by cybersecurity professionals when choosing platforms and to support academic research in cybersecurity education. Pulling information from studies about other cyber ranges to compare with the UWF Cyber Range, this taxonomy aims to contribute to the documentation of cyber ranges by providing a clear understanding of the current cyber range landscape. Full article

Intelligent transportation systems (ITS) play a crucial role in building sustainable and resilient urban mobility by improving traffic efficiency, reducing energy consumption, and lowering emissions. The integration of IoT technologies, particularly long-range low-power networks such as LoRaWAN, enables energy-efficient communication between vehicles and road infrastructure, supporting the sustainability goals of smart cities. However, the widespread deployment of IoT devices also introduces significant cybersecurity risks that may compromise the safety, reliability, and long-term sustainability of transportation systems. To address this challenge, we propose a method for generating synthetic network data that simulates normal traffic and DDoS attacks by randomly selecting distribution parameters for features like packets per second and unique device addresses, enabling evaluation of machine learning algorithms (e.g., Gradient Boosting, Random Forest, SVM, XGBoost) using F1-score and AUC metrics in a controlled environment. By enhancing cybersecurity and resilience in ITS, our research contributes to the development of safer, more energy-efficient, and sustainable transportation infrastructures. Full article

This paper introduces cognitive adaptivity as a novel framework for addressing human factors in cybersecurity during the Industry 5.0–6.0 transition, with a focus on hard-to-abate industries where digital transformation intersects sustainability constraints. While the integration of IoT, automation, digital twins, and artificial intelligence expands industrial efficiency, it simultaneously exposes organizations to increasingly sophisticated social engineering and AI-powered attack vectors. Traditional resilience-based models, centered on recovery to baseline, prove insufficient in these dynamic socio-technical ecosystems. We propose cognitive adaptivity as an advancement beyond resilience and antifragility, defined by three interrelated dimensions: learning, anticipation, and human–AI co-evolution. Through an in-depth case study of the ceramic value chain, this research develops a conceptual model demonstrating how organizations can embed trust calibration, behavioral evolution, sustainability integration, and systemic antifragility into their cybersecurity strategies. The findings highlight that effective protection in Industry 6.0 environments requires continuous behavioral adaptation and collaborative intelligence rather than static controls. This study contributes to cybersecurity literature by positioning cognitive adaptivity as a socio-technical capability that redefines the human–AI interface in industrial security. Practically, it shows how organizations in hard-to-abate sectors can align cybersecurity governance with sustainability imperatives and regulatory frameworks such as the CSRD, turning security from a compliance burden into a strategic enabler of resilience, competitiveness, and responsible digital transformation. Full article

Healthcare 5.0 represents the next evolution in intelligent and interconnected healthcare systems, leveraging emerging technologies such as Artificial Intelligence (AI) and the Internet of Medical Things (IoMT) to enhance patient care and automation. While Intrusion Detection Systems (IDSs) are a critical component for securing these environments, the current literature lacks a systematic analysis that jointly evaluates the effectiveness of AI models, the suitability of datasets, and the role of Explainable Artificial Intelligence (XAI) in the Healthcare 5.0 landscape. To fill this gap, this survey provides a comprehensive review of IDSs for Healthcare 5.0, analyzing state-of-the-art approaches and available datasets. Furthermore, a practical case study is presented, demonstrating that the fusion of network and biomedical features significantly improves threat detection, with physiological signals proving crucial for identifying complex attacks like spoofing. The primary contribution is therefore an integrated analysis that bridges the gap between cybersecurity theory and clinical practice, offering a guide for researchers and practitioners aiming to develop more secure, transparent, and patient-centric systems. Full article

Modern photovoltaic (PV) systems face increasing cybersecurity threats due to their integration with smart grid infrastructure. While previous research has identified vulnerabilities, the lack of standardized datasets has hindered the development and evaluation of detection algorithms. Building upon our previously introduced Photo-Set dataset, this paper presents a benchmark evaluation of anomaly detection algorithms for PV cybersecurity applications. We evaluate three state-of-the-art algorithms (One-Class SVM, Isolation Forest, and Local Outlier Factor) across 12 attack scenarios, establishing performance baselines and identifying algorithm-specific strengths and limitations. Our experimental results reveal a clear detectability hierarchy. This work proposes a standardized benchmark for PV cybersecurity research and provides the industry with evidence-based guidance for security system deployment. Full article

Operating power systems has become challenging due to the complexity of these systems. Stability studies are essential to ensure that a system operates under suitable conditions. Low-frequency oscillation modes (LFOMs) are one of the main branches of system angular stability studies and are often studied in small-signal stability. Many LFOMs in the system may have low and insufficient damping rates, negatively affecting the operation of power systems. Different control strategies have been proposed, such as the Wide-Area Damping Controller (WADC), to adequately and easily dampen these LFOMs. The operating principle of a WADC requires the reception of remote and synchronized signals from system PMUs through communication channels. However, WADCs are subject to communication failures and cyberattacks that compromise their proper operation. This paper proposes a multi-objective optimization model whose variables are the WADC parameters and the objective function guarantees the previously desired and high damping rates for the system under normal conditions and when there are permanent communication failures caused by a Denial-of-Service attack. The design method uses Linear Quadratic Regulator theory, where the parameters of this method are tuned by a bio-inspired algorithm. The studies were performed in the IEEE 68-bus system, considering a set of different operating points. The results achieved in the modal and time domain analysis confirm the successful and robust design of the WADC. Full article

The Internet of Things (IoT) revolutionizes connectivity, enabling innovative applications across healthcare, industry, and smart cities but also introducing significant cybersecurity challenges due to its expanded attack surface. Intrusion Detection Systems (IDSs) play a pivotal role in addressing these challenges, offering tailored solutions to detect and mitigate threats in dynamic and resource-constrained IoT environments. Through a rigorous analysis, this study classifies IDS research based on methodologies, performance metrics, and application domains, providing a comprehensive synthesis of the field. Key findings reveal a paradigm shift towards integrating artificial intelligence (AI) and hybrid approaches, surpassing the limitations of traditional, static methods. These advancements highlight the potential for IDSs to enhance scalability, adaptability, and detection accuracy. However, unresolved challenges, such as resource efficiency and real-world applicability, underline the need for further research. By contextualizing these findings within the broader landscape of IoT security, this work emphasizes the critical importance of developing IDS solutions that ensure the reliability, privacy, and security of interconnected systems, contributing to the sustainable evolution of IoT ecosystems. Full article

Deepfakes, a form of artificial intelligence-generated content, represent a primary method for creating fake cybersecurity threat intelligence (CTI) and are a key source for data poisoning attacks. To effectively assess the authenticity of the cybersecurity threat intelligences (CTIs) in the open-source community, this study presents a novel algorithm for fake-CTI mining, aimed at identifying fake CTIs. Initially, we develop a generalized language model (GLM)-based system for fake CTI generation (GLM-based FCTIG) that adapts a public GLM to the cybersecurity domain using parameter-efficient fine-tuning. We then integrate these fabricated CTIs with authentic ones to simulate data poisoning attacks, evaluating the outcomes of data poisoning attacks from various perspectives. Additionally, we propose a hybrid classification model based on a fine-tuned BERT encoder and a TextCNN head (FCTICM-TC) to discern the authenticity of the CTIs. Finally, a comprehensive FCTICM-TC-based FCTIM method for mining the fake CTIs is presented. The experimental results demonstrate that the proposed GLM-based FCTIG scheme and FCTICM-TC model can effectively generate convincing fake CTI-like texts, while the FCTICM-TC-based FCTIM method is capable of identifying the fake CTIs efficiently. Full article

In the face of ever-evolving cyber threats, modern intrusion detection systems (IDS) must achieve long-term adaptability without sacrificing performance on previously encountered attacks. Traditional IDS approaches often rely on static training assumptions, making them prone to forgetting old patterns, underperforming in label-scarce conditions, and struggling with imbalanced class distributions as new attacks emerge. To overcome these limitations, we present a continual learning framework tailored for adaptive intrusion detection. Unlike prior methods, our approach is designed to operate under real-world network conditions characterized by high-dimensional, sparse traffic data and task-agnostic learning sequences. The framework combines three core components: a clustering-based memory strategy that selectively retains informative historical samples using DP-Means; multi-level knowledge distillation that aligns current and previous model states at output and intermediate feature levels; and a meta-learning-driven class reweighting mechanism that dynamically adjusts to shifting attack distributions. Empirical evaluations on benchmark intrusion detection datasets demonstrate the framework’s ability to maintain high detection accuracy while effectively mitigating forgetting. Notably, it delivers reliable performance in continually changing environments where the availability of labeled data is limited, making it well-suited for real-world cybersecurity systems. Full article