Search Results (57)

This paper proposes a hybrid machine learning framework for detecting electricity fraud within the broader context of Non-Technical Losses (NTLs) in power-distribution systems. The framework combines unsupervised anomaly detection using Isolation Forest with supervised classification through XGBoost, exploiting the complementary strengths of both algorithms. Using real consumption data from a Peruvian utility, the approach integrates domain-informed feature engineering to capture behavioral, temporal, and contextual indicators of irregular usage. To address the extreme class imbalance inherent to fraud datasets, the SMOTETomek hybrid resampling technique was applied, enhancing minority-class representation and decision boundary clarity. Experimental results achieved high predictive performance on the test set (AUC-ROC = 0.999, F1-score = 0.77) using an optimized decision threshold of 0.6. Moreover, SHAP-based interpretability analysis identified extreme monthly variations, prolonged low-consumption periods, and tariff category as key behavioral predictors of fraudulent activity. The robustness of the proposed framework was further validated through a 5-fold cross-validation procedure during the training phase, ensuring consistent performance across different data partitions. Overall, the proposed framework demonstrates not only robust and explainable performance but also practical operational value, providing utilities with a scalable data-driven tool to optimize inspection strategies and maximize recovery of non-technical losses. Full article

The performance of remote sensing object detectors often degrades severely when deployed in new operational environments due to covariate shift in the data distribution. Existing evaluation paradigms, which primarily rely on aggregate performance metrics such as mAP, generally lack the analytical depth to provide insights into the mechanisms behind such generalization failures. To fill this critical gap, we propose the GRADE (Generalization Robustness Assessment via Distributional Evaluation) framework, a multi-dimensional, systematic methodology for assessing model robustness. The framework quantifies shifts in background context and object-centric features through a hierarchical analysis of distributional divergence, utilizing Scene-level Fréchet Inception Distance (FID) and Instance-level FID, respectively. These divergence measures are systematically integrated with a standardized performance decay metric to form a unified, adaptively weighted Generalization Score (GS). This composite score serves not only as an evaluation tool but also as a powerful analytical tool, enabling the fine-grained attribution of performance loss to specific sources of domain shift—whether originating from scene variations or anomalies in object appearance. Compared to conventional single-dimensional evaluation methods, the GRADE framework offers enhanced interpretability, a standardized evaluation protocol, and reliable cross-model comparability, establishing a principled theoretical foundation for cross-domain generalization assessment. Extensive empirical validation on six mainstream remote sensing benchmark datasets and multiple state-of-the-art detection models demonstrates that the model rankings produced by the GRADE framework exhibit high fidelity to real-world performance, thereby effectively quantifying and explaining the cross-domain generalization penalty. Full article

Connected and autonomous vehicles, along with the expanding Internet of Vehicles (IoV), are increasingly exposed to complex and evolving cyberattacks. Consequently, Intrusion Detection Systems (IDS) have become a vital component of modern vehicular cybersecurity. Federated Learning (FL) enables multiple vehicles to collaboratively train detection models while keeping their local data private, providing a decentralized alternative to traditional centralized learning. Despite these advantages, FL-based IDS frameworks remain vulnerable to attacks. To address this vulnerability, we propose an explainable federated intrusion detection framework that enhances both the security and interpretability of IDS in connected vehicles. The framework employs a Deep Neural Network (DNN) within a federated setting and integrates explainability through the Shapley Additive Explanations (SHAP) method. This Explainable Artificial Intelligence (XAI) component identifies the most influential network features contributing to detection decisions and assists in recognizing anomalies arising from malicious or corrupted clients. Experimental validation on the CICEVSE2024 and CICIoV2024 vehicular datasets demonstrates that the proposed system achieves high detection accuracy. Moreover, the XAI module improves transparency and enables analysts to verify and understand the model’s decision-making process. Compared with both centralized IDS models and conventional federated approaches without explainability, the proposed system delivers comparable performance, stronger resilience to attacks, and significantly enhanced interpretability. Overall, this work demonstrates that integrating FL with XAI provides a privacy-preserving and trustworthy approach for intrusion detection in connected vehicular networks. Full article

The rapid expansion of Internet of Things (IoT) ecosystems has amplified their exposure to sophisticated cyber threats, particularly Distributed Denial-of-Service (DDoS) attacks that exploit device heterogeneity and resource constraints. Traditional machine learning-based intrusion detection systems often suffer from suboptimal performance due to poor hyperparameter configuration and a lack of interpretability, which are critical limitations in security-critical IoT environments. To address these challenges, this paper proposes an explainable, automated, and efficient anomaly detection framework that integrates a Random Forest (RF) classifier with the RIME metaheuristic optimization algorithm for hyperparameter tuning. Inspired by the physical process of rime ice formation, RIME’s dual-phase search mechanism effectively balances global exploration and local exploitation to identify near-optimal RF configurations in complex, high-dimensional search spaces. Evaluated on a real-world IoT traffic dataset encompassing twelve distinct DDoS attack vectors, the RIME-optimized RF model achieves a testing accuracy of 93.4%, outperforming baseline RF and other metaheuristic-optimized variants in both performance and convergence stability. Crucially, SHAP (SHapley Additive exPlanations) analysis provides transparent, attack-specific insights into feature importance, highlighting syn_flag_number, Protocol Type, Magnitue, Radius, and Ack_flag_number as key discriminative features, thereby enhancing model trustworthiness and operational utility. This work delivers a lightweight, interpretable, and high-performance solution well-suited for deployment in resource-constrained IoT networks, aligning with the urgent need for intelligent, adaptive, and explainable security mechanisms in next-generation network infrastructures. Full article

Wireless Sensor Networks (WSNs) have a decisive share in various monitoring and control systems. However, their distributed and resource-constrained nature makes them vulnerable to anomalies caused by factors such as environmental noise, sensor faults, and cyber intrusions. In this paper, HEXADWSN, a hybrid ensemble learning-based explainable anomaly detection framework for anomaly detection to improve reliability and interpretability in WSNs, has been proposed. The proposed framework integrates an ensemble learning approach using Autoencoders, Isolation Forests, and One-Class SVMs to achieve robust detection of time-series-based irregularities in the Intel Lab dataset. The framework uses stack and vote ensemble learning. The stack ensemble achieved the highest overall performance, indicating strong effectiveness in detecting varied anomaly patterns. The voting ensemble demonstrated moderate results and offered a balance between detection rate and computation, whereas LSTM, which is efficient at capturing temporal dependencies, exhibited a relatively low performance in the processed dataset. SHAP, LIME, and Permutation Feature Importance techniques are employed for model explainability. These techniques offer insights into feature relevance and anomalies at global and local levels. The framework also measures the mean energy consumption for anomalous and normal data. The interpretability results identified that temperature, humidity, and voltage are the most influential features. HEXADWSN establishes a scalable and explainable foundation for anomaly detection in WSNs, striking a balance between accuracy, interpretability, and energy management insights. Full article

Anaerobic digestion (AD) is increasingly recognized as a key technology for renewable energy generation and sustainable waste management within the circular economy. However, its performance is highly sensitive to feedstock variability and environmental fluctuations, making stable operation and high methane yields difficult to sustain. Conventional monitoring and control systems, based on limited sensors and mechanistic models, often fail to anticipate disturbances or optimize process performance. This review discusses recent progress in electrochemical, optical, spectroscopic, microbial, and hybrid sensors, highlighting their advantages and limitations in artificial intelligence (AI)-assisted monitoring. The role of soft sensors, data preprocessing, feature engineering, and explainable AI is emphasized to enable predictive and adaptive process control. Various machine learning (ML) techniques, including neural networks, support vector machines, ensemble methods, and hybrid gray-box models, are evaluated for yield forecasting, anomaly detection, and operational optimization. Persistent challenges include sensor fouling, calibration drift, and the lack of standardized open datasets. Emerging strategies such as digital twins, data augmentation, and automated optimization frameworks are proposed to address these issues. Future progress will rely on more robust sensors, shared datasets, and interpretable AI tools to achieve predictive, transparent, and efficient biogas production supporting the energy transition. Full article

Reliable financial reporting is critical for maintaining market confidence and guiding stakeholders’ decision-making, yet traditional audit methods often fail to detect sophisticated fraud schemes that are hidden within large volumes of transactional data. This systematic literature review synthesizes 43 empirical and theoretical studies published between 2010 and 2024 that utilize data analytics techniques for the prevention and detection of fraud in financial statements. Following the PRISMA guidelines, we conducted a four-phase review—identification, screening, eligibility assessment, and inclusion—to ensure transparency and reproducibility. Our analysis categorizes techniques into supervised machine learning classifiers (e.g., decision trees and neural networks), statistical anomaly detection methods, network-based analyses, and real-time monitoring frameworks. We evaluate each approach’s comparative effectiveness, highlight persistent challenges such as data imbalance, model interpretability, and governance constraints, and also trace evolving methodological trends over time. The review reveals that integrating predictive analytics and continuous monitoring into accounting information systems can transform audits from reactive investigations into proactive fraud prevention mechanisms. We conclude by proposing a future research agenda focusing on developing explainable AI models for audit applications, establishing robust data governance frameworks to support automated monitoring, and conducting longitudinal field studies to assess the real-world impact of analytics-driven controls. Full article

The transition to 5G networks brings unprecedented speed, ultra-low latency, and massive connectivity. Nevertheless, it introduces complex traffic patterns and broader attack surfaces that render traditional intrusion detection systems (IDSs) ineffective. Existing rule-based methods and classical machine learning approaches struggle to capture the temporal and dynamic characteristics of 5G traffic, while many deep learning models lack interpretability, making them unsuitable for high-stakes security environments. To address these challenges, we propose Bidirectional Temporal Anomaly Detector (BiTAD), a deep temporal learning architecture for anomaly detection in 5G networks. BiTAD leverages dual-direction temporal sequence modelling with attention to encode both past and future dependencies while focusing on critical segments within network sequences. Like many deep models, BiTAD’s faces interpretability challenges. To resolve its “black-box” nature, a dual-perspective explainability module, coined TwinLens, is proposed. This module integrates SHAP and TimeSHAP to provide global feature attribution and temporal relevance, delivering dual-perspective interpretability. Evaluated on the public 5G-NIDD dataset, BiTAD demonstrates superior detection performance compared to existing models. TwinLens enables transparent insights by identifying which features and when they were most influential to anomaly predictions. By jointly addressing the limitations in temporal modelling and interpretability, our work contributes a practical IDS framework tailored to the demands of next-generation mobile networks. Full article

Automotive manufacturing quality control faces persistent challenges such as limited defect samples, cross-domain variability, and the demand for interpretable decision-making. This work presents an explainable few-shot anomaly detection framework that integrates EfficientNet-based feature extraction, adaptive prototype learning, and component-specific attention mechanisms to address these requirements. The system is designed for rapid adaptation to novel defect types while maintaining interpretability through a multi-modal explainable AI module that combines visual, quantitative, and textual outputs. Evaluation on automotive datasets demonstrates promising performance on evaluated automotive components, achieving 99.4% accuracy for engine wiring inspection and 98.8% for gear inspection, with improvements of 5.2–7.6% over state-of-the-art baselines, including traditional unsupervised methods (PaDiM, PatchCore), advanced approaches (FastFlow, CFA, DRAEM), and few-shot supervised methods (ProtoNet, MatchingNet, RelationNet, FEAT), and with only 0.63% cross-domain degradation between wiring and gear inspection tasks. The architecture operates under real-time industrial constraints, with an average inference time of 18.2 ms, throughput of 60 components per minute, and memory usage below 2 GB on RTX 3080 hardware. Ablation studies confirm the importance of prototype learning (−4.52%), component analyzers (−2.79%), and attention mechanisms (−2.21%), with K = 5 few-shot configuration providing the best trade-off between accuracy and adaptability. Beyond performance, the framework produces interpretable defect localization, root-cause analysis, and severity-based recommendations designed for manufacturing integration with execution systems via standardized industrial protocols. These results demonstrate a practical and scalable approach for intelligent quality control, enabling robust, interpretable, and adaptive inspection within the evaluated automotive components. Full article

Stealth attacks targeting industrial control systems (ICS) exploit subtle sequences of malicious actions, making them difficult to detect with conventional methods. The OPC Unified Architecture (OPC UA) protocol—now widely adopted in SCADA/ICS environments—enhances OT–IT integration but simultaneously increases the exposure of critical infrastructures to sophisticated cyberattacks. Traditional detection approaches, which rely on instantaneous traffic features and static models, neglect the sequential dimension that is essential for uncovering such gradual intrusions. To address this limitation, we propose a hybrid sequential anomaly detection pipeline that combines Markov chain modeling to capture temporal dependencies with machine learning algorithms for anomaly detection. The pipeline is further augmented by explainability through SHapley Additive exPlanations (SHAP) and causal inference using the PC algorithm. Experimental evaluation on an OPC UA dataset simulating Man-In-The-Middle (MITM) and denial-of-service (DoS) attacks demonstrates that incorporating a second-order sequential memory significantly improves detection: F1-score increases by +2.27%, precision by +2.33%, and recall by +3.02%. SHAP analysis identifies the most influential features and transitions, while the causal graph highlights deviations from the system’s normal structure under attack, thereby providing interpretable insights into the root causes of anomalies. Full article

Environmental conditions are increasingly recognized as important contributors to the emergence and spread of antimicrobial resistance (AMR), yet early detection of high-risk situations remains difficult. This study developed a data-driven framework to identify anomalous environmental profiles associated with potential AMR risk. Using an unsupervised anomaly detection method (Isolation Forest) applied to multivariate indicators—including pesticide use, land use change, precipitation, and crop type—we detected unusual environmental patterns without prior AMR data. The anomaly detection analysis highlighted pesticide use, population density, land use change, and fertilizer application as the dominant environmental factors, together explaining the largest share of variation in anomaly scores (each contributing around one-quarter to one-third of the model’s decisions). In the subset of anomalous cases, fertilizer and pesticide intensity exerted the strongest negative impact, confirming their role as key drivers of atypical environmental profiles. Extreme precipitation and crop-specific production patterns also emerged as influential in certain cases. These results show that our interpretable framework can both rank global drivers and reveal context-dependent risks, thereby enabling the development of early-warning strategies for AMR surveillance. Full article

The integration of remote sensing (RS) and artificial intelligence (AI) has revolutionized Earth observation, enabling automated, efficient, and precise analysis of vast and complex datasets. RS techniques, leveraging satellite imagery, aerial photography, and ground-based sensors, provide critical insights into environmental monitoring, disaster response, agriculture, and urban planning. The rapid developments in AI, specifically machine learning (ML) and deep learning (DL), have significantly enhanced the processing and interpretation of RS data. AI-powered models, including convolutional neural networks (CNNs), recurrent neural networks (RNNs), and reinforcement learning (RL) algorithms, have demonstrated remarkable capabilities in feature extraction, classification, anomaly detection, and predictive modeling. This paper provides a comprehensive survey of the latest developments at the intersection of RS and AI, highlighting key methodologies, applications, and emerging challenges. While AI-driven RS offers unprecedented opportunities for automation and decision-making, issues related to model generalization, explainability, data heterogeneity, and ethical considerations remain significant hurdles. The review concludes by discussing future research directions, emphasizing the need for improved model interpretability, multimodal learning, and real-time AI deployment for global-scale applications. Full article

This study introduces SOMTreeNet, a novel hybrid neural model that integrates Self-Organizing Maps (SOMs) with BIRCH-inspired clustering features to address structured learning in a scalable and interpretable manner. Unlike conventional deep learning models, SOMTreeNet is designed with a recursive and modular topology that supports both supervised and unsupervised learning, enabling tasks such as classification, regression, clustering, anomaly detection, and time-series analysis. Extensive experiments were conducted using various publicly available datasets across five analytical domains: classification, regression, clustering, time-series forecasting, and image classification. These datasets cover heterogeneous structures including tabular, temporal, and visual data, allowing for a robust evaluation of the model’s generalizability. Experimental results demonstrate that SOMTreeNet consistently achieves competitive or superior performance compared to traditional machine learning and deep learning methods while maintaining a high degree of interpretability and adaptability. Its biologically inspired hierarchical structure facilitates transparent decision-making and dynamic model growth, making it particularly suitable for real-world applications that demand both accuracy and explainability. Overall, SOMTreeNet offers a versatile framework for learning from complex data while preserving the transparency and modularity often lacking in black-box models. Full article

Supervisory Control and Data Acquisition (SCADA) systems play a critical role in industrial processes by providing real-time monitoring and control of equipment across large-scale, distributed operations. In the context of cyber security, Intrusion Detection Systems (IDSs) help protect SCADA systems by monitoring for unauthorized access, malicious activity, and policy violations, providing a layer of defense against potential intrusions. Given the critical role of SCADA systems and the increasing cyber risks, this paper highlights the importance of transitioning from traditional signature-based IDS to advanced AI-driven methods. Particularly, this study tackles the issue of intrusion detection in SCADA systems, which are critical yet vulnerable parts of industrial control systems. Traditional Intrusion Detection Systems (IDSs) often fall short in SCADA environments due to data scarcity, class imbalance, and the need for specialized anomaly detection suited to industrial protocols like DNP3. By integrating GANs, this study mitigates these limitations by generating synthetic data, enhancing classification accuracy and robustness in detecting cyber threats targeting SCADA systems. Remarkably, the proposed GAN-based IDS achieves an outstanding accuracy of 99.136%, paired with impressive detection speed, meeting the crucial need for real-time threat identification in industrial contexts. Beyond these empirical advancements, this paper suggests future exploration of explainable AI techniques to improve the interpretability of IDS models tailored to SCADA environments. Additionally, it encourages collaboration between academia and industry to develop extensive datasets that accurately reflect SCADA network traffic. Full article

The growth and sustainability of today’s global economy heavily relies on smooth maritime operations. The increasing security concerns to marine environments pose complex security challenges, such as smuggling, illegal fishing, human trafficking, and environmental threats, for traditional surveillance methods due to their limitations. Artificial intelligence (AI), particularly deep learning, has offered strong capabilities for automating object detection, anomaly identification, and situational awareness in maritime environments. In this paper, we have reviewed the state-of-the-art deep learning models mainly proposed in recent literature (2020–2025), including convolutional neural networks, recurrent neural networks, Transformers, and multimodal fusion architectures. We have highlighted their success in processing diverse data sources such as satellite imagery, AIS, SAR, radar, and sensor inputs from UxVs. Additionally, multimodal data fusion techniques enhance robustness by integrating complementary data, yielding more detection accuracy. There still exist challenges in detecting small or occluded objects, handling cluttered scenes, and interpreting unusual vessel behaviours, especially under adverse sea conditions. Additionally, explainability and real-time deployment of AI models in operational settings are open research areas. Overall, the review of existing maritime literature suggests that deep learning is rapidly transforming maritime domain awareness and response, with significant potential to improve global maritime security and operational efficiency. We have also provided key datasets for deep learning models in the maritime security domain. Full article