Search Results (121)

In today’s digital era, cyberattacks pose a critical threat to networks of all scales, from local systems to global infrastructures. Intrusion detection systems (IDSs) are essential for identifying and mitigating such threats. However, existing machine learning-based IDS often suffer from low detection accuracy, heavy reliance on manual feature extraction, and limited coverage of attack categories. To address these limitations, we propose a modular, deployment-ready intrusion detection framework that integrates multiple heterogeneous datasets through a hybrid transformer–multilayer perceptron (Transformer–MLP) architecture. The system employs three parallel Transformer–MLP models, each specialized for a distinct dataset, whose probabilistic outputs are fused using a weighted decision-level strategy. Unlike traditional feature-level fusion, this strategy ensures module independence, eliminates the need for global retraining when adding new components, and provides seamless modular scalability. The framework accurately identifies twenty-one traffic categories, including one benign and twenty attack classes, derived from a unified mapping across multiple heterogeneous sources to ensure a consistent cross-dataset taxonomy. By combining advanced contextual representation learning with ensemble-based probabilistic fusion, the framework demonstrates high detection accuracy and practical applicability in real-world network environments. The Transformer module captures complex contextual dependencies, while the MLP performs final classification. Class imbalance is mitigated via adaptive synthetic sampling (ADASYN), synthetic minority over-sampling technique (SMOTE), edited nearest neighbor (ENN), and class weight adjustments. Empirical evaluation demonstrates the framework’s high effectiveness: for binary classification, it achieves 99.98% on CICIDS2017, 99.19% on NSL-KDD, and 99.98% on NF-BoT-IoT-v2; for two-stage multi-class classification, 99.56%, 99.55%, and 97.75%; and for one-phase multi-class classification, 99.73%, 99.07%, and 98.23%, respectively. Moreover, the framework enables real-time deployment with 4.8–6.9 ms latency, 9800–14,200 fps throughput, and 412–458 MB memory. These results outperform existing multi-dataset IDS approaches, highlighting the architectural effectiveness, robustness, and practical applicability of the proposed framework. Full article

Neural network models are highly susceptible to adversarial sample attacks, causing significant differences in model predictions with even minor perturbations to the samples. Adversarial training is a kind of effective technique for resisting sample adversarial attacks. Traditional adversarial training methods are all single-stage training, and in the middle and later stages of training, there is a serious issue of robust overfitting. The accuracy of the adversarial training model does not increase and may even experience severe degradation. For this issue, we propose a multi-stage stability contrastive adversarial training method based on Ulam stability, which performs adversarial training in an optimized space with stability constraints to improve the robustness accuracy and training stability of the model. In the first stage, a stability adversarial training strategy is adopted to enable the model to rapidly improve robust accuracy before overfitting. In the second stage, a stability contrastive learning strategy is employed, focusing on suppressing overfitting of the model and further enhancing robust accuracy. This two-stage adversarial training method can not only improve the robustness accuracy of the model, but also effectively suppress overfitting phenomena. This method has plug and play pendant coupling capability, which can be combined with existing multi-class models to further improve the robustness accuracy of the benchmark model. In addition, this method has the characteristic of stable convergence, which can reduce the dependence on early stopping conditions and make the model training more flexible. Comparative experiments on multiple datasets have also validated the effectiveness of the proposed method. Full article

Botnet attacks in Internet of Things (IoT) environments often occur as multi-stage campaigns, making early and reliable detection difficult across distributed and privacy-sensitive networks. Centralized detection approaches are often limited by heterogeneous traffic characteristics, severe data imbalance, and the need to aggregate large volumes of raw network data, raising scalability and privacy concerns. To address these challenges, this paper proposes FDA, a federated learning-based and data mining-driven framework for stage-aware botnet attack detection in IoT networks. FDA operates at network gateways, where anomalous traffic is first detected and then abstracted into compact and interpretable patterns using Frequent Itemset Mining (FIM). This pattern-based representation reduces noise and local traffic bias, enabling more robust learning across different IoT networks. Lightweight neural network models are trained locally at gateways, and a global model is learned through federated aggregation of model parameters, avoiding direct sharing of raw network data while enabling gateways to collaboratively learn evolving attack patterns across different IoT networks. Experimental results show that FDA achieves anomaly detection F1-scores above 99% across all gateways and multi-stage botnet attack classification F1-scores in the range of 48–49%, which are comparable to centralized machine-learning baselines while operating under decentralized and privacy-preserving constraints. Overall, FDA provides a practical, privacy-preserving, and effective solution for distributed botnet attack stage detection in real-world IoT deployments. Full article

Short-term load forecasting (STLF) is crucial for ensuring power grid stability and economic dispatch. Its accuracy heavily depends on the quality of the input data. However, collecting operational data via the power system’s communication network poses a significant vulnerability to cyberattacks, particularly stealthy False Data Injection (FDI) attacks. By closely mimicking normal load fluctuations, these attacks evade conventional detection, thus, compromising forecasting reliability. To address this challenge, this paper proposes a novel resilient load forecasting framework that integrates two-stage attack detection with robust ensemble learning. In the detection stage, attack identification is performed through seasonal decomposition and AE-BiLSTM reconstruction, followed by restoration using periodic-consistent historical means and secondary screening via second-order differencing (SOD). In the forecasting stage, an improved Multi-Objective Whale Migration Algorithm (MO-WMA) is employed to adaptively optimize ensemble weights for intelligent fusion, significantly enhancing prediction accuracy and robustness, and providing a generalizable solution for intelligent grid load forecasting. Experiments were conducted on the Independent System Operator of New England (ISO New England, 2012–2014) load dataset under four typical FDI attack scenarios, with test sets including diverse attack intensities and temporal patterns. Results show that the framework achieves $98.98\%$ attack detection accuracy and improves the $R^2$ forecasting metric from 0.9053 to 0.9851, approaching attack-free performance, demonstrating effective recovery of forecasting accuracy and generalization capability. Full article

The exponential growth of network traffic and the increasing sophistication of cyberattacks have underscored the need for intelligent and real-time Intrusion Detection Systems (IDS). Traditional flow-based IDS models typically analyze each network flow independently, ignoring the temporal and contextual dependencies among flows, which reduces their ability to recognize coordinated or multi-stage attacks. To address this limitation, this paper proposes a Bernoulli-based probabilistic sequence modeling framework that integrates statistical learning with visual feature representation for efficient intrusion detection. The approach begins with a comprehensive data-preprocessing pipeline that performs feature cleaning, encoding, normalization, and sequence aggregation. Each aggregated feature vector is then transformed into a 6 × 6 grayscale image, allowing the system to capture spatial correlations among network features through convolutional operations. A logistic regression model first estimates per-flow attack probabilities, and these are combined using the Bernoulli probability law to infer the likelihood of malicious activity across flow sequences. The resulting sequence-level representations are evaluated using lightweight classifiers such as TinyNet-6 × 6, MobileNetV2, and ResNet18. Experimental results on the CICIDS2017 dataset demonstrate that the proposed method achieves high detection accuracy with reduced computational cost compared to state-of-the-art deep models, highlighting its suitability for scalable, real-time IDS deployment. Full article

Distributed Denial-of-Service (DDoS) attacks remain the most pervasive and operationally disruptive cyber threat and are routinely weaponized in interstate conflict (e.g., Russia–Ukraine and Stuxnet). Although attack-chain models are standard for Advanced Persistent Threat (APT) analysis, they have seldom been applied to DDoS, which is often framed as a single-step volumetric assault. However, ubiquitous intelligence and ambient connectivity increasingly enable DDoS campaigns to unfold as multi-stage operations rather than isolated floods. In parallel, large language models (LLMs) create new opportunities to strengthen traditional DDoS defenses through richer contextual understanding. Reviewing incidents from 2019 to 2024, we propose a three-phase DDoS attack chain—preparation, development, and execution—that captures contemporary tactics and their dependencies on novel hardware, network architectures, and application protocols. We classify these patterns, contrast them with conventional DDoS, survey current defenses (anycast and scrubbing, BGP Flowspec, programmable data planes, adaptive ML detection, API hardening), and outline research directions in cross-layer telemetry, adversarially robust learning, automated mitigation orchestration, and cooperative takedown. Full article

Industrial Control Systems (ICSs), critical to infrastructure, face escalating cyber threats under Industry 4.0, yet existing intrusion detection methods are hindered by attack sample scarcity, spatiotemporal heterogeneity of industrial protocols, and resource constraints of embedded devices. This paper proposes a four-stage closed-loop intrusion detection framework for ICSs, with its core innovations integrating the following key components: First, a protocol-conditioned Conditional Generative Adversarial Network (CTGAN) is designed to synthesize realistic attack traffic by enforcing industrial protocol constraints and validating syntax through dual-path discriminators, ensuring generated traffic adheres to protocol specifications. Second, a three-tiered sliding window encoder transforms raw network flows into structured RGB images, capturing protocol syntax, device states, and temporal autocorrelation to enable multiresolution spatiotemporal analysis. Third, an Efficient Multiscale Attention Visual State Space Model (EMA-VSSM) is developed by integrating gate-enhanced state-space layers with multiscale attention mechanisms and contrastive learning, enhancing threat detection through improved long-range dependency modeling and spatial–temporal correlation capture. Finally, a lightweight EMA-VSSM student model, developed via hierarchical distillation, achieves a model compression rate of 64.8% and an inference efficiency enhancement of approximately 30% relative to the original model. Experimental results on a real-world ICS dataset demonstrate that this lightweight model attains an accuracy of 98.20% with a False Negative Rate (FNR) of 0.0316, outperforming state-of-the-art baseline methods such as XGBoost and Swin Transformer. By effectively balancing protocol compliance, multi-resolution feature extraction, and computational efficiency, this framework enables real-time deployment on resource-constrained ICS controllers. Full article

Ransomware represents a critical and evolving cybersecurity threat that often evades traditional defenses during its early stages. We present a novel intelligent sensing framework (ISF) designed for proactive, early-stage ransomware detection, centered on a Multi-Head Self-Attention Long Short-Term Memory (MHSA-LSTM) sensor model. The core innovation of this sensor is its self-attention mechanism, which is augmented to autonomously prioritize the most discriminative behavioral features by incorporating a relevance coefficient derived from information gain ($\mu$), thereby filtering out noise and overcoming data scarcity inherent in initial attack phases. The framework was validated using a comprehensive dataset derived from the dynamic analysis of 39,378 ransomware samples and 9732 benign applications. The MHSA-LSTM sensor achieved superior performance, recording a peak accuracy of $98.4\%$, a low False Positive Rate (FPR) of $0.089$, and an F1 score of $0.972$ using an optimized 25-feature set. This performance consistently surpassed established sequence models, including CNN-LSTM and Stacked LSTM, confirming the significant potential of the ISF as a robust and scalable solution for enhancing defenses against modern, stealthy threats. Most significantly, integration of $\mu$ as a statistical anchor resulted in a 49% reduction in False Positive Rates (FPRs) compared to standard attention-based models. This addresses the main operational barrier to deploying deep learning sensors in live environments. Full article

The increasing digitalization of smart grids has made them vulnerable to false data injection attacks (FDIAs), which can bypass traditional bad data detection (BDD) schemes and compromise grid security. While machine learning offers promising detection capabilities, existing methods often struggle with generalization, interpretability, and the effective integration of the grid’s inherent spatio-temporal properties. To address these challenges, this paper presents a hierarchical spatio-temporal graph attention network (HST-GAT) for FDIA detection in smart grids. The proposed FDIA detection method employs a dedicated two-stage architecture. First, a graph attention network (GAT) explicitly captures the complex spatial dependencies and physical constraints of the grid topology. Second, a temporal module with multi-head self-attention and a gated recurrent unit (GRU) analyzes evolving attack patterns across time steps. This hierarchical separation ensures a more interpretable and physically grounded representation of cyber intrusions compared to joint spatio-temporal models. Explainability analysis using the SHapley Additive exPlanations (SHAP) method reveals the decision-making process of the proposed FDIA detection method, validating its alignment with the grid topology and identifying the key buses that influence its predictions. The results confirm the robustness of the proposed method and its value in improving cybersecurity in modern smart grids. Full article

Accurate and reliable wind speed measurement is essential for applications such as wind power generation and meteorological monitoring. Data fusion from multiple anemometers mounted on wind measurement towers is a key approach to obtaining high-precision wind speed information. In this study, a hierarchical data fusion strategy is proposed to enhance both the quality and efficiency of multi-sensor fusion on wind measurement towers. At the local fusion stage, multi-sensor wind speed data are denoised and fused using an unscented Kalman filter enhanced with fuzzy logic and a robustness factor (FLR-UKF). At the global decision fusion stage, decision-level fusion is achieved through an extreme learning machine (ELM) neural network optimized by a Q-learning-improved Aquila optimizer (QLIAO-ELM). By incorporating a spiral surrounding attack mechanism and a Q-learning-based adaptive strategy, QLIAO-ELM significantly enhances global search capability and convergence speed, enabling the ELM network to obtain superior parameters within limited computational time. Consequently, the accuracy and efficiency of decision fusion are improved. Experimental results show that, during the local fusion phase, the RMSE of FLR-UKF is reduced by 26.46% to 28.6% compared to the traditional UKF; during the global fusion phase, the RMSE of QLIAO-ELM is reduced by 27.1% and 14.0% compared to ELM and ISSA-ELM, respectively. Full article

Bone metastases mark a critical and often terminal phase in cancer progression, where disseminated tumor cells (DTCs) manage to infiltrate and exploit the complex microenvironments of the bone marrow. While most current therapies focus on the well-known late-stage “vicious cycle” of osteolysis, they often overlook the earlier stages, namely, tumor cell colonization and dormancy. During these early phases, cancer cells co-opt hematopoietic stem cell (HSC) niches, using them as sanctuaries for long-term survival. In this review, we bring together emerging insights that highlight a trio of underappreciated cellular players in this metastatic takeover: megakaryocytes, erythroid lineage cells, and perivascular stromal subsets. Far from being passive bystanders, these cells actively shape the metastatic niche. For instance, megakaryocytes and platelets go beyond their role in transport; they orchestrate immune evasion and dormancy through mechanisms such as transforming growth factor-β1 (TGF-β1) signaling and the physical shielding of tumor cells. In parallel, we uncover a distinct “erythroid-immune” axis: here, stress-induced CD71⁺ erythroid progenitors suppress T-cell responses via arginase-mediated nutrient depletion and checkpoint engagement, forming a potent metabolic barrier against immune attack. Furthermore, leptin receptor–positive (LepR⁺) perivascular stromal cells emerge as key structural players. These stromal subsets not only act as anchoring points for DTCs but also maintain them in protective vascular zones via CXCL12 chemokine gradients. Altogether, these findings reveal that the metastatic bone marrow niche is not static; it is a highly dynamic, multi-lineage ecosystem. By mapping these intricate cellular interactions, we argue for a paradigm shift: targeting these early and cooperative crosstalk, whether through glycoprotein-A repetitions predominant (GARP) blockade, metabolic reprogramming, or other niche-disruptive strategies, could unlock new therapeutic avenues and prevent metastatic relapse at its root. Full article

Shilling attacks pose a significant threat to collaborative filtering recommender systems. However, fake user profiles generated by mainstream attack models often lack diversity and realism. Furthermore, the static noise strategies and statistical dependency modeling used in advanced frameworks like the Multi-Distribution Mixture Generative Adversarial Network (MDM-GAN) are ill-suited for high-dimensional, sparse attack scenarios. To address these challenges, we propose MDM-GANSA, a specialized attack model tailored for shilling attacks. First, it replaces the static mixture with a dynamic adaptive noise strategy by incorporating a weight predictor network. This network dynamically adjusts the weights of multiple noise sources based on the current training state, generating more diverse user latent representations. Second, it employs an autoencoder for data-driven dependency modeling, replacing the traditional statistical method. This allows the model to learn and generate profiles with inherent logical dependencies directly from genuine data. Consequently, it enhances the realism of the generated fake user profiles in terms of both statistical properties and internal logic. Additionally, the model utilizes an optimized two-stage generative architecture and fine-grained loss constraints to ensure training stability and high-quality outputs. Experimental results on two public datasets demonstrate that MDM-GANSA significantly outperforms various baseline models in both attack effectiveness and stealthiness. This study provides a concrete implementation for building a shilling-attack generation model targeting collaborative filtering recommender systems, and it also offers a feasible pathway for adapting general-purpose deep generative models to specialized security-oriented scenarios. Full article

Hybrid Split Federated Learning (HSFL for short) in emerging 6G-enabled UAV networks faces persistent challenges in data protection, device trust management, and long-term participation incentives. To address these issues, this study introduces S-HSFL, a security-enhanced framework that embeds verifiable federated learning mechanisms into HSFL and incorporates digital-signature-based authentication throughout the device selection process. This design effectively prevents model tampering and forgery attacks, achieving a defense success rate above 99%. To further strengthen collaborative training, we develop a MAB-GT device selection strategy that integrates multi-armed bandit exploration with multi-stage game-theoretic decision models, spanning non-cooperative, coalition, and repeated games, to encourage high-quality UAV nodes to provide reliable data and sustained computation. Experiments on the Modified National Institute of Standards and Technology (MNIST) dataset under both Independent and Identically Distributed (IID) and non-IID conditions demonstrate that S-HSFL maintains approximately 97% accuracy even in the presence of 30% adversarial UAVs. The MAB-GT strategy significantly improves convergence behavior and final model performance, while incurring only a 10–30% increase in communication overhead. The proposed S-HSFL framework establishes a secure, trustworthy, and efficient foundation for distributed intelligence in next-generation 6G UAV networks. Full article

Aircraft with a twin vertical tail and leading-edge extension configuration may experience vertical tail buffeting during high-angle-of-attack maneuvering flight. This issue can lead to structural fatigue damage in the vertical tail, shortening its service life and increasing maintenance costs, ultimately compromising flight safety. Therefore, accurate prediction of buffeting loads and responses is essential during design. In the preliminary stage, wind tunnel testing is the primary means to obtain dynamic data such as fluctuating pressure and acceleration response, which can be transformed to full-scale conditions through similitude principles. However, the elastic scaling model used in buffeting tests is usually established for a specific flight condition. When the flow velocity or objective flight condition changes, the similitude relationship becomes invalid, limiting the applicability of test results and preventing full-envelope strength verification. To overcome this limitation, this study proposes a multi-objective point response prediction method for vertical tail buffeting. The method enables the prediction of full-scale responses at multiple objective flight conditions using wind tunnel data that do not strictly satisfy similitude criteria. A complete aircraft vertical tail buffet (rigid/elastic) hybrid model was developed for testing, and an Adjusted Model incorporating elastic scaling transformation was established. The proposed method was validated through experiments, demonstrating improved test data utilization and prediction accuracy across multiple-objective flight conditions. Full article

Wireless Sensor Networks (WSNs) are increasingly being used in mission-critical infrastructures. In such applications, they are evaluated on the risk of cyber intrusions that can target the already constrained resources. Traditionally, Intrusion Detection Systems (IDS) in WSNs have been based on machine learning techniques; however, these models fail to capture the nonlinear, temporal, and topological dependencies across the network nodes. As a result, they often suffer degradation in detection accuracy and exhibit poor adaptability against evolving threats. To overcome these limitations, this study introduces a hybrid deep learning-based IDS that integrates multi-scale convolutional feature extraction, dual-stage attention fusion, and graph convolutional reasoning. Moreover, bidirectional long short-term memory components are embedded into the unified framework. Through this combination, the proposed architecture effectively captures the hierarchical spatial–temporal correlations in the traffic patterns, thereby enabling precise discrimination between normal and attack behaviors across several intrusion classes. The model has been evaluated on a publicly available benchmarking dataset, and it has been found to attain higher classification capability in multiclass scenarios. Furthermore, the model outperforms conventional IDS-focused approaches. In addition, the proposed design aims to retain suitable computational efficiency, making it appropriate for edge and distributed deployments. Consequently, this makes it an effective solution for next-generation WSN cybersecurity. Overall, the findings emphasize that combining topology-aware learning with multi-branch attention mechanisms offers a balanced trade-off between interpretability, accuracy, and deployment efficiency for resource-constrained WSN environments. Full article