Search Results (1,155)

The rapid expansion of Internet of Things (IoT)-enabled smart grids has intensified the need for reliable fault detection and autonomous self-healing under non-stationary operating conditions characterized by frequent concept drift. To address the limitations of static and single-strategy adaptive models, this paper proposes H-CLAS, a novel Hybrid Continual Learning for Adaptive Self-healing framework that unifies regularization-based, memory-based, architectural, and meta-learning strategies within a single adaptive pipeline. The framework integrates convolutional neural networks (CNNs) for fault detection, graph neural networks for topology-aware fault localization, reinforcement learning for self-healing control, and a hybrid drift detection mechanism combining ADWIN and Page–Hinkley tests. Continual adaptation is achieved through the synergistic use of Elastic Weight Consolidation, memory-augmented replay, progressive neural network expansion, and Model-Agnostic Meta-Learning for rapid adaptation to emerging drifts. Extensive experiments conducted on the Smart City Air Quality and Network Intrusion Detection Dataset (NSL-KDD) demonstrate that H-CLAS achieves accuracy improvements of 12–15% over baseline methods, reduces false positives by over 50%, and enables 2–3× faster recovery after drift events. By enhancing resilience, reliability, and autonomy in critical IoT-driven infrastructures, the proposed framework contributes to improved grid stability, reduced downtime, and safer, more sustainable energy and urban monitoring systems, thereby providing significant societal and environmental benefits. Full article

The residential energy sector contributes substantially to global energy-related emissions. Effective energy management requires an understanding occupant behavior through activity detection and habit identification. Recent advances in artificial intelligence (AI) and machine learning (ML) enable the automatic detection of user activities and prediction of energy needs based on historical consumption data. Non-intrusive load monitoring (NILM) facilitates device-level disaggregation without additional sensors, supporting demand forecasting and behavior-aware control in Home Energy Management Systems (HEMSs). This review synthesizes various AI and ML approaches for detecting user activities and energy habits in HEMSs from 2020 to 2025. The analyses revealed that deep learning (DL) models, with their ability to capture complex temporal and nonlinear patterns in multisensor data, achieve superior accuracy in activity detection and load forecasting, with occupancy detection reaching 95–99% accuracy. Hybrid systems combining neural networks and optimization algorithms demonstrate enhanced robustness, but challenges remain in limited cross-building generalization, insufficient interpretability of deep models, and the absence of dataset standardized. Future work should prioritize lightweight, explainable edge-ready models, federated learning, and integration with digital twins and control systems. It should also extend energy optimization toward occupant wellbeing and grid flexibility, using standardized protocols and open datasets for ensuring trustworthy and sustainability. Full article

This study provides a detailed comparative analysis of a three-hybrid intrusion detection method aimed at strengthening network security through precise and adaptive threat identification. The proposed framework integrates an Autoencoder-Gaussian Mixture Model (AE-GMM) with two supervised learning techniques, XGBoost and Logistic Regression, combining deep feature extraction with interpretability and stable generalization. Although the downstream classifiers are trained in a supervised manner, the hybrid intrusion detection nature of the framework is preserved through unsupervised representation learning and probabilistic modeling in the AE-GMM stage. Two benchmark datasets were used for evaluation: NSL-KDD, representing traditional network behavior, and UNSW-NB15, reflecting modern and diverse traffic patterns. A consistent preprocessing pipeline was applied, including normalization, feature selection, and dimensionality reduction, to ensure fair comparison and efficient training. The experimental findings show that hybridizing deep learning with gradient-boosted and linear classifiers markedly enhances detection performance and resilience. The AE–GMM-XGBoost model achieved superior outcomes, reaching an F1-score above 0.94 ± 0.0021 and an AUC greater than 0.97 on both datasets, demonstrating high accuracy in distinguishing legitimate and malicious traffic. AE-GMM-Logistic Regression also achieved strong and balanced performance, recording an F1-score exceeding 0.91 ± 0.0020 with stable generalization across test conditions. Conversely, the standalone AE-GMM effectively captured deep latent patterns but exhibited lower recall, indicating limited sensitivity to subtle or emerging attacks. These results collectively confirm that integrating autoencoder-based representation learning with advanced supervised models significantly improves intrusion detection in complex network settings. The proposed framework therefore provides a solid and extensible basis for future research in explainable and federated intrusion detection, supporting the development of adaptive and proactive cybersecurity defenses. Full article

The Internet of Things (IoT) is increasingly deployed at the edge under resource and environmental constraints, which limits the practicality of traditional intrusion detection systems (IDSs) on IoT hardware. This paper presents two IDS configurations. First, we develop a baseline IDS with fixed hyperparameters, achieving 99.20% accuracy and ~0.002 ms/sample inference latency on a desktop machine; this configuration is suitable for high-performance platforms but is not intended for constrained IoT deployment. Second, we propose a lightweight, edge-oriented IDS that applies ANOVA-based filter feature selection and uses a genetic algorithm (GA) for the bounded hyperparameter tuning of the classifier under stratified cross-validation, enabling efficient execution on Raspberry Pi-class devices. The lightweight IDS achieves 98.95% accuracy with ~4.3 ms/sample end-to-end inference latency on Raspberry Pi while detecting both low-volume and high-volume (DoS/DDoS) attacks. Experiments are conducted in a Raspberry Pi-based real lab using an up-to-date mixed-modal dataset combining system/network telemetry and heterogeneous physical sensors. Overall, the proposed framework demonstrates a practical, hardware-aware, and reproducible way to balance detection performance and edge-level latency using established techniques for real-world IoT IDS deployment. Full article

Ensuring robust railway safety is paramount for efficient and reliable transportation systems, a challenge increasingly addressed through advancements in artificial intelligence (AI). This review paper comprehensively explores the burgeoning role of AI in enhancing the safety of railway operations, focusing on key contributions from machine learning, neural networks, and computer vision. We synthesize current research that leverages these sophisticated AI methodologies to mitigate risks associated with railroad accidents and optimize railroad tracks management. The scope of this review encompasses diverse applications, including real-time monitoring of track conditions, predictive maintenance for infrastructure components, automated defect detection, and intelligent systems for obstacle and intrusion detection. Furthermore, it delves into the use of AI in assessing human factors, improving signaling systems, and analyzing accident/incident reports for proactive risk management. By examining the integration of advanced analytical techniques into various facets of railway operations, this paper highlights how AI is transforming traditional safety paradigms, paving the way for more resilient, efficient, and secure railway networks worldwide. Full article

This paper introduces a cybersecurity framework that combines a deception-based ransomware detection system, called the Intrusion and Ransomware Detection System for Cloud (IRDS4C), with a blockchain-enabled Cyber Threat Intelligence platform (CTIB). The framework aims to improve the detection, reporting, and sharing of ransomware threats in cloud environments. IRDS4C uses deception techniques such as honeypots, honeytokens, pretender network paths, and decoy applications to identify ransomware behavior within cloud systems. Tests on 53 Windows-based ransomware samples from seven families showed an ordinary detection time of about 12 s, often quicker than tralatitious methods like file hashing or entropy analysis. These detection results are currently limited to Windows-based ransomware environments, and do not yet cover Linux, containerized, or hypervisor-level ransomware. Detected threats are formatted using STIX/TAXII standards and firmly shared through CTIB. CTIB applies a hybrid blockchain consensus of Proof of Stake (PoS) and Proof of Work (PoW) to ensure data integrity and protection from tampering. Security analysis shows that an attacker would need to control over 71% of the network to compromise the system. CTIB also improves trust, accuracy, and participation in intelligence sharing, while smart contracts control access to erogenous data. In a local prototype deployment (Hardhat devnet + FastAPI/Uvicorn), CTIB achieved 74.93–125.92 CTI submissions/min, The number of attempts or requests in each test was 100 with median end-to-end latency 455.55–724.99 ms (p95: 577.68–1364.17 ms) across PoW difficulty profiles (difficulty_bits = 8–16). Full article

The Transport Layer Security (TLS) protocol is widely used nowadays to create secure communications over TCP/IP networks. Its purpose is to ensure confidentiality, authentication, and data integrity for messages exchanged between two endpoints. In order to facilitate its integration into widely used applications, the protocol is typically implemented through libraries, such as OpenSSL, BoringSSL, LibreSSL, WolfSSL, NSS, or mbedTLS. These libraries encompass functions that execute the specialized TLS handshake required for channel establishment, as well as the construction and processing of TLS records, and the procedures for closing the secure channel. However, these software libraries may contain vulnerabilities or errors that could potentially jeopardize the security of the TLS channel. To identify flaws or deviations from established standards within the implemented TLS code, a specialized tool known as TLS-Anvil can be utilized. This tool also verifies the compliance of TLS libraries with the specifications outlined in the Request for Comments documents published by the IETF. TLS-Anvil conducts numerous tests with a client/server configuration utilizing a specified TLS library and subsequently generates a report that details the number of successful tests. In this work, we exploit the results obtained from a selected subset of TLS-Anvil tests to generate rules used for anomaly detection in Suricata, a well-known signature-based Intrusion Detection System. During the tests, TLS-Anvil generates .pcap capture files that report all the messages exchanged. Such files can be subsequently analyzed with Wireshark, allowing for a detailed examination of the messages exchanged during the tests and a thorough understanding of their structure on a byte-by-byte basis. Through the analysis of the TLS handshake messages produced during testing, we develop customized Suricata rules aimed at detecting TLS anomalies that result from flawed implementations within the intercepted traffic. Furthermore, we describe the specific test environment established for the purpose of deriving and validating certain Suricata rules intended to identify anomalies in nodes utilizing a version of the OpenSSL library that does not conform to the TLS specification. The rules that delineate TLS deviations or potential attacks may subsequently be integrated into a threat detection platform supporting Suricata. This integration will enhance the capability to identify TLS anomalies arising from code that fails to adhere to the established specifications. Full article

Accurate measurement of wall shear stress (WSS) is essential for both fundamental and applied fluid dynamics, where it governs boundary-layer behavior, drag generation, and the performance of flow-control systems. Yet, existing WSS sensing methods remain limited by low spatial resolution, complex instrumentation, or the need for user-dependent calibration. This work introduces a method based on artificial intelligence (AI) and Oil-Film Interferometry, referred to as AI-OFI, that transforms a classical optical technique into an automated and sensor-like platform for local WSS detection. The method combines the non-intrusive precision of Oil-Film Interferometry with modern deep-learning tools to achieve fast and fully autonomous data interpretation. Interference patterns generated by a thinning oil film are first segmented in real time using a YOLO-based object detection network and subsequently analyzed through a modified VGG16 regression model to estimate the local film thickness and the corresponding WSS. A smart interrogation-window selection algorithm, based on 2D Fourier analysis, ensures robust fringe detection under varying illumination and oil distribution conditions. The AI-OFI system was validated in the high-Reynolds-number Long Pipe Facility at the Centre for International Cooperation in Long Pipe Experiments (CICLoPE), showing excellent agreement with reference pressure-drop measurements and conventional OFI, with an average deviation below 5%. The proposed framework enables reliable, real-time, and operator-independent wall shear stress sensing, representing a significant step toward next-generation optical sensors for aerodynamic and industrial flow applications. Full article

Intrusion detection systems (IDSs) are crucial for safeguarding modern digital infrastructure against the ever-evolving cyber threats. As cyberattacks become increasingly complex, traditional machine learning (ML) algorithms, while remaining effective in classifying known threats, face limitations such as static learning, dependency on labeled data, and susceptibility to adversarial exploits. Deep reinforcement learning (DRL) has recently surfaced as a viable substitute, providing resilience in unanticipated circumstances, dynamic adaptation, and continuous learning. This study conducts a thorough bibliometric analysis and systematic literature review (SLR) of DRL-based intrusion detection systems (DRL-based IDS). The relevant literature from 2020 to 2024 was identified and investigated using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework. Emerging research themes, influential works, and structural relationships in the research fields were identified using a bibliometric analysis. SLR was used to synthesize methodological techniques, datasets, and performance analysis. The results indicate that DRL algorithms such as deep Q-network (DQN), double DQNs (DDQN), dueling DQN (D3QN), policy gradient methods, and actor–critic models have been actively utilized for enhancing IDS performance in various applications and datasets. The results highlight the increasing significance of DRL-based solutions for developing intelligent and robust intrusion detection systems and advancing cybersecurity. Full article

This study aims to enhance the security of unmanned aerial vehicles (UAVs) within the Internet of Drones (IoD) ecosystem by detecting and preventing Denial-of-Service (DoS) attacks. We introduce DroneDefender, a web-based intrusion detection system (IDS) that employs machine learning (ML) techniques to identify anomalous network traffic patterns associated with DoS attacks. The system is evaluated using the CIC-IDS 2018 dataset and utilizes the Random Forest algorithm, optimized with the SMOTEENN technique to tackle dataset imbalance. Our results demonstrate that DroneDefender significantly outperforms traditional IDS solutions, achieving an impressive detection accuracy of 99.93%. Key improvements include reduced latency, enhanced scalability, and a user-friendly graphical interface for network administrators. The innovative aspect of this research lies in the development of an ML-driven, web-based IDS specifically designed for IoD environments. This system provides a reliable, adaptable, and highly accurate method for safeguarding drone operations against evolving cyber threats, thereby bolstering the security and resilience of UAV applications in critical sectors such as emergency services, delivery, and surveillance. Full article

With the rapid development of the Internet of Things (IoT) and Industrial IoT (IIoT), Network Intrusion Detection Systems (NIDSs) play a critical role in securing modern networked environments. Despite advances in multi-class intrusion detection, existing approaches face challenges from high-dimensional heterogeneous traffic data, severe class imbalance, and limited interpretability of high-performance “black-box” models. To address these issues, this study presents an XGBoost-based NIDSs integrating optimized strategies for feature dimensionality reduction and class balancing, alongside SHAP-based interpretability analysis. Feature reduction is investigated by comparing selection methods that preserve original features with generation methods that create transformed features, aiming to balance detection performance and computational efficiency. Class balancing techniques are evaluated to improve minority-class detection, particularly reducing false negatives for rare attack types. SHAP analysis reveals the model’s decision process and key feature contributions. The experimental results demonstrate that the method enhances multi-class detection performance while providing interpretability and computational efficiency, highlighting its potential for practical deployment in IoT security scenarios. Full article

Healthcare has been fundamentally changed by the expansion of IoT, which enables advanced diagnostics and continuous monitoring of patients outside clinical settings. Frequently interconnected medical devices often encounter resource limitations and lack comprehensive security safeguards. Therefore, such devices are prone to intrusions, with DDoS attacks in particular threatening the integrity of vital infrastructure. To safe guard sensitive patient information and ensure the integrity and confidentiality of medical devices, this article explores the critical importance of robust security measures in healthcare IoT systems. In order to detect DDoS attacks in healthcare networks supported by WBSN-enabled IoT devices, we propose a hybrid detection model. The model utilizes the advantages of Long Short-Term Memory (LSTM) networks for modeling temporal dependencies in network traffic and Convolutional Neural Networks (CNNs) for extracting spatial features. The effectiveness of the model is demonstrated by simulation results on the CICDDoS2019 datasets, which indicate a detection accuracy of 99% and a loss of 0.05%, respectively. The evaluation results highlight the capability of the hybrid model to reliably detect potential anomalies, showing superior performance over leading contemporary methods in healthcare environments. Full article

Prolonged +Gz acceleration during high-performance flight exposes pilots to the risk of G-induced loss of consciousness (G-LOC), a dangerous condition that compromises operational safety. To enable early detection without intrusive sensors, we present a vision-based warning system that analyzes facial action units (AUs) as physiological indicators of impending G-LOC. Our approach combines computer vision with physiological modeling to capture subtle facial microexpressions associated with cerebral hypoxia using widely available RGB cameras. We propose a novel Graph Convolution-Augmented Vision Transformer (GC-ViT) network architecture that effectively captures dynamic AU variations in pilots under G-LOC conditions by integrating global context modeling with vision Transformer. The proposed framework integrates a vision–semantics collaborative Transformer for robust AU feature extraction, where EfficientNet-based spatiotemporal modeling is enhanced by Transformer attention mechanisms to maintain recognition accuracy under high-G stress. Building upon this, we develop a graph-based physiological model that dynamically tracks interactions between critical AUs during G-LOC progression by learning the characteristic patterns of AU co-activation during centrifugal training. Experimental validation on centrifuge training datasets demonstrates strong performance, achieving an AUC-ROC of 0.898 and an AP score of 0.96, confirming the system’s ability to reliably identify characteristic patterns of AU co-activation during G-LOC events. Overall, this contact-free system offers an interpretable solution for rapid G-LOC detection, or as a complementary enhancement to existing aeromedical monitoring technologies. The non-invasive design demonstrates significant potential for improving safety in aerospace physiology applications without requiring modifications to current cockpit or centrifuge setups. Full article

Industrial control systems (ICSs) are increasingly interconnected with enterprise IT networks and remote services, which expands the attack surface of operational technology (OT) environments. However, collecting sufficient attack traffic from real OT/ICS networks is difficult, and the resulting scarcity and class imbalance of malicious data hinder the development of intrusion detection systems (IDSs). At the same time, large language models (LLMs) have shown promise for security analytics when system events are expressed in natural language. This study investigates an LLM-based network IDS for a smart-factory OT/ICS environment and proposes a synthetic data generation method that injects domain knowledge into attack samples. Using the ICSSIM simulator, we construct a bottle-filling smart factory, implement six MITRE ATT&CK for ICS-based attack scenarios, capture Modbus/TCP traffic, and convert each request–response pair into a natural-language description of network behavior. We then generate synthetic attack descriptions with GPT by combining (1) statistical properties of normal traffic, (2) MITRE ATT&CK for ICS tactics and techniques, and (3) expert knowledge obtained from executing the attacks in ICSSIM. The Llama 3.1 8B Instruct model is fine-tuned with QLoRA on a seven-class classification task (Benign vs. six attack types) and evaluated on a test set composed exclusively of real ICSSIM traffic. Experimental results show that synthetic data generated only from statistical information, or from statistics plus MITRE descriptions, yield limited performance, whereas incorporating environment-specific expert knowledge is associated with substantially higher performance on our ICSSIM-based expanded test set (100% accuracy in binary detection and 96.49% accuracy with a macro F1-score of 0.958 in attack-type classification). Overall, these findings suggest that domain-knowledge-infused synthetic data and natural-language traffic representations can support LLM-based IDSs in OT/ICS smart-factory settings; however, further validation on larger and more diverse datasets is needed to confirm generality. Full article

Federated learning (FL) enables privacy-preserving collaboration for Network Intrusion Detection Systems (NIDSs), but its effectiveness under heterogeneous traffic, severe class imbalance, and domain shift remains insufficiently characterized. We evaluate FL in two settings: (i) single-domain training on CICIDS-2017, InSDN/OVS, and 5G-NIDD with cross-domain testing, and (ii) multi-domain training that learns a unified model across enterprise and Software-Defined Network (SDN) traffic. Using consistent preprocessing and controlled ablations over balancing strategy, loss function, and client sampling, we find that dataset structure (class separability) largely determines single-domain FL gains. On datasets with lower separability, FL with Per-Client Synthetic Minority Over-sampling Technique (SMOTE) substantially improves Macro-F1 over centralized baselines, while well-separated datasets show limited benefit. However, single-domain models degrade sharply under domain shift, showing substantial degradation in cross-domain transfer. To mitigate this, we combine multi-domain FL with AutoEncoder pretraining and achieve 77% Macro-F1 across environments, demonstrating that FL can learn domain-invariant representations when trained on diverse traffic sources. Overall, our results indicate that Per-Client SMOTE is the preferred balancing strategy for federated NIDS, and that multi-domain training is often necessary when deployment environments differ from training data. Full article