Search Results (1,218)

Deep learning models for power quality (PQ) disturbance classification remain critically vulnerable to adversarial perturbations, with classification performance degrading severely under white-box attacks. Existing defenses address individual models in isolation and provide no mechanism for operators to assess whether the system is under attack or which classifier remains trustworthy. This paper proposes a two-stage framework that combines adversarial training with large language model (LLM) reasoning to improve both robustness and interpretability. In the first stage, four architecturally diverse classifiers, including a proposed Multi-Scale Temporal Attention Network (MSTAN), are evaluated under four adversarial attacks (FGSM, PGD, C&W, and UAP), and their failure patterns are recorded as structured vulnerability fingerprints. The ensemble is then retrained via adversarial training on mixed clean and perturbed signals. In the second stage, an LLM analyzes the ensemble predictions alongside the fingerprint knowledge base to perform attack detection, fingerprint-guided meta-classification, and operator-facing threat report generation. On a 17-class, 255,000-signal synthetic benchmark, adversarial training recovers FGSM and PGD accuracy from below 25% to the 53–78% range, with MSTAN achieving the highest post-training robustness (78.26% under FGSM, 65.41% under PGD). The LLM reasoning layer provides an additional 3.5–6.2 percentage point improvement over majority voting by selecting the most reliable ensemble member based on the inferred attack condition, and detects adversarial attacks with 87.6% overall accuracy. To our knowledge, this is the first integration of LLM-based ensemble reasoning into the PQ adversarial robustness pipeline and the first application of the C&W optimization attack to power quality signals. Full article

When photovoltaic (PV) power plants are connected to weak alternating current (AC) grids, the interaction between the plant and grid may induce wideband oscillation, posing a serious threat to the stability of grid-connected PV systems. To address this problem, this paper proposes an oscillation suppression method based on adaptive supplementary damping control of a Static Var Generator (SVG). First, a sequence impedance model of a PV power plant integrated with an SVG is established, and the Nyquist criterion is employed to analyze the mechanism underlying wideband oscillations. Then, a supplementary damping controller implemented in the SVG is designed to reshape the impedance characteristics of the PV power plant and enhance system damping. Furthermore, a Variational Mode Decomposition–Prony modal identification algorithm is introduced to extract oscillation mode information in real time. Based on the identified oscillation frequency, the parameters of the damping controller are adaptively adjusted, thereby improving the suppression capability for wideband oscillations with varying frequencies. Finally, a grid-connected PV power plant model with an SVG is developed, and the performance of the proposed adaptive suppression strategy is compared with that of conventional supplementary damping control. The results demonstrate that the proposed strategy provides stronger robustness and adaptability, effectively suppresses wideband oscillations under different operating conditions, and improves the stability of grid-connected PV systems. Full article

Three-dimensional UAV operations require path planning methods that can jointly maintain route efficiency, threat avoidance, and trajectory smoothness under spatially distributed and time-varying constraints. To address this problem, this paper develops an integrated Dual-Layer Adaptive T-perturbation and Opposition-based Multi-Objective Particle Swarm Optimization framework, termed DATO-MOPSO, for 3D UAV path planning in complex threat environments. The method integrates a dual-layer adaptive inertia-weight and velocity-regulation mechanism with symmetric T-perturbation, an elite quasi-opposition-based learning strategy for diversity recovery and feasible local exploitation, and an archive-driven simulated annealing rule for stagnation-aware personal-best updating. A three-objective model minimizing path length, threat exposure, and path smoothness is established, and comparative experiments against MOPSO, ZAMOPSO, NSGA-II, and SPEA2 are conducted in both static and dynamic environments, together with statistical and ablation analyses. In the static scenario, DATO-MOPSO achieved the highest mean HV and stable repeated-run performance, but its IGD was comparable to ZAMOPSO with higher computational cost. In the dynamic scenario, DATO-MOPSO showed its main advantage, achieving the highest mean HV and the lowest mean IGD with statistically significant HV and IGD improvements over all baselines. Overall, DATO-MOPSO is most advantageous in time-varying complex threat environments, whereas its static-scenario advantages are accompanied by higher computational cost. Full article

The growing complexity of web attacks highlights the need for adaptive, intelligent defense systems that overcome the limitations of traditional rule-based web security. Thus, the architecture proposed in this paper integrates data-driven deep learning with deterministic rule-based logic to enhance real-time detection accuracy and adaptability in dynamic web threat environments. The practical integration of a deep learning-based Gated Recurrent Unit (GRU) model with ModSecurity, an open-source Web Application Firewall (WAF), is employed to improve the detection and classification of malicious HTTP requests. The model, pre-trained on a large labeled up-to-date dataset of web traffic and attack types collected post-2020, is designed to classify requests in real-time, identifying both whether a request is malicious and the corresponding attack category (e.g., SQL Injection, Cross-Site Scripting, Command Injection). We demonstrate how the trained model is incorporated into ModSecurity’s inspection pipeline, allowing it to analyze real-time web traffic alongside traditional rule-based inspection. This hybrid approach aims to significantly reduce false positives and improve adaptability to new attack patterns. Evaluation metrics such as accuracy, receiver operating characteristic (ROC), area under the curve (AUC), Principal Component Analysis (PCA), confusion matrix, and t-Distributed Stochastic Neighbor Embedding (t-SNE) visualization are discussed, along with performance considerations and implementation architecture. The integration presents a robust framework for ML-improved intelligent web security defense. Full article

Operational labor shortages have become a pressing challenge for hospitality organizations, especially in highly seasonal tourism destinations such as Greece, where service experiences are deeply tied to cultural identity and authentic hospitality. While much of the existing research has examined understaffing from operational or human resource management perspectives, limited attention has been paid to its impact on the organizational capacity to sustain authentic hospitality experiences. Using Service-Dominant Logic (SDL) as an interpretive framework, this study views authentic hospitality as an organizational process shaped by employee interaction, cultural transmission, and service delivery practices. Drawing on survey data from 201 hotel employees in Greece, it investigates the relationship between operational labor shortages, organizational pressures, and perceived threats to authentic hospitality within hotel operations. The findings reveal significant positive relationships between work stress and service quality decline, as well as between cultural knowledge and perceived challenges in maintaining authentic hospitality. Multiple regression analysis further shows that reactive hiring, serious understaffing, and payroll cost pressure are significantly linked to perceived challenges in sustaining authentic hospitality, while service quality decline exhibits a positive but statistically non-significant effect in the final model. The study contributes to hospitality authenticity literature by emphasizing employee perceptions of authenticity as an organizationally supported process rather than merely a guest-centered outcome. The results also highlight the importance of workforce planning, recruitment quality, and cultural onboarding in supporting authentic hospitality within Greek hotel operations. Full article

The study presents the results of research aimed at developing digital models for determining the operating parameters of railway power supply systems equipped with distributed generation plants based on renewable energy sources (RESs). RESs can be used in railway transport to increase the reliability of power supply to facilities located in areas with insufficiently developed power grids. This primarily applies to consumers, for whom a power failure can lead to significant damage, accidents, and a threat to human life. RES can serve as independent power sources for special-group consumers and can increase energy conversion efficiency. Furthermore, large-scale implementation of renewable energy sources can significantly reduce energy supply costs and improve power quality. The study employs phase-coordinate modeling, which is characterized by the following features: a systems approach, which implies determining operating conditions while considering the properties and characteristics of complex traction and supply networks; versatility, which enables modeling of power supply systems of various structures and designs; and comprehensiveness, which involves calculating normal, emergency, and special operating parameters—crucial for scenarios such as ice melting on catenary wires. The modeling results obtained using the Fazonord AC-DC software (ver. 5.3.5.2) show that RES-based distributed generation plants provide a variety of beneficial effects: reduction in electricity consumption from power system networks; decrease in voltage unbalance and harmonic distortion on the busbars of regional windings of traction substations; and stabilization of voltage levels on current collectors of electric locomotives. Full article

Introduction: River fragmentation caused by hydropower infrastructure remains a primary threat to aquatic biodiversity, creating a critical need for fish passage solutions that can adapt to high environmental variability. Although adaptive management (AM) has the potential to significantly improve longitudinal connectivity and ecological resilience, its application in real-world fishway operations is currently limited. Objective: This study aims to present and validate a flexible AM framework designed to optimize fish passage by integrating low-cost monitoring systems with automated data processing and predictive modeling. Methodology: The proposed system combines a sensor network for real-time water-level and environmental monitoring with biological performance data obtained through Passive Integrated Transponder (PIT) technology. These data were processed locally using edge computing. Over a two-year period, weekly aggregated data were used to develop Random Forest models to identify the primary drivers of fish movement. Results: The final model successfully identified five key drivers: luminosity, water temperature, and three nested hydraulic parameters at the fishway’s upstream section. Validation at a vertical-slot fishway in Vadocondes (Duero River, Spain) showed that retrospective optimization—specifically adjusting sluice-gate regulation—could increase downstream water levels and reduce drops at the first cross wall. This adjustment demonstrated a substantial increase in predicted fish passage without requiring changes to the hydropower plant’s core operation. Conclusions: The framework is highly flexible and transferable to other regulated river systems. However, its success is contingent upon the definition of clear ecological objectives and the seamless integration of monitoring results into the day-to-day operation of river infrastructure. Full article

The Robot Operating System (ROS) is widely used in modern robotics, but its open architecture makes it vulnerable to numerous cyber threats. Although machine learning (ML)-based intrusion detection systems (IDSs) demonstrate strong classification performance on ROS-specific datasets, reliance on topology-dependent identifiers such as source and destination IP addresses, port numbers, and Flow IDs remains a critical limitation in current research. This reliance may encourage algorithms to exploit scenario-specific endpoint signatures instead of relying primarily on transferable behavioral patterns. Consequently, classification scores may be artificially inflated due to data leakage. This study addresses this issue by quantitatively measuring the impact of data leakage and introducing a topology-independent, explainable ROS framework that provides a more realistic, leakage-aware, and topology-independent evaluation framework. The evaluation involved testing the LightGBM, XGBoost, and CatBoost algorithms on ROSIDS23. Additionally, Random Forest and Gradient Boosting were included to verify the presence of data leakage. In our ablation study, models that included topology features achieved near-perfect Macro-F1 values of 0.999 to 1.000. In contrast, removing topology-dependent features reduced the Macro-F1 score to about 0.66. This finding shows that topology descriptors, rather than just transferable attack behaviors, can significantly influence the near-perfect scores seen with topology-preserving protocols. Even without topology data, ML models effectively captured temporal behavioral patterns and detected DoS attacks with nearly perfect performance, reaching F1 scores of 0.99 or higher. However, semantic attacks like Unauthorized Subscribe remained tough to classify, with F1 scores of 0.43 or lower. Additionally, SHapley Additive exPlanations (SHAP) analysis improves the interpretability of IDSs by identifying the main behavioral features that drive model decisions and suggesting feature-level directions for rule-based defense configurations in ROS environments. Full article

(1) Background: Cybersecurity has grown in scale and complexity, increasing the need for shared conceptual frameworks that enable consistent, interoperable, and machine-readable representations of security knowledge. Ontologies address this need by structuring core cybersecurity concepts, yet existing efforts vary widely in purpose and methodological rigour. Prior developments tend to follow either an instrumental path—prioritizing usability and rapid adoption—or a formal path, emphasising logical precision and reasoning capabilities. This divergence has resulted in a fragmented landscape lacking analytical synthesis. (2) Methods: To clarify current practices and uncover research opportunities, we conducted a systematic literature review of 93 cybersecurity ontologies published over the past decade. Following PRISMA guidelines, we analysed their conceptual coverage, development methods, validation strategies, and alignment with the NIST Cybersecurity Framework (CSF) 2.0. (3) Results: Despite heterogeneity in scope, the ontologies consistently model core entities such as Asset, Threat, Vulnerability, Attack, and Countermeasure. However, conceptual coverage remains uneven: most contributions focus on the Identify and Detect functions of the NIST CSF, while Respond and Recover are largely underrepresented. This reveals a prevailing emphasis on preventive security rather than resilience and highlights gaps in empirical validation and industrial deployment. (4) Conclusions: The field shows strong conceptual maturation but limited methodological consistency and operational impact. Advancing cybersecurity ontologies will require integrating pragmatic and formal modelling traditions, incorporating emerging techniques such as knowledge graphs and LLM-assisted ontology learning, and expanding coverage toward post-incident response and recovery. These steps are essential for developing a unified, explainable, and adaptive cybersecurity knowledge base capable of supporting real-world security operations. Full article

Industrial control systems (ICS), which manage critical infrastructure such as power grids and water treatment, are increasingly exposed to cyber threats and operational faults as their connectivity to external networks grows. AI-based anomaly detection has emerged as a key defense, yet three limitations restrict its practical deployment: (i) detected anomalies are treated uniformly without distinguishing between transient faults and intentional attacks, hindering tailored incident response; (ii) the trade-off between detection accuracy and the false-positive rate burdens experts with extensive manual triage and delays prompt action; and (iii) prevailing feature-attribution Explainable AI (XAI) techniques such as SHAP and LIME produce fragmented sensor-level explanations and fail to capture correlations among sensors in time-series data, undermining trust in model decisions. To address these gaps, this paper proposes a graph-based deep learning framework that (a) defines anomaly types in terms of the anomalous-sensor ratio measured before and after smoothing—which operationalizes the correlation-maintenance principle that faults keep coupled sensors jointly anomalous while attacks isolate them—enabling explicit separation of faults, attacks, false positives, and false negatives; (b) identifies ambiguous decisions near the detection threshold as candidate false alarms via dynamic threshold smoothing; and (c) provides correlation-aware graph visualizations for intuitive interpretation. Experiments on the Secure Water Treatment (SWaT) dataset center on this post-detection layer: built on a standard graph-based detector (F1-score 0.787 at Top-K = 10) that serves only as the substrate, the categorization separates faults from attacks, and the subsequent ambiguity analysis identifies false negatives with 83% precision and false positives with 73% precision. By separating attacks from faults and surfacing high-likelihood false alarms together with intuitive sensor-correlation explanations, the proposed approach reduces analyst workload and supports more reliable, prioritized incident response in ICS environments. Full article

The rapid growth of web-based services has intensified the need for reliable mechanisms to distinguish malicious Uniform Resource Locators (URLs) from legitimate ones. Phishing campaigns, malware distribution networks, and defacement operations increasingly rely on deceptive web addresses to compromise unsuspecting users and critical infrastructure. Accurate URL classification plays a critical role in mitigating phishing attacks, malware distribution, and other cyber threats. This study presents a machine learning framework for detecting malicious URLs in cybersecurity applications. This study presents a comprehensive empirical evaluation of multiple machine learning and deep learning approaches for URL classification under two experimental settings: training with the complete feature set and training with a reduced subset obtained through Particle Swarm Optimization (PSO). The framework incorporates advanced feature engineering techniques that capture domain-specific characteristics of malicious URLs. Seventeen classifiers, encompassing traditional ensemble methods, neural architectures, and hybrid stacking configurations, were evaluated on a publicly available dataset of 651,191 URL samples retrieved from Kaggle. The PSO reduced the original ten-feature space to seven discriminative features, representing a 30% dimensionality reduction. Experimental results demonstrate that all-feature models consistently outperformed their PSO-reduced counterparts, with Random Forest achieving the highest classification accuracy of 91.90% and an F1-score of 0.9165. The findings offer empirical grounding for the design of computationally efficient URL threat detection systems and provide actionable directions for future research in adversarial machine learning and real-time cybersecurity pipelines. Full article

Wireless Body Area Networks (WBANs) have become an essential component of modern Internet of Medical Things (IoMT) healthcare systems, enabling continuous monitoring of patient physiological signals through wearable sensors. Despite their advantages, WBAN environments remain highly prone to cyber threats, privacy breaches, and single points of failure. To address these risks, this work proposes a Hybrid Multi-Metric Anomaly Detection (HM-MAD) framework deployed on the NodeMCU-32S platform with BLE 5.0 connectivity for secure continuous glucose monitoring (CGM) data transmission. The detection model simultaneously analyses physiological signals, system-level parameters, and network-level communication metrics, enabling the reliable identification of multiple cyberattacks. The proposed system focuses on securing data transmission against relay attacks, where attackers induce communication delay without modifying payloads, potentially leading to false glucose readings, improper insulin dosage delivery, unauthorized control or denial-of-service. The Convolutional Neural Network (CNN) and Bi-Directional Long Short Term Memory (BiLSTM) model classifies attack types including timing manipulation, replay attacks, power glitches, firmware tampering, and sensor spoofing. Experimental evaluation demonstrates that the proposed CNN + BiLSTM framework achieves 94.6% detection accuracy with an average inference latency of 15 ms, representing a 50% latency reduction compared to Transformer-based intrusion detection models (30 ms), while simultaneously reducing computational overhead by 28% in terms of floating-point operations and memory utilization. These results indicate that the HM-MAD framework provides an effective and scalable solution for protecting resource-constrained IoMT healthcare systems against emerging cyber threats. Full article

Cyber-physical systems (CPSs) based on the Internet of Things (IoT) form the backbone of modern smart infrastructures, including smart cities, healthcare monitoring, industrial automation, and intelligent transportation. However, connecting many resource-limited IoT devices makes them more vulnerable to cyber threats, particularly quantum attacks. This review comprehensively examines quantum-secure communication (QSC) frameworks for IoT-enabled CPS, focusing on Quantum Key Distribution (QKD), post-quantum cryptographic (PQC) algorithms, and hybrid quantum–classical security models suitable for constrained devices. A PRISMA-guided search of the Scopus and Google Scholar database was conducted in January 2026 using three keyword groups related to hybrid security, artificial intelligence, and cyber-physical systems. Based on the evaluation, 6008 publications have been identified between 2001 and 2026. The first-round screening was performed for 4948 articles, after excluding duplicates. During the screening stage, 348 articles were selected for abstract scrutiny, 115 records were excluded due to no direct focus on CPS/IoT applications, 52 studies were excluded because these papers relied on traditional security models, 25 studies were excluded due to insufficient relevance to the review objectives, and 15 additional non-English studies were removed. Following the screening stage, 141 studies were selected for full-text eligibility. Out of those, 86 studies were removed due to a lack of specific evaluation metrics or not being published in a peer-reviewed venue. Furthermore, the publications are classified as QKD-based secure CPS and QSC for industrial IoT, AI-Assisted Secure Communication for CPS Networks, and hybrid PQC-QKD models for CPS/IoT devices. This article investigates recent advancements in secure data transmission, verified protocols, and AI-driven anomaly detection customized to CPS/IoT environments. In addition, operational hurdles, interaction with open innovations, real-time deployment, and secure edge-cloud integration are highlighted. By analyzing recent developments and identifying research gaps, this review provides a structured roadmap for designing secure, scalable, and quantum-safe IoT-based CPS frameworks capable of withstanding next-generation cyber threats. This systematic review was performed and reported according to the PRISMA 2020 guidelines. Full article

The increasing interconnectivity and digital transformation of Communication, Navigation, and Surveillance (CNS) systems have expanded their attack surface, rendering traditional perimeter-based security models inadequate for protecting these critical infrastructures. Zero Trust Architecture (ZTA), founded on the principle of “never trust, always verify,” offers a paradigm shift towards continuous, context-aware security. This paper presents a literature review investigating the application of ZTA principles to secure modern CNS ecosystems, following the guidelines of the International Civil Aviation Organization (ICAO) through its Cybersecurity Strategy and Plan. We analyze the alignment of ZTA core tenets—such as least-privilege access, micro-segmentation, and continuous authentication—with the unique operational requirements of CNS systems. This paper also presents a cybersecurity framework, under development within the Future Communications Digital Infrastructure (FCDI) project of the SESAR JU program, which aims to assist CNS stakeholders in collaboratively identifying cybersecurity threats within their scope of responsibility. The review critically examines implementation challenges for specific CNS subsystems: secure aeronautical communications (e.g., LDACS), resilient PNT (Positioning, Navigation, and Timing) services, and integrated surveillance networks (e.g., ADS-B, multilateration). Furthermore, we identify and evaluate domain-specific challenges, including integration with legacy avionics and ground systems, managing stringent latency and reliability constraints, and protecting against sophisticated threats targeting supply chains and data fusion processes. By synthesizing current research and practical deployment insights, this review aims to provide a foundational reference for aerospace engineers, cybersecurity specialists, and policymakers, offering a roadmap to enhance the cyber-resilience of vital CNS infrastructure in an era of evolving digital threats. Full article

Artificial intelligence (AI) is increasingly embedded in marketing work, yet employees who use AI tools may not always disclose AI’s role in producing their outputs. This study examines AI disclosure silence, defined as employees’ intentional withholding of information about the use, role, or contribution of AI tools in work-related outputs after AI has already been used. Unlike AI avoidance or resistance, this construct concerns post-adoption concealment; unlike general employee silence, it focuses on the hidden technological contribution behind visible work. Drawing on Conservation of Resources Theory and Psychological Safety Theory, the study investigates how threat-based conditions, safety and governance conditions, and AI-related capability are associated with AI disclosure silence. Data were collected through a two-wave survey of 635 marketing employees who actively used AI tools at work. The analysis combined measurement validation, Necessary Condition Analysis (NCA), fuzzy-set Qualitative Comparative Analysis (fsQCA), and explainable machine learning. The findings show that no single condition operated as a strong necessary bottleneck. Instead, AI disclosure silence appeared through multiple pathways involving AI anxiety, fear of negative evaluation, perceived creativity threat, perceived job insecurity, low trust in management, weak psychological safety, and unclear AI policy. SHapley Additive exPlanations (SHAP)-based interpretation further indicated that fear of negative evaluation, AI anxiety, perceived creativity threat, and trust in management had the strongest model-based predictive relevance. The study contributes to workplace AI and employee silence research by positioning AI disclosure silence as an emerging post-adoption disclosure construct. It also highlights the need for clear AI disclosure norms, non-punitive managerial responses, AI-assisted authorship guidelines, and psychologically safe AI-governance practices. The findings should be interpreted as configurational and predictive evidence rather than causal effects, and further scale validation across sectors and cultures is encouraged. Full article