Search Results (220)

Recent studies on network intrusion detection using deep learning primarily focus on detecting attacks or classifying attack types, but they often overlook the challenge of attributing each attack to its specific source among many potential adversaries (multi-adversary attribution). This is a critical and underexplored issue in cybersecurity. In this study, we address the problem of attacker attribution in complex, multi-step network attack (MSNA) environments, aiming to identify the responsible attacker (e.g., IP address) for each sequence of security alerts, rather than merely detecting the presence or type of attack. We propose a deep learning approach based on Transformer encoders to classify sequences of network alerts and attribute them to specific attackers among many candidates. Our pipeline includes data preprocessing, exploratory analysis, and robust training/validation using stratified splits and 5-fold cross-validation, all applied to real-world multi-step attack datasets from capture-the-flag (CTF) competitions. We compare the Transformer-based approach with a multilayer perceptron (MLP) baseline to quantify the benefits of advanced architectures. Experiments on this challenging dataset demonstrate that our Transformer model achieves near-perfect accuracy (99.98%) and F1-scores (macro and weighted ≈ 99%) in attack attribution, significantly outperforming the MLP baseline (accuracy 80.62%, macro F1 65.05% and weighted F1 80.48%). The Transformer generalizes robustly across all attacker classes, including those with few samples, as evidenced by per-class metrics and confusion matrices. Our results show that Transformer-based models are highly effective for multi-adversary attack attribution in MSNA, a scenario not or under-addressed in the previous intrusion detection systems (IDS) literature. The adoption of advanced architectures and rigorous validation strategies is essential for reliable attribution in complex and imbalanced environments. Full article

This review examines advancements in smart home security through the integration of home automation technologies. Various security systems, including surveillance cameras, smart locks, and motion sensors, are analyzed, highlighting their effectiveness in enhancing home security. These systems enable users to monitor and control their homes in real-time, providing an additional layer of security. The document also examines how these security systems can enhance the quality of life for users by providing greater convenience and control over their domestic environment. The ability to receive instant alerts and access video recordings from anywhere allows users to respond quickly to unexpected situations, thereby increasing their sense of security and well-being. Additionally, the challenges and future trends in this field are addressed, emphasizing the importance of designing solutions that are intuitive and easy to use. As technology continues to evolve, it is crucial for developers and manufacturers to focus on creating products that seamlessly integrate into users’ daily lives, facilitating their adoption and use. This comprehensive state-of-the-art review, based on the Scopus database, provides a detailed overview of the current status and future potential of smart home security systems. It highlights how ongoing innovation in this field can lead to the development of more advanced and efficient solutions that not only protect homes but also enhance the overall user experience. Full article

With the increasing scale of industrial devices and the growing complexity of multi-source heterogeneous sensor data, traditional methods struggle to address challenges in fault detection, data security, and trustworthiness. Ensuring tamper-proof data storage and improving prediction accuracy for imbalanced anomaly detection for potential deployment in the Industrial Internet of Things (IIoT) remain critical issues. This study proposes a blockchain-powered Long Short-Term Memory Network (LSTM)–Attention hybrid model: an LSTM-based Encoder–Attention–Decoder (LEAD) for industrial device anomaly detection. The model utilizes an encoder–attention–decoder architecture for processing multivariate time series data generated by industrial sensors and smart contracts for automated on-chain data verification and tampering alerts. Experiments on real-world datasets demonstrate that the LEAD achieves an $F_{0.1}$ score of 0.96, outperforming baseline models (Recurrent Neural Network (RNN): 0.90; LSTM: 0.94; and Bi-directional LSTM (Bi-LSTM, 0.94)). We simulate the system using a private FISCO-BCOS network with a multi-node setup to demonstrate contract execution, anomaly data upload, and tamper alert triggering. The blockchain system successfully detects unauthorized access and data tampering, offering a scalable solution for device monitoring. Full article

Ensuring cybersecurity in power monitoring systems is of paramount importance to maintain the operational safety and stability of modern power grids. With the rapid expansion of grid infrastructure and increasing sophistication of cyber threats, existing manual alarm-tracing methods face significant challenges in handling the massive volume of security alerts, leading to delayed responses and potential system vulnerabilities. Current approaches often lack the capability to effectively model complex relationships among alerts and are hindered by imbalanced data distributions, which degrade tracing accuracy. To this end, this paper proposes a power monitor system cybersecurity alarm-tracing method based on the knowledge graph (KG) and graph convolutional neural networks (GCNN). Specifically, a cybersecurity KG is constituted based on the historical alert, accurately representing the entities and relationships in massive alerts. Then, a GCNN with attention mechanisms is applied to sufficiently extract the topological features along alarms in KG so that it can precisely and effectively trace the massive alarms. Most importantly, to mitigate the influence of imbalanced alarms for tracing, a specialized data process and model ensemble strategy by adaptively weighted imbalance sample is proposed. Finally, based on 70,000 alarm information from a regional power grid, by applying the method proposed in this paper, an alarm traceability accuracy rate of 96.59% was achieved. Moreover, compared with the traditional manual method, the traceability efficiency was improved by more than 80%. Full article

In today’s increasingly interconnected digital world, cyber threats have grown in frequency and sophistication, making intrusion detection systems a critical component of modern cybersecurity frameworks. Traditional IDS methods, often based on static signatures and rule-based systems, are no longer sufficient to detect and respond to complex and evolving attacks. To address these challenges, Artificial Intelligence and machine learning have emerged as powerful tools for enhancing the accuracy, adaptability, and automation of IDS solutions. This study presents a novel, hybrid ensemble learning-based intrusion detection framework that integrates deep learning and traditional ML algorithms with explainable artificial intelligence for real-time cybersecurity applications. The proposed model combines an Artificial Neural Network and Support Vector Machine as base classifiers and employs a Random Forest as a meta-classifier to fuse predictions, improving detection performance. Recursive Feature Elimination is utilized for optimal feature selection, while SHapley Additive exPlanations (SHAP) provide both global and local interpretability of the model’s decisions. The framework is deployed using a Flask-based web interface in the Amazon Elastic Compute Cloud environment, capturing live network traffic and offering sub-second inference with visual alerts. Experimental evaluations using the NSL-KDD dataset demonstrate that the ensemble model outperforms individual classifiers, achieving a high accuracy of 99.40%, along with excellent precision, recall, and F1-score metrics. This research not only enhances detection capabilities but also bridges the trust gap in AI-powered security systems through transparency. The solution shows strong potential for application in critical domains such as finance, healthcare, industrial IoT, and government networks, where real-time and interpretable threat detection is vital. Full article

The underground coal mine environment is complex and dynamic, making the application of visual algorithms for object detection a crucial component of underground safety management as well as a key factor in ensuring the safe operation of workers. We look at this in the context of helmet-wearing detection in underground mines, where over 25% of the targets are small objects. To address challenges such as the lack of effective samples for unworn helmets, significant background interference, and the difficulty of detecting small helmet targets, this paper proposes a novel underground helmet-wearing detection algorithm that combines dynamic background awareness with a limited number of valid samples to improve accuracy for underground workers. The algorithm begins by analyzing the distribution of visual surveillance data and spatial biases in underground environments. By using data augmentation techniques, it then effectively expands the number of training samples by introducing positive and negative samples for helmet-wearing detection from ordinary scenes. Thereafter, based on YOLOv10, the algorithm incorporates a background awareness module with region masks to reduce the adverse effects of complex underground backgrounds on helmet-wearing detection. Specifically, it adds a convolution and attention fusion module in the detection head to enhance the model’s perception of small helmet-wearing objects by enlarging the detection receptive field. By analyzing the aspect ratio distribution of helmet wearing data, the algorithm improves the aspect ratio constraints in the loss function, further enhancing detection accuracy. Consequently, it achieves precise detection of helmet-wearing in underground coal mines. Experimental results demonstrate that the proposed algorithm can detect small helmet-wearing objects in complex underground scenes, with a 14% reduction in background false detection rates, and thereby achieving accuracy, recall, and average precision rates of 94.4%, 89%, and 95.4%, respectively. Compared to other mainstream object detection algorithms, the proposed algorithm shows improvements in detection accuracy of 6.7%, 5.1%, and 11.8% over YOLOv9, YOLOv10, and RT-DETR, respectively. The algorithm proposed in this paper can be applied to real-time helmet-wearing detection in underground coal mine scenes, providing safety alerts for standardized worker operations and enhancing the level of underground security intelligence. Full article

Nowadays, the world witnesses cyber attacks daily, and these threats are becoming exponentially sophisticated due to advances in Artificial Intelligence (AI). This progress allows adversaries to accelerate malware development and streamline the exploitation process. The motives vary, and so do the consequences. Unlike Information Technology (IT) breaches, Operational Technology (OT)—such as manufacturing plants, electric grids, or water and wastewater facilities—compromises can have life-threatening or environmentally hazardous consequences. For that reason, this article explores a potential cyber attack against an OT environment—firmware downgrade—and proposes a solution for detection and response by implementing Microsoft Defender for IoT (D4IoT), one of the leading products on the market for OT monitoring. To detect the malicious firmware downgrade activity, D4IoT was implemented in a pre-commissioning (non-production) environment. The solution passively monitored the network, identified the deviation, and generated alerts for response actions. Testing showed that D4IoT effectively detected the firmware downgrade attempts based on a protocol analysis and asset behavior profiling. These findings demonstrate that D4IoT provides valuable detection capabilities against an intentional firmware downgrade designed to exploit known vulnerabilities in the older, less secure version, thereby strengthening the cybersecurity posture of OT environments. The explored attack scenario leverages the symmetry between genuine and malicious firmware flows, where the downgrade mimics the upgrade process, aiming to create challenges in detection. The proposed solution discerns adversarial actions from legitimate firmware changes by breaking this functional symmetry through behavioral profiling. Full article

The rapid integration of AI into IoT systems has outpaced the ability to explain and audit automated decisions, resulting in a serious transparency gap. We address this challenge by proposing a blockchain-based framework to create immutable audit trails of AI-driven IoT decisions. In our approach, each AI inference comprising key inputs, model ID, and output is logged to a permissioned blockchain ledger, ensuring that every decision is traceable and auditable. IoT devices and edge gateways submit cryptographically signed decision records via smart contracts, resulting in an immutable, timestamped log that is tamper-resistant. This decentralized approach guarantees non-repudiation and data integrity while balancing transparency with privacy (e.g., hashing personal data on-chain) to meet data protection norms. Our design aligns with emerging regulations, such as the EU AI Act’s logging mandate and GDPR’s transparency requirements. We demonstrate the framework’s applicability in two domains: healthcare IoT (logging diagnostic AI alerts for accountability) and industrial IoT (tracking autonomous control actions), showing its generalizability to high-stakes environments. Our contributions include the following: (1) a novel architecture for AI decision provenance in IoT, (2) a blockchain-based design to securely record AI decision-making processes, and (3) a simulation informed performance assessment based on projected metrics (throughput, latency, and storage) to assess the approach’s feasibility. By providing a reliable immutable audit trail for AI in IoT, our framework enhances transparency and trust in autonomous systems and offers a much-needed mechanism for auditable AI under increasing regulatory scrutiny. Full article

As people age, more careful health monitoring becomes increasingly important. The article presents the development and implementation of an integrated system for monitoring the health of elderly individuals using Internet of Things (IoT) technology and a wearable bracelet to continuously collect vital data. The device integrates MAX30100 sensors for heart rate monitoring and MPU-6050 for step counting and sleep quality analysis (deep and superficial sleep). The collected data for average heart rate (AR), minimum (mR), maximum (MR), number of steps (S), deep sleep time (DST), and superficial sleep time (SST) is processed in real-time through a health anomaly detection algorithm (HADA), based on the dimensionality reduction method using PCA. The system is connected to the Azure cloud infrastructure, ensuring secure data transmission, preprocessing, and the automatic generation of alerts for prompt medical interventions. Studies conducted over two years demonstrated a sensitivity of 100% and an accuracy of 98.5%, with a tendency to generate additional alerts to avoid overlooking critical events. The results outline the importance of personalizing the analysis, adapting algorithms to individual characteristics, and the system’s potential to prevent medical complications and improve the quality of life for elderly individuals. Full article

Leveraging Data Processing Units (DPUs) deployed at network interfaces, the DPU-accelerated Intrusion Detection System (IDS) enables microsecond-latency initial traffic inspection through hardware offloading. However, while generating high-throughput alerts, this mechanism amplifies the inherent redundancy and noise issues of traditional IDS systems. This paper proposes an alert correlation method using multi-similarity factor aggregation and a suffix tree model. First, alerts are preprocessed using LFDIA, employing multiple similarity factors and dynamic thresholding to cluster correlated alerts and reduce redundancy. Next, an attack intensity time series is generated and smoothed with a Kalman filter to eliminate noise and reveal attack trends. Finally, the suffix tree models attack activities, capturing key behavioral paths of high-severity alerts and identifying attacker patterns. Experimental evaluations on the CPTC-2017 and CPTC-2018 datasets validate the proposed method’s effectiveness in reducing alert redundancy, extracting critical attack behaviors, and constructing attack activity sequences. The results demonstrate that the method not only significantly reduces the number of alerts but also accurately reveals core attack characteristics, enhancing the effectiveness of network security defense strategies. Full article

The rapid evolution of cyber threats, particularly Advanced Persistent Threats (APTs), poses significant challenges to the security of information systems. This paper explores the pivotal role of Artificial Intelligence (AI) in enhancing the detection and mitigation of APTs. By leveraging machine learning algorithms and data analytics, AI systems can identify patterns and anomalies that are indicative of sophisticated cyber-attacks. This study examines various AI-driven methodologies, including anomaly detection, predictive analytics, and automated response systems, highlighting their effectiveness in real-time threat detection and response. Furthermore, we discuss the integration of AI into existing cybersecurity frameworks, emphasizing the importance of collaboration between human analysts and AI systems in combating APTs. The findings suggest that the adoption of AI technologies not only improves the accuracy and speed of threat detection but also enables organizations to proactively defend against evolving cyber threats, probably achieving a 75% reduction in alert volume. Full article

Machine learning (ML) algorithms are widely used in various fields, including cyber threat intelligence (CTI), financial technology (Fintech), and intrusion detection systems (IDSs). They automate security alert data analysis, enhancing attack detection, incident response, and threat mitigation. Fintech is particularly vulnerable to cyber-attacks and cyber espionage due to its data-centric nature. Because of this, it is essential to give priority to the classification of cyber-attacks to accomplish the most crucial attack detection. Improving ML models for superior prioritized recognition requires a comprehensive strategy that includes data preprocessing, enhancement, algorithm refinement, and customized assessment. To improve cyber-attack detection in the Fintech, CTI, and IDS sectors, it is necessary to develop an ML model that better recognizes the prioritized classes, thereby enhancing security against important types of threats. This research introduces adaptive incremental learning, which enables ML models to keep learning new information by looking at changing data from a data stream, improving their ability to accurately identify types of cyber-attacks with high priority. The Analytical Hierarchy Process (AHP) is suggested to help make the best decision by evaluating model performance based on prioritized classes using real multi-class datasets instead of artificially improved ones. The findings demonstrate that the ML model improved its ability to identify prioritized classes of cyber-attacks utilizing the ToN_IoT network dataset. The recall value for the “injection” class rose from 59.5% to 61.8%, the recall for the “password” class increased from 86.7% to 88.6%, and the recall for the “ransomware” class improved from 0% to 23.6%. Full article

The increasing complexity and sophistication of cyber threats underscore the critical need for advanced threat detection mechanisms within Security Operations Centers (SOCs) to effectively mitigate risks and enhance cybersecurity resilience. This study enhances the capabilities of Wazuh, an open-source Security Information and Event Management (SIEM) system, by addressing its primary limitation: high false-positive rates in rule-based detection. We propose a hybrid approach that integrates machine learning (ML) techniques—specifically, Random Forest (RF) and DBSCAN—into Wazuh’s detection pipeline to improve both accuracy and operational efficiency. Experimental results show that RF achieves 97.2% accuracy, while DBSCAN yields 91.06% accuracy with a false-positive rate of 0.0821, significantly improving alert quality. Real-time deployment requirements are rigorously evaluated, with all models maintaining end-to-end processing latencies below 100 milliseconds and 95% of events processed within 500 milliseconds. Scalability testing confirms linear performance up to 500 events per second, with an average processing latency of 45 milliseconds under typical SOC workloads. This integration demonstrates a practical, resource-efficient solution for enhancing real-time threat detection in modern cybersecurity environments. Full article

Remote monitoring technologies have transformed healthcare delivery by enabling the in-home management of chronic conditions, improving patient autonomy, and supporting clinical oversight. Passive sensing, a subset of remote monitoring, facilitates unobtrusive, real-time data collection without active user engagement. Leveraging devices such as smartphones, wearables, and smart home sensors, these technologies offer advantages over traditional self-reports and intermittent evaluations by capturing behavioural, physiological, and environmental metrics. This systematic review evaluates the clinical utility of passive sensing technologies used in remote monitoring, with a specific emphasis on their impact on clinical outcomes and feasibility in real-world healthcare settings. A PRISMA-guided search identified 26 studies addressing conditions such as Parkinson’s disease, dementia, cancer, cardiopulmonary disorders, and musculoskeletal issues. Findings demonstrated significant correlations between sensor-derived metrics and clinical assessments, validating their potential as digital biomarkers. These technologies demonstrated feasibility and ecological validity in capturing continuous, real-world health data and offer a unified framework for enhancing patient care through three main applications: monitoring chronic disease progression, detecting acute health deterioration, and supporting therapeutic interventions. For example, these technologies successfully identified gait speed changes in Parkinson’s disease, tracked symptom fluctuations in cancer patients, and provided real-time alerts for acute events such as heart failure decompensation. Challenges included long-term adherence, scalability, data integration, security, and ownership. Future research should prioritise validation across diverse settings, long-term impact assessment, and integration into clinical workflows to maximise their utility. Full article

The increasing interconnectivity between physical and cyber-systems has led to more vulnerabilities and cyberattacks. Traditional preventive and detective measures are no longer adequate to defend against adversaries. Artificial Intelligence (AI) is used to solve complex problems, including those of cybersecurity. Adversaries also utilise AI for sophisticated and stealth attacks. This study aims to address this problem by exploring the symbiotic relationship of AI and cybersecurity to develop a new, adaptive strategic approach to defend against cyberattacks and improve global security. This paper explores different disciplines to solve security problems in real-world contexts, such as the challenges of scalability and speed in threat detection. It develops an algorithm and a detective predictive model for a Malicious Alert Detection System (MADS) that is an integration of adaptive learning and a neighbourhood-based voting alert detection framework. It evaluates the model’s performance and efficiency among different machines. The paper discusses Machine Learning (ML) and Deep Learning (DL) techniques, their applicability in cybersecurity, and the limitations of using AI. Additionally, it discusses issues, risks, vulnerabilities, and attacks against AI systems. It concludes by providing recommendations on security for AI and AI for security, paving the way for future research on enhancing AI-based systems and mitigating their risks. Full article