Search Results (8,417)

Thunderstorms are the most frequent type of severe convective weather, which pose great threats to buildings, power transmission, communication facilities, and air transportation. Their analysis and forecasting have long been challenges in meteorological operations. Currently, deep learning-based lightning forecasting has a short valid period, mostly relying on satellite imagery, radar echoes, and lightning location data, focusing on very-short-range forecasting. The longest valid period does not exceed 6 h, and the forecasting accuracy is not high. Based on the physical quantities of the ECMWF numerical prediction model and the actual observations of single-point thunderstorms, this paper constructs a single-point thunderstorm forecasting model with a long validity period (>6 h). The study integrates multi-dimensional parameters such as thermal, dynamic, water vapor, and stratification instability, introduces the second-order moist potential vorticity S as a comprehensive predictor, systematically compares the forecasting performance of eight models, such as 1D PreRNN and ConvLSTM, and verifies the actual operational capability of the model through independent cases. The results show that the 1D PreRNN model has the best overall performance in all periods, which can effectively capture the temporal evolution characteristics of meteorological physical quantities and still has stable generalization performance under unbalanced samples. The model performs well in the 1st, 2nd, and 4th periods, and especially still has significant operational reference value in the 4th period with the longest forecasting validity period; only the 3rd period is weakly affected by the small number of samples. The effect of second-order moist potential vorticity has significant time-dependent differences. Its overall improvement effect is limited in short-term forecasting, but it can provide key disturbance signals in the 4th period with the longest forecasting validity period, and the model forecasting performance drops significantly after removal. The original binary cross-entropy loss is most suitable for the unbalanced sample scenario in this study, and weighted losses are prone to overcorrection. The method in this paper can achieve stable and reliable single-point thunderstorm forecasting for more than 6 h, and can provide long-term fixed-point meteorological support for key scenarios such as aerospace and new energy stations. Full article

The incorporation of Artificial Intelligence (AI) into cybersecurity has become widespread, largely propelled by the emergence of Generative AI (GenAI) and Large Language Models (LLMs). While these technologies promise to revolutionize threat detection, they introduce profound challenges regarding explainability, trust, and deployment feasibility in resource-constrained environments. Current research often exhibits a form of technological determinism, prioritizing algorithmic performance over the operational realities of Security Operations Centers (SOCs). This paper presents a hybrid qualitative Systematic Literature Review (SLR) and Mapping Study, adhering to the Preferred Reporting Items for Systematic reviews and Meta-Analyses (PRISMA) 2020 guidelines. Our research questions are narrowly focused, seeking to explore how four key domains intersect: (1) Explainable AI (XAI) methods; (2) cybersecurity operations; (3) human-centered design; and (4) the constraints inherent to edge computing. From an initial corpus of 385 records drawn from Scopus and OpenAlex (spanning a search window from 2014 to 2025, with relevant findings heavily clustered in the 2020–2025 period), included studies were evaluated using a quality assessment protocol adapted from Kitchenham’s guidelines, scoring each study on a 0–24 scale across four dimensions (Venue Quality, Methodological Rigor, Dataset Realism, and Depth of XAI/Human Validation). The results reveal a significant “validation gap”: while 63% of studies claim human-centric relevance, only ~22% incorporate empirical validation with human operators. Furthermore, we identify a critical trade-off between the reasoning power of cloud-based LLMs and the privacy requirements of Edge security. We conclude by proposing a research agenda for “Cognitive SOCs”, emphasizing the need for Small Language Models (SLMs), standardized human-centric metrics, and robust hallucination detection mechanisms. Full article

Endangered montane endemic species face dual threats from unresolved taxonomic controversies and climate change. The genus Abies, a keystone component of alpine and subalpine ecosystems in the Northern Hemisphere, encompasses numerous species with controversial taxonomy and inadequately understood climatic response patterns. In this study, we integrated morphological and phylogenetic evidence and ecological niche modeling approaches to fill existing knowledge gaps regarding Abies ernestii, an endemic species found in southwest China. Key results are summarized below: (1) Morphological comparisons strongly support A. ernestii as a distinct species, with significant morphological differentiation from its congeneric species; phylogenetic analyses based on plastid sequences further corroborate its close phylogenetic relationship with A. kawakamii and A. beshanzuensis, rather than A. chensiensis. (2) The natural distribution range of A. ernestii is narrower than previously documented in the literature, and a newly discovered population in northern Yunnan extends its documented southern distribution boundary southward. (3) Current suitable habitats of this species are concentrated in the eastern Hengduan Mountains, where temperature seasonality-related variables (BIO11, BIO3, BIO4) exert dominant control over its distribution. (4) Future climate projections indicate a dynamic habitat shift characterized by initial expansion followed by contraction, accompanied by severe habitat fragmentation and inadequate protected area coverage. Collectively, these lines of evidence demonstrate that A. ernestii represents an endemic Fir with underestimated vulnerability, warranting immediate conservation prioritization. Full article

Climate change poses significant threats to Mediterranean plant species, including Laurus nobilis L., an ecologically and economically important tree. This study evaluates potential shifts in its suitable distribution areas across Türkiye under future climate scenarios [Shared Socioeconomic Pathway 2-4.5 (SSP2-4.5) and 5-8.5 (SSP5-8.5)] using an ensemble species distribution model incorporating ten algorithms. Key environmental drivers—elevation, annual mean temperature (Bio1), and evaporation including sublimation and transpiration (evspsbl)—were identified as critical factors influencing habitat suitability. Results indicate substantial spatial redistributions, with habitat losses projected in inland transition zones toward continental climates, particularly in parts of the Aegean and Black Sea regions. The current suitable distribution area across the country, approximately 18.48%, could rise to 18.55% by 2040 under the SSP2-4.5 scenario and to 18.76% by 2060 under the SSP5-8.5 scenario. However, without human intervention, the species’ establishment in these new suitable distribution areas is not considered possible. Moreover, it has been determined that the suitable distribution area of the species could decrease to 17.48% by 2060 under the SSP2-4.5 scenario and to 17.31% by 2080 under the SSP5-85 scenario. This result indicates that there could be a loss of more than 8% of the suitable distribution area between 2060 and 2080, according to the SSP5-8.5 scenario. Conversely, limited expansions may occur in specific areas, including the northern Aegean and the Hatay-Antep region. By 2100, despite periodic fluctuations, a net decline in suitable habitats is expected under both scenarios. Notably, spatial analysis reveals that while some newly suitable areas may emerge, natural migration will likely be insufficient for population persistence, necessitating human-assisted adaptation strategies. These findings underscore the need for proactive conservation measures, such as identifying climate-resilient provenances, assisted migration, and targeted reforestation in future suitable zones. Given that most Turkish forests are state-managed, collaboration with the General Directorate of Forestry is essential to integrate climate adaptation into long-term management plans. This study provides a framework for mitigating climate-induced habitat loss in L. nobilis while offering insights applicable to other vulnerable Mediterranean species facing similar threats. Full article

The contemporary cyber-threat landscape is becoming increasingly diverse and complex, creating a persistent gap between situational awareness and operational response. This study presents a framework designed to bridge this gap by transforming up-to-date cyber-threat intelligence (CTI) into standardized knowledge structures and actionable defense measures. First, the proposed framework integrates the threat data collected from OpenCTI and normalizes them based on the MITRE ATT&CK tactics and techniques matrix. It then leverages a large language model to automatically generate diverse threat scenarios based on the analyzed intelligence. Each scenario is organized as a tactic sequence, and individual techniques are mapped to MITRE D3FEND defensive categories based on official ATT&CK–D3FEND relationships and structured contextual interpretation. Finally, the framework produces outputs in the form of a Defense Description that includes the corresponding technique IDs, recommended defense strategies, supporting rationales, and prerequisites. An evaluation using several recent cases demonstrates that the proposed framework effectively connects current threat intelligence with practical defense strategies. In summary, the proposed framework strengthens proactive cyber defense by directly linking structured attack flows to actionable context-aware defensive techniques. In addition, this framework provides a structured pipeline that systematizes and automates steps conventionally performed manually, thereby reducing repetitive analyst effort. Full article

By allowing continuous connectivity, automation, and data-driven decision-making across these areas, Internet of Things (IoT) has transformed certain facets of daily life, including home automation and healthcare, as well as business operations like supply chain management and smart manufacturing. IoT systems are susceptible to different cyberattacks, though, because of different designs, lack of funds, and inadequate security policies, which creates major security issues given their fast growth. Covering important topics including protocols, architectures, attack classification, detection methods, countermeasures, and research issues, this paper offers a thorough study of IoT security. Emphasizing their relevance in enhancing the security of IoTs, the article offers a thorough analysis of machine and deep learning-based detection techniques. It also offers recommendations for future paths to handle changing risks by means of particular proposals and provides tools and datasets required for IoT security studies. When considering recent progress, however, there are still some major limitations in scaling, real-time detection, dataset availability, and versatility of current solutions. We identified these issues and provided guidance on future research; we also offered a selected set of tools and datasets for further research. Additionally, this paper provides an overview of the most important issues related to IoT security as documented in the current literature, providing a framework for developing resilient and adaptable IoT security solutions in the future. Full article

Cybersecurity awareness has become a critical concern in the context of rapid digital transformation and the growing sophistication of cyber threats. While previous research has identified password security, browser security, and social media activities as key factors influencing cybersecurity awareness, the role of digital literacy remains underexplored, particularly in multicultural environments. This study examines the factors affecting cybersecurity awareness among adults in the United Arab Emirates (UAE), extending the existing theoretical framework by introducing digital literacy as a novel variable. Data were collected from 150 respondents through a structured questionnaire and analyzed using Cronbach’s Alpha, exploratory factor analysis, Pearson correlation analysis, simple and multiple linear regression, the Mann–Whitney U test, and the Kruskal–Wallis test. Results indicate that all four predictors—password security (β = 0.317), browser security (β = 0.149), social media activities (β = 0.209), and digital literacy (β = 0.256)—significantly predict cybersecurity awareness, with the combined model explaining 53.6% of variance (R² = 0.536). Digital literacy showed the strongest correlation with cybersecurity awareness (r = 0.614, p = 0.000). Demographic analyses revealed significant differences across age groups and digital literacy levels, with younger respondents and those with higher digital literacy consistently demonstrating higher levels of cybersecurity awareness. These findings highlight the importance of integrating digital literacy into cybersecurity education programs, particularly in multicultural contexts. From a theoretical perspective, this study extends the existing cybersecurity awareness framework by introducing digital literacy as a novel predictor variable and validates its significance in a unique multicultural environment. From a practical perspective, the findings provide empirically grounded guidelines for the development of culturally adapted cybersecurity education programs, with particular emphasis on age-differentiated approaches and the potential role of younger generations as drivers of cybersecurity awareness in the UAE and similar multicultural contexts. Full article

The paradigm shift towards highly distributed renewable energy integration has exponentially increased the topological complexity of Smart Grids. Consequently, the tight coupling between operational and information networks exposes these systems to severe cyber threats, including data breaches and malicious intrusions. Conventional centralized dispatch paradigms struggle with delayed responses, suboptimal coordination, and opaque design lifecycles. To overcome these limitations, this study introduces an innovative Multi-Agent System architecture engineered via Model-Based Systems Engineering methodologies. By employing SysML, we established a comprehensive digital twin encompassing system requirements, functional layouts, and logical boundaries. The proposed framework deploys a decentralized hierarchy of four specialized agents—perception, decision making, execution, and collaboration—to execute collaborative defense protocols strictly bounded by electrical safety constraints. Validation through IEEE 33-node distribution network simulations confirms that the framework rapidly identifies and mitigates Denial of Service, data falsification, and unauthorized device access. This MBSE-MAS paradigm demonstrates exceptional scalability and resilience, offering a highly practical blueprint for safeguarding next-generation power infrastructure. Full article

Vulnerability management (VM) is becoming increasingly important as organizations face growing cybersecurity threats. This study examines how organizations adapt their vulnerability management routines in response to evolving vulnerability signals through the integration of artificial intelligence (AI) and automation. Drawing on data from an international fast-moving consumer goods (FMCG) company, we investigate how human expertise and AI interact across the full VM process, from triage to remediation. Using Organizational Routine Theory (ORT), we show that AI does not simply automate tasks but acts as a co-performer, influencing how decisions are made, work is coordinated, and actions are adapted. We develop a three-phase model capturing (1) the integration of AI-enabled automation into strained routines, (2) the manifestation of tensions between human expertise and automation as well as between usability and system complexity, and (3) the stabilization of hybrid routines through iterative adaptation and feedback loops. We identify two key tensions in this process: technology versus human expertise, and usability versus the complexity of multi-vendor tools. These tensions create frictions in practice but also open opportunities for learning and improvement. Rather than treating AI as a technical tool, our findings highlight its role as an active routine participant. Importantly, we show that routine evolution enables organizations to improve how vulnerability signals are interpreted and acted upon, thereby supporting more coordinated and adaptive cybersecurity practices. This has both theoretical implications for understanding how routines evolve with technology and practical relevance for improving adaptive cybersecurity practices. By linking micro-level routine dynamics to broader organizational outcomes, this study contributes to explaining how organizations sustain stable and adaptive operations under conditions of continuous cyber threat exposure. Full article

Recent studies suggest that few-shot and zero-shot learning methods, drawing on meta-learning, self-supervised approaches and metric-learning ideas, can classify encrypted traffic (TLS 1.3 and QUIC) with competitive accuracy across different protocol conditions. This systematic literature review (SLR) investigates 22 studies selected from an initial pool of 500 papers using PRISMA 2020, focusing on current methodologies for non-stationary network traffic classification, with particular attention to few-shot, zero-shot, and meta-learning approaches. The research addresses four questions: (1) Which approaches have been employed for non-stationary network traffic classification and threat detection? (2) How do hybrid or cross-domain models improve adaptation, detection and overall efficiency? (3) What benchmarking standards exist for the datasets and evaluation metrics in use? (4) How do these methods address concept drift? This review identifies a range of approaches for capturing and analysing non-stationary network traffic but also reveals a significant gap in the empirical evidence addressing the last two questions. This points to a need for targeted experiments on continuously evolving network traffic and zero-day polymorphic attacks, both of which are central to the development of the next-generation adaptive intrusion-detection framework. Full article

The integration of grid-forming energy storage systems (GFM-ESSs) provides essential support for the stable operation of grid-connected converters in renewable energy systems. However, GFM-ESSs may exhibit low-frequency oscillations in response to grid state variations, posing a threat to power system stability. To address this challenge, this paper proposes a fast continuous optimization method for the active power–frequency control loop of multi-VSG-based GFM-ESSs. First, a parameter coupling model for multiple VSGs is established, and an internal parameter decoupling control strategy is proposed. Subsequently, an iterative optimization model based on a gradient-based master–slave game is developed, in which the minimization of converter frequency deviation serves as the leader’s objective, while the minimization of system frequency deviation acts as the follower’s objective. Frequency fluctuations are further mitigated through tracking differentiator-based active power compensation. The effectiveness of the proposed method is validated through simulation with six GFM-ESS units integrated into a modified IEEE 33-node system featuring six renewable energy stations. Simulation results demonstrate that the proposed approach significantly suppresses frequency fluctuations while also reducing the response time and the rate of frequency change under grid disturbance conditions. Full article

Edge computing has emerged as a distributed computing technology to mitigate the cloud computing overload caused by the rapid increase in connected devices. However, because communications between devices and edge servers are conducted over public channels, authentication and secure session key establishment are imperative to protect against various security attacks. In this paper, we show that Kenioua et al.’s authentication scheme for edge computing is vulnerable to several attacks such as impersonation, offline password guessing, and stolen verifier attacks, and also lacking quantum resistance against the emerging threat posed by quantum computing. To overcome these limitations, we propose a quantum-resistant authentication scheme by adopting module lattice-based key encapsulation mechanism (ML-KEM). We demonstrate the robustness of the proposed scheme through “the Burrows–Abadi–Needham (BAN) logic”, “Quantum Random Oracle Model (QROM)”, “Automated Validation of Internet Security Protocols and Application (AVISPA) tool”, and “Scyther tool”, and show that the proposed scheme achieves security with efficient communication and computation costs by comparing it with related studies. Full article

Prompt injection detection is commonly studied as a static offline classification problem, yet deployed LLM systems face evolving attacks and distribution shift after deployment. Static detectors are therefore poorly matched to the threat model, while routing every input to a stronger external LLM is costly and defeats the purpose of a local detector. We formulate prompt injection detection as a selective test-time adaptation problem. Our framework combines a prompt-based local detector built on masked language modeling and a learnable soft verbalizer with an entropy-based active querying mechanism that escalates only high-uncertainty inputs to an external LLM. Queried hard samples are then stored in a review window and replayed for subsequent detector updates. Empirical evaluations across multiple benchmarks show that EvoShield achieves performance on par with or even exceeding pure Large Language Model baselines, while cutting API query costs by more than 85%. Full article

This study proposes a standards-based Reference AI Business Model Canvas (Reference AI-BMC) that translates the use-case descriptors of ISO/IEC TR 24030 into the nine blocks of the Business Model Canvas, addressing the lack of a structured translation layer between AI standards and business-model design. Using ten selected fields of the ISO/IEC TR 24030 use-case template, a two-round Delphi process derives consensus-based mapping rules from expert judgments; Latent Dirichlet Allocation is used as a field-level semantic analysis to provide interpretive context for the Delphi-derived mappings. Primary mappings are reported as default translation references that met the 80% strict-consensus threshold, secondary mappings as context-dependent relations, and the adjudicated dual-mapping exception A5 (Threats/Challenges → Cost Structure) as a separately documented case. After converting the finalized primary mapping rules into a coding manual, three independent coders applied them to 81 AI use cases; the Layer 1 coding yielded Krippendorff’s α = 1.000, descriptively indicating no observed coder disagreement under the specified coding conditions. The Reference AI-BMC contributes a standards-based, consensus-derived translation layer for systematically organizing AI use cases in business-model terms, offering a structured starting point for early use-case workshops, preliminary portfolio screening, and standards-aware AI service design discussions. Together, these results position the Reference AI-BMC as a standards-based, consensus-derived reference layer for organizing AI use cases in BMC terms, with its applicability bounded by the ISO/IEC TR 24030 descriptor structure and the specified mapping procedure. Full article

Many blockchain-based cyber threat intelligence (CTI) sharing systems emphasize immutability and auditability, but often treat CTI submissions as ordinary blockchain transactions without explicitly separating content validation from publication anchoring. This paper presents CTIB, a proof-of-concept hybrid Proof-of-Stake (PoS) and Proof-of-Work (PoW) framework for CTI publication. CTIB uses a sequential workflow in which a PoS committee first evaluates CTI submissions, and an accepted feed hash is then anchored through a PoW step to provide verifiable temporal binding. The prototype is evaluated in a controlled local Hardhat environment; therefore, the results should be interpreted as prototype-level feasibility evidence rather than production-scale deployment results. CTI content is represented using STIX 2.1, canonicalized, and hashed using SHA-256; only integrity-critical evidence is stored on-chain, while full CTI content remains off-chain. Experimental results demonstrate prototype-level feasibility, with measured throughput, latency, and success rate metrics under different PoW difficulty profiles. Across ten independent local runs, CTIB achieved an average throughput between 141.13 and 166.14 feeds/min, average p50 latency between 326.18 and 403.09 ms, and average p95 latency between 553.22 and 700.82 ms under the tested difficulty profiles. Security analysis uses analytical modeling, committee capture probability, and Monte Carlo simulation to evaluate majority-attack feasibility under stated assumptions. The results indicate that sequential compromise of both validation and anchoring layers increases the cost of coordinated manipulation. Full article