Search Results (253)

The increasing complexity of modern electrical substations—driven by renewable integration, advanced automation, and asset aging—necessitates a transition from reactive maintenance toward intelligent, data-driven strategies. Predictive maintenance (PdM), supported by artificial intelligence, enables early fault detection and remaining useful life (RUL) estimation, while Digital Twin (DT) technology provides synchronized cyber–physical representations for situational awareness and risk-free validation of maintenance decisions. This study proposes a five-layer DT-enabled PdM architecture integrating standards-based data acquisition, semantic interoperability (IEC 61850, CIM, and OPC UA Part 17), hybrid AI analytics, and cyber-secure decision support aligned with IEC 62443. The framework is validated using utility-grade operational data from the SS1 substation of the Badra Oil Field, comprising approximately one million multivariate time-stamped measurements and 139 confirmed fault events across transformer, feeder, and environmental monitoring systems. Fault detection is formulated as a binary classification task using event-window alignment to the 1 min SCADA timeline, preserving realistic operational class imbalance. Five supervised learning models—a Random Forest, Gradient Boosting, a Support Vector Machine, a Deep Neural Network, and a stacked ensemble—were benchmarked, with the ensemble embedded within the DT core representing the operational predictive model. Experimental results demonstrate strong performance, achieving an F1-score of 0.98 and an AUC of 0.995. The results confirm that the proposed DT–AI framework provides a scalable, interoperable, and cyber-resilient foundation for deployment-ready predictive maintenance in modern substation automation systems. Full article

Network security tools are indispensable in testing and evaluating the security of computer networks. Existing tools, such as Hping3, however, offer a limited set of options and attack-specific configurations, which restrict their use solely to well-known attack patterns. Although highly parameterizable libraries, such as Scapy, provide more options and scripting capabilities, they require extensive manual setup and often a steep learning curve. The development of powerful AI models, capitalizing on the transformer architecture, has enabled cybersecurity researchers to develop or incorporate these models into existing cyber-defense systems and red-team assessments. Prominent models such as NetGPT, TrafficFormer, and TrafficGPT can be effective, but require extensive computational resources for fine-tuning and a complex setup to adapt to proprietary networking environments and protocols. In this work, we propose AgentRed, a lightweight tool for generating network attack traffic with minimal human configuration and setup. Our tool integrates an AI agent and a large language model with fewer than a billion parameters into the network traffic generation process. Our method creates lightweight Low-Rank Adaptation (LoRA) adapters that can learn specific traffic patterns in a particular network environment. Our agent can autonomously train the LoRA adapters, search online documentation for attack patterns and parameters, and select appropriate adapters to generate network traffic specific to the user’s needs. It utilizes the LoRA adapters to create an intermediate traffic representation that can be parsed and executed by tools such as Scapy to generate malicious traffic in a virtualized test environment. We assess the performance of the proposed approach on six popular network attacks, including flooding attacks, Smurf, Ping-of-Death, and normal ICMP ping traffic. Our results validate the ability of the proposed tool to efficiently generate network packets with 97.9% accuracy using the LoRA adapters, compared to 95.4% accuracy using the base pre-trained Qwen3 0.6B model. When the AI agent performs online searches to enrich the LoRA adapters’ context during traffic generation, our method maintains an accuracy of 96.0% across all tested traffic patterns. Full article

Industrial Control Systems (ICS) are fundamental to the operation, monitoring, and automation of critical infrastructure in sectors such as energy, water utilities, manufacturing, transportation, and oil and gas. According to the Purdue Model, ICS encompasses tightly coupled OT and IT layers, becoming increasingly interconnected. Smart grids represent a critical class of ICS; thus, this survey examines encryption and relevant protocols in smart grid communications, with findings extendable to other ICS. Encryption techniques implemented at both the protocol and network layers are among the most effective cybersecurity strategies for protecting communications in increasingly interconnected ICS environments. This paper provides a comprehensive survey of encryption practices within the smart grid as the primary ICS application domain, focusing on protocol-level solutions (e.g., DNP3, IEC 60870-5-104, IEC 61850, ICCP/TASE.2, Modbus, OPC UA, and MQTT) and network-level mechanisms (e.g., VPNs, IPsec, and MACsec). We evaluate these technologies in terms of security, performance, and deployability in legacy and heterogeneous systems that include renewable energy resources. Key implementation challenges are explored, including real-time operational constraints, cryptographic key management, interoperability across platforms, and alignment with NERC CIP, IEC 62351, and IEC 62443. The survey highlights emerging trends such as lightweight Transport Layer Security (TLS) for constrained devices, post-quantum cryptography, and Zero Trust architectures. Our goal is to provide a practical resource for building resilient smart grid security frameworks, with takeaways that generalize to other ICS. Full article

Unmanned aerial vehicles (UAVs) are widely utilized for environmental monitoring, precision agriculture, infrastructure inspection, and various defense missions, including reconnaissance and surveillance. Their cybersecurity is essential because any compromise of communication, navigation, or control systems can cause mission failure and introduce significant safety and security risks. Therefore, this paper examines the existing literature on UAV cybersecurity and highlights that most previous surveys focus on listing different types of attacks or communication weaknesses, rather than evaluating the problem from a control systems perspective. Considering control systems is important because the safety and performance of a UAV depend on how cyberattacks affect its sensing, decision-making, and actuation loops; modeling these attacks and their impact on system behavior provides a clearer foundation for designing secure, resilient, and stable control strategies. Based on a comprehensive review of the literature, it presents a mathematical framework for characterizing common cyberattacks on UAV communication and sensing layers, including time-delay switch, false data injection, denial of service, and replay attacks. To demonstrate the impacts of these attacks on UAV control systems, a simulation of a two-UAV leader-follower multi-agent system is conducted in MATLAB. Defense algorithms from the existing literature are then organized into a hierarchical framework of prevention, detection, and mitigation, with detection and mitigation further categorized into model-based, learning-based, and hybrid approaches that combine both. The paper concludes by summarizing key findings and highlighting challenges with current defense strategies, including those insufficiently addressed in existing research. Full article

The modern power grid is considered a Smart Grid (SG) when it relies extensively on technologies that integrate traditional power infrastructure with Information and Communication Technologies (ICTs). The dependence on Internet of Things (IoT)-based communication systems to operate physical power devices transforms the grid into a complex system of systems (SoS), introducing cybersecurity vulnerabilities across various SG layers. Several surveys have addressed SG cybersecurity, but none have correlated recent developments with the NIST seven-domain framework, a comprehensive model covering all major SG domains and crucial for domain-level trend analysis. To bridge this gap, we systematically review and classify studies by impacted NIST domain, threat type, and methodology (including tools/platforms used). We note that the scope of applicability of this study is 60 studies (2011–2024) selected exclusively from IEEE Xplore. Unlike prior reviews, this work maps contributions to the NIST domain architecture, examines temporal trends in research, and synthesizes cybersecurity defenses and their limitations. The analysis reveals that research is unevenly distributed: the Operations domain accounts for ~35% of all studies, followed by Generation ~25% and Distribution ~14%, while domains like Transmission (~9%) and Service Provider (5%) are comparatively under-studied. We find a heavy reliance on simulation-based tools (~46% of studies) such as MATLAB/Simulink, and False Data Injection (FDI) attacks are predominantly studied, comprising approximately 36% of analyzed attacks. The broader objective of this work is to guide researchers and SG stakeholders (e.g., utilities, policy-makers) toward understanding and coordinating strategies for improving system-level cyber-resilience, which is crucial for future SGs, while avoiding any overstatement of findings beyond the reviewed evidence. Full article

The proliferation of electronic health records necessitates secure and privacy-preserving data sharing frameworks to combat escalating cybersecurity threats in healthcare. Current systems face critical limitations including centralized data repositories vulnerable to breaches, static consent mechanisms, and inadequate audit capabilities. This paper introduces an integrated blockchain and federated learning framework that enables privacy-preserving collaborative AI across healthcare institutions without centralized data pooling. The proposed approach combines federated distillation for heterogeneous model collaboration with dynamic differential privacy that adapts noise injection to data sensitivity levels. A novel threshold key-sharing protocol ensures decentralized access control, while a dual-layer Quorum blockchain establishes immutable audit trails for all data sharing transactions. Experimental evaluation on clinical datasets (Mortality Prediction and Clinical Deterioration from eICU-CRD) demonstrates that our framework maintains diagnostic accuracy within 3.6% of centralized approaches while reducing communication overhead by 71% and providing formal privacy guarantees. For Clinical Deterioration prediction, the framework achieves 96.9% absolute accuracy on the Clinical Deterioration task with FD-DP at $ϵ$ = 1.0, representing only 0.14% degradation from centralized performance. The solution supports HIPAA-aligned technical safeguards, mitigates inference and membership attacks, and enables secure cross-institutional data sharing with real-time auditability. This work establishes a new paradigm for privacy-preserving healthcare AI that balances data utility, regulatory requirements, and protection against emerging threats in distributed clinical environments. Full article

The limited availability and imbalance of labeled malicious network traffic data remain major obstacles in developing effective AI-driven cybersecurity solutions. To mitigate these challenges, this study investigates the use of deep generative models, specifically Generative Adversarial Networks (GANs) and Variational Autoencoders (VAEs), for producing realistic synthetic attack data. A comprehensive data quality assessment (DQA) framework is proposed to thoroughly evaluate the fidelity, diversity, and practical utility of the generated data samples. The findings support the adoption of data synthesis as a viable strategy to address data scarcity, improving robustness and reliability in modern cybersecurity applications and sectors. Full article

Small and Medium-sized Enterprises (SMEs) face disproportionately high risks from Advanced Persistent Threats (APTs), which often evade traditional cybersecurity measures. Existing frameworks catalogue adversary tactics and defensive solutions but provide limited quantitative guidance for allocating limited resources under uncertainty, a challenge amplified by the growing use of AI in both offensive operations and digital forensics. This paper proposes a game-theoretic model for improving digital forensic readiness (DFR) in SMEs. The approach integrates the MITRE ATT&CK and D3FEND frameworks to map APT behaviors to defensive countermeasures and defines 32 custom DFR metrics, weighted using the Analytic Hierarchy Process (AHP), to derive utility functions for both attackers and defenders. The main analysis considers a non-zero-sum attacker–defender bimatrix game and yields a single Nash equilibrium in which the attacker concentrates on Impact-oriented tactics and the defender on Detect-focused controls. In a synthetic calibration across ten organizational profiles, the framework achieves a median readiness improvement of 18.0% (95% confidence interval: 16.3% to 19.7%) relative to pre-framework baselines, with targeted improvements in logging and forensic preservation typically reducing key attacker utility components by around 15–30%. A zero-sum variant of the game is also analyzed as a robustness check and exhibits consistent tactical themes, but all policy conclusions are drawn from the empirical non-zero-sum model. Despite relying on expert-driven AHP weights and synthetic profiles, the framework offers SMEs actionable, equilibrium-informed guidance for strengthening forensic preparedness against advanced cyber threats. Full article

This study examined the complex interplay of demographic characteristics, behavioral patterns, and technological factors that contribute to digital fraud victimization within the context of a developing economy, focusing specifically on Thailand. Utilizing data collected from 1200 respondents and applying binary logistic regression analysis, the research identified key predictors of fraud exposure, including age, income, student status, use of portable devices, and social media engagement. A paradoxical finding emerged: stronger perceived digital security was associated with higher fraud risk, indicating that overconfidence in platform safeguards may unintentionally increase vulnerability. Interestingly, users’ perceptions of digital security—such as confidence in identity verification and password protocols—were positively associated with fraud victimization, indicating potential cognitive biases and overconfidence in digital environments. The findings revealed a high prevalence of fraud experiences among participants, highlighting the gap between perceived and actual digital safety. These results emphasized the urgent need for user-centered fraud prevention measures, enhanced digital literacy, and targeted public awareness campaigns. The study contributes to the broader understanding of cybersecurity challenges in emerging markets and offers policy-relevant insights for strengthening digital financial resilience. Full article

Cybersecurity remains a key challenge in the development of intelligent telecommunications systems and the Internet of Things (IoT). The growing destructive impact of the digital environment, coupled with high-performance computing (HPC), requires the development of effective countermeasures to ensure the security of the digital space. Traditional approaches to detecting destructive content are primarily limited to static text analysis, which ignores the temporal dynamics and evolution of destructive impact scenarios. This is critical for monitoring tasks in the digital environment, where threats rapidly evolve. To overcome this limitation, this study proposes a hybrid architecture, Hyb-TKAN, based on adaptive algorithms that account for the temporal component and nonlinear dependencies. This approach enables not only the classification of destructive messages but also the analysis of their development and transformation over time. Unlike existing studies, which focus on individual aspects of aggressive content, the model utilizes multilayered data analysis to identify hidden relationships and nonlinear patterns in destructive messages. The integration of these components ensures high adaptability and accuracy of text processing. The presented approach was implemented in a multi-class classification task with evaluation based on real text data. The obtained results demonstrate improved classification accuracy. In the Experimental Analysis Section, the results are compared with the closest modern analogs, confirming the relevance and competitiveness of the proposed hybrid neural network. Full article

Phishing attacks, particularly Smishing (SMS phishing), have become a major cybersecurity threat, with attackers using social engineering tactics to take advantage of human vulnerabilities. Traditional detection models often struggle to keep up with the evolving sophistication of these attacks, especially on devices with constrained computational resources. This research proposes a chain transformer model that integrates GPT-2 for synthetic data generation and BERT for embeddings to detect Smishing within a multiclass dataset, including minority smishing variants. By utilizing compact, open-source transformer models designed to balance accuracy and efficiency, this study explores improved detection of phishing threats on text-based platforms. Experimental results demonstrate an accuracy rate exceeding 97% in detecting phishing attacks across multiple categories. The proposed chained transformer model achieved an F1-score of 0.97, precision of 0.98, and recall of 0.96, indicating strong overall performance. Full article

As digital technologies become increasingly integrated into daily life, individuals with intellectual disabilities face both opportunities and risks in virtual environments. Despite widespread internet access and frequent use of digital devices among the general population, many individuals with disabilities continue to experience significant barriers to digital participation. These include difficulties in using technological tools, limited access to devices at home, and challenges in navigating online environments safely and independently. This study investigates the cybersecurity knowledge, risk perception, and privacy practices of 28 university students with mild intellectual disabilities in Spain. Utilizing a validated, accessible self-assessment questionnaire, the research analyzes participants’ understanding of digital threats, self-protective behaviors, and gender-based differences in knowledge and decision-making. Results reveal a generally high awareness of online risks and appropriate use of privacy settings, though inconsistencies in password security and high social media usage persist. Female participants demonstrated slightly higher levels of theoretical knowledge. The findings underscore the urgent need for inclusive, accessible cybersecurity education tailored to cognitive diversity. Promoting digital autonomy and safety through targeted interventions can reduce the digital divide and foster full social participation. This research contributes to the broader discourse on digital inclusion and protection for individuals with disabilities in an increasingly connected world. Full article

Energy storage systems (ESSs) and electric vehicle (EV) batteries depend on battery management systems (BMSs) for their longevity, safety, and effectiveness. Battery modeling is crucial to the operation of BMSs, as it enhances temperature control, fault detection, and state estimation, thereby maximizing efficiency and preventing malfunctions. This paper thoroughly examines the most recent advancements in battery and BMS modeling, including data-driven, thermal, and electrochemical methods. Advanced modeling approaches are explored, including physics-based models that incorporate mechanical stress and aging effects, as well as artificial intelligence (AI)-driven state estimation. New technologies that facilitate data-driven decision-making, real-time monitoring, and simplified systems include digital twins (DTs), cloud computing, and wireless BMSs. Nonetheless, there are still issues with cost optimization, cybersecurity, and computing efficiency. This study presents key advancements in battery modeling and BMS applications, including defect diagnostics, temperature management, and state-of-health (SOH) prediction. A comparison of machine learning (ML) methods for SOH prediction is given, emphasizing how well neural networks (NNs) and transfer learning function with real-world datasets. Additionally, future research objectives are described, with an emphasis on next-generation sensor technologies, cloud-based BMSs, and hybrid algorithms. Distinct from existing reviews, this paper integrates academic modeling with industrial benchmarking and highlights the convergence of hybrid physics-informed and data-driven techniques, multi-physics simulations, and intelligent architecture. For high-performance EV applications, this analysis offers insight into creating more intelligent, adaptable, and secure BMSs by addressing current constraints and utilizing state-of-the-art technologies. Full article

In traditional power networks, security protection models primarily rely on perimeter-based defenses, utilizing firewalls, virtual private networks (VPNs), and identity authentication to block external threats. However, once a node within the power system is compromised, attackers can exploit it as a pivot to launch lateral movement attacks from within the system, posing serious threats to the core operations of the power grid. To address the increasingly complex cybersecurity landscape, this paper proposes a security defense approach that integrates an improved trust evaluation model based on the Practical Byzantine Fault Tolerance (PBFT) algorithm with a zero-trust architecture, leveraging the structural and functional symmetry among network nodes. The PBFT algorithm’s fault tolerance and consensus mechanisms are leveraged to ensure dynamic trust scoring across multiple nodes. This approach guarantees that each node has an equal role in the system’s operations, maintaining fairness and security across the network. Furthermore, the primary node in the PBFT consensus process is redefined as the arbitration node in the zero-trust framework, and faulty nodes can be automatically replaced through the view change protocol, thereby mitigating the centralization risk inherent in traditional zero-trust models. Experimental results demonstrate that the proposed approach achieves high accuracy and robustness in defending against both internal and external attacks in power network scenarios, highlighting the role of symmetry in enhancing secure and balanced system operations. Full article

Malware remains one of the most persistent and evolving threats to cybersecurity, necessitating robust analysis techniques to understand and mitigate its impact. This study presents a comprehensive analysis of selected malware samples using both static and dynamic analysis techniques. In the static phase, file structure, embedded strings, and code signatures were examined, while in the dynamic analysis phase, the malware was executed in a virtual sandbox environment to observe process creation, network communication, and file system changes. By combining these two approaches, various types of malware files could be characterized and have their key elements revealed. This improved the understanding of the code capabilities and evasive behaviors of malicious files. The goal of these analyses was to create a database of malware profiling tools and tools that can be utilized to identify and analyze malware. The results demonstrate that integrating static and dynamic methodologies improves the accuracy of malware profiling and supports more effective threat detection and incident response strategies. Full article