Search Results (674)

Wireless communication advancements have significantly improved connectivity and user experience with each generation. The recent release of the framework M.2160 for the upcoming sixth generation (6G or IMT-2030) cellular wireless standard by ITU-R has significantly heightened expectations, particularly for Internet of Things (IoT) driven use cases. However, this progress introduces significant security risks, as technologies like O-RAN, terahertz communication, and native AI pose threats such as eavesdropping, supply chain vulnerabilities, model poisoning, and adversarial attacks. The increased exposure of sensitive data in 6G applications further intensifies these challenges. This necessitates a concerted effort from stakeholders including ITU-R, 3GPP, ETSI, OEMs and researchers to embed security and resilience as core components of 6G. While research is advancing, establishing a comprehensive security framework remains a significant challenge. To address these evolving threats, our research proposes a dynamic security framework that emphasizes the integration of explainable AI (XAI) techniques like SHAP and LIME with advanced machine learning models to enhance decision-making transparency, improve security in complex 6G environments, and ensure effective detection and mitigation of emerging cyber threats. By refining model accuracy and ensuring alignment through recursive feature elimination and consistent cross-validation, our approach strengthens the overall security posture of the IoT–6G ecosystem, making it more resilient to adversarial attacks and other vulnerabilities. Full article

The escalating complexity of cyber threats, coupled with the rapid evolution of digital landscapes, poses significant challenges to traditional cybersecurity mechanisms. This review explores the transformative role of LLMs in addressing critical challenges in cybersecurity. With the rapid evolution of digital landscapes and the increasing sophistication of cyber threats, traditional security mechanisms often fall short in detecting, mitigating, and responding to complex risks. LLMs, such as GPT, BERT, and PaLM, demonstrate unparalleled capabilities in natural language processing, enabling them to parse vast datasets, identify vulnerabilities, and automate threat detection. Their applications extend to phishing detection, malware analysis, drafting security policies, and even incident response. By leveraging advanced features like context awareness and real-time adaptability, LLMs enhance organizational resilience against cyberattacks while also facilitating more informed decision-making. However, deploying LLMs in cybersecurity is not without challenges, including issues of interpretability, scalability, ethical concerns, and susceptibility to adversarial attacks. This review critically examines the foundational elements, real-world applications, and limitations of LLMs in cybersecurity while also highlighting key advancements in their integration into security frameworks. Through detailed analysis and case studies, this paper identifies emerging trends and proposes future research directions, such as improving robustness, addressing privacy concerns, and automating incident management. The study concludes by emphasizing the potential of LLMs to redefine cybersecurity, driving innovation and enhancing digital security ecosystems. Full article

Integrating intelligent grids with the internet increases the amount of unauthorized input data which directly or indirectly influences electrical system control and decision-making. Photovoltaic (PV) farms that are linked to the power grid are susceptible to cyber attacks which may disrupt energy infrastructure and compromise the security, stability, and resilience of the electrical system. This research{} proposes a new model for cyber threat detection in PV farm, named as Cyber Detection in PV farm (CDPV), which makes use of deep learning methods based solely on point-of-common coupling (PCC) detectors. In this paper, a thorough cyber attack model for a photovoltaic (PV) farm is developed, where the simulation of four kinds of cyber attacks is provided. Furthermore, this paper evaluates the role of three deep learning techniques including convolutional neural network (CNN), artificial neural network (ANN), and long short-term memory (LSTM), in PV cyber threat detection. The findings demonstrate that, at the DC/DC converter and DC/AC inverter sides, the proposed CDPV model based on deep learning techniques (CNN, ANN, and LSTM) can improve the cyber detection accuracy and resilience under various attack scenarios. Full article

Android malware detection using artificial intelligence today is a mandatory tool to prevent cyber attacks. To address this problem in this paper the proposed methodology consists of the application of genetic programming symbolic classifier (GPSC) to obtain symbolic expressions (SEs) that can detect if the android is malware or not. To find the optimal combination of GPSC hyperparameter values the random hyperparameter values search method (RHVS) method and the GPSC were trained using 5-fold cross-validation (5FCV). It should be noted that the initial dataset is highly imbalanced (publicly available dataset). This problem was addressed by applying various preprocessing and oversampling techniques thus creating a huge number of balanced dataset variations and on each dataset variation the GPSC was trained. Since the dataset has many input variables three different approaches were considered: the initial investigation with all input variables, input variables with high feature importance, application of principal component analysis. After the SEs with the highest classification performance were obtained they were used in threshold-based voting ensembles and the threshold values were adjusted to improve classification performance. Multi-TBVE has been developed and using them the robust system for Android malware detection was achieved with the highest accuracy of 0.98 was obtained. Full article

The increasing dependence on Wi-Fi for device-to-device communication in industrial environments has introduced significant security and privacy challenges. In such wireless networks, rogue access point (RAP) attacks have become more common, exploiting the openness of wireless communication to intercept sensitive operational data, compromise privacy, and disrupt industrial processes. Existing mitigation schemes often rely on dedicated hardware and cryptographic methods for authentication, which are computationally expensive and impractical for the diverse and resource-limited devices commonly found in industrial networks. To address these challenges, this paper introduces a robust and lightweight Wi-Fi device identification scheme, named the P-A scheme, specifically designed for industrial settings. By extracting hardware fingerprints from the phase and amplitude characteristics of channel state information (CSI), the P-A scheme offers an efficient and scalable solution for identifying devices and detecting rogue access points. A lightweight neural network ensures fast and accurate identification, making the scheme suitable for real-time industrial applications. Extensive experiments in real-world scenarios demonstrate the effectiveness of the scheme, achieving 95% identification accuracy within 0.5 s. The P-A scheme offers a practical pathway to safeguard data integrity and privacy in complex industrial networks against evolving cyber threats. Full article

This study aims to explore the optimal power allocation problem under Distributed Denial of Service (DDoS) attack in wireless communication networks. The Starkberg Equilibrium (SE) framework is employed to analyze the strategic interactions between defenders and attacker under conditions of incomplete information. Considering the energy constraints of both sensors and attacker, this paper also proposes an Intrusion Detection System (IDS) based on remote estimation to achieve an optimal defense strategy, with Packet Reception Rate (PPR) serving as a criterion for intrusion detection. Targeting leaders and followers, the optimal power allocation solution is derived with Signal-to-Interference-Noise Ratio (SINR) and transmission cost as the objective functions. By combining the Adaptive Penalty Function (APF) method with the Differential Evolution (DE) algorithm, the study effectively addresses related non-linear and non-convex optimization problems. Finally, the effectiveness of the proposed method is verified through case studies. Full article

This study introduces a novel, practical approach for designing a hierarchical online anomaly detection system for industrial cyber-physical systems. The proposed method utilizes the Hierarchical Temporal Memory (HTM) unsupervised learning algorithm, which requires data to be encoded as sparse binary distributed representations (SDRs). A new SDR encoding method termed the temporal sequence encoder (TSSE) is presented to convert system outputs into SDRs. This approach enables HTM to retain high memory capacity and robust performance when processing data streams of slowly varying physical measurements, typical of many industrial processes. The effectiveness of the proposed system is demonstrated on the Secure Water Treatment (SWaT) dataset, which comprises data collected from a fully operational, scaled-down water treatment plant. The system achieves a recall of 0.906, a precision of 0.935, and an F1 score of 0.92 on SWaT. Compared to previous methods, our approach achieves state-of-the-art recall (~5.3% improvement), along with competitive precision and F1 score, by learning in an online manner without the need for expensive dataset collection, labeling, or retraining phases. These findings suggest that the proposed online anomaly detection method can be effectively applied to a broad range of water treatment and large-scale industrial cyber-physical systems. Full article

This paper presents an approach for designing a generalized dynamic observer (GDO) aimed at detecting and isolating attack patterns that compromise the functionality of cyber–physical systems. The considered attack patterns include denial-of-service (DoS), false data injection (FDI), and random data injection (RDI) attacks. To model an attacker’s behavior and enhance the effectiveness of the attack patterns, Markovian logic is employed. The design of the generalized dynamic observer is grounded in the mathematical model of a system, incorporating its dynamics and potential attack scenarios. An attack-to-residual transfer function is utilized to establish the relationship between attack signals and the residuals generated by the observer, enabling effective detection and isolation of various attack schemes. A three-tank interconnected system, modeled under the discrete Takagi–Sugeno representation, is used as a case study to validate the proposed approach. Full article

Intrusion detection systems are essential for detecting network cyberattacks. As the sophistication of cyberattacks increases, it is critical that defense technologies adapt to counter them. Multi-step attacks, which need several correlated intrusion operations to reach the desired target, are a rising trend in the cybersecurity field. System administrators are responsible for recreating whole attack scenarios and developing improved intrusion detection systems since the systems at present are still designed to generate alerts for only single attacks with little to no correlation. This paper proposes a machine learning approach to identify and classify multi-step network intrusion attacks, with particular relevance to smart cities, where interconnected systems are highly vulnerable to cyber threats. Smart cities rely on these systems seamlessly functioning with one another, and any successful cyberattack could have devastating effects, including large-scale data theft. In such a context, the proposed machine learning model offers a robust solution for detecting and mitigating multi-step cyberattacks in these critical environments. Several machine learning algorithms are considered, namely Decision Tree (DT), K-Nearest Neighbors (KNN), Naïve Bayes (NB), Support Vector Machine (SVM), Light Gradient-Boosting Machine (LGBM), Extreme Gradient Boosting (XGB) and Random Forest (RF). These models are trained on the Multi-Step Cyber-Attack Dataset (MSCAD), a recent dataset that is highly representative of real-world multi-step cyberattack scenarios, which increases the accuracy and efficiency of such systems. The experimental results show that the best performing model was XGB, which achieved a testing accuracy of 100% and an F1 Score of 88%. The proposed model is computationally efficient and easy to deploy, which ensures a fast, sustainable and low power-consuming intrusion detection system at the cutting edge. Full article

The Internet of Things (IoT) has emerged as a crucial element in everyday life. The IoT environment is currently facing significant security concerns due to the numerous problems related to its architecture and supporting technology. In order to guarantee the complete security of the IoT, it is important to deal with these challenges. This study centers on employing deep learning methodologies to detect attacks. In general, this research aims to improve the performance of existing deep learning models. To mitigate data imbalances and enhance learning outcomes, the synthetic minority over-sampling technique (SMOTE) is employed. Our approach contributes to a multistage feature extraction process where autoencoders (AEs) are used initially to extract robust features from unstructured data on the model architecture’s left side. Following this, long short-term memory (LSTM) networks on the right analyze these features to recognize temporal patterns indicative of abnormal behavior. The extracted and temporally refined features are inputted into convolutional neural networks (CNNs) for final classification. This structured arrangement harnesses the distinct capabilities of each model to process and classify IoT security data effectively. Our framework is specifically designed to address various attacks, including denial of service (DoS) and Mirai attacks, which are particularly harmful to IoT systems. Unlike conventional intrusion detection systems (IDSs) that may employ a singular model or simple feature extraction methods, our multistage approach provides more comprehensive analysis and utilization of data, enhancing detection capabilities and accuracy in identifying complex cyber threats in IoT environments. This research highlights the potential benefits that can be gained by applying deep learning methods to improve the effectiveness of IDSs in IoT security. The results obtained indicate a potential improvement for enhancing security measures and mitigating emerging threats. Full article

In recent years, cyberattacks have increased in sophistication, using a variety of tools to exploit vulnerabilities across the global digital landscapes. Among the most commonly used tools at an attacker’s disposal are Google dorks, Shodan, and Censys, which offer unprecedented access to exposed systems, devices, and sensitive data on the World Wide Web. While these tools can be leveraged by professional hackers, they have also empowered “Script Kiddies”, who are low-skill, inexperienced attackers who use readily available exploits and scanning tools without deep technical knowledge. Consequently, cyberattacks targeting critical infrastructure are growing at a rapid rate, driven by the ease with which these solutions can be operated with minimal expertise. This paper explores the potential for cyberattacks enabled by these tools, presenting use cases where these platforms have been used for both offensive and defensive purposes. By examining notable incidents and analyzing potential threats, we outline proactive measures to protect against these emerging risks. In this study, we delve into how these tools have been used offensively by attackers and how they serve defensive functions within cybersecurity. Additionally, we also introduce an automated all-in-one tool designed to consolidate the functionalities of Google dorks, Shodan, and Censys, offering a streamlined solution for vulnerability detection and analysis. Lastly, we propose proactive defense strategies to mitigate exploitation risks associated with such tools, aiming to enhance the resilience of critical digital infrastructure against evolving cyber threats. Full article

Due to Internet of Drones (IoD) technology, drone networks have proliferated, transforming surveillance, logistics, and disaster management. Distributed Denial of Service (DDoS) attacks, malware infections, and communication abnormalities increase cybersecurity dangers to these networks, threatening operational safety and efficiency. Current Intrusion Detection Systems (IDSs) fail to handle drone transmission data’s dynamic, high-dimensional nature, resulting in inadequate real-time anomaly identification and mitigation. This study presents the Cross-Layer Convolutional Attention Network (CLCAN), a new IDS architecture for IoD networks. CLCAN accurately detects complex cyber threats using multi-scale convolutional processing, hierarchical contextual attention, and dynamic feature fusion. Preprocessing methods like weighted differential scaling and gradient-based adaptive resampling improve data quality and reduce class imbalances. Contextual attribute transformation captures the nuanced network behaviors needed for anomaly identification. The proposed technique is shown to be necessary and effective by real-world drone communication dataset evaluations. CLCAN outperforms CNN, LSTM, and XGBoost with 98.4% accuracy, 98.7% recall, and 98.1% F1-score. The model has a remarkable AUC of 0.991. CLCAN can handle datasets of over 118,000 balanced data records in 85 s, compared to 180 s for comparable frameworks. This study pioneers a unified security solution for Drone-to-Drone (D2D) and Drone-to-Base Station (D2BS) communications, filling a crucial IoD security gap. It protects mission-critical drone operations with a strong, efficient, and scalable IDS from emerging cyber threats. Full article

As the Industrial Internet of Things (IIoT) increasingly integrates with traditional networks, advanced persistent threats (APTs) pose significant risks to critical infrastructure. Traditional Intrusion Detection Systems (IDSs) and Anomaly Detection Systems (ADSs) are often inadequate in countering sophisticated multi-step APT attacks. This highlights the necessity of studying attacker strategies and developing predictive models to mitigate potential threats. To address these challenges, we propose DeepOP, a hybrid framework for attack sequence prediction that combines deep learning and ontological reasoning. DeepOP leverages the MITRE ATT&CK framework to standardize attacker behavior and predict future attacks with fine-grained precision. Our framework’s core is a novel causal window self-attention mechanism embedded within a transformer-based architecture. This mechanism effectively captures local causal relationships and global dependencies within attack sequences, enabling accurate multi-step attack predictions. In addition, we construct a comprehensive dataset by extracting causally connected attack events from cyber threat intelligence (CTI) reports using ontological reasoning, mapping them to the ATT&CK framework. This approach addresses the challenge of insufficient data for fine-grained attack prediction and enhances the model’s ability to generalize across diverse scenarios. Experimental results demonstrate that the proposed model effectively predicts attacker behavior, achieving competitive performance in multi-step attack prediction tasks. Furthermore, DeepOP bridges the gap between theoretical modeling and practical security applications, providing a robust solution for countering complex APT threats. Full article

The rapid evolution of technologies such as the Internet of Things (IoT), 5G, and cloud computing has exponentially increased the complexity of cyber attacks. Modern Intrusion Detection Systems (IDSs) must be capable of identifying not only frequent, well-known attacks but also low-frequency, subtle intrusions that are often missed by traditional systems. The challenge is further compounded by the fact that most IDS rely on black-box machine learning (ML) and deep learning (DL) models, making it difficult for security teams to interpret their decisions. This lack of transparency is particularly problematic in environments where quick and informed responses are crucial. To address these challenges, we introduce the XI2S-IDS framework—an Explainable, Intelligent 2-Stage Intrusion Detection System. The XI2S-IDS framework uniquely combines a two-stage approach with SHAP-based explanations, offering improved detection and interpretability for low-frequency attacks. Binary classification is conducted in the first stage followed by multi-class classification in the second stage. By leveraging SHAP values, XI2S-IDS enhances transparency in decision-making, allowing security analysts to gain clear insights into feature importance and the model’s rationale. Experiments conducted on the UNSW-NB15 and CICIDS2017 datasets demonstrate significant improvements in detection performance, with a notable reduction in false negative rates for low-frequency attacks, while maintaining high precision, recall, and F1-scores. Full article

Cloud-native architectures continue to redefine application development and deployment by offering enhanced scalability, performance, and resource efficiency. However, they present significant security challenges, particularly in securing inter-container communication and mitigating Distributed Denial of Service (DDoS) attacks in containerized microservices. This study proposes an Artificial Intelligence Intrusion Detection System (AIDS)-based cyber threat detection solution to address these critical security challenges inherent in cloud-native environments. By leveraging a Resilient Backpropagation Neural Network (RBN), the proposed solution enhances system security and resilience by effectively detecting and mitigating DDoS attacks in real time in both the network and application layers. The solution incorporates an Inter-Container Communication Bridge (ICCB) to ensure secure communication between containers. It also employs advanced technologies such as eXpress Data Path (XDP) and the Extended Berkeley Packet Filter (eBPF) for high-performance and low-latency security enforcement, thereby overcoming the limitations of existing research. This approach provides robust protection against evolving security threats while maintaining the dynamic scalability and efficiency of cloud-native architectures. Furthermore, the system enhances operational continuity through proactive monitoring and dynamic adaptability, ensuring effective protection against evolving threats while preserving the inherent scalability and efficiency of cloud-native environments. Full article