Search Results (1,110)

Wireless communication advancements have significantly improved connectivity and user experience with each generation. The recent release of the framework M.2160 for the upcoming sixth generation (6G or IMT-2030) cellular wireless standard by ITU-R has significantly heightened expectations, particularly for Internet of Things (IoT) driven use cases. However, this progress introduces significant security risks, as technologies like O-RAN, terahertz communication, and native AI pose threats such as eavesdropping, supply chain vulnerabilities, model poisoning, and adversarial attacks. The increased exposure of sensitive data in 6G applications further intensifies these challenges. This necessitates a concerted effort from stakeholders including ITU-R, 3GPP, ETSI, OEMs and researchers to embed security and resilience as core components of 6G. While research is advancing, establishing a comprehensive security framework remains a significant challenge. To address these evolving threats, our research proposes a dynamic security framework that emphasizes the integration of explainable AI (XAI) techniques like SHAP and LIME with advanced machine learning models to enhance decision-making transparency, improve security in complex 6G environments, and ensure effective detection and mitigation of emerging cyber threats. By refining model accuracy and ensuring alignment through recursive feature elimination and consistent cross-validation, our approach strengthens the overall security posture of the IoT–6G ecosystem, making it more resilient to adversarial attacks and other vulnerabilities. Full article

The rise in intrusions on network and IoT systems has led to the development of artificial intelligence (AI) methodologies in intrusion detection systems (IDSs). However, traditional AI or machine learning (ML) methods can compromise accuracy due to the vast, diverse, and dynamic nature of the data generated. Moreover, many of these methods lack transparency, making it challenging for security professionals to make predictions. To address these challenges, this paper presents a novel IDS architecture that uses deep learning (DL)-based methodology along with eXplainable AI (XAI) techniques to create explainable models in network intrusion detection systems, empowering security analysts to use these models effectively. DL models are needed to train enormous amounts of data and produce promising results. Three different DL models, i.e., customized 1-D convolutional neural networks (1-D CNNs), deep neural networks (DNNs), and pre-trained model TabNet, are proposed. The experiments are performed on seven different datasets of TON_IOT. The CNN model for the network dataset achieves an impressive accuracy of 99.24%. Meanwhile, for the six different IoT datasets, in most of the datasets, the CNN and DNN achieve 100% accuracy, further validating the effectiveness of the proposed models. In all the datasets, the least-performing model is TabNet. Implementing the proposed method in real time requires an explanation of the predictions generated. Thus, the XAI methods are implemented to understand the essential features responsible for predicting the particular class. Full article

Drowsy driving poses a significant challenge to road safety worldwide, contributing to thousands of accidents and fatalities annually. Despite advancements in driver drowsiness detection (DDD) systems, many existing methods face limitations such as intrusiveness and delayed reaction times. This research addresses these gaps by leveraging facial analysis and state-of-the-art machine learning techniques to develop a real-time, non-intrusive DDD system. A distinctive aspect of this research is its systematic assessment of various machine and deep learning algorithms across three pivotal public datasets, the NTHUDDD, YawDD, and UTA-RLDD, known for their widespread use in drowsiness detection studies. Our evaluation covered techniques including the K-Nearest Neighbors (KNNs), support vector machines (SVMs), convolutional neural networks (CNNs), and advanced computer vision (CV) models such as YOLOv5, YOLOv8, and Faster R-CNN. Notably, the KNNs classifier reported the highest accuracy of 98.89%, a precision of 99.27%, and an F1 score of 98.86% on the UTA-RLDD. Among the CV methods, YOLOv5 and YOLOv8 demonstrated exceptional performance, achieving 100% precision and recall with [email protected] values of 99.5% on the UTA-RLDD. In contrast, Faster R-CNN showed an accuracy of 81.0% and a precision of 63.4% on the same dataset. These results demonstrate the potential of our system to significantly enhance road safety by providing proactive alerts in real time. Full article

As security threats become more complex, the need for effective intrusion detection systems (IDSs) has grown. Traditional machine learning methods are limited by the need for extensive feature engineering and data preprocessing. To overcome this, we propose two enhanced hybrid deep learning models, an autoencoder–convolutional neural network (Autoencoder–CNN) and a transformer–deep neural network (Transformer–DNN). The Autoencoder reshapes network traffic data, addressing class imbalance, and the CNN performs precise classification. The transformer component extracts contextual features, which the DNN uses for accurate classification. Our approach utilizes an enhanced hybrid adaptive synthetic sampling–synthetic minority oversampling technique (ADASYN-SMOTE) for binary classification and enhanced SMOTE for multi-class classification, along with edited nearest neighbors (ENN) for further class imbalance handling. The models were designed to minimize false positives and negatives, improve real-time detection, and identify zero-day attacks. Evaluations based on the CICIDS2017 dataset showed 99.90% accuracy for Autoencoder–CNN and 99.92% for Transformer–DNN in binary classification, and 99.95% and 99.96% in multi-class classification, respectively. On the NF-BoT-IoT-v2 dataset, the Autoencoder–CNN achieved 99.98% in binary classification and 97.95% in multi-class classification, while the Transformer–DNN reached 99.98% and 97.90%, respectively. These results demonstrate the superior performance of the proposed models compared with traditional methods for handling diverse network attacks. Full article

This study aims to explore the optimal power allocation problem under Distributed Denial of Service (DDoS) attack in wireless communication networks. The Starkberg Equilibrium (SE) framework is employed to analyze the strategic interactions between defenders and attacker under conditions of incomplete information. Considering the energy constraints of both sensors and attacker, this paper also proposes an Intrusion Detection System (IDS) based on remote estimation to achieve an optimal defense strategy, with Packet Reception Rate (PPR) serving as a criterion for intrusion detection. Targeting leaders and followers, the optimal power allocation solution is derived with Signal-to-Interference-Noise Ratio (SINR) and transmission cost as the objective functions. By combining the Adaptive Penalty Function (APF) method with the Differential Evolution (DE) algorithm, the study effectively addresses related non-linear and non-convex optimization problems. Finally, the effectiveness of the proposed method is verified through case studies. Full article

Analysts in Security Operations Centers (SOCs) are often occupied with time-consuming investigations of alerts from Network Intrusion Detection Systems (NIDSs). Many NIDS rules lack clear explanations and associations with attack techniques, complicating the alert triage and the generation of attack hypotheses. Large Language Models (LLMs) may be a promising technology to reduce the alert explainability gap by associating rules with attack techniques. In this paper, we investigate the ability of three prominent LLMs (ChatGPT, Claude, and Gemini) to reason about NIDS rules while labeling them with MITRE ATT&CK tactics and techniques. We discuss prompt design and present experiments performed with 973 Snort rules. Our results indicate that while LLMs provide explainable, scalable, and efficient initial mappings, traditional machine learning (ML) models consistently outperform them in accuracy, achieving higher precision, recall, and F1-scores. These results highlight the potential for hybrid LLM-ML approaches to enhance SOC operations and better address the evolving threat landscape. By utilizing automation, the presented methods will enhance the analysis efficiency of SOC alerts, and decrease workloads for analysts. Full article

The rapid integration of connected technologies in modern vehicles has introduced significant cybersecurity challenges, particularly in securing critical systems against advanced threats such as IP spoofing and rule manipulation. This study investigates the application of CHERI (Capability Hardware Enhanced RISC Instructions) to enhance the security of Intrusion Detection Systems (IDSs) in automotive networks. By leveraging CHERI’s fine-grained memory protection and capability-based access control, the IDS ensures the robust protection of rule configurations against unauthorized access and manipulation. Experimental results demonstrate a 100% detection rate for spoofed IP packets and unauthorized rule modification attempts. The CHERI-enabled IDS framework achieves latency well within the acceptable limits defined by automotive standards for real-time applications, ensuring it remains suitable for safety-critical operations. The implementation on the ARM Morello board highlights CHERI’s practical applicability and low-latency performance in real-world automotive scenarios. This research underscores the potential of hardware-enforced memory safety in mitigating complex cyber threats and provides a scalable solution for securing increasingly connected and autonomous vehicles. Future work will focus on optimizing CHERI for resource-constrained environments and expanding its applications to broader automotive security use cases. Full article

The evolution of Electrical and Electronic (E/E) architectures in the automotive industry has been a significant factor in the transformation of vehicles from traditional mechanical systems to sophisticated, software-defined machines. With increasing vehicle connectivity and the growing threats from cyberattacks that could compromise safety and violate user privacy, the incorporation of cybersecurity into the automotive development process is becoming imperative. As vehicles evolve into sophisticated interconnected systems, understanding their vulnerabilities becomes essential to improve cybersecurity. This paper also discusses the role of evolving standards and regulations, such as ISO 26262 and ISO/SAE 21434, in ensuring both the safety and cybersecurity of modern vehicles. This paper offers a comprehensive review of the current challenges in automotive cybersecurity, with a focus on the vulnerabilities of the Controller Area Network (CAN) protocol. Additionally, we explore state-of-the-art countermeasures, focusing on Intrusion Detection Systems (IDSs), which are increasingly leveraging artificial intelligence and machine learning techniques to detect anomalies and prevent attacks in real time. Through an analysis of publicly available CAN datasets, we evaluate the effectiveness of IDS frameworks in mitigating these threats. Full article

The Internet of Medical Things (IoMT) is revolutionizing healthcare by enabling advanced patient care through interconnected medical devices and systems. However, its critical role and sensitive data make it a prime target for cyber threats, requiring the implementation of effective security solutions. This paper presents a novel intrusion detection system (IDS) specifically designed for IoMT networks. The proposed IDS leverages machine learning (ML) and deep learning (DL) techniques, employing a stacking ensemble method to enhance detection accuracy by integrating the strengths of multiple classifiers. To ensure real-time performance, the IDS is implemented within a Kappa Architecture framework, enabling continuous processing of IoMT data streams. The system effectively detects and classifies a wide range of cyberattacks, including ARP spoofing, DoS, Smurf, and Port Scan, achieving an outstanding detection accuracy of 0.991 in binary classification and 0.993 in multi-class classification. This research highlights the potential of combining advanced ML and DL methods with ensemble learning to address the unique cybersecurity challenges of IoMT systems, providing a reliable and scalable solution for safeguarding healthcare services. Full article

In geriatric healthcare, missing data pose significant challenges, especially in systems used for frailty monitoring in elderly individuals. This study explores advanced imputation techniques used to enhance data quality and maintain model performance in a system designed to detect frailty insights. We introduce missing data mechanisms—Missing Completely at Random (MCAR), Missing at Random (MAR), and Missing Not at Random (MNAR)—into a dataset collected from smart bracelets, simulating real-world conditions. Imputation methods, including Expectation–Maximization (EM), matrix completion, Bayesian networks, K-Nearest Neighbors (KNN), Support Vector Machines (SVMs), Generative Adversarial Imputation Networks (GAINs), Variational Autoencoder (VAE), and GRU-D, were evaluated based on normalized Mean Squared Error (MSE), Mean Absolute Error (MAE), and R² metrics. The results demonstrate that KNN and SVM consistently outperform other methods across all three mechanisms due to their ability to adapt to diverse patterns of missingness. Specifically, KNN and SVM excel in MAR conditions by leveraging observed data relationships to accurately infer missing values, while their robustness to randomness enables superior performance under MCAR scenarios. In MNAR contexts, KNN and SVM effectively handle unobserved dependencies by identifying underlying patterns in the data, outperforming methods like GRU-D and VAE. These findings highlight the importance of selecting imputation methods based on the characteristics of missing data mechanisms, emphasizing the versatility and reliability of KNN and SVM in healthcare applications. This study advocates for hybrid approaches in healthcare applications like the cINnAMON project, which supports elderly individuals at risk of frailty through non-intrusive home monitoring systems. Full article

Intrusion detection systems are essential for detecting network cyberattacks. As the sophistication of cyberattacks increases, it is critical that defense technologies adapt to counter them. Multi-step attacks, which need several correlated intrusion operations to reach the desired target, are a rising trend in the cybersecurity field. System administrators are responsible for recreating whole attack scenarios and developing improved intrusion detection systems since the systems at present are still designed to generate alerts for only single attacks with little to no correlation. This paper proposes a machine learning approach to identify and classify multi-step network intrusion attacks, with particular relevance to smart cities, where interconnected systems are highly vulnerable to cyber threats. Smart cities rely on these systems seamlessly functioning with one another, and any successful cyberattack could have devastating effects, including large-scale data theft. In such a context, the proposed machine learning model offers a robust solution for detecting and mitigating multi-step cyberattacks in these critical environments. Several machine learning algorithms are considered, namely Decision Tree (DT), K-Nearest Neighbors (KNN), Naïve Bayes (NB), Support Vector Machine (SVM), Light Gradient-Boosting Machine (LGBM), Extreme Gradient Boosting (XGB) and Random Forest (RF). These models are trained on the Multi-Step Cyber-Attack Dataset (MSCAD), a recent dataset that is highly representative of real-world multi-step cyberattack scenarios, which increases the accuracy and efficiency of such systems. The experimental results show that the best performing model was XGB, which achieved a testing accuracy of 100% and an F1 Score of 88%. The proposed model is computationally efficient and easy to deploy, which ensures a fast, sustainable and low power-consuming intrusion detection system at the cutting edge. Full article

The Internet of Things (IoT) has emerged as a crucial element in everyday life. The IoT environment is currently facing significant security concerns due to the numerous problems related to its architecture and supporting technology. In order to guarantee the complete security of the IoT, it is important to deal with these challenges. This study centers on employing deep learning methodologies to detect attacks. In general, this research aims to improve the performance of existing deep learning models. To mitigate data imbalances and enhance learning outcomes, the synthetic minority over-sampling technique (SMOTE) is employed. Our approach contributes to a multistage feature extraction process where autoencoders (AEs) are used initially to extract robust features from unstructured data on the model architecture’s left side. Following this, long short-term memory (LSTM) networks on the right analyze these features to recognize temporal patterns indicative of abnormal behavior. The extracted and temporally refined features are inputted into convolutional neural networks (CNNs) for final classification. This structured arrangement harnesses the distinct capabilities of each model to process and classify IoT security data effectively. Our framework is specifically designed to address various attacks, including denial of service (DoS) and Mirai attacks, which are particularly harmful to IoT systems. Unlike conventional intrusion detection systems (IDSs) that may employ a singular model or simple feature extraction methods, our multistage approach provides more comprehensive analysis and utilization of data, enhancing detection capabilities and accuracy in identifying complex cyber threats in IoT environments. This research highlights the potential benefits that can be gained by applying deep learning methods to improve the effectiveness of IDSs in IoT security. The results obtained indicate a potential improvement for enhancing security measures and mitigating emerging threats. Full article

Network intrusion detection models are vital techniques for ensuring cybersecurity. However, existing models face several challenges, such as insufficient feature extraction capabilities, dataset imbalance, and suboptimal detection accuracy. In this paper, a new type of model (ResIncepNet-SA) based on InceptionNet, Resnet, and convolutional neural networks with a self-attention mechanism was proposed to detect network intrusions. The model used the PCA-ADASYN algorithm to compress network traffic features, extract high-correlation feature datasets, and oversample and balance the feature datasets to classify abnormal network traffic. The experimental results show that the accuracy, precision, recall, and F1-score of the proposed ResIncepNet-SA model using the NSL-KDD dataset reach 0.99366, 0.99343, 0.99339, and 0.99338, respectively. This model enhances the accuracy of abnormal network traffic detection and outperforms existing models when applied to imbalanced datasets, offering a new solution for network traffic intrusion detection. Full article

In this paper, we propose a multilevel-based intrusion detection model. Firstly, we design an integrated shared feature technique, which filters the features to create a general dataset, retaining fewer but more significant features to enhance the detection accuracy of the model and reduce computational costs. The first stage employs OC-SVM to achieve the efficient classification of normal and abnormal traffic based on a general dataset. Additionally, the first stage is deployed close to the monitored system to enable low-latency prediction and privacy-preserving operations, thus enhancing flexibility and improving global classification performance. The second stage proposes a novel Edge Attention Network (EGAT) with a Multi-Head Dynamic Mechanism (MHD) framework, which introduces the graph attention mechanism and considers edge information as the only element, assigning greater weights to nodes and edges exhibiting high similarity, emphasizing their relationships and thereby improving the model’s accuracy and expressiveness. The MHDEGAT model facilitates additional weight learning by integrating the multi-head attention mechanism with edge features, while the weighted aggregation process enhances the data utilization across different network traffic. Finally, the model is trained and tested using the method of on-network data from a gas industrial control system, with an accuracy of 96.99%, a precision of 97.11%, a recall of 96.99%, and an F1 score of 96.93%, all of which outperform the comparison method. Full article

Intrusion detection has been a vast-surveyed topic for many decades as network attacks are tremendously growing. This has heightened the need for security in networks as web-based communication systems are advanced nowadays. The proposed work introduces an intelligent semi-supervised intrusion detection system based on different algorithms to classify the network attacks accurately. Initially, the pre-processing is accomplished using null value dropping and standard scaler normalization. After pre-processing, an enhanced Deep Reinforcement Learning (EDRL) model is employed to extract high-level representations and learn complex patterns from data by means of interaction with the environment. The enhancement of deep reinforcement learning is made by associating a deep autoencoder (AE) and an improved flamingo search algorithm (IFSA) to approximate the Q-function and optimal policy selection. After feature representations, a support vector machine (SVM) classifier, which discriminates the input into normal and attack instances, is employed for classification. The presented model is simulated in the Python platform and evaluated using the UNSW-NB15, CICIDS2017, and NSL-KDD datasets. The overall classification accuracy is 99.6%, 99.93%, and 99.42% using UNSW-NB15, CICIDS2017, and NSL-KDD datasets, which is higher than the existing detection frameworks. Full article