Securing embedded systems with machine learning: A modern approach to cyber threat defense

Almost every modern electronic device relies on some form of embedded system, but as these systems have become more sophisticated, they are increasingly prone to cyber attack. This paper focuses on an artificial intelligence technique to improve cybersecurity in embedded systems. First, we define common microcontroller and embedded app vulnerabilities. This paper introduces a novel methodology applying machine learning algorithms to automatically detect anomalies and predict intrusions, which not only improves security but also increases the resilience of these systems against cyber-attacks. In a set of experiments, we show that our proposed approach is able to accurately spot malicious activities while minimizing false positives. We also present the implications of our findings for secure IoT system design and deployment in functions ranging from automotive to healthcare through industrial automation. Our study underlines that it is becoming increasingly important to introduce early cybersecurity responses and promote joint efforts in both research and industrial sectors against new cyber threats. Such insights are original and contain promising hints about how AI might strengthen embedded systems, motivating follow-on research exploring secure system design.

With the increasing reliance on web applications for business and personal use, ensuring website security has become a critical concern. Cyber threats such as SQL injection, cross-site scripting (XSS), malware infections, and unauthorized access pose significant risks to websites, leading to data breaches and service disruptions. This project aims to develop a comprehensive website security scanner that systematically identifies vulnerabilities and potential security risks.The proposed system integrates automated vulnerability scanning, penetration testing techniques, and real-time monitoring to detect security loopholes. Using machine learning and heuristic-based analysis, the scanner can identify malicious scripts, outdated software versions, weak authentication mechanisms, and misconfigured security policies. The system also performs network security assessments, analyzing potential DDoS (Distributed Denial-of-Service) attack risks and firewall configurations. The scanner generates detailed security reports, providing actionable insights and recommendations for website owners and administrators to mitigate risks effectively. Designed for continuous monitoring and proactive defense, the tool enhances cybersecurity resilience against evolving threats. This project contributes to web security advancements by offering an intelligent, automated, and scalable solution for safeguarding websites from cyberattacks. Keywords: Website Security | Vulnerability Scanner | Cyber Threats | SQL Injection | Cross-Site Scripting (XSS) | Penetration Testing | Machine Learning | Malware Detection | DDoS Protection | Authentication Security | Firewall Analysis | Web Application Security | Risk Assessment | Cybersecurity Resilience

It has become essential to protect vital infrastructures from cyber threats in an age where technology permeates every aspect of our lives. This article examines how machine learning and cybersecurity interact, providing a thorough overview of how this dynamic synergy might strengthen the defence of critical systems and services. The hazards to public safety and national security from cyberattacks on vital infrastructures including electricity grids, transportation networks, and healthcare systems are significant. Traditional security methods have failed to keep up with the increasingly sophisticated cyber threats. Machine learning offers a game-changing answer because of its ability to analyse big datasets and spot anomalies in real time. The goal of this study is to strengthen the defences of key infrastructures by applying machine learning algorithms, such as CNN, LSTM, and deep reinforcement learning for anomaly algorithm. These algorithms can anticipate weaknesses and reduce possible breaches by using historical data and continuously adapting to new threats. The research also looks at issues with data privacy, algorithm transparency, and adversarial threats that arise when applying machine learning to cybersecurity. For machine learning technologies to be deployed successfully, these obstacles must be removed. Protecting vital infrastructures is essential as we approach a day where connectivity is pervasive. This study provides a road map for utilising machine learning to safeguard the foundation of our contemporary society and make sure that our vital infrastructures are robust in the face of changing cyberthreats. The secret to a safer and more secure future is the marriage of cutting-edge technology with cybersecurity knowledge.

The rapid expansion of 5G enabled Vehicle to Everything (V2X) communication has evolved into an intelligent transportation system by supporting applications such as autonomous driving, real-time traffic optimization, and road safety management. However, the growing connectivity and diverse communication protocols also create major cybersecurity challenges, especially in the network tier of connected vehicles. This study conducts a systematic literature review following the PRISMA framework to examine cybersecurity threats and detection models in Malaysia's V2X ecosystem. It involves an analyzing phase towards 85 peer-reviewed studies published between 2016 and 2025. This addresses three research questions: (RQ1) What is the state-of-the-art in CVs in the aspect of network technology in Malaysia, (RQ2) What are the cybersecurity trends and threats towards CVs in the network tier, and (RQ3) What are the existing models in detecting and responding to cyber threats against CVs? Study identifies critical threats, including spoofing, jamming, and denial of service attacks, while evaluating intrusion detection systems that use machine learning, deep learning, and hybrid approaches. The existing approaches are yet to face limitations in real-time performance, contextual accuracy, and supply chain resilience under Malaysia's tropical urban conditions. This study proposes a conceptual model, the SCARF-V2X model, an NGSOC integrated concept that utilizes SIEM, SOAR, and Malaysian cyber threat intelligence platforms to enable automated detection and first-layer auto-response, specifically towards supply chain threats in CVs. The proposed model aims to improve Malaysia's V2X cybersecurity landscape and introduces a proactive and adaptive model to protect CVs against evolving cyber threats.

As our world becomes more and more dependent on cyberspace in all fields, the number of cyber threats, their frequency and complexity have risen with an alarming rate. There are many forms of illegal activities committed over the internet, and together they form cyber-threats; from malware to phishing attacks, APT (advanced persistent threats), ransomware etc. Traditional security sits interaction of these threats is still limited compared to evolving nature, and hardly mitigates zero day attacks. As a result, Machine learning (ML) has become an essential indeed much-needed technology to empower Cyber threat detection and response. This paper investigates the increase in cyber threats as well as how cybersecurity techniques are perpetually enforced, while analysing methodology used by hackers. Here, we investigate a few of the bleeding-edge ML techniques being applied to detect and fight cyber threats from deep learning models like Convolutional Neural Networks (CNNs), Recurrent Neural Network, ensemble learning methods such as Random Forest and Support Vector Machine (SVM). This comprehensive overview highlights the effectiveness of these ML techniques in identifying and mitigating cyber threats, emphasizing the need for continuous innovation to stay ahead of increasingly sophisticated cybercriminal activities. KEYWORDS: Cyber Threat; Cybercrime; Machine Learning Application; Malware; Phishing; Ransomware; Spam;

Cybersecurity has often gained much popularity over the years in a fast-evolving discipline, as the number of cybercriminals and threats rises consistently to stay ahead of law enforcement. Recently, cybercriminals have become more complex with their approaches, though the underlying motives for conducting cyber threats remain largely the same. Classical cybersecurity solutions have become poor at identifying and alleviating evolving cyber threats. Machine learning (ML) plays a crucial role in cybersecurity by making malware detection more scalable, efficient, and automated, reducing reliance on conventional human intervention methods. The cybersecurity domain comprises ML challenges that require effective theoretical and methodical handling. Various statistical and ML approaches, like Bayesian classification, deep learning (DL), and support vector machines (SVM), have efficiently alleviated cyber threats. The insights and hidden trends detected from network data and the architecture of a data-driven ML to avoid this attack are essential to establishing an intelligent security system. This study develops a novel Leveraging Explainable Artificial Intelligence for Early Detection and Mitigation of Cyber Threats in Large-Scale Network Environments (LXAIDM-CTLSN) method. The projected LXAIDM-CTLSN method aims to recognize and classify cyber-attacks in achieving cybersecurity. Initially, the normalization is performed using Min-max normalization to standardize the data. The Mayfly Optimization Algorithm (MOA) is then utilized for feature selection, effectively mitigating computational complexity. A Sparse Denoising Autoencoder (SDAE) model recognizes and classifies cyber threats. Additionally, the Hiking Optimization Algorithm (HOA) is employed to fine-tune the hyperparameters of the SDAE model. Finally, the XAI method LIME is integrated to enhance the explainability and understanding of the Blackbox technique, ensuring superior classification of cyberattacks. Extensive experiments were conducted to evaluate the overall robustness of the proposed XAIDM-CTLSN method using the NSLKDD2015 and CICIDS2017 datasets. The experimental validation of the XAIDM-CTLSN method portrayed a superior accuracy value of 99.09% over other techniques.

The integration of Artificial Intelligence (AI) and Machine Learning (ML) in industrial automation and cybersecurity has become increasingly vital as industries transition towards smarter and more efficient systems. With the rapid advancement of technology, AI and ML are playing a key role in optimizing operations, enhancing safety, and improving overall system performance. This paper explores the applications of AI and ML in industrial automation, focusing on their transformative impact on manufacturing, process control, and predictive maintenance. Additionally, the paper highlights the critical role these technologies play in enhancing cybersecurity frameworks, particularly in the context of industrial control systems and critical infrastructure. The combination of AI and ML allows for real-time decision-making, anomaly detection, and the mitigation of security risks in an increasingly interconnected industrial environment. The findings suggest that AI and ML are not only optimizing operational efficiency but also providing advanced threat detection mechanisms to combat sophisticated cyber threats. This paper presents a detailed review of these technologies' capabilities and challenges, offering insights into their future potential in industrial settings.

Critical infrastructure objects — infrastructure objects, systems, their parts and their totality, which are important for the economy, national security and defense, the malfunctioning of which can harm vital national interests. Classification of objects as critical infrastructure is carried out in accordance with the procedure established by the Cabinet of Ministers of Ukraine. The assignment of banks, other entities operating in the financial services markets, state regulation and supervision of the activities of which is carried out by the National Bank of Ukraine, payment organizations, participants of payment systems, operators of payment infrastructure services is carried out in accordance with the procedure established by the National Bank of Ukraine. Classification of objects to critical infrastructure, which carry out activities on the service markets, state regulation and supervision of the activities of which are carried out by state bodies, is carried out in accordance with the procedure established by such state bodies. Given the importance of cyber security in today's world, critical infrastructure objects are becoming a special target for cyber criminals and cyber threats. These facilities include energy systems, transportation, communication networks, medical facilities and other important sectors that ensure the necessary functioning of society. This article aims to analyze and review modern approaches used to ensure cyber security at critical infrastructure facilities. Research and implementation of the latest strategies and approaches in this area can help increase the level of protection of important systems, as well as detect and respond to new cyber threats, maintaining the reliability and functioning of society as a whole. The main aspects that should be considered when developing innovative approaches to protecting critical infrastructure objects from cyber threats: predictive threat analysis: Understanding potential cyber threats and their impact on critical infrastructure facilities. Detection of new attack vectors and vulnerabilities; development and implementation of the latest technologies: Use of artificial intelligence, machine learning, blockchain and other innovative technologies in the field of cyber defense to prevent attacks and detect security breaches; creation of integrated protection strategies, development of flexible and comprehensive cyber protection strategies that take into account the specifics of each sector of critical infrastructure objects and its needs; introduction of international standards and regulations, cooperation at the international level to establish a unified system of cyber protection standards and rules for critical infrastructure facilities. Cyber defense is constantly evolving, given the constant growth in the number and complexity of cyber threats. To increase the security of critical infrastructure facilities, it is important to consider a number of modern technological trends in cyber protection, namely: artificial intelligence and machine learning; blockchain and cryptography; Internet of Things (IoT) and protection of embedded systems; threat analytics and attack detection; automated means of protection; protection at the level of data processing. The study and implementation of these technological trends in the critical infrastructure sector allows to respond to the complexity of modern cyber threats and provides an increase in the security of systems in real time.

Industry 4.0 is mainly recognized as the digital transformation of the industrial sector which is driven through machine learning and artificial intelligence. It includes the historical collection of information, the capture of live data via sensors, data aggregation and connectivity between routing, gateways and other protocols, PLC integration, the dashboard for analysis and monitoring. The convergence of Machine learning (ML) and Artificial Intelligence (AI) has overcome data integration and decision-making challenges with the adoption of Industry 4.0. This article justifies the context and relevance of data sharing in the industrial sectors and the cyber threats in industry 4.0 and also provides the preventive techniques used via AI and ML. In addition, this book chapter illustrates real use cases and potential prospects for both technologies.

With the increase in the rate of cyber threats, such as ransomware, social engineering, and zero-day exploits, it is urgent to adopt new security mechanisms like Security Orchestration, Automation, and Response (SOAR) systems. The increase in cyber threats has not only amplified in frequency but also in sophistication. This escalation has forced organizations to rethink traditional defense strategies. SOAR has shown itself to be an important solution by automating repetitive tasks and helping security teams in focusing on strategic threat hunting as well as mitigation. The integration of AI and ML in SOAR frameworks helps in predictive analytics, in which systems can anticipate potential breaches based on pattern recognition from vast datasets. The role of blockchain is to enhance data integrity and help enable secure and decentralized threat intelligence sharing between stakeholders. This paper presents a systematic literature review (SLR) on recent advancements in SOAR technologies, especially the incorporation of artificial intelligence (AI), machine learning (ML), and blockchain; it also reviews case studies across various industry sectors, such as healthcare, finance, industrial control systems, and critical infrastructures, as well as the challenges facing SOAR adoption. By examining 29 studies from academic research, industry case studies, and technical reports, the review synthesizes methodologies, architectures, and performance outcomes to summarize the current state of SOAR systems. The research found that SOAR can significantly reduce incident response times and improve threat detection accuracy, with findings indicating that SOAR can lower response times by up to 80% compared to legacy systems, although implementation costs may reach as high as $5 million. Additionally, specialized personnel are still needed to operate these systems. The skills gap increases barriers to adoption, as few professionals possess expertise in cybersecurity as well as in automation tools. Future directions emphasize developing hybrid models that blend human intuition with machine efficiency for more robust defenses. Finally, the review discusses future research directions to help SOAR further scale, interoperate across platforms, and enable autonomous decision-making

The integration of Artificial Intelligence (AI) and Machine Learning (ML) in cybersecurity represents a paradigm shift in the approach to defending against evolving cyber threats. This paper provides a succinct overview of the evaluation of AI and ML applications in cybersecurity, examining perspectives both within the United States and globally. The United States, as a forefront leader in technological innovation, has witnessed a rapid adoption of AI and ML solutions to enhance cybersecurity measures. From advanced threat detection to real-time incident response, these technologies have demonstrated their efficacy in augmenting the capabilities of cybersecurity professionals. This paper explores the specific use cases, challenges, and successes of AI and ML applications within the diverse landscape of cybersecurity in the United States. On a global scale, the evaluation extends beyond national borders, encompassing the diverse cybersecurity strategies and challenges faced by countries worldwide. The paper delves into the varying degrees of AI and ML integration, highlighting the shared benefits and unique considerations for different regions. The global perspective emphasizes collaborative efforts, information sharing, and the role of international partnerships in addressing cyber threats collectively. Throughout this evaluation, key themes such as the ethical implications of AI and ML, the need for explainability in automated decision-making, and the continuous evolution of cyber threats are explored. The paper concludes by emphasizing the significance of ongoing research, collaboration between nations, and the establishment of ethical frameworks to ensure responsible and effective integration of AI and ML in global cybersecurity efforts.

The rapid evolution of cyber threats and the exponential growth of data-driven applications have necessitated the advancement of predictive analytics techniques in cybersecurity and data science. Machine learning (ML) and deep learning (DL) have emerged as powerful tools for detecting, analyzing, and mitigating cyber threats while also enhancing decision-making processes in data science applications. This paper explores state-of-the-art ML and DL methodologies for predictive analytics, emphasizing their role in proactive security measures and intelligent data analysis. Traditional security approaches often struggle to keep pace with the increasing complexity and volume of cyber threats. The integration of ML and DL offers dynamic, adaptive, and automated solutions that can identify anomalies, predict potential attacks, and strengthen defensive mechanisms. Supervised, unsupervised, and reinforcement learning models have been widely adopted for various cybersecurity applications, including intrusion detection, malware classification, fraud detection, and threat intelligence. Meanwhile, DL architectures such as convolutional neural networks (CNNs), recurrent neural networks (RNNs), and transformers have demonstrated superior performance in feature extraction and pattern recognition, enabling advanced predictive analytics in cybersecurity. Beyond security applications, ML and DL play a crucial role in data science, enabling predictive modeling across diverse industries, such as healthcare, finance, and smart cities. Predictive analytics in data science leverages vast datasets to forecast trends, optimize decision-making, and drive innovation. However, challenges such as data privacy, model interpretability, adversarial attacks, and computational complexity must be addressed to ensure the reliability and ethical deployment of AI-driven solutions. This study presents a comprehensive review of the latest advancements in ML and DL for predictive analytics, examining their applications, benefits, and limitations. It also explores hybrid approaches that combine multiple techniques for enhanced accuracy and robustness. The paper further discusses emerging trends, including federated learning for privacy-preserving analytics, explainable AI (XAI) for model transparency, and quantum-enhanced ML for accelerated computations. Through extensive analysis and comparative evaluation, this research highlights the transformative potential of ML and DL in securing digital infrastructures and optimizing predictive analytics. The findings underscore the need for continuous innovation in algorithm design, data handling strategies, and cybersecurity frameworks to counter evolving cyber threats and maximize the utility of AI-driven predictive models. Ultimately, this study contributes to advancing the intersection of ML, DL, cybersecurity, and data science, paving the way for resilient, intelligent, and efficient digital ecosystems.

The rapid digitization of industries and the proliferation of connected devices have exponentially increased the surface area for cyber threats, making traditional cybersecurity methods increasingly inadequate. The paper explores the integration of advanced technologies to enhance threat detection capabilities in a dynamically evolving cyber landscape. This study emphasizes the critical role of machine learning (ML) and big data analytics in identifying, analyzing, and mitigating cyber threats in real time. By leveraging the massive volumes of data generated across networks, ML algorithms can detect anomalous behavior patterns and predict potential threats with high accuracy. Big data analytics further enhances this process by processing and analyzing data at unprecedented speeds, enabling swift identification and response to security breaches. The comprehensive approach outlined in this study addresses key challenges, including the complexity of modern cyber threats, the need for scalability in cybersecurity solutions, and the importance of minimizing false positives. Additionally, the research highlights the importance of continuous learning models that adapt to new and emerging threats, ensuring that the system remains resilient against sophisticated attacks. Case studies of successful implementations across various industries are examined to demonstrate the practical applications and benefits of this approach. The findings suggest that integrating ML and big data analytics in real-time threat detection systems significantly improves cybersecurity defenses, providing organizations with the tools to proactively counteract cyber threats. This approach is positioned as a vital strategy for organizations seeking to fortify their cybersecurity posture in an increasingly interconnected world, where the speed and accuracy of threat detection are paramount to safeguarding critical assets and maintaining trust. Keywords: Real-Time, Cybersecurity, Threat Detection, ML, Big Data Analytics.

The escalating risk of cyber threats requires continuous advances in security monitoring techniques. This survey paper provides a comprehensive overview of recent research into novel methods for cyber threat detection, encompassing diverse approaches such as machine learning, artificial intelligence, behavioral analysis and anomaly detection. Machine learning plays a central role in cyber threat detection, highlighting the effectiveness of deep neural networks in identifying evolving threats. Their adaptability to changing attack patterns is emphasized, underlining their importance for real-time security monitoring. In parallel, ensemble learning is explored, combining multiple models to improve overall detection accuracy and create a robust defense against a spectrum of cyber threats. The literature reviewed highlights the importance of behavioral analysis, with a novel approach that integrates user behaviour profiling with anomaly detection. This has proven effective in identifying suspicious activity within a network, particularly insider threats and stealthy attacks. Another behavioral framework using User and Entity Behavior Analytics (UEBA) is presented for enhanced anomaly detection, highlighting the importance of context-aware monitoring in improving threat detection accuracy. Collaborative defense mechanisms emerge as a major focus of the research papers reviewed, exploring the potential of sharing threat information between organisations to enhance collective security monitoring. Their findings underscore the importance of a collaborative approach to staying ahead of rapidly evolving cyber threats. Some types of cyber-attacks are also analysed in the context of a security operations centre (SOC) monitoring environment using a security information and event management (SIEM) tool - Splunk. In conclusion, this survey paper synthesizes recent advances in cyber threat detection methods in security monitoring that integrate machine learning, behavioral analysis, and collaborative defense strategies. As cyber threats continue to evolve, these novel methods provide valuable insights for researchers, practitioners, and organisations seeking to strengthen their cybersecurity defenses. This concise overview emphasises the multi-dimensional approach required to secure digital ecosystems, providing a concise yet comprehensive guide to modern cyber threat detection strategies.

In a world of engineers working hard every day to make sure all of us can have light after the sun sets, clean drinking water and get safe transport to a hospital where they can get medical services, they automatically trust these heroes to ensure critical infrastructure services remain operational at all times. However, the world has been changing for several years now as cyber threats have entered the scene and discovered there are easy targets. The industrial automation and control systems (IACSs) in control of their critical infrastructure have been designed with operational assurance in mind, making sure they function with very high accuracy and availability according to specification. As such, they and the people involved with the IACS life cycle are inherently vulnerable to cyber threats as so little effort has been spent on misuse cases, which is basically what the cyber threat actors are exploiting, technology and people alike. To mitigate this, the IEC 62443 standard is emerging as a framework specifically designed to help industrial organisations grow to address the growing cyber threats to their assets.