Due to the exponential increase in cyber/online crimes involving the use of steganography in streaming media, it is crucial to focus on studying steganalysis technology for the detection of covert communications. Several existing steganalysis methods rely on classifiers such as Support Vector Machines (SVM) and conventional statistical analysis. However, these methods suffer from high computational intensity and time consumption, making them unsuitable for real-time detection of steganography in streaming media. Additionally, some steganalysis techniques are specifically designed for certain codecs or depend on particular steganographic algorithms, limiting their practicality and universality. To address these challenges, this study devises five steganalysis algorithms tailored for Voice over Internet Protocol (VoIP) to detect covert channels in streaming media communications. The algorithms are as follows: ANOVA, derivative-based Mel Frequency Cepstrum Coefficient (DMFCC), improved Regular and Singular (RS) test, Mann–Whitney–Wilcoxon (M-W-W) test, and FFT-based Steganalysis. Experimental evaluations were performed on two sets of media streams — one without steganography and the other with steganography. The results obtained from these experiments reveal that the proposed VoIP steganalysis algorithms exhibit variations in terms of detection sensitivity, whether blind or targeted, online or offline, as well as the requirement for original samples.

Learning network representations, also known as network embeddings, has attracted significant attention in recent years. Real-world scenarios often involve networks with multiple views, where each view captures a distinct aspect of the network’s structure. Existing network embedding methods mainly focus on the global information from each view, neglecting the implied relations among multiple views. Additionally, maintaining the scalability of node embeddings while adapting to changes in network topology remains a major challenge. To this end, this article proposes a Cloud-edge Collaboration Network (CC-Net) to learn robust node embeddings in multi-view networks. Specifically, we design a decomposition and regrouping module to capture implied relations within multi-view networks, enabling the generation of comprehensive node representations that integrate information from all sub-networks. Besides, by leveraging the hybrid approach of cloud and edge computing, our proposed CC-Net can efficiently handle the complexities and dynamics of multi-view networks without retraining the entire network. Extensive experiments and analyses on real-world Twitter and YouTube datasets demonstrate the superiority of our approach compared to several benchmark methods, and validate its effectiveness in capturing implied relations and generating robust node embeddings.

The Lightning network (LN) offers a solution to Bitcoin’s scalability limitations by providing fast and private off-chain payments. In addition to the LN’s long known application-level centralisation, recent work has highlighted its centralisation at the network level which makes it vulnerable to attacks on privacy by malicious actors. In this work, we explore the LN’s susceptibility to further attacks by a network-level actor such as a malicious autonomous system. We show that a network-level adversary can identify and interfere with all payments routed via their network by just examining the packet headers. Our results indicate that it is viable to accurately identify LN messages despite the fact that all inter-peer communication is end-to-end encrypted. While this can likely be used to achieve various adversarial objectives, we show how it can be exploited by an adversary to impose payment censorship and induce channel congestion. Additionally, we describe how a network-level observer can determine a node’s role in a payment path based on timing, direction of flow and message type, and demonstrate the approach’s feasibility using experiments in a live instance of the network. Simulations of the attack on a snapshot of the Lightning mainnet suggest that the impact of a congestion attack varies from mild to potentially dramatic depending on the adversary and type of payments that are censored. On the other hand, they show that the impact of a congestion attack, under the assumption that the adversary is not able to jam all channels, is less extreme. We analyse countermeasures the network can implement and come to the conclusion that an adequate solution involves constant message sizes as well as dummy traffic.

With the swift advancement of artificial intelligence technology, autonomous driving has increasingly emerged as a pivotal technology in the future of transportation. Real-time data exchange and processing across modules in autonomous driving systems necessitate efficient and reliable communication middleware. However, existing communication methods suffer from delay, congestion and packet loss when dealing with high-frequency and large-data-volume transmission tasks, significantly impairing system performance and security. To reduce communication latency and CPU overhead, a multi-mode adaptive high-performance and high-reliability communication middleware CAPilot is proposed. Firstly, a novel shared-memory communication architecture is proposed, comprising a Data Pool, an Event Notification Index Pool, and a Cycle Index Pool. The Data Pool employs a lock-free mechanism to avert deadlock and starvation issues, while addressing frame-skipping using a real-time maintenance and discriminative approach. Event-triggered and period-triggered data acquisition strategies proficiently circumvent data security concerns and performance limitations inherent in conventional shared memory connectivity. Then, to mitigate the overhead associated with dynamic broadcasts within the constrained embedded resources of the network, an adaptive communication scheme is proposed. This scheme incorporates a profile-based static communication encoding that automatically determines the optimal communication method based on the environments of the communicating entities. Finally, the intra-process pointer passing method is optimised by introducing a dual adaptive buffered ring queue, which facilitates bulk data retrieval without using locks. Experimental results show that CAPilot outperforms existing communication middlewares such as ROS2, CyberRT and DDS in terms of communication latency, message throughput, message frame loss rate and resource utilization. These advancements suggest that CAPilot is well-suited for extensive deployment in diverse autonomous driving applications.

With the accelerating growth of the digital economy, data has emerged as a core asset, making secure and private data trading a pressing necessity. However, traditional centralized data trading platforms face critical challenges, including identity exposure, data leakage, unclear ownership, and lack of trust. Although decentralized, blockchain-based solutions have been proposed, they typically protect only subsets of these properties and seldom provide a unified, verifiable privacy architecture over the entire trading lifecycle. This paper introduces a novel decentralized data trading system that comprehensively integrates Groth16-based zero-knowledge proofs (ZKPs), Merkle tree–based data ownership commitments, and smart contracts on blockchain. The proposed system ensures identity anonymity, data confidentiality, ownership traceability, and behavioral privacy while supporting regulatory auditability. Rather than proposing new cryptographic primitives, we reformulate data trading as a zero-knowledge–verifiable privacy problem and embed the resulting privacy logic into the protocol and contract design. The main contributions are as follows. (1) Developing a unified zero-knowledge privacy layer that combines Groth16-based ZKPs with proxy re-encryption, allowing participants to prove transaction eligibility without disclosing identity attributes while keeping traded data encrypted end-to-end. (2) Constructing a zero-knowledge-based ownership lifecycle in which Merkle trees are repurposed as privacy-preserving ownership commitment structures that support unlinkable ownership proof, secure ownership transfer, and privacy-preserving traceability. (3) Designing a malleability-aware ZKP execution framework for Groth16 proofs, implemented via dedicated “anti-malleability” contracts that bind proofs to ownership states, fresh randomness, and protocol stages, thereby mitigating proof malleability and unsafe reuse across the registration–sale–transfer lifecycle. (4) Integrating a trusted regulatory authority into the architecture to enable compliant yet anonymous audits and formulate a system-wide privacy framework covering identity, data, ownership, behavioral, and audit dimensions. Experimental results demonstrate that the system achieves strong privacy guarantees and low on-chain overhead, offering a more robust and privacy-centric approach to data transactions than existing solutions.

We present a novel investigation into the impact of inter-drone interference on delivery efficiencies within multi-drone skyway networks . We conduct controlled experiments to analyze the behavior of drones in an indoor testbed environment. Our study compares performance between solo flights and concurrent multi-drone operations along predefined routes. This analysis captures interference occurring during both flight and at charging stations, providing a comprehensive evaluation of its effects on overall network performance. We conduct a comprehensive series of experiments across diverse scenarios to systematically understand and model the dynamics of inter-drone interference. Key metrics, such as power consumption and delivery times , are considered. This generates a comprehensive dataset for in-depth analysis of interference at both the node and segment levels. These findings are then formalized into a predictive model. The results validate the effectiveness of the developed model, demonstrating its potential to accurately forecast inter-drone interferences.

As the Internet of Things (IoT) becomes more embedded within our daily lives, there is growing concern about the risk ‘smart’ devices pose to network security. To address this, one avenue of research has focused on automated IoT device identification. This research is broadly motivated by the idea that the more we can know about our devices, the more secure the networks they are on can be. Research has however largely neglected the identification of IoT device firmware versions. There is strong evidence that IoT security relies on devices being on the latest version patched for known vulnerabilities. Identifying when a device has updated (has changed version) or not (is on a stable version) is therefore useful for IoT security. Version identification involves challenges beyond those for identifying the model, type, and manufacturer of IoT devices. Most obviously, the differences between versions are more subtle and therefore harder to detect. Moreover, because there has been relatively little research in this area, there are no widely available datasets that track devices’ version changes over time. Consequently, traditional machine learning algorithms are ill-suited for effective version identification due to being limited by the availability of data for training. In this paper, we introduce an effective technique for identifying IoT device versions based on transfer learning. This technique relies on the idea that we can use a Twin Neural Network (TNN) — trained at distinguishing devices — to detect differences between a device on different versions. This facilitates real-world implementation by requiring relatively little training data. In more detail, we extract statistical features from on-wire packet flows, convert these features into greyscale images, pass these images into a TNN to output similarity scores, and determine version changes based on the Hedges’ g effect size of the similarity scores. This allows us to detect the subtle changes present in on-wire traffic when a device changes version. To evaluate our technique, we set up a lab containing 12 IoT devices and recorded their on-wire packet captures for 11 days across multiple firmware versions. For testing data held out from training, our best performing model is shown to be 95.83% and 84.38% accurate at identifying stable versions and version changes respectively.

Single-channel speech separation remains one of the most challenging tasks in the field of speech signal processing. In many situations, such as during epidemics that involve respiratory diseases (e.g., COVID-19 or influenza A), individuals are required to wear masks while communicating. Is it possible to address the challenge of speech separation when the target speaker is wearing a mask? Can audio‒visual approaches achieve better speech separation performance than that of audio-only approaches in scenarios where speakers are wearing masks? To address the aforementioned questions, we first construct a large-scale multimodal dataset, termed Speech Separation while Wearing a Mask (SSWM), which includes both the audio modality and the visual modality with masked faces. We explore two strategies for addressing the problem of facial occlusion. One strategy involves utilizing occluded faces—which lack critical visual cues such as mouth movements—directly as supervisory information for self-supervised speech separation; the other strategy involves the use of Wav2Lip to first generate visual information, which is then used as supervisory guidance for self-supervised speech separation. Building upon these two strategies, we propose the SSWM network (SSWMNet), which can flexibly choose to either utilize occluded facial images directly or employ Wav2Lip to generate visual information. The experimental results demonstrate that the proposed speech separation method in which Wav2Lip is used for visual information generation outperforms the approach of utilizing occluded faces directly for self-supervised speech separation. Both proposed audio‒visual methods outperform the audio-only speech separation approach, which operates without the aid of visual information. Availability—SSWMNet is available at https://github.com/fanmanqian/SSWMNetwork .

Large language models (LLMs) are increasingly employed within Security Operations Centres (SOCs), including SOC for Digital Risk Protection (DRP), yet their outputs often exhibit partial coverage, hallucinations, verbosity, and lack of localized insights. This article proposes a hybrid reasoning pipeline that combines multimodal LLMs with stable human-curated references to mitigate these issues, and is distinct from standard retrieval-augmented generation because offline, human-curated references are applied as an explicit decision-time override rather than used solely as supportive retrieved context. We introduce a step-by-step process that incorporates multi-vantage crawling for evasive content, deterministic prompts to manage inconsistency, and a structured approach to override or refine the model’s classifications when local brand knowledge contradicts global assumptions, together with an analyst-governed escalation loop that records when and why overrides occur in external-SOC DRP settings. Empirical evaluations with multiple commercial and open-source model providers show that this method significantly boosts scam detection accuracy, lowers token costs through caching, and reduces misleading outputs by adopting curated domain data, including comparisons against a RAG-only configuration and classical non-LLM baselines. Results underline how offline reference injection fosters a reliable collaboration pattern that harmonizes automated tasks with human expertise, thereby enhancing scalability and trust in real-world SOC environments.

We investigate the sociotechnical factors influencing the adoption of AI-based tools in cybersecurity operations within a large international financial organization, using a reflexive thematic analysis grounded in a Sociotechnical Systems (STS) framework. Our qualitative case study involved 15 interviews with security analysts, data scientists, and departmental leaders to explore end-user perspectives, organizational culture, and technical constraints shaping AI adoption. Drawing on established models, we analyze barriers such as mistrust in AI systems, ineffective feedback mechanisms, lack of domain knowledge, and job security concerns. The study reveals a disconnect between the availability of AI tools and their actual use, primarily driven by human-centric resistance and structural inefficiencies rather than technical limitations. These findings emphasize the importance of aligning AI development with analysts’ workflows, increasing explainability, and making design processes more collaborative. We propose a targeted suite of interventions – including training, cross-functional mentorship, and enhanced feedback channels – to support the responsible and effective integration of AI. Our research contributes a theory-informed and empirically grounded understanding of AI adoption challenges in cybersecurity, with practical implications for organizations navigating the human-AI interface in corporate environments.