Attack Scenarios Research Articles

Optimization of Intrusion Detection System with Machine Learning for Detecting Distributed Attacks on Server

This study develops an intrusion detection system optimized with machine learning techniques for efficient and effective detection of Distributed Denial-of-Service (DDoS) attacks. Using the Decision Tree algorithm, the system is designed to maximise accuracy in the identification and classification of DDoS attacks. The CIC-DDoS2019 dataset, which consists of various comprehensive simulated attack scenarios, is used as the basis for training and validation, providing the model with robust capabilities in recognizing DDoS attacks with high accuracy. This IDS successfully achieved a 100% detection rate, which is a significant result in the network security environment. The system is integrated into the existing network infrastructure, monitoring data flows in real-time and performing predictive analysis to detect early indications of attacks. Each attack detection immediately triggers a notification sent via a Telegram bot, ensuring that the security team can react quickly to isolate and address the attack. These notifications include details such as the source, type of attack, detection time, and involved protocol information, enabling more informed and strategic response actions. The use of Telegram bots for real-time communication not only enhances the speed of response to threats but also supports system scalability by facilitating adjustments and integration across various operational scenarios. The system's quick detection and response is a big step forward for machine learning-based intrusion detection systems (IDS). It provides opportunities for further research and practical applications that can adapt to various digital security scenarios.

A joint diagnoser approach for diagnosability of discrete event systems under attack

This paper investigates the problem of diagnosing the occurrence of a fault event in a discrete event system (DES) subject to malicious attacks. We consider a DES monitored by an operator through the perceived sensor observations. It is assumed that an attacker can tamper with the sensor observations, and the system operator is not aware of the attacker’s presence at the beginning. We propose a stealthy joint diagnoser (SJD) that (i) describes all possible stealthy attacks (i.e., undiscovered by the operator) in a given attack scenario; (ii) records the joint diagnosis state, i.e., the diagnosis state of the attacker consistent with the original observation and the diagnosis state of the operator consistent with the corrupted observation. The SJD is used for diagnosability verification under attack. From the attacker’s point of view, we present two levels of stealthy attackers: one only temporarily degrades the diagnosis state of the operator, and the other permanently causes damage to the diagnosis state of the operator, thereby resulting in a violation of diagnosability. Finally, necessary and sufficient conditions for the existence of the two levels of attackers are presented.

Invisible Scout: A Layer 2 Anomaly System for Detecting Rogue Access Point (RAP)

Rogue Access Points (RAPs) pose a significant security threat by mimicking legitimate Wi-Fi networks and potentially compromising sensitive data. To address this issue, this research has proposed an innovative mechanism called Invisible Scout, which uses a multi-module system to identify RAPs. This study aimed to develop and validate a mechanism capable of accurately detecting RAPs in controlled setups, real-world environments, and under de-authentication attack scenarios. The proposed system consists of four key modules: sniffer, detection, probing, and comparison. To evaluate its effectiveness, tests were conducted in controlled and open environments and under de-authentication scenarios, using decision tree models and various metrics to assess performance. The decision tree model showed promising results in the controlled setup, achieving an Area Under the Curve (AUC) score of 0.921 and classification accuracy (CA) of 0.875, indicating that the model effectively distinguished between legitimate access points and RAPs. When tested in an open environment, the model's performance improved, achieving an AUC score of 0.952 and a CA of 0.994. Furthermore, under a de-authentication attack, the model achieved an AUC score of 0.955 and a CA of 0.996. To gain a deeper understanding of RAP behaviors, linear regression analysis was conducted, revealing patterns and visualizing the existence of RAPs, which could assist in further analysis. In conclusion, the results demonstrated that the proposed mechanism was highly effective in identifying RAPs. Future research should focus on refining the detection mechanism, incorporating real-time response capabilities, and expanding testing to diverse network scenarios. Doi: 10.28991/ESJ-2025-09-01-016 Full Text: PDF

Sailfish-cat algorithm-enhanced generative adversarial network for attack detection in internet of things-Fog network authentication

The internet of things (IoT) has emerged as a prominent and influential concept within the realm of computing. Various attack detection methods are devised for detecting attacks in IoT-Fog environment. Despite all these efforts, attack detection still remained as a challenging task due to factors such as low latency, resource constraints of IoT devices, scalability issues, and distribution complexities. All these challenges are addressed in this paper by designing an efficient attack detection technique named as sailfish- cat optimization-based generative adversarial network (SaCO-based GAN) tailored for the IoT-Fog framework. This proposed approach introduces the SaCO-based GAN for IoT-Fog attack detection utilizing deep learning and feature-based classification, validated through experiments showing superior performance metrics. Notably, the SaCO optimization technique is utilized to train the GAN. Experimental results demonstrate the efficacy of the SaCO-based GAN with a maximum recall of 92.15%, a maximum precision of 91.21%, and a maximum F-Measure of 92.16%, outperforming existing techniques in IoT-Fog attack detection. The paper recommends enhancing scalability, implementing real-time detection strategies, rigorously testing robustness against diverse attack scenarios, and integrating with existing IoT security frameworks for practical deployment.

Enhancing Recommendation Systems with Skew Deviation Bias for Shilling Attack Detection

Introduction: Recommender systems serve as a powerful tool to address the challenges of information overload by delivering personalized recommendations. However, their susceptibility to profile injection or shilling attacks poses a significant threat. Malicious entities can introduce fabricated profiles into the database of users to manipulate the popularity of specific items, subsequently influencing prediction outcomes Method: Detecting and mitigating the impact of such attacks is critical for preserving recommendation accuracy and user trust. The primary objective of this study is to develop an integrated framework for robust shilling attack detection and data sparsity mitigation in recommendation systems. This approach aims to make the system more resistant to manipulative attacks and improve recommendation quality, especially when dealing with limited data. In this paper, Skew Deviation Bias (SDB), is a novel metric that gauges the skewness within rating distributions, enabling the identification of both fabricated shilling profiles and the anomalous rating behaviors exhibited by attackers. Building upon this foundation, SDB is integrated with other statistical metrics like Rating deviation from the mean agreement (RDMA), Weighted deviation from the mean agreement (WDMA), Weighted degree of agreement (WDA), and length variance. This research investigates the impact of incorporating SDB alongside existing attributes in countering various attack scenarios, including random, average, and bandwagon attacks. Result: Extensive experiments are conducted to compare the effectiveness of SDB when integrated with existing attributes against scenarios employing only existing attributes. These experiments cover a range of attack sizes while maintaining a fixed 50% filler size. The results of thorough comparative analyses demonstrate the consistent superiority of the SDB-integrated approach, resulting in higher accuracy across all attack types compared to scenarios using only existing attributes. Notably, the random attack scenario shows the most significant accuracy improvement among the evaluated scenarios. Conclusion: The approach achieves a detection accuracy of 97.08% for random shilling attacks, affirming its robustness. Furthermore, in the context of data sparsity, the approach notably enhances recommendation quality.

Multi-Instance Zero-Watermarking Algorithm for Vector Geographic Data

To address the variability and complexity of attack types, this paper proposes a multi-instance zero-watermarking algorithm that goes beyond the conventional one-to-one watermarking approach. Inspired by the class-instance paradigm in object-oriented programming, this algorithm constructs multiple zero watermarks from a single vector geographic dataset to enhance resilience against diverse attacks. Normalization is applied to eliminate dimensional and deformation inconsistencies, ensuring robustness against non-uniform scaling attacks. Feature triangle construction and angle selection are further utilized to provide resistance to interpolation and compression attacks. Moreover, angular features confer robustness against translation, uniform scaling, and rotation attacks. Experimental results demonstrate the superior robustness of the proposed algorithm, with normalized correlation values consistently maintaining 1.00 across various attack scenarios. Compared with existing methods, the algorithm exhibits superior comprehensive robustness, effectively safeguarding the copyright of vector geographic data.

Evaluation of Deep Learning Techniques in PV Farm Cyber Attacks Detection

Integrating intelligent grids with the internet increases the amount of unauthorized input data which directly or indirectly influences electrical system control and decision-making. Photovoltaic (PV) farms that are linked to the power grid are susceptible to cyber attacks which may disrupt energy infrastructure and compromise the security, stability, and resilience of the electrical system. This research{} proposes a new model for cyber threat detection in PV farm, named as Cyber Detection in PV farm (CDPV), which makes use of deep learning methods based solely on point-of-common coupling (PCC) detectors. In this paper, a thorough cyber attack model for a photovoltaic (PV) farm is developed, where the simulation of four kinds of cyber attacks is provided. Furthermore, this paper evaluates the role of three deep learning techniques including convolutional neural network (CNN), artificial neural network (ANN), and long short-term memory (LSTM), in PV cyber threat detection. The findings demonstrate that, at the DC/DC converter and DC/AC inverter sides, the proposed CDPV model based on deep learning techniques (CNN, ANN, and LSTM) can improve the cyber detection accuracy and resilience under various attack scenarios.

Positional Packet Capture for Anomaly Detection in Multitenant Virtual Networks

ABSTRACTAnomaly detection in multitenant virtual networks presents significant challenges due to the dynamic, ephemeral nature of virtualized environments and the complex traffic patterns they generate. This paper presents a definition of preferable positions within virtual networks to enhance anomaly detection efficacy. Leveraging a combination of overlay and underlay capture positions, this paper examines the strategic impact of network positioning on anomaly detection accuracy, particularly in environments utilizing software‐defined networking (SDN) and network function virtualization (NFV). Through controlled testing with realistic attack scenarios, including data exfiltration, denial of service, and malware infiltration, the advantages and constraints of each capture position are demonstrated. The findings underscore the necessity of adaptable capture mechanisms to address variability in data volume, encapsulation challenges, and privacy concerns unique to virtualized ecosystems. The paper further introduces a cost calculation model that evaluates each capture position by weighting key factors, enabling an optimized trade‐off between detection accuracy and resource efficiency. The derived classification of the positional value significantly improves real‐time detection of both internal and external threats within multitenant networks.

Risk analysis and protection in case of intrusion of nuclear facilities

Abstract Physical protection systems (PPSs) are designed to counter and neutralize any theft or sabotage attempts carried out against a given site. PPS designs are crucial, requiring rigorous analysis and evaluation to ensure their reliability, sustainability and optimal security. This paper assumes a Hypothetical Nuclear Research Center (HNRC) for PPS analysis and evaluation. This work will determine the PPS’s most vulnerable path elements, by demonstrating expected intrusion attack scenarios by taking advantage of the HNRC’s design weaknesses. Also, this work determines the threats resulting from adversary intrusion through the weakness path elements located at the nuclear site. Additionally, this paper develops an analytical methodology for this evaluation and risk assessment, by using the Systematic Analysis of Vulnerability to Intrusion (SAVI) computer program. Through constructing adversary sequence diagrams (ASDs), SAVI can easily identify the HNRC’s most vulnerable paths, pinpointing the areas which require the most attention. Alongside SAVI is the quantitative risk analysis method - the Dai et al. Model – which can calculate the effectiveness and risk of the PPS itself by measuring its degree of uncertainty using effectiveness entropy. To comply with effectiveness and risk standards, this work also introduces security system upgrade processes and determines the optimal security solution for the HNRC.

MixCFormer: A CNN–Transformer Hybrid with Mixup Augmentation for Enhanced Finger Vein Attack Detection

Finger vein recognition has gained significant attention for its importance in enhancing security, safeguarding privacy, and ensuring reliable liveness detection. As a foundation of vein recognition systems, vein detection faces challenges, including low feature extraction efficiency, limited robustness, and a heavy reliance on real-world data. Additionally, environmental variability and advancements in spoofing technologies further exacerbate data privacy and security concerns. To address these challenges, this paper proposes MixCFormer, a hybrid CNN–transformer architecture that incorporates Mixup data augmentation to improve the accuracy of finger vein liveness detection and reduce dependency on large-scale real datasets. First, the MixCFormer model applies baseline drift elimination, morphological filtering, and Butterworth filtering techniques to minimize the impact of background noise and illumination variations, thereby enhancing the clarity and recognizability of vein features. Next, finger vein video data are transformed into feature sequences, optimizing feature extraction and matching efficiency, effectively capturing dynamic time-series information and improving discrimination between live and forged samples. Furthermore, Mixup data augmentation is used to expand sample diversity and decrease dependency on extensive real datasets, thereby enhancing the model’s ability to recognize forged samples across diverse attack scenarios. Finally, the CNN and transformer architecture leverages both local and global feature extraction capabilities to capture vein feature correlations and dependencies. Residual connections improve feature propagation, enhancing the stability of feature representations in liveness detection. Rigorous experimental evaluations demonstrate that MixCFormer achieves a detection accuracy of 99.51% on finger vein datasets, significantly outperforming existing methods.

Mape: defending against transferable adversarial attacks using multi-source adversarial perturbations elimination

Neural networks are vulnerable to meticulously crafted adversarial examples, leading to high-confidence misclassifications in image classification tasks. Due to their consistency with regular input patterns and the absence of reliance on the target model and its output information, transferable adversarial attacks exhibit a notably high stealthiness and detection difficulty, making them a significant focus of defense. In this work, we propose a deep learning defense known as multi-source adversarial perturbations elimination (MAPE) to counter diverse transferable attacks. MAPE comprises the single-source adversarial perturbation elimination (SAPE) mechanism and the pre-trained models probabilistic scheduling algorithm (PPSA). SAPE utilizes a thoughtfully designed channel-attention U-Net as the defense model and employs adversarial examples generated by a pre-trained model (e.g., ResNet) for its training, thereby enabling the elimination of known adversarial perturbations. PPSA introduces model difference quantification and negative momentum to strategically schedule multiple pre-trained models, thereby maximizing the differences among adversarial examples during the defense model’s training and enhancing its robustness in eliminating adversarial perturbations. MAPE effectively eliminates adversarial perturbations in various adversarial examples, providing a robust defense against attacks from different substitute models. In a black-box attack scenario utilizing ResNet-34 as the target model, our approach achieves average defense rates of over 95.1% on CIFAR-10 and over 71.5% on Mini-ImageNet, demonstrating state-of-the-art performance.

A Hybrid Domain-Based Digital Watermarking Technique for Robust and Imperceptible Image Copyright Protection

This work provides a strong digital watermarking method to attain undetectable and robust watermark embedding by combining many domain transformations and decomposition methods. To guarantee good watermark embedding and retrieval, the technique uses Discrete Wavelet Transform (DWT), Discrete Fourier Transform (DFT), Onion Peel Decomposition (OPD), Discrete Cosine Transform (DCT), and Singular Value Decomision (SVD). Using a strength value, the single values of the carrier picture are changed to incorporate the watermark, therefore guaranteeing low distortion and great imperceptibility. The sequence of transforms is reversed during extraction to faithfully retrieve the watermark. Under several assault scenarios—including JPEG compression, Gaussian noise, salt-and-pepper noise, scaling, cropping, and blurring—a thorough investigation was done to assess resilience. Performance was evaluated using the normalised cross-correlation (NCC) metric—which measures the resemblance between the original and extracted watermark. With an average NCC of 0.99 over all attacks, the proposed system matched or surpassed present state-of- the-art methods. The technique also generated a strong Mean Structural Similarity Index Metric (MSSIM) of 0.9966, the lowest Mean Absolute Error (MAE) of 4.2729, and the highest Peak Signal-to-- Noise Ratio (PSNR) of 36.0477.Comparatively with both random and non-random distribution approaches, comparison with average NCC values of 0.98 and 0.99 correspondingly indicated significant resilience. The random spread method exhibited higher resistance to blurring attacks, even if the non-random spread strategy was best in scaling and cropping attacks. Visual examinations confirmed considerable similarity between the watermarked and retrieved images under all attack scenarios. These results show how effectively the proposed approach balances imperceptibility and robustness, hence ensuring dependability for safe digital watermarking applications in demanding surroundings.

Deep Learning Based DDoS Attack Detection

Nowadays, one of the biggest risks to network security is Distributed Denial of Service (DDoS) assaults, which cause disruptions to services by flooding systems with malicious traffic. Traditional approaches to detection, based on statistical thresholds and signature-based mechanisms, respectively, can hardly cope with the increasing complexity of such an attack. In order to improve detection accuracy and generalization, this research suggests a deep learning-based detection model that combines the Long Short-Term Memory (LSTM) network architecture with Convolutional Neural Networks (CNN). On the CICDDoS2019 dataset, which included several DDoS attack versions, the suggested model was trained and evaluated. The hybrid CNN-LSTM has extraction capabilities regarding both the spatial and temporal features of network traffic data, showing highly efficient performance. The classification resulting from this model yielded high accuracy with robust results for different attack scenarios. Results reflect the potential superiority of the given model in detecting DDoS attacks. Even though the performance was sound, the model still showed certain shortfalls, which were revealed when particular types of attacks were tested. Future work may be directed at further refining the model architecture, including optimizing diversity in training to allow for even better detection capabilities.

Federated AI for Cyber Defence: Enhancing Access Control Through Distributed Learning

Abstract: System security and the protection of sensitive data has become a need of the hour as fast as the development of cyber threats. A federated Artificial Intelligence (AI) presents a distributed learning framework that handles these issues through the provision of secure collaboration that preserves data privacy. This paper explores how Federated AI can enhance access control systems by making them suitable for detecting anomalies, enforcing policies, and adapting to changing threats in real-time. Centralized AI models of the traditional sort necessitate data aggregation at a single location, an avenue open to any breach and compliance concerns. By training models over the federation of decentralized nodes, Federated AI mitigates these risks by allowing data locality. This paper presents a decentralized learning paradigm which implements robust access control mechanisms using collective intelligence and simultaneously keeps sensitive information safe. Additionally, the combination of Federated AI with Zero Trust principles leads to a dynamic access control system that changes with user behavior and the settings external to the user. We discuss key advancements such as the utilization of edge devices for real-time anomaly detection, privacy-based techniques such as differential privacy and homomorphic encryption, and the inclusion of generative models that simulate and predict attack scenarios. Finally, the paper underscores the advantages and limits of the potential of Federated AI in cyber defence.

Neuromorphic computing for real-time adaptive penetration testing: analysis of human intuition in AI-dominated work space

This research investigates the revolutionary integration of neuromorphic computing with human intuition in the domain of real-time adaptive penetration testing, addressing the critical challenges facing modern cybersecurity in AI-dominated workspaces. The study presents a novel approach that combines the parallel processing capabilities of neuromorphic architectures with the nuanced decision-making abilities of human security experts, resulting in a hybrid system that significantly enhances threat detection and response capabilities. Our research implements a sophisticated neuromorphic computing model featuring 1024 input neurons, 2048 hidden layer neurons, and 512 output neurons, utilizing modified leaky integrate-and-fire algorithms for spike processing. The system incorporates real-time adaptive mechanisms that enable dynamic threat modeling and immediate response generation, while simultaneously learning from human expert intuition through a carefully designed collaborative interface. This architecture demonstrates remarkable improvements in both processing efficiency and threat detection accuracy, achieving a 94.7% true positive rate while maintaining an exceptionally low 2.3% false positive rate. The experimental methodology encompassed extensive testing across a diverse range of attack scenarios, including advanced persistent threats, zero-day vulnerabilities, and sophisticated social engineering attacks. The test environment comprised 500 virtual nodes distributed across multiple security zones, providing a realistic platform for comprehensive system evaluation. Performance metrics revealed significant improvements over traditional approaches, including an 89% success rate in adapting to previously unseen attack patterns and a 76% reduction in decision-making time for complex threats. Quantitative analysis demonstrates the system's superior capabilities in real-time threat detection and response, with average detection latencies of 1.2 milliseconds and consistent performance maintaining up to 100,000 concurrent connections. Qualitative assessment of human-AI synergy, conducted with 50 experienced penetration testers, revealed that 92% reported enhanced decision-making capabilities, while 95% experienced reduced cognitive load during complex scenarios. The research contributes significantly to the field by establishing a new paradigm for adaptive penetration testing that effectively combines neuromorphic computing efficiency with human intuitive expertise. The findings demonstrate that this integration not only enhances detection and response capabilities but also provides a more sustainable approach to cybersecurity in increasingly complex technological environments. Furthermore, the study opens new avenues for research in human-AI collaboration within cybersecurity, suggesting promising directions for future development in adaptive security systems. The implications of this research extend beyond immediate cybersecurity applications, offering insights into the broader field of human-AI collaboration in critical decision-making scenarios. The study also addresses important ethical considerations regarding AI autonomy in security operations, providing guidelines for responsible implementation of AI-driven security solutions while maintaining essential human oversight.

Quantum theory-inspired inter-sentence semantic interaction model for textual adversarial defense

Deep neural networks have a recognized susceptibility to diverse forms of adversarial attacks in the field of natural language processing and such a security issue poses substantial security risks and erodes trust in artificial intelligence applications among people who use them. Meanwhile, quantum theory-inspired models that represent word composition as a quantum mixture of words have modeled the non-linear semantic interaction. However, modeling without considering the non-linear semantic interaction between sentences in the current literature does not exploit the potential of the quantum probabilistic description for improving the robustness in adversarial settings. In the present study, a novel quantum theory-inspired inter-sentence semantic interaction model is proposed for enhancing adversarial robustness via fusing contextual semantics. More specifically, it is analyzed why humans are able to understand textual adversarial examples, and a crucial point is observed that humans are adept at associating information from the context to comprehend a paragraph. Guided by this insight, the input text is segmented into subsentences, with the model simulating contextual comprehension by representing each subsentence as a particle within a mixture system, utilizing a density matrix to model inter-sentence interactions. A loss function integrating cross-entropy and orthogonality losses is employed to encourage the orthogonality of measurement states. Comprehensive experiments are conducted to validate the efficacy of proposed methodology, and the results underscore its superiority over baseline models even commercial applications based on large language models in terms of accuracy across diverse adversarial attack scenarios, showing the potential of proposed approach in enhancing the robustness of neural networks under adversarial attacks.

The Role of Criminal Law Approaches Against Hybrid Attacks

Hybrid threats have become a topic high on the international agenda. Hybrid threats and actual attacks may be classical criminal activities driven by personal motives and economic gain. However, this article deals with hybrid attacks that go beyond personally motivated criminal activity, aimed at states’ vulnerabilities in a wider context. The hybrid nature of these attacks can engage different or hybrid legal responses – a criminal law response or an international law response to terrorism or a lead-up to armed conflict. The questions are, what is the role for criminal law in regulating hybrid attacks and what are the challenges of such an approach? Focusing on international and national criminal law regulating hybrid attacks, this article considers the three scenarios of attacks against critical infrastructure, jamming of maritime navigation and physical attacks on submarine cables and pipelines. The chapter highlights the complexities involved in criminal law approaches, requiring interaction and cooperation between the international and national levels, but also the potential advantages of integrating criminal law approaches into a broader military strategy.

Twin Ghosts: Evil Twin Attacks in Wireless Networks and Defense Mechanisms

With the widespread adoption of wireless network technologies, various types of attacks targeting wireless networks have emerged, posing threats to the security of users. One of these attack types is the evil twin attack, which is executed by creating fake access points, commonly referred to as "evil twins." These attacks typically involve the creation of a fake access point (AP) that mimics the appearance of a legitimate AP, which users perceive as trustworthy. Through evil twin attacks, malicious actors can steal the identities and passwords of legitimate users and gain unauthorized access to sensitive data, financial gain, or system hacking. Since evil twin attacks are often carried out without the knowledge of users, they can be highly effective. This study examines the potential risks of evil twin attacks and defense strategies by addressing security threats in wireless networks. To this end, a scenario of evil twin attacks is created and analyzed. In this scenario, the attacker sets up a fake wireless access point in a café or public area near the targeted institution, mimicking the name and security settings of the target institution to lure users into connecting to the fake network under their control. The study highlights the potential impacts of evil twin attacks and discusses the necessary steps for users and institutions to protect themselves against such attacks.

Numerical Modelling of Myocardial Infarction in Multivessel Coronary Lesion. II. Patterns of Formation of Large-Scale Damages and Structures

In this work, the basic mechanisms of myocardial infarction development during its inflammatory phase have been studied using mathematical modelling methods. Complex scenarios associated with multivessel lesions of the coronary bed and variability in baseline indicators of the innate immune system state have been considered. Special attention is paid to methodological issues related to the analysis of the effectiveness of the algorithm for approximate solutions of nonlinear initial-boundary value problems and setting up computational experiments under conditions close to the conditions of laboratory experiments in the field of interest. A numerical analysis was performed of several of the most common variants in laboratory practice of the formation of a large lesion in the left ventricle of the mouse heart, caused by the spatiotemporal heterogeneity of the properties of the environment, the immune reaction and ischemic myocardial damage, including recurrent infarction. The main attention is on the following aspects: – analysis of the mechanism of formation of large-scale infarct damages with an extensive core covering almost the entire infarct focus, or with a relatively small core, and assessment of the role of inflammation in these processes; – analysis of current scenarios of structure formation and the role of nonlinear dynamic structures of demarcation inflammation in the formation of a large but highly structured focus. The obtained data allow us to conclude that there is sufficient conservatism during infarction, evidenced by the basic patterns of the inflammatory phase revealed during modeling. The variability of heart attack scenarios manifests itself as a «memory»-effect about the initial data. We observe the «memory»-effect only at a biologically significant time interval, but we also note a general tendency to switch to the usual scenario of inflammation in large-focal infarction, which eliminates the peculiarities of the initial and individual conditions. The role of inflammation has been investigated in the context of a wave process in which spatial localization and the interaction of density and concentration waves can determine the main features of myocardial damage. In particular, within the framework of the adopted mathematical model, the conditions under which the formation of local zones with a relatively low or, conversely, high level of damage is possible have been described. In our work, we have established a significant interdependence between the formation of quasi-stationary structures and the intensity of the immune response. The high probability of developing severe or even terminal myocardial infarction may be due to the high level of immune system factors, in particular, monocytes-macrophages or cytokines in the reinfarction heart.

Multiagent DDOS attack detection model: Optimal trained hybrid classifier and entropy-based mitigation process

ABSTRACT This study proposes a novel multi-agent system designed to detect Distributed Denial of Service (DDoS) attacks, addressing the increasing need for robust cybersecurity measures. The hypothesis posits that a structured multi-agent approach can enhance detection accuracy and response efficiency in DDoS attack scenarios. The methodology involves a five-stage detection model: (1) Preprocessing using a modified double sigmoid normalization technique to eliminate duplicate data; (2) Feature Extraction where raw data and improved correlation-based features, mutual information, and statistical features are identified; (3) Dimensionality Reduction conducted by a reducer agent to streamline the feature set; (4) Classification utilizing Deep Belief Networks (DBN), Bi-LSTM, and Deep Maxout models, with their weights optimally tuned using the hybrid optimization algorithm, WUJSO; and (5) Decision Making by the decision agent to ascertain the presence of attacks, followed by mitigation through modified entropy-based techniques. The results demonstrate that the proposed method achieves a detection accuracy of 0.953 at a learning rate of 90%, significantly outperforming other methods, including Bi-GRU (0.857), DEEP-MAXOUT (0.910), Bi-LSTM (0.865), RNN (0.814), NN (0.894), and DBN (0.761). This research underscores the effectiveness of the multi-agent approach in enhancing DDoS attack detection and mitigation.