The increasing global connectivity, driven by the expansion of the Internet of Things (IoT), is generating a significant increase in system vulnerabilities. Cyberattackers exploit the computing and processing limitations of typical IoT devices and take advantage of inherent vulnerabilities in wireless networks and protocols to attack networks, compromise infrastructure, and cause damage. This paper presents a shallow learning multiclassifier approach for detecting and classifying cyberattacks on IoT networks. Specifically, it addresses MQTT networks, widely used in the IoT, to detect Denial-of-Service (DoS) and Intrusion attacks, using inter-device communication data as a basis. The use of shallow learning techniques allows this cybersecurity system to be implemented on resource-constrained devices, enabling local network monitoring and, consequently, increasing security and incident response capabilities by detecting and identifying attacks. The proposed system is validated on a real dataset obtained from an IoT system over MQTT, demonstrating its correct operation by achieving an accuracy greater than 99% and F1-score greater than 80% in the detection of Intrusion attacks.

This paper proposes a hybrid deep learning method with a Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) network coupled with a Random Forest classifier for intrusion detection in connected vehicles. The model was trained and evaluated on the DECIMAL dataset, a realistic in-vehicle network intrusion data set with Controller Area Network (CAN) bus traffic. The CNN-LSTM model is trained on spatial-temporal features from CAN messages, while the Random Forest classifier exploits these features for accurate cyberattack classification. Experimental results demonstrate the superior performance of the model with an average detection accuracy of 99.62% and good precision and recall of various attack types. The hybrid approach outperforms traditional standalone approaches by addressing primary challenges of automotive cybersecurity, such as identification of sophisticated temporal patterns and reduction of false alarms. This research stresses the need for state-of-the-art machine learning techniques in the security of networked vehicles, particularly the Internet of Vehicles (IoV) environment. The findings emphasize the requirement for hybridization of deep learning with ensemble methods in order to boost real-time threat detection and system robustness. Future work will focus on optimizing the model for embedded automotive hardware and exploring its generalizability across diverse datasets. This study contributes to the development of secure intelligent transportation systems through the provision of a robust framework for identification and the containment of cyber-attacks on networked vehicles.

The rapid proliferation of Internet of Things (IoT) devices and the edge computing paradigm has led to the emergence of new classes of cyberattacks that no longer primarily target cryptographic mechanisms or communication interception, but rather exploit the resource constraints of distributed nodes. This paper analyzes Resource Exhaustion attacks on IoT and edge networks, highlighting how compromised nodes can cause severe functional degradation using only legitimate traffic and commands. A conceptual and mathematical model of the attack is proposed, followed by a discussion on its security impact and modern mitigation mechanisms.

IoT devices and applications are widely used in various settings with significant security implications. This study investigates an advanced neural network-based Intrusion Detection System (IDS) for IoT environments. The proposed method uses Federated Machine Learning (FedML) to enable collaborative model training across remote IoT devices while protecting data confidentiality and privacy. This study used the CIC IoT 2023, Bot-IoT, and UNSW-NB15 datasets, which are specifically designed for IoT security research. The experimental results demonstrate the effectiveness of the proposed approach, achieving an aggregate accuracy rate of 95%, showcasing the potential of leveraging FedML in IoT security, where traditional centralized approaches may be impractical or insecure due to data privacy concerns. This study examines the issue of data privacy in the implementation of large-scale cybersecurity models for a wide array of attack types, including newly emerging threats. Rather than developing a distinct security model for each business or sector, the objective was to create a scalable, comprehensive model that addresses evolving threats in different settings without necessitating training on proprietary data or network traffic. In addition, this study integrates the implemented model with an LLM to offer explanations on true or false positive alerts.

The rapid expansion of the Internet of Things (IoT) ecosystem has increased its susceptibility to cyberattacks, creating a critical need for reliable Intrusion Detection Systems (IDS). However, IDS performance is often hindered by severe class imbalance, high-dimensional features, and similarities among attack behaviors. This study proposes an optimized XGBoost model enhanced with the Synthetic Minority Over-sampling Technique (SMOTE) and Principal Component Analysis (PCA) to address these challenges. A systematic grid-search procedure was employed to ensure transparency, reproducibility, and optimal hyperparameter selection. The original imbalance ratio of approximately 1:27 was successfully normalized to nearly 1:1 through SMOTE. The Gotham dataset used in this study consists of roughly 350,000 IoT traffic records across eight attack categories. Five data-splitting scenarios (50:50 to 90:10) were evaluated using stratified hold-out validation supported by k-fold cross-validation. The optimized model achieved 99.68% accuracy, while extremely high AUC values approaching 1.0 were carefully validated to eliminate potential data leakage. Naive Bayes, Logistic Regression, Support Vector Machine, and Deep Neural Network were included as baseline comparisons. The results demonstrate that combining SMOTE and PCA significantly improves model stability and generalization on imbalanced IoT traffic, confirming the effectiveness of the proposed XGBSP method.

With the rapid advancement of network technologies and the exponential growth of internet traffic, network attacks have become increasingly common and sophisticated. A network attack refers to any unauthorized attempt to access, disrupt, or damage network resources, often resulting in severe operational and financial consequences. Traditionally, organizations have relied on conventional security mechanisms such as firewalls, encryption, and antivirus software to safeguard their systems. However, these defenses alone are insufficient to counter modern, evolving threats. To overcome these limitations, researchers have increasingly turned to intelligent computational models. Machine Learning (ML) and Deep Learning (DL), two prominent domains of Artificial Intelligence (AI), enable systems to learn from data and identify complex attack patterns with greater accuracy. This study presents a comprehensive review of various ML and DL techniques applied to the detection and classification of cyberattacks, highlighting their potential to strengthen network intrusion detection systems and improve overall cybersecurity resilience.

Cybersecurity is a crucial aspect in maintaining the integrity and availability of information systems, especially on web servers which are vulnerable to various types of attacks and anomalies. This research aims to investigate the application of transfer learning in the classification of cyber attacks and anomalies on web servers. Transfer learning, a powerful deep learning approach, enables pre-trained models to adapt to new tasks with limited data, offering an efficient solution for detecting malicious activities and unusual patterns in web server logs. The goal is to improve detection accuracy while reducing the time and resources required to train models from scratch. This study uses a bi-layer classification approach with pre-trained Transformer models, RoBERTa and BERT, through transfer learning to detect cyber attacks and anomalies in web server log data. The process includes preprocessing the log data, extracting relevant features, and fine-tuning BERT to classify known attacks in the first layer, followed by RoBERTa in the second layer to detect unusual or unknown behaviors. Model performance is evaluated using accuracy, precision, recall, and F1-score, and results are compared with traditional deep learning methods like RoBERTa and BERT to highlight the advantages of this bi-layer transfer learning approach. The result of this proposed bi-layer classification method is improved performance in detecting cyber attacks and anomalies compared to using RoBERTa and BERT individually. By combining both models, the system is anticipated to achieve higher accuracy, better precision in identifying true threats, improved recall for detecting a wider range of attacks, and a more balanced F1-score. This layered approach leverages the strengths of both RoBERTa and BERT, enabling more robust and reliable threat detection, with reduced false positives and false negatives compared to single-model implementations.

This paper presents a Novel GAN-Based Privacy-Enhanced Intrusion Detection System (IDS) to address the challenges posed by IoT and IIoT technologies, which increase vulnerability to cyberattacks. Conventional IDS face issues like data imbalance, privacy concerns, and adapting to evolving attack patterns. The proposed model integrates Bidirectional Gated Recurrent Units (Bi-GRUs) with Generative Adversarial Networks (GANs). GANs generate synthetic data to mitigate data imbalance, enhancing the model's generalization capabilities, while Bi-GRUs ensure accurate classification of complex temporal attack patterns. The model achieves an impressive 99.96% accuracy, with high precision (99.34%), recall (99.54%), and F1-score (99.21%), outperforming existing methods like CNN+LSTM, RNN, and XG-Boost. The confusion matrix shows perfect classification for “DoS” and “Mirai” attacks, with minimal misclassifications between similar benign traffic types. The ROC curve's AUC of 0.99 and the closely aligned accuracy curves for training and validation further highlight the model's robustness. The study emphasizes the importance of GAN-based augmentation in balancing hostile and benign traffic classes and significantly improving classification accuracy for rare attack types. This approach addresses critical issues in data imbalance, privacy, and attack classification, marking significant progress in IDS development.

The Internet of Medical Things (IoMT) is transforming healthcare through enhanced remote monitoring and real-time data exchange, but it also introduces significant cybersecurity challenges. This study evaluates various deep learning architectures - Feedforward Neural Networks (FNN), Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNN), Gated Recurrent Units (GRU), Long Short-Term Memory networks (LSTM), and Bi-LSTM - for classifying cyber-attacks in IoMT networks. Utilizing the ECU-IoHT dataset, the Bi-LSTM and CNN models demonstrated superior performance, achieving 60% and 60% accuracy, 75% and 86% precision, 60% and 60% recall, and 63% and 61% F1-score, respectively. These results highlight the effectiveness of Bi-LSTM and CNN in enhancing cybersecurity measures within the IoMT, underscoring their potential to safeguard connected medical devices.

Cybersecurity incidents have become an increasing difficulty for the medical field as the extensive overview of technology in the health care systems. In the past few years, the amount of attacks has improved quickly in health care, and it is currently between the areas mainly targeted by cyberattacks globally. Internet of Health Things (IoHT) applications and devices swiftly developed recently, becoming widely vulnerable to cyberattacks as the devices are heterogeneous and smaller. Furthermore, IoHT must include devices utilized in the healthcare field. A robust cyber-attack detection method is crucial in the IoHT environment to reduce safety risks and protect devices from cyberattacks. Using machine learning (ML) techniques, AI-driven anomaly detection improves the detection of irregular patterns in large datasets, improving accuracy across fields like cybersecurity and healthcare. Artificial intelligence (AI)-based deep learning (DL) and ML models excel in adapting, learning, and detecting unknown attack behaviours. This study develops an Enhancing Internet of Health Things Security through Cyberattack Detection Using Serial Exponential Golf Optimization (EIoHTSCD-SEGO) technique. The EIoHTSCD-SEGO technique's key intention is automatically classifying anomaly detection using AI-based data science approaches. Initially, the EIoHTSCD-SEGO technique performs pre-processing stages at two levels: feature vector using the TF-IDF model and normalization using min-max to convert input data into a uniform format. Furthermore, an ensemble of DL classifiers, namely the recurrent neural network (RNN) model, bidirectional long short-term memory (BiLSTM) method, and kernel extreme learning machine (KELM) technique, is utilized for the classification of cyber-attacks. Finally, the serial exponential golf optimization algorithm (SEGOA) method is implemented to optimize the hyperparameter tuning of ensemble DL models. The simulation analysis of the EIoHTSCD-SEGO technique is performed using the ECU-IoHT benchmark dataset. The performance validation of the EIoHTSCD-SEGO technique portrayed a superior accuracy value of 99.33% over existing models.

The rapid growth of the Internet of Things (IoT) has driven new research into artificial intelligence (AI)-based methods for detecting anomalies. With its advanced capabilities, AI can automate tasks, analyze large datasets, and accurately identify vulnerabilities. The lack of transparency in cybersecurity systems makes it difficult to explain critical decisions and associated risks clearly. Machine learning (ML)-based intrusion detection systems (IDS) excel in threat detection but encounter threats due to limited transparency and scarce attack data, specifically in IoT. This paper presents the Explainable Artificial Intelligence for Cyber Resilience Using a Hybrid Deep Learning and Optimization Algorithm (XAICR-HDLOA) approach to improve cyber threat detection and interpretation in IoT environments. Min-max normalization is initially applied to standardize feature scales, followed by the Bald Eagle Search (BES) model for selecting key features. Moreover, the hybrid Convolutional Neural Networks-Bidirectional Gated Recurrent Unit (CNN-BiGRU) model is employed for cyberattack classification. Furthermore, the Improved Chimp Optimizer Algorithm (IChoA) is implemented for the hyperparameter tuning process. Finally, SHAP is applied to improve model interpretability, increasing trust and reliability in cybersecurity. Simulations on the Edge-IIoT and BoT-IoT datasets highlight the efficiency of the XAICR-HDLOA approach, achieving high accuracy of 98.41% and 98.25%, outperforming existing methods.

The Internet of Things (IoT) presents significant advantages to day-to-day life across a wide range of application domains, including healthcare automation, transportation, and smart environments. However, owing to the constraints of limited resources and computation abilities, IoT networks are subject to different cyber-attacks. Incorporating IDS into the cybersecurity-driven IIoT process contains cautious deployment, planning, and progressing management. Cybersecurity is crucial for the protection of sensitive data, safeguarding the privacy of users, and securing important substructures from malicious activities attempting unauthorized access or triggering interferences. Cyberattack detection performs a vital role in this defense scheme, employing advanced technologies like deep learning (DL) for analysing digital activities in real time. With the help of recognizing and responding to possible cyber-attacks quickly, cyberattack detection not only mitigates risks but reinforces the overall flexibility of the digital ecosystem against developing security challenges. This study presents a League Championship Algorithm Feature Selection with Optimal Deep Learning based Cyberattack Detection (CLAFS-ODLCD) technique for securing the digital ecosystem. The CLAFS-ODLCD technique focuses on the recognition and classification of cyberattacks in the IoT infrastructure. To achieve this, the CLAFS-ODLCD method utilizes the linear scaling normalization (LSN) approach for data pre-processing. Furthermore, the CLAFS-ODLCD method employs the CLAFS approach to choose optimal feature subset. Moreover, the detection and classification of the cyberattacks are accomplished by implementing the stacked sparse autoencoder (SSAE) approach. Finally, the hunger games search (HGS) optimizer is employed for optimum hyperparameter selection. The empirical analysis of the CLAFS-ODLCD method is examined under the WSN-DS dataset. The comparison study of the CLAFS-ODLCD method portrayed a superior accuracy value of 99.48% over existing models.

Cybersecurity has often gained much popularity over the years in a fast-evolving discipline, as the number of cybercriminals and threats rises consistently to stay ahead of law enforcement. Recently, cybercriminals have become more complex with their approaches, though the underlying motives for conducting cyber threats remain largely the same. Classical cybersecurity solutions have become poor at identifying and alleviating evolving cyber threats. Machine learning (ML) plays a crucial role in cybersecurity by making malware detection more scalable, efficient, and automated, reducing reliance on conventional human intervention methods. The cybersecurity domain comprises ML challenges that require effective theoretical and methodical handling. Various statistical and ML approaches, like Bayesian classification, deep learning (DL), and support vector machines (SVM), have efficiently alleviated cyber threats. The insights and hidden trends detected from network data and the architecture of a data-driven ML to avoid this attack are essential to establishing an intelligent security system. This study develops a novel Leveraging Explainable Artificial Intelligence for Early Detection and Mitigation of Cyber Threats in Large-Scale Network Environments (LXAIDM-CTLSN) method. The projected LXAIDM-CTLSN method aims to recognize and classify cyber-attacks in achieving cybersecurity. Initially, the normalization is performed using Min-max normalization to standardize the data. The Mayfly Optimization Algorithm (MOA) is then utilized for feature selection, effectively mitigating computational complexity. A Sparse Denoising Autoencoder (SDAE) model recognizes and classifies cyber threats. Additionally, the Hiking Optimization Algorithm (HOA) is employed to fine-tune the hyperparameters of the SDAE model. Finally, the XAI method LIME is integrated to enhance the explainability and understanding of the Blackbox technique, ensuring superior classification of cyberattacks. Extensive experiments were conducted to evaluate the overall robustness of the proposed XAIDM-CTLSN method using the NSLKDD2015 and CICIDS2017 datasets. The experimental validation of the XAIDM-CTLSN method portrayed a superior accuracy value of 99.09% over other techniques.

Given the increasing growth of cyber-attacks, the need for intrusion detection systems (IDS) with higher accuracy and efficiency is critical. This paper presents a novel approach using Generative Adversarial Networks (GANs) for intrusion detection. The proposed model leverages deep learning to extract complex features and uses GANs to generate synthetic data, improving IDS accuracy and efficiency. This approach reduces false positive and negative rates while increasing the accuracy of detecting unknown attacks. Experimental results on the NSL-KDD and CICIDS2017 datasets show 98.2% accuracy, a 1.5% false positive rate, and a 0.8% false negative rate, outperforming conventional methods. These results confirm that GANs can significantly improve the detection and classification of cyber-attacks. The proposed method is an effective solution to enhance cybersecurity and reduce cyber-attack risks, demonstrating significant improvements in IDS and paving the way for future research in this area.

Network security has become a critical concern in digital data transmission. It is because of their growing adoption and complexity of cyber-attacks. Therefore, protecting network infrastructures and identifying malicious behavior becomes a necessity. This paper gives a comparative performance analysis of multiple machine learning (ML) classifiers for intrusion detection systems (IDS) by using the UNSW-NB15 dataset. To gain better insight into the IDS performances, several ML classifiers are being assessed. This includes the Decision Tree (DT), Random Forest (RF), Support Vector Machine (SVM), k-Nearest Neighbors (k-NN), Naïve Bayes (NB), and Gradient Boosting (XGB). The performance matrix in the analysis comprises the training score, accuracy, precision, recall, F1-score, training time, and AUC-ROC. The results reveal that DT and RF scored the highest training marks of 99.77%. Regarding accuracy, the RF model achieves the highest percentage at 95.05%. In terms of the computational time, k-NN displayed the lowest training time at 0.01 seconds. These analysis results provide guidance to the selection of appropriate ML-based cyberattack classification. It also provides insights for further research in ML-based cybersecurity systems to support the development of intelligent and efficient IDS solutions.

Machine learning (ML) algorithms are widely used in various fields, including cyber threat intelligence (CTI), financial technology (Fintech), and intrusion detection systems (IDSs). They automate security alert data analysis, enhancing attack detection, incident response, and threat mitigation. Fintech is particularly vulnerable to cyber-attacks and cyber espionage due to its data-centric nature. Because of this, it is essential to give priority to the classification of cyber-attacks to accomplish the most crucial attack detection. Improving ML models for superior prioritized recognition requires a comprehensive strategy that includes data preprocessing, enhancement, algorithm refinement, and customized assessment. To improve cyber-attack detection in the Fintech, CTI, and IDS sectors, it is necessary to develop an ML model that better recognizes the prioritized classes, thereby enhancing security against important types of threats. This research introduces adaptive incremental learning, which enables ML models to keep learning new information by looking at changing data from a data stream, improving their ability to accurately identify types of cyber-attacks with high priority. The Analytical Hierarchy Process (AHP) is suggested to help make the best decision by evaluating model performance based on prioritized classes using real multi-class datasets instead of artificially improved ones. The findings demonstrate that the ML model improved its ability to identify prioritized classes of cyber-attacks utilizing the ToN_IoT network dataset. The recall value for the “injection” class rose from 59.5% to 61.8%, the recall for the “password” class increased from 86.7% to 88.6%, and the recall for the “ransomware” class improved from 0% to 23.6%.

Industrial Internet of Things (IIoT) environments are ushering in new avenues for connectivity and intelligent control, yet their integration with legacy systems poses substantial security challenges. Present cybersecurity frameworks are insufficient for safeguarding protocols like Modbus/TCP, widely employed in critical infrastructures such as smart grids and healthcare. This protocol’s inherent vulnerabilities-specifically, the lack of robust authentication and authorisation mechanisms-render industrial networks susceptible to a spectrum of cyberattacks with potentially cascading effects. The research motivation stems from the urgent need for an adaptive, robust security solution that bridges this gap. To address these issues, we propose an integrated approach that combines advanced threat modeling with state-of-the-art detection and mitigation techniques. First, we develop a comprehensive Modbus/TCP threat model by integrating STRIDE-per-element analysis, Attack Defence Trees (ADT), and risk assessment frameworks (CVSS and OWASP-RR) to quantitatively and qualitatively evaluate 14 distinct cyber threats. Next, we introduce a novel Intrusion Detection and Prevention System (IDPS) that leverages an Active ResNet50-based Convolutional Neural Network enhanced with Transfer Learning and Active Learning. This enables automated detection and classification of cyberattacks through continuous re-training based on human verification. Finally, our system employs a Software Defined Networking (SDN)-based mitigation strategy, using Thompson Sampling for adaptive, cost-effective decision-making. Experimental evaluation on a custom Modbus/TCP dataset demonstrates improved accuracy, higher True Positive Rates, and reduced False Positive Rates compared to conventional methods. These outcomes substantiate that integrating AI-driven detection with SDN-based mitigation offers a viable and robust framework to minimize cyberattack impacts on critical IIoT infrastructures.

With the increasing reliance on digital infrastructure, the risk of cyber-attacks has grown exponentially. Cyber-attacks such as phishing, malware, denial-of-service (DoS), and advanced persistent threats (APTs) can have devastating consequences for organizations and individuals. This project presents a comprehensive approach to classifying cyber-attacks using supervised machine learning techniques. By leveraging labelled datasets, machine learning models are trained to identify and classify various types of cyber-attacks based on network traffic, system logs, and user behavior patterns. The proposed system aims to enhance the efficiency of intrusion detection systems (IDS) by automating the detection and classification process, ensuring real-time protection against diverse threats. This research highlights the importance of data pre-processing, feature selection, and hyperparameter optimization in achieving high accuracy and precision in cyber-attack classification.

In the ever-evolving landscape of cybersecurity, timely identification of cyberattacks is critical for protecting digital infrastructures. This research introduces a system that applies supervised machine learning techniques to classify and predict different types of cyber threats, including malware, phishing, and brute-force attacks. Using a comprehensive dataset of past attack instances, the model learns to recognize patterns and features that distinguish each type of attack. The study explores the performance of various supervised learning algorithms such as Decision Trees, Support Vector Machines (SVM), and Neural Networks to identify the most accurate and reliable approach for threat detection. To ensure continued effectiveness, the model is regularly updated to adapt to emerging threats. Combined with tools like the confusion matrix for performance evaluation, the proposed system provides cybersecurity teams with a practical solution for identifying threats early and responding swiftly, ultimately strengthening the security posture of digital systems. Key Words: Supervised machine learning, Cyberattack classification, Dataset, Support Vector Machines (SVM), Neural Networks, Confusion Matrix, Threat mitigation.

Cyberattack classification through the utilization of supervised machine learning methods. The system is designed to categorize diverse cyber-attacks by employing a meticulously curated dataset encompassing a wide array of attack types, including but not limited to malware, phishing, and distributed denial-of-service (DDoS) attacks. Feature extraction techniques are applied to both network traffic data and behavioural attributes, facilitating the training of a robust classification model. Various supervised learning algorithms, such as decision trees, support vector machines, and neural networks, are evaluated for their efficacy in accurately predicting attack categories. The training process involves labelling historical attack instances, enabling the model to discern intricate patterns and subtle differentiators among attack types. Regular model updates and retraining with new attack data ensure its relevance in dynamically evolving threat landscapes. The system's predictive accuracy empowers cyber security teams to swiftly identify and respond to cyber threats, thereby bolstering overall defence strategies. Through this research, we contribute to the proactive identification and mitigation of cyber-attacks, ultimately fortifying digital security frameworks