Cyber Threat Detection Research Articles

Explainable and perturbation-resilient model for cyber-threat detection in industrial control systems Networks

Deep learning-based intrusion detection systems (DL-IDS) have proven effective in detecting cyber threats. However, their vulnerability to adversarial attacks and environmental noise, particularly in industrial settings, limits practical application. Current IDS models often assume ideal conditions, overlooking noise and adversarial manipulations, leading to degraded performance when deployed in real-world environments. Additionally, the black-box nature of DL model complicates decision-making, especially in industrial control systems (ICS) network, where understanding model behavior is crucial. This paper introduces the eXplainable Cyber-Threat Detection Framework (XC-TDF), a novel solution designed to overcome these challenges. XC-TDF enhances robustness against noise and adversarial attacks using regularization and adversarial training respectively, and also improves transparency through an eXplainable Artificial Intelligence (XAI) module. Simulation results demonstrate its effectiveness, showing resilience to perturbation by achieving commendable accuracy of 100% and 99.4% on the Wustl-IIoT2021 and Edge-IIoT datasets, respectively.

Designing intelligent cyber threat detection systems through quantum computing

The ever-changing nature of cyber threats calls for a rapid innovative response that can arrest the situation. Quantum computing offers hope through its highly efficient and complex computing power that can intelligently detect cyber threats in the network systems. This paper examines the adoption of quantum computing into the frameworks for the detection of cyber threats. It also highlights the benefits, methodologies and real-world applications of quantum models. In addition, several quantum algorithms like Grover’s and Shor’s are assessed in terms of their contributions to cybersecurity or defense. This paper also includes methods, materials, comparative analysis, implementation strategies and practical applications in practical situations. Limitations, areas that require future research and the need to develop quantum-safe security mechanisms form the concluding part of this research paper.

AI-driven cyber threat detection for global logistics in United States

The integration of AI-driven cybersecurity systems is increasingly essential to the security and efficiency of global logistics operations in the United States. This thematic analysis investigates the major themes, challenges, and opportunities of AI in logistics cybersecurity, focusing on its effectiveness in threat detection and prevention, diverse applications, and implementation challenges. AI has been shown to significantly enhance threat detection, reducing response times by up to 65%, and proactively preventing cyber threats through predictive analytics. Key applications include AI-driven network monitoring, endpoint security, and supply chain risk management, each contributing to the overall resilience of logistics networks. However, several challenges hinder the widespread adoption of AI, including high initial costs, integration issues with legacy systems, and a shortage of skilled professionals. Additionally, regulatory compliance and ethical considerations, such as data privacy and transparency, must be addressed to ensure responsible deployment. Despite these barriers, empirical evidence highlights AI’s potential to revolutionize logistics cybersecurity, offering faster threat detection, reduced vulnerabilities, and more secure operations. Overcoming adoption challenges requires a concerted effort from industry stakeholders, with a focus on workforce development, regulatory adherence, and ethical AI practices. Future research should explore strategies to address these challenges, ensuring the full potential of AI in enhancing the security and efficiency of global logistics operations.

Evaluation of Deep Learning Techniques in PV Farm Cyber Attacks Detection

Integrating intelligent grids with the internet increases the amount of unauthorized input data which directly or indirectly influences electrical system control and decision-making. Photovoltaic (PV) farms that are linked to the power grid are susceptible to cyber attacks which may disrupt energy infrastructure and compromise the security, stability, and resilience of the electrical system. This research{} proposes a new model for cyber threat detection in PV farm, named as Cyber Detection in PV farm (CDPV), which makes use of deep learning methods based solely on point-of-common coupling (PCC) detectors. In this paper, a thorough cyber attack model for a photovoltaic (PV) farm is developed, where the simulation of four kinds of cyber attacks is provided. Furthermore, this paper evaluates the role of three deep learning techniques including convolutional neural network (CNN), artificial neural network (ANN), and long short-term memory (LSTM), in PV cyber threat detection. The findings demonstrate that, at the DC/DC converter and DC/AC inverter sides, the proposed CDPV model based on deep learning techniques (CNN, ANN, and LSTM) can improve the cyber detection accuracy and resilience under various attack scenarios.

AIDS-Based Cyber Threat Detection Framework for Secure Cloud-Native Microservices

Cloud-native architectures continue to redefine application development and deployment by offering enhanced scalability, performance, and resource efficiency. However, they present significant security challenges, particularly in securing inter-container communication and mitigating Distributed Denial of Service (DDoS) attacks in containerized microservices. This study proposes an Artificial Intelligence Intrusion Detection System (AIDS)-based cyber threat detection solution to address these critical security challenges inherent in cloud-native environments. By leveraging a Resilient Backpropagation Neural Network (RBN), the proposed solution enhances system security and resilience by effectively detecting and mitigating DDoS attacks in real time in both the network and application layers. The solution incorporates an Inter-Container Communication Bridge (ICCB) to ensure secure communication between containers. It also employs advanced technologies such as eXpress Data Path (XDP) and the Extended Berkeley Packet Filter (eBPF) for high-performance and low-latency security enforcement, thereby overcoming the limitations of existing research. This approach provides robust protection against evolving security threats while maintaining the dynamic scalability and efficiency of cloud-native architectures. Furthermore, the system enhances operational continuity through proactive monitoring and dynamic adaptability, ensuring effective protection against evolving threats while preserving the inherent scalability and efficiency of cloud-native environments.

Application of Artificial Intelligence in Detecting and Mitigating Cyber Threats

The integration of Artificial Intelligence (AI) into cybersecurity has revolutionized the detection and mitigation of cyber threats, addressing the growing complexity and sophistication of attacks. This study explores AI's effectiveness in identifying threats such as malware, phishing, and zero-day vulnerabilities while automating threat responses and enhancing proactive defense mechanisms. It highlights key challenges, including adversarial attacks, data quality issues, algorithmic biases, and integration complexities with legacy systems. Emerging technologies such as federated learning, blockchain, and edge computing offer promising solutions to overcome these barriers. Ethical and regulatory considerations are also addressed, emphasizing the need for responsible AI adoption in cybersecurity. The findings underscore AI's transformative potential in cybersecurity and provide actionable recommendations for its effective implementation. The study concludes that while AI presents significant advantages, addressing its limitations through interdisciplinary collaboration and continuous innovation is critical to maximizing its impact.

A proposed framework for the detection of cyber threats using open-source intelligence tools in real-time

A proposed framework for the detection of cyber threats using open-source intelligence tools in real-time

Interval-Valued Neutrosophic Set with Optimization Algorithm for Cyberthreat Detection and Classification in IoT Infrastructure

Interval-Valued Neutrosophic Set with Optimization Algorithm for Cyberthreat Detection and Classification in IoT Infrastructure

Integrating Machine Learning with Two-Person Intuitionistic Neutrosophic Soft Games for Cyberthreat Detection in Blockchain Environment

Integrating Machine Learning with Two-Person Intuitionistic Neutrosophic Soft Games for Cyberthreat Detection in Blockchain Environment

Hybrid deep learning-based cyberthreat detection and IoMT data authentication model in smart healthcare

Hybrid deep learning-based cyberthreat detection and IoMT data authentication model in smart healthcare

Application of Multilayer Perceptron (MLP) neural network for detection and classification of cyber threats in network traffic

Application of Multilayer Perceptron (MLP) neural network for detection and classification of cyber threats in network traffic

An Ensemble Model for Cyber Attack and Threat Detection in Applications Network Using Random Forest, Lightgbm and Xgboost

An Ensemble Model for Cyber Attack and Threat Detection in Applications Network Using Random Forest, Lightgbm and Xgboost

Characterising Payload Entropy in Packet Flows—Baseline Entropy Analysis for Network Anomaly Detection

The accurate and timely detection of cyber threats is critical to keeping our online economy and data safe. A key technique in early detection is the classification of unusual patterns of network behaviour, often hidden as low-frequency events within complex time-series packet flows. One of the ways in which such anomalies can be detected is to analyse the information entropy of the payload within individual packets, since changes in entropy can often indicate suspicious activity—such as whether session encryption has been compromised, or whether a plaintext channel has been co-opted as a covert channel. To decide whether activity is anomalous, we need to compare real-time entropy values with baseline values, and while the analysis of entropy in packet data is not particularly new, to the best of our knowledge, there are no published baselines for payload entropy across commonly used network services. We offer two contributions: (1) we analyse several large packet datasets to establish baseline payload information entropy values for standard network services, and (2) we present an efficient method for engineering entropy metrics from packet flows from real-time and offline packet data. Such entropy metrics can be included within feature subsets, thus making the feature set richer for subsequent analysis and machine learning applications.

Leveraging Custom CNN and ResNet Architectures for Identifying Deviant Personality Traits in Cyber Threat Detection Using the Five Factor Model

Leveraging Custom CNN and ResNet Architectures for Identifying Deviant Personality Traits in Cyber Threat Detection Using the Five Factor Model

Cybersecurity of smart grids: Comparison of machine learning approaches training for anomaly detection

Objectives. The transformation of modern electric grids into decentralized smart grids presents new challenges in the field of cybersecurity. The purpose of this work is to conduct research and analysis into the effectiveness of different machine-learning methods for identifying anomalies in decentralized smart networks, including cyberattacks and emergency modes, as well as to develop recommendations on the optimal combination of these methods for ensuring effective cybersecurity under conditions of changing electrical loads.Methods. We consider several machine learning methods for identifying anomalies in power systems that simulate network behavior under conditions of cyberattacks and emergency modes. The relative effectiveness of such methods as multifractal analysis using wavelets, the Isolation Forest model, local outlier factor (LOF), k-means clustering, and one-class support vector machine (One-Class SVM), is analyzed.Results. The comparison of machine learning methods reveals the varying effectiveness of anomaly detection methods used to detect cyber threats and deviations in electrical systems. Isolation Forest is best at detecting abrupt changes related to cyberattacks with high accuracy and a minimum of false positives. While LOF can also be effective in detecting cyberattacks, its increased sensitivity to minor deviations increases the number of false positives. K-means and One-Class SVMs are less effective in detecting abrupt anomalies but are useful for general clustering of data and detecting both abrupt and smooth changes, respectively.Conclusions. The obtained research results indicate the advantages of using a combination of machine learning algorithms to ensure the reliable protection of smart networks from cyberattacks taking into account the nature of the electrical load.

An intelligent cyber threat detection: A swarm-optimized machine learning approach

An intelligent cyber threat detection: A swarm-optimized machine learning approach

Machine learning-based cyber threat detection: an approach to malware detection and security with explainable AI insights

Machine learning-based cyber threat detection: an approach to malware detection and security with explainable AI insights

Fed-LSAE: Thwarting poisoning attacks against federated cyber threat detection system via Autoencoder-based latent space inspection

The rise of security concerns in conventional centralized learning has driven the adoption of federated learning. However, the risks posed by poisoning attacks from internal adversaries against federated systems necessitate robust anti-poisoning frameworks. While previous defensive mechanisms relied on outlier detection, recent approaches focus on latent space representation. In this paper, we investigate a novel robust aggregation method for federated learning, namely Fed-LSAE, which leverages latent space representation via the penultimate layer and Autoencoder to exclude malicious clients from the training process. Specifically, Fed-LSAE measures the similarity level of each local latent space vector to the global one using the Center Kernel Alignment algorithm in every training round. The results of this algorithm are categorized into benign and attack groups, in which only the benign cluster is sent to the central server for federated averaging aggregation. In other words, adversaries would be detected and eliminated from the federated training procedure. The experimental results on the CIC-ToN-IoT and N-BaIoT datasets confirm the feasibility of our defensive mechanism against cutting-edge poisoning attacks for developing a robust federated-based threat detector in the Internet of Things (IoT) context. The evaluation of the federated approach witnesses an upward trend of approximately 98% across all metrics when integrating with our Fed-LSAE defense.

Cyber Attacks Detection And Mitigation Using Machine Learning In Smart Grid Systems

The increasing complexity and interconnectedness of smart grid systems have heightened their vulnerability to cyber threats, necessitating advanced solutions for securing these critical infrastructures. This study aims to explore the potential of AI-driven predictive analytics in enhancing the cybersecurity and operational efficiency of smart grids. By leveraging the systematic approach of the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines, a comprehensive review of 1,526 initial articles was conducted, which was subsequently narrowed down through rigorous screening and evaluation to a final set of 127 high-quality studies. The review reveals that machine learning models, such as neural networks and time series forecasting, significantly enhance the early detection and mitigation of cyber threats, allowing grid operators to take proactive measures to safeguard against disruptions. Additionally, the integration of AI with real-time data analytics was found to optimize load forecasting, predict equipment failures, and improve overall grid resilience, leading to reduced downtime and operational costs. However, significant challenges related to data privacy, scalability, and integration with legacy systems persist. The findings suggest that techniques like federated learning and blockchain integration could address these challenges, though further research is needed to enhance model robustness and efficiency. This review provides critical insights into the practical applications of AI in smart grid cybersecurity, highlighting both the benefits and the barriers that must be overcome to achieve widespread adoption.

An AI-Driven Model to Enhance Sustainability for the Detection of Cyber Threats in IoT Environments.

In the face of constantly changing cyber threats, a variety of actions, tools, and regulations must be considered to safeguard information assets and guarantee the confidentiality, reliability, and availability of digital resources. The purpose of this research is to create an artificial intelligence (AI)-driven system to enhance sustainability for cyber threat detection in Internet of Things (IoT) environments. This study proposes a modern technique named Artificial Fish Swarm-driven Weight-normalized Adaboost (AF-WAdaBoost) for optimizing accuracy and sustainability in identifying attacks, thus contributing to heightening security in IoT environments. CICIDS2017, NSL-KDD, and UNSW-NB15 were used in this study. Min-max normalization is employed to pre-process the obtained raw information. The proposed model AF-WAdaBoost dynamically adjusts classifiers, enhancing accuracy and resilience against evolving threats. Python is used for model implementation. The effectiveness of the suggested AF-WAdaBoost model in identifying different kinds of cyber-threats in IoT systems is examined through evaluation metrics like accuracy (98.69%), F-measure (94.86%), and precision (95.72%). The experimental results unequivocally demonstrate that the recommended model performed better than other traditional approaches, showing essential enhancements in accuracy and strength, particularly in a dynamic environment. Integrating AI-driven detection balances offers sustainability in cybersecurity, ensuring the confidentiality, reliability, and availability of information assets, and also helps in optimizing the accuracy of systems.