Search Results (668)

Distributed denial-of-service (DDoS) attacks are a prevalent threat to resource-constrained IoT deployments. We present an edge-based detection and mitigation system integrated with the oneM2M architecture. By using a Raspberry Pi 4 client and five Raspberry Pi 3 attack nodes in a smart-home testbed, we collected 200,000 packets with 19 features across four traffic states (normal, SYN/UDP/ICMP floods), trained Decision Tree, 2D-CNN, and LSTM models, and deployed the best model on an edge computer for real-time inference. The edge node classifies traffic and triggers per-attack defenses on the device (SYN cookies, UDP/ICMP iptables rules). On a held-out test set, the 2D-CNN achieved 98.45% accuracy, outperforming the LSTM (96.14%) and Decision Tree (93.77%). In end-to-end trials, the system sustained service during SYN floods (time to capture 200 packets increased from 5.05 s to 5.51 s after enabling SYN cookies), mitigated ICMP floods via rate limiting, and flagged UDP floods for administrator intervention due to residual performance degradation. These results show that lightweight, edge-deployed learning with targeted controls can harden oneM2M-based IoT systems against common DDoS vectors. Full article

This paper presents an in-depth review of cybersecurity challenges and advanced solutions in modern power-generation systems, with particular emphasis on smart grids. It examines vulnerabilities in devices such as smart meters (SMs), Phasor Measurement Units (PMUs), and Remote Terminal Units (RTUs) to cyberattacks, including False Data Injection Attacks (FDIAs), Denial of Service (DoS), and Replay Attacks (RAs). The study evaluates cutting-edge detection and mitigation techniques, such as Cluster Partition, Fuzzy Broad Learning System (CP-BLS), multimodal deep learning, and autoencoder models, achieving detection accuracies of (up to 99.99%) for FDIA identification. It explores critical aspects of power generation, including resource assessment, environmental and climatic factors, policy and regulatory frameworks, grid and storage integration, and geopolitical and social dimensions. The paper also addresses the transmission and distribution (T&D) system, emphasizing the role of smart-grid technologies and advanced energy-routing strategies that leverage Artificial Neural Networks (ANNs), Generative Adversarial Networks (GANs), and game-theoretic approaches to optimize energy flows and enhance grid stability. Future research directions include high-resolution forecasting, adaptive optimization, and the integration of quantum–AI methods to improve scalability, reliability, and resilience. Full article

Network protector units (NPUs) are crucial parts of the protection of secondary networks to effectively isolate faults occurring on the primary feeders. When a fault occurs on the primary feeder, there is a path of the fault current going through the service transformers that causes a negative flow of current on the NPU connected to the faulted feeder. Conventionally, NPUs rely on the direction of current with respect to the voltage to detect faults and make a correct trip decision. However, the conventional NPU logic does not allow the reverse power flow caused by distributed energy resources installed on secondary networks. The communication-assisted direct transfer trip logic for NPUs can be used to address this challenge. However, the communication-assisted scheme is exposed to some vulnerabilities arising from the disruption or corruption of the communicated data that can endanger the reliable operation of NPUs. This paper evaluates the impact of the malfunction of the communication system on the operation of communication-assisted NPU logic. To this end, the impact of packet modification and denial-of-service cyberattacks on the communication-assisted scheme are evaluated. The evaluation was performed using a hardware-in-the-loop (HIL) co-simulation testbed that includes both real-time power system and communication network digital simulators. This paper evaluates the impact of the cyberattacks for different fault scenarios and provides a list of recommendations to improve the reliability of communication-assisted NPU protection. Full article

Within the framework of a dynamic memory-event-triggered mechanism (DMETM), this paper proposes an estimate-based secure control algorithm for nonlinear networked control systems (NNCSs) that suffer from hybrid attacks. Firstly, a sampled-data observer is employed utilizing the output signals to estimate the states. Secondly, due to the limitation of data transmission capacity in NNCSs, a novel DMETM with auxiliary variable is proposed, which effectively leverages the benefits of historical sampled data. In the process of network data transmission, a hybrid attack model that simultaneously considers the impact of both deception and denial of service (DoS) attacks is introduced, which can undermine signal integrity and disrupt data transmission. Then, a memory-event-triggered controller is developed, and the mean square stability of the NNCSs can be ensured by selecting some appropriate values. Finally, a numerical simulation and a practical example are given to illustrate the meaning of the designed dynamic memory-event-triggered control (DMETC) algorithm. Full article

Smart grids (SGs) are becoming increasingly complex with the integration of communication, protection, and automation technologies. However, this digital transformation has introduced new vulnerabilities, especially false data injection attacks (FDIAs) and Denial of Service (DoS) attacks. FDIAs can subtly corrupt measurement data, misleading operators without triggering traditional bad data detection (BDD) methods in state estimation (SE), while DoS attacks disrupt the availability of sensor data, affecting grid observability. This paper presents a deep learning-based framework for detecting and localizing FDIAs, including under DoS conditions. A hybrid CNN, Transformer, and BiLSTM model captures spatial, global, and temporal correlations to forecast measurements and detect anomalies using a threshold-based approach. For further detection and localization, a Multi-layer Perceptron (MLP) model maps forecast errors to the compromised sensor locations, effectively complementing or replacing BDD methods. Unlike conventional SE, the approach is fully data-driven and does not require knowledge of grid topology. Experimental evaluation on IEEE 14–bus and 118–bus systems demonstrates strong performance for the FDIA condition, including precision of 0.9985, recall of 0.9980, and row-wise accuracy (RACC) of 0.9670 under simultaneous FDIA and DoS conditions. Furthermore, the proposed method outperforms existing machine learning models, showcasing its potential for real-time cybersecurity and situational awareness in modern SGs. Full article

The integration of Internet of Things (IoT) technologies into islanded microgrids has increased their vulnerability to cyberattacks, particularly those targeting critical components such as power converters within an islanded AC microgrid. This study investigates the impact of False Data Injection (FDI) and Denial of Service (DoS) attacks on various power converters, including DC–DC boost converters, DC–AC converters, battery inverters, and DC–DC buck–boost converters, modeled in MATLAB/Simulink. A dataset of healthy and compromised operational parameters, including voltage and current, was generated under simulated attack conditions. To enhance system resilience, a deep learning-based detection and classification framework was proposed. After evaluating various deep learning models, including Deep Neural Networks (DNNs), Artificial Neural Networks (ANNs), Support Vector Machines (SVMs), Long Short-Term Memory (LSTM), and Feedforward Neural Networks (FNNs), the final system integrates an FNN for rapid attack detection and an LSTM model for accurate classification. Real-time simulation validation demonstrated a detection accuracy of 95% and a classification accuracy of 92%, with minimal computational overhead and fast response times. These findings emphasize the importance of implementing intelligent and efficient cybersecurity measures to ensure the secure and reliable operation of islanded microgrids against evolving cyberattacks. Full article

A typical Software-Defined Vehicular Network (SDVN) is open to various cyberattacks because of its centralized controller-based framework. A cyberattack, such as a Distributed Denial of Service (DDoS) attack, can easily overload the central SDVN controller. Thus, we require a functional DDoS attack recognition system that can differentiate malicious traffic from normal data traffic. The proposed architecture comprises hybrid Classical-Quantum Machine Learning (QML) methods for detecting DDoS threats. In this work, we have considered three different QML methods, such as Classical-Quantum Neural Networks (C-QNN), Classical-Quantum Boltzmann Machines (C-QBM), and Classical-Quantum K-Means Clustering (C-QKM). Emulations were conducted using a custom-built vehicular network with random movements and varying speeds between 0 and 100 kmph. Also, the performance of these QML methods was analyzed for two different datasets. The results obtained show that the hybrid Classical-Quantum Neural Network (C-QNN) method exhibited better performance in comparison with the other two models. The proposed hybrid C-QNN model achieved an accuracy of 99% and 90% for the UNB-CIC-DDoS dataset and Kaggle DDoS dataset, respectively. The hybrid C-QNN model combines PennyLane’s quantum circuits with traditional methods, whereas the Classical-Quantum Boltzmann Machine (C-QBM) leverages quantum probability distributions for identifying anomalies. Full article

Industrial Wireless Sensor Networks (IWSNs) play a critical role in Industry 4.0 environments, enabling real-time monitoring and control of industrial processes. However, existing lightweight authentication protocols for IWSNs remain vulnerable to sophisticated security attacks because of inadequate initial authentication phases. This study presents a security analysis of Gope et al.’s PUF-based authentication protocol for IWSNs and identifies critical vulnerabilities that enable man-in-the-middle (MITM) and denial-of-service (DoS) attacks. We demonstrate that Gope et al.’s protocol is susceptible to MITM attacks during both authentication and Secure Periodical Data Collection (SPDC), allowing adversaries to derive session keys and compromise communication confidentiality. Our analysis reveals that the sensor registration phase of the protocol lacks proper authentication mechanisms, enabling attackers to perform unauthorized PUF queries and subsequently mount successful attacks. To address these vulnerabilities, we propose an enhanced authentication scheme that introduces a sensor-initiated registration process. In our improved protocol, sensor nodes generate and control PUF challenges rather than passively responding to gateway requests. This modification prevents unauthorized PUF queries while preserving the lightweight characteristics essential for resource-constrained IWSN deployments. Security analysis demonstrates that our enhanced scheme effectively mitigates the identified MITM and DoS attacks without introducing significant computational or communication overhead. The proposed modifications maintain compatibility with the existing IWSN infrastructure while strengthening the overall security posture. Comparative analysis shows that our solution addresses the security weaknesses of the original protocol while preserving its practical advantages for industrial use. The enhanced protocol provides a practical and secure solution for real-time data access in IWSNs, making it suitable for deployment in mission-critical industrial environments where both security and efficiency are paramount. Full article

This article develops a method for analysing sensor data to prevent cyberattacks using a modified LSTM network. This method development is based on the fact that in the context of the rapid increase in sensor devices used in critical infrastructure, it is becoming an urgent task to ensure these systems’ security from various types of attacks, such as data forgery, man-in-the-middle attacks, and denial of service. The method is based on predicting normal system behaviour using a modified LSTM network, which allows for effective prediction of sensor data because the F1 score = 0.90, as well as on analysing anomalies detected through residual values, which makes the method highly sensitive to changes in data. The main result is high accuracy of attack detection (precision = 0.92), achieved through a hybrid approach combining prediction with statistical deviation analysis. During the computational experiment, the developed method demonstrated real-time efficiency with minimal computational costs, providing accuracy up to 92% and recall up to 89%, which is confirmed by high AUC = 0.94 values. These results show that the developed method is effectively protecting critical infrastructure facilities with limited computing resources, which is especially important for cyber police. Full article

This paper presents a resilient observer-based and event-triggered control scheme for discrete-time Cyber–Physical Systems (CPS) under Markovian Cyber-Attacks (MCA). The proposed framework integrates a Luenberger observer for cyberattack detection with a state-feedback controller designed to preserve system stability in the presence of Denial-of-Service (DoS) and False Data Injection (FDI) attacks. Attack detection is achieved through residual signal generation combined with Markovian modeling of the attack dynamics. System stability is guaranteed by formulating relaxed Linear Matrix Inequality (LMI) conditions that incorporate relaxation variables, a diagonal Lyapunov function, the S-procedure, and congruence transformations. Moreover, the Event-Triggered Mechanism (ETM) efficiently reduces communication load without degrading control performance. Numerical simulations conducted on a three-tank system benchmark confirm enhanced detection accuracy, faster recovery, and strong robustness against uncertainties. Full article

In recent years, the occurrence and complexity of Distributed Denial of Service (DDoS) attacks have escalated significantly, posing threats to the availability, performance, and security of networked systems. With the rapid progression of Artificial Intelligence (AI) and Machine Learning (ML) technologies, attackers can leverage intelligent tools to automate and amplify DDoS attacks with minimal human intervention. The increasing sophistication of such attacks highlights the pressing need for more robust and precise detection methodologies. This research proposes a method to enhance the effectiveness of ML models in detecting DDoS attacks based on hyperparameter tuning. By optimizing model parameters, the proposed approach is going to enhance the performance of ML models in identifying DDoS attacks. The CIC-DDoS2019 dataset is utilized in this study as it offers a comprehensive set of real-world DDoS attack scenarios across various protocols and services. The proposed methodology comprises key stages, including data preprocessing, data splitting, and model training, validation, and testing. Three ML models are trained and tuned using an adaptive GridSearchCV (Cross Validation) strategy to identify optimal parameter configurations. The results demonstrate that our method significantly improves performance and efficiency compared with the general GridSearchCV. The SVM model achieves 99.87% testing accuracy and requires approximately 28% less execution time than the general GridSearchCV. The LR model achieves 99.6830% testing accuracy with an execution time of 16.90 s, maintaining the same testing accuracy but reducing the execution time by about 22.8%. The KNN model achieves 99.8395% testing accuracy and 2388.89 s of execution time, also preserving accuracy while decreasing the execution time by approximately 63%. These results indicate that our approach enhances DDoS detection performance and efficiency, offering novel insights into the practical application of hyperparameter tuning for improving ML model performance in real-world scenarios. Full article

This study conducts a detailed analysis of cybersecurity threats, including artificial intelligence (AI)-driven cyber-attacks targeting vehicle-to-vehicle (V2V) and electric vehicle (EV) communications within the rapidly evolving field of connected and autonomous vehicles (CAVs). As autonomous and electric vehicles become increasingly integrated into daily life, their susceptibility to cyber threats such as replay, jamming, spoofing, and denial-of-service (DoS) attacks necessitates the development of robust cybersecurity measures. Additionally, EV-specific threats, including battery management system (BMS) exploitation and compromised charging interfaces, introduce distinct vulnerabilities requiring specialized attention. This research proposes a comprehensive and integrated cybersecurity framework that rigorously examines current V2V, vehicle-to-everything (V2X), and EV-specific systems through systematic threat assessments, vulnerability analyses, and the deployment of advanced security controls. Unlike previous state-of-the-art approaches, which primarily focus on isolated threats or specific components such as V2V protocols, the proposed framework provides a holistic cybersecurity strategy addressing the entire communication stack, EV subsystems, and incorporates AI-driven threat detection mechanisms. This comprehensive and integrated approach addresses critical gaps found in the existing literature, making it significantly more adaptable and resilient against evolving cyber-attacks. Our framework aligns with industry standards and regulatory requirements, significantly enhancing the security, safety, and reliability of modern transportation systems. By incorporating specialized cryptographic techniques, secure protocols, and continuous monitoring mechanisms, the proposed approach ensures robust protection against sophisticated cyber threats, thereby safeguarding vehicle operations and user privacy. Full article

Software-Defined Networking (SDN) is a network architecture that decouples the control plane from the data plane, enabling centralized, programmable management of network traffic. SDN introduces centralized control and programmability to modern networks, improving flexibility while also exposing new security vulnerabilities across the application, control, and data planes. This paper provides a comprehensive overview of SDN security threats and defenses, covering recent developments in controller hardening, trust management, route optimization, and anomaly detection. Based on these findings, we present a comparative analysis of SDN controllers in terms of performance, scalability, and deployment complexity. This culminates in the introduction of the Cloud-to-Edge Layer Two (CELT)-Secure switch, a virtual OpenFlow-based data-plane security mechanism. CELT-Secure detects and blocks Internet Control Message Protocol flooding attacks in approximately two seconds and actively disconnects hosts engaging in Address Resolution Protocol-based man-in-the-middle attacks. In comparative testing, it achieved detection performance 10.82 times faster than related approaches. Full article

This paper systematically analyzes security vulnerabilities that may occur during the OpenCV library and IP camera linkage process for the YOLO v10-based IP camera image processing system used in the disaster safety management field. Recently, the use of AI-based real-time image analysis technology in disaster response and safety management systems has been increasing, but it has been confirmed that open source-based object detection frameworks and security vulnerabilities in IP cameras can pose serious threats to the reliability and safety of actual systems. In this study, the structure of an image processing system that applies the latest YOLO v10 algorithm was analyzed, and major security threats (e.g., remote code execution, denial of service, data tampering, authentication bypass, etc.) that might occur during the IP camera image collection and processing process using OpenCV were identified. In particular, the possibility of attacks due to insufficient verification of external inputs (model files, configuration files, image data, etc.), failure to set an initial password, and insufficient encryption of network communication sections were presented with cases. These problems could lead to more serious results in mission-critical environments such as disaster safety management. Full article

With the rapid development of technologies such as cloud computing, big data, and the Internet of Things (IoT), Software-Defined Networking (SDN) is emerging as a new network architecture for the modern Internet. SDN separates the control plane from the data plane, allowing a central controller, the SDN controller, to quickly direct the routing devices within the topology to forward data packets, thus providing flexible traffic management for communication between information sources. However, traditional Distributed Denial of Service (DDoS) attacks still significantly impact SDN systems. This paper proposes a novel dual-layer strategy capable of detecting and mitigating DDoS attacks in an SDN network environment. The first layer of the strategy enhances security by using blockchain technology to replace the SDN flow table storage container in the northbound interface of the SDN controller. Smart contracts are then used to process the stored flow table information. We employ the time window algorithm and the token bucket algorithm to construct the first layer strategy to defend against obvious DDoS attacks. To detect and mitigate less obvious DDoS attacks, we design a second-layer strategy that uses a composite data feature correlation coefficient calculation method and the Isolation Forest algorithm from unsupervised learning techniques to perform binary classification, thereby identifying abnormal traffic. We conduct experimental validation using the publicly available DDoS dataset CIC-DDoS2019. The results show that using this strategy in the SDN network reduces the average deviation of round-trip time (RTT) by approximately 38.86% compared with the original SDN network without this strategy. Furthermore, the accuracy of DDoS attack detection reaches 97.66% and an F1 score of 92.2%. Compared with other similar methods, under comparable detection accuracy, the deployment of our strategy in small-scale SDN network topologies provides faster detection speeds for DDoS attacks and exhibits less fluctuation in detection time. This indicates that implementing this strategy can effectively identify DDoS attacks without affecting the stability of data transmission in the SDN network environment. Full article