Search Results (1,184)

Weapon systems have transitioned from hardware-centered designs to software-driven platforms, introducing new cybersecurity risks, including software manipulation and cyberattacks. To address these challenges, this study proposes an improved manufacturing readiness level assessment (MRLA) method that integrates cybersecurity capabilities into the evaluation process to address the gaps in hardware-focused practices in South Korea. Based on the MITRE adversarial tactics, techniques, and common knowledge, and the defensive cybersecurity framework, this study identified security requirements, assessed vulnerabilities, and constructed exploratory testing scenarios using defense trees. These methods evaluate system resilience, the effectiveness of security controls, and response capabilities under diverse attack scenarios. The proposed MRLA approach incorporates cyberattacks and defense scenarios that may occur in operational environments. This approach was validated through a case study involving unmanned vehicle systems, where the modified MRLA successfully identified and mitigated critical cybersecurity threats. Consequently, the target operational mode summary/mission profile of a weapon system can be revised based on practical considerations, enhancing the cybersecurity assessments and thereby improving the operational readiness of weapon systems through scenario-based, realistic evaluation frameworks. The findings of this study demonstrate the practical utility of incorporating cybersecurity evaluations into MRLA, contributing to more resilient defense systems. Full article

This study presents a novel cyber-resilient, data-driven optimisation framework for real-time energy management in electric vehicle (EV)-integrated smart grids. The proposed framework integrates a hybrid optimisation engine—combining genetic algorithms and reinforcement learning—with a real-time analytics module to enable adaptive scheduling under uncertainty. It accounts for dynamic electricity pricing, EV mobility patterns, and grid load fluctuations, dynamically reallocating charging demand in response to evolving grid conditions. Unlike existing GA/RL schedulers, this framework uniquely integrates adaptive optimisation with resilient forecasting under incomplete data and lightweight blockchain-inspired cyber-defence, thereby addressing efficiency, accuracy, and security simultaneously. To ensure secure and trustworthy EV–grid communication, a lightweight blockchain-inspired protocol is incorporated, supported by an intrusion detection system (IDS) for cyber-attack mitigation. Empirical evaluation using European smart grid datasets demonstrates a daily peak demand reduction of 9.6% (from 33 kWh to 29.8 kWh), with a 27% decrease in energy delivered at the original peak hour and a redistribution of demand that increases delivery at 19:00 h by nearly 25%. Station utilisation became more balanced, with weekly peak normalised utilisation falling from 1.0 to 0.7. The forecasting module achieved a mean absolute error (MAE) of 0.25 kWh and a mean absolute percentage error (MAPE) below 20% even with up to 25% missing data. Among tested models, CatBoost outperformed LightGBM and XGBoost with an RMSE of 0.853 kWh and $R^2$ of 0.416. The IDS achieved 94.1% accuracy, an AUC of 0.97, and detected attacks within 50–300 ms, maintaining over 74% detection accuracy under 50% novel attack scenarios. The optimisation runtime remained below 0.4 s even at five times the nominal dataset scale. Additionally, the study outlines a conceptual extension to support location-based planning of charging infrastructure. This proposes the alignment of infrastructure roll-out with forecasted demand to enhance spatial deployment efficiency. While not implemented in the current framework, this forward-looking integration highlights opportunities for synchronising infrastructure development with dynamic usage patterns. Collectively, the findings confirm that the proposed approach is technically robust, operationally feasible, and adaptable to the evolving demands of intelligent EV–smart grid systems. Full article

In the face of increasingly severe cybersecurity threats, incomplete information and environmental dynamics have become central challenges in network attack–defense scenarios. In real-world network environments, defenders often find it difficult to fully perceive attack behaviors and network states, leading to a high degree of uncertainty in the system. Traditional approaches are inadequate in dealing with the diversification of attack strategies and the dynamic evolution of network structures, making it difficult to achieve highly adaptive defense strategies and efficient multi-agent coordination. To address these challenges, this paper proposes a multi-agent network defense approach based on joint game modeling, termed JG-Defense (Joint Game-based Defense), which aims to enhance the efficiency and robustness of defense decision-making in environments characterized by incomplete information. The method integrates Bayesian game theory, graph neural networks, and a proximal policy optimization framework, and it introduces two core mechanisms. First, a Dynamic Communication Graph Neural Network (DCGNN) is used to model the dynamic network structure, improving the perception of topological changes and attack evolution trends. A multi-agent communication mechanism is incorporated within the DCGNN to enable the sharing of local observations and strategy coordination, thereby enhancing global consistency. Second, a joint game loss function is constructed to embed the game equilibrium objective into the reinforcement learning process, optimizing both the rationality and long-term benefit of agent strategies. Experimental results demonstrate that JG-Defense outperforms the Cybermonic model by 15.83% in overall defense performance. Furthermore, under the traditional PPO loss function, the DCGNN model improves defense performance by 11.81% compared to the Cybermonic model. These results verify that the proposed integrated approach achieves superior global strategy coordination in dynamic attack–defense scenarios with incomplete information. Full article

This paper aims to explore Virtual Power Plants (VPPs) in combination with Demand Response (DR) concepts, integrating solar power generation, Electric Vehicle (EV) charging and discharging, and user loads to establish an optimal energy management scheduling system. Willingness curves for load curtailment are derived based on the consumption patterns of industrial, commercial, and residential users, enabling VPPs to design DR mechanisms under Time-of-Use (TOU), two-stage, and critical peak pricing periods. An energy management model for a VPP is developed by integrating DR, EV charging and discharging, and user loads. To solve this model and optimize economic benefits, this paper proposes an Improved Wolf Pack Search Algorithm (IWPSA). Based on the original Wolf Pack Search Algorithm (WPSA), the Improved Wolf Pack Search Algorithm (IWPSA) enhances the key behaviors of detection and encirclement. By reinforcing the attack strategy, the algorithm achieves better search performance and improved stability. IWPSA provides a parameter optimization mechanism with global search capability, enhancing searching efficiency and increasing the likelihood of finding optimal solutions. It is used to simulate and analyze the maximum profit of the VPP under various scenarios, such as different seasons, incentive prices, and DR periods. The verification analysis in this paper demonstrates that the proposed method can not only assist decision makers in improving the operation and scheduling of VPPs, but also serve as a valuable reference for system architecture planning and more effectively evaluating the performance of VPP operation management. Full article

Radar networks, composed of multiple radar stations and a fusion center interconnected via communication technologies, are widely used in civil aviation and maritime operations. Ensuring the security of radar networks is crucial. While their strong anti-jamming capabilities make traditional electronic countermeasures less effective, the openness and vulnerability of their network architecture expose them to cybersecurity risks. Current research on radar network security risk analysis from a cybersecurity perspective remains insufficient, necessitating further study to provide theoretical support for defense strategies. Taking centralized radar networks as an example, this paper first analyzes their architecture and potential cybersecurity risks, identifying a threat where attackers could potentially execute false data injection attacks (FDIAs) against the fusion center via man-in-the-middle attacks (MITMAs). A threat model is then established, outlining possible attack procedures and methods, along with defensive recommendations and evaluation metrics. Furthermore, for scenarios involving single-link control without traffic increase, the impact of different false data construction methods is examined. Simulation experiments validate the findings, showing that the average position offset increases from 8.38 m to 78.35 m after false data injection. This result confirms significant security risks under such threats, providing a reference for future countermeasure research. Full article

Malicious programs, commonly called malware, have had a pervasive presence in the world for nearly forty years and have continued to evolve and multiply exponentially. On the other hand, there are multiple research works focused on malware detection with different strategies that seem to work only temporarily, as new attack tactics and techniques quickly emerge. There are increasing proposals to analyze the problem from the attacker’s perspective, as suggested by MITRE ATT&CK. This article presents a proposal that utilizes Large Language Models (LLMs) to generate malware and understand its generation from the perspective of a red team. It demonstrates how to create malware using current models that incorporate censorship, and a specialized model is trained (fine-tuned) to generate code, enabling it to learn how to create malware. Both scenarios are evaluated using the $pass@k$ metric and a controlled execution environment (malware lab) to prevent its spread. Full article

In the IT sector, the relevance of looking at security from many different angles and the inclusion of different areas is already known and understood. This approach is much less pronounced in the area of cyber physical systems and not present at all in the area of building automation. Increasing interconnectivity, undefined responsibilities, connections between secured and unsecured areas, and a lack of understanding of security among decision-makers pose a particular threat. This systematic review demonstrates a paucity of literature addressing real-world scenarios, asymmetric/hybrid threats, or composite vulnerabilities. In particular, the attack surface is significantly increased by the deployment of smart sensors and actuators in unprotected areas. Furthermore, a range of additional hybrid threats are cited, with practical examples being provided that have hitherto gone unnoticed in the extant literature. It will be shown whether solutions are available in neighboring areas and whether these can be transferred to building automation to increase the security of the entire system. Consequently, subsequent studies can be developed to create more accurate behavioral models, enabling more rapid and effective analysis of potential attacks to building automation. Full article

Most existing studies on the Shortest-Path Network Interdiction Problem (SPIP) adopt the attacker’s perspective, often overlooking the critical role of defender-oriented strategies. To support proactive defense, this paper introduces a novel problem named the Multi-Objective Shortest-Path Counter-Interdiction Problem (MO-SPCIP). The problem incorporates a backup-based defense strategy from the defender’s viewpoint and addresses the inherent trade-offs among minimizing the shortest path length, minimizing backup resource consumption, and maximizing the attacker’s resource usage. To solve this complex problem, we propose an Improved Pareto Local Search-based Evolutionary Algorithm (IPLSEA). The algorithm integrates several problem-specific components, including a tailored initial solution generation method, a customized solution representation, and specialized genetic operators. In addition, an improved Pareto Local Search (IPLS) is incorporated into the algorithm framework, allowing an adaptive and selective search. To further enhance local refinement, three problem-specific neighborhood search operations are designed and embedded within the Pareto Local Search. The experimental results demonstrate that IPLSEA significantly outperforms state-of-the-art algorithms in terms of its convergence quality and solution diversity, enabling a more robust performance in network counter-interdiction scenarios. Full article

In recent years, the occurrence and complexity of Distributed Denial of Service (DDoS) attacks have escalated significantly, posing threats to the availability, performance, and security of networked systems. With the rapid progression of Artificial Intelligence (AI) and Machine Learning (ML) technologies, attackers can leverage intelligent tools to automate and amplify DDoS attacks with minimal human intervention. The increasing sophistication of such attacks highlights the pressing need for more robust and precise detection methodologies. This research proposes a method to enhance the effectiveness of ML models in detecting DDoS attacks based on hyperparameter tuning. By optimizing model parameters, the proposed approach is going to enhance the performance of ML models in identifying DDoS attacks. The CIC-DDoS2019 dataset is utilized in this study as it offers a comprehensive set of real-world DDoS attack scenarios across various protocols and services. The proposed methodology comprises key stages, including data preprocessing, data splitting, and model training, validation, and testing. Three ML models are trained and tuned using an adaptive GridSearchCV (Cross Validation) strategy to identify optimal parameter configurations. The results demonstrate that our method significantly improves performance and efficiency compared with the general GridSearchCV. The SVM model achieves 99.87% testing accuracy and requires approximately 28% less execution time than the general GridSearchCV. The LR model achieves 99.6830% testing accuracy with an execution time of 16.90 s, maintaining the same testing accuracy but reducing the execution time by about 22.8%. The KNN model achieves 99.8395% testing accuracy and 2388.89 s of execution time, also preserving accuracy while decreasing the execution time by approximately 63%. These results indicate that our approach enhances DDoS detection performance and efficiency, offering novel insights into the practical application of hyperparameter tuning for improving ML model performance in real-world scenarios. Full article

Recent advancements in emerging technologies such as IoT and AI have driven digital innovation, while also accelerating the sophistication of cyberattacks and expanding the attack surface. In particular, inter-state cyber warfare, sophisticated ransomware threats, and insider-led personal data breaches have emerged as significant new security risks. In response, this study proposes a Privacy-Aware Integrated Log System model developed to mitigate diverse security threats. By analyzing logs generated from personal information processing systems and security systems, integrated scenarios were derived. These scenarios are designed to defend against various threats, including insider attempts to leak personal data and the evasion of security systems, enabling scenario-based contextual analysis that goes beyond simple event-driven detection. Furthermore, the Analytic Hierarchy Process (AHP) was applied to quantitatively assess the relative importance of each scenario, demonstrating the model’s practical applicability. This approach supports early identification and effective response to personal data breaches, particularly when time and resources are limited by focusing on the top-ranked scenarios based on relative importance. Therefore, this study is significant in that it goes beyond fragmented log analysis to establish a privacy-oriented integrated log system from a holistic perspective, and it further validates its operational efficiency in field applications by conducting an AHP-based relative importance evaluation. Full article

While autonomous driving systems and intelligent transportation infrastructures become increasingly software-defined and network-connected, ensuring their cybersecurity has become a critical component of traffic safety. Large language models (LLMs) have recently shown promise in automating aspects of penetration testing, yet most existing approaches remain limited to simple, single-step exploits. They struggle to handle complex, multi-stage vulnerabilities that demand precise coordination, contextual reasoning, and knowledge reuse. This is particularly problematic in safety-critical domains, such as autonomous vehicles, where subtle software flaws can cascade across interdependent subsystems. In this work, we present CurriculumPT, a novel LLM-based penetration testing framework specifically designed for the security of intelligent systems. CurriculumPT combines curriculum learning and a multi-agent system to enable LLM agents to progressively acquire and apply exploitation skills across common vulnerabilities and exposures-based tasks. Through a structured progression from simple to complex vulnerabilities, agents build and refine an experience knowledge base that supports generalization to new attack surfaces without requiring model fine-tuning. We evaluate CurriculumPT on 15 real-world vulnerabilities scenarios and demonstrate that it outperforms three state-of-the-art baselines by up to 18 percentage points in exploit success rate, while achieving superior efficiency in execution time and resource usage. Our results confirm that CurriculumPT is capable of autonomous, scalable penetration testing and knowledge transfer, laying the groundwork for intelligent security auditing of modern autonomous driving systems and other cyberphysical transportation platforms. Full article

As Industrial Control Systems (ICSs) increasingly adopt cloud–edge collaborative architectures, they face escalating risks from complex cross-domain cyber threats. To address this challenge, we propose a novel threat assessment framework specifically designed for cloud–edge-integrated ICSs. Our approach systematically identifies and evaluates security risks across cyber and physical boundaries by building a structured dataset of ICS assets, attack entry points, techniques, and impacts. We introduce a unique set of evaluation indicators spanning four key dimensions—system modules, attack paths, attack methods, and potential impacts—providing a holistic view of cyber threats. Through simulation experiments on a representative ICS scenario inspired by real-world attacks, we demonstrate the framework’s effectiveness in detecting vulnerabilities and quantifying security posture improvements. Our results underscore the framework’s practical utility in guiding targeted defense strategies and its potential to advance research on cloud–edge ICS security. This work not only fills gaps in the existing methodologies but also provides new insights and tools applicable to sectors such as smart grids, intelligent manufacturing, and critical infrastructure protection. Full article

Unmanned aerial vehicles (UAVs) play an ever-increasing role in disaster response and remote sensing. However, the deep learning models they rely on remain highly vulnerable to adversarial attacks. This paper presents an evaluation and defense framework aimed at enhancing adversarial robustness in aerial disaster image classification using the AIDERV2 dataset. Our methodology is structured into the following four phases: (I) baseline training with clean data using ResNet-50, (II) vulnerability assessment under Projected Gradient Descent (PGD) attacks, (III) adversarial training with PGD to improve model resilience, and (IV) comprehensive post-defense evaluation under identical attack scenarios. The baseline model achieves 93.25% accuracy on clean data but drops to as low as 21.00% under strong adversarial perturbations. In contrast, the adversarially trained model maintains over 75.00% accuracy across all PGD configurations, reducing the attack success rate by more than 60%. We introduce metrics, such as Clean Accuracy, Adversarial Accuracy, Accuracy Drop, and Attack Success Rate, to evaluate defense performance. Our results show the practical importance of adversarial training for safety-critical UAV applications and provide a reference point for future research. This work contributes to making deep learning systems on aerial platforms more secure, robust, and reliable in mission-critical environments. Full article

Secondary control (SC) under false data injection attacks (FDIAs) in microgrids can compromise control decisions and disrupt the normal operation of the system. This paper proposes a washout-filter power-sharing-based resilient control strategy to tackle FDIAs. This strategy ensures the primary control continues to function normally by enabling the timely disconnection of the attacked SC. To address the under-rated operation state caused by the loss of SC, washout-filter power sharing is activated to restore the rated operation. Furthermore, for the FDIAs that affect both system frequency and voltage simultaneously after power sharing, a voltage compensation control loop is designed for the local voltage drop, allowing the attacked voltage value to further recover to the rated value. This strategy secures a steady frequency and enhanced voltage amplitude in the system, achieving a resilient effect against FDIAs. The proposed strategy has been validated through various simulation scenarios and FPGA-in-the-loop experiments. Full article

Wireless sensor networks have become a vital technology that is extensively applied across multiple industries, including agriculture, industrial operations, and smart cities, as well as residential smart homes and environmental monitoring systems. Security threats emerge in these systems through hidden routing-level attacks such as Wormhole and Sinkhole attacks. The aim of this research was to develop a methodology for detecting security incidents in WSNs by conducting real-time analysis of Wormhole and Sinkhole attacks. Furthermore, the paper proposes a novel detection methodology combined with architectural enhancements to improve network robustness, measured by hop counts, delays, false data ratios, and route integrity. A real-time WSN infrastructure was developed using ZigBee and Global System for Mobile Communications/General Packet Radio Service (GSM/GPRS) technologies. To realistically simulate Wormhole and Sinkhole attack scenarios and conduct evaluations, we developed a modular cyber–physical architecture that supports real-time monitoring, repeatability, and integration of ZigBee- and GSM/GPRS-based attacker nodes. During the experimentation, Wormhole attacks caused the hop count to decrease from 4 to 3, while the average delay increased by 40%, and false sensor readings were introduced in over 30% of cases. Additionally, Sinkhole attacks led to a 27% increase in traffic concentration at the malicious node, disrupting load balancing and route integrity. The proposed multi-stage methodology includes data collection, preprocessing, anomaly detection using the 3-sigma rule, and risk-based decision making. Simulation results demonstrated that the methodology successfully detected route shortening, packet loss, and data manipulation in real time. Thus, the integration of anomaly-based detection with ZigBee and GSM/GPRS enables a timely response to security threats in critical WSN deployments. Full article