Search Results (386)

In the face of ever-evolving cyber threats, modern intrusion detection systems (IDS) must achieve long-term adaptability without sacrificing performance on previously encountered attacks. Traditional IDS approaches often rely on static training assumptions, making them prone to forgetting old patterns, underperforming in label-scarce conditions, and struggling with imbalanced class distributions as new attacks emerge. To overcome these limitations, we present a continual learning framework tailored for adaptive intrusion detection. Unlike prior methods, our approach is designed to operate under real-world network conditions characterized by high-dimensional, sparse traffic data and task-agnostic learning sequences. The framework combines three core components: a clustering-based memory strategy that selectively retains informative historical samples using DP-Means; multi-level knowledge distillation that aligns current and previous model states at output and intermediate feature levels; and a meta-learning-driven class reweighting mechanism that dynamically adjusts to shifting attack distributions. Empirical evaluations on benchmark intrusion detection datasets demonstrate the framework’s ability to maintain high detection accuracy while effectively mitigating forgetting. Notably, it delivers reliable performance in continually changing environments where the availability of labeled data is limited, making it well-suited for real-world cybersecurity systems. Full article

The Internet of Things (IoT) has revolutionized industries by enabling seamless data exchange between billions of connected devices. However, the rapid proliferation of IoT devices has introduced significant security challenges, as many of these devices lack robust protection against cyber threats such as data breaches and denial-of-service attacks. Addressing these vulnerabilities is critical to maintaining the integrity and trust of IoT ecosystems. Traditional cybersecurity solutions often fail in dynamic, heterogeneous IoT environments due to device diversity, limited computational resources, and inconsistent communication protocols, which hinder the deployment of uniform and scalable security mechanisms. Moreover, there is a notable lack of realistic, high-quality datasets for training and evaluating machine learning (ML) models for IoT security, limiting their effectiveness in detecting complex and evolving threats. This paper presents the development and implementation of a novel physical smart office/home testbed designed to evaluate ML algorithms for detecting and mitigating IoT security vulnerabilities. The testbed replicates a real-world office environment, integrating a variety of IoT devices, such as different types of sensors, cameras, smart plugs, and workstations, within a network generating authentic traffic patterns. By simulating diverse attack scenarios including unauthorized access and network intrusions, the testbed provides a controlled platform to train, test, and validate ML-based anomaly detection systems. Experimental results show that the XGBoost model achieved a balanced accuracy of up to 99.977% on testbed-generated data, comparable to 99.985% on the benchmark IoT-23 dataset. Notably, the SVM model achieved up to 96.71% accuracy using our testbed data, outperforming its results on IoT-23, which peaked at 94.572%. The findings demonstrate the testbed’s effectiveness in enabling realistic security evaluations and ability to generate real-world datasets, highlighting its potential as a valuable tool for advancing IoT security research. This work contributes to the development of more resilient and adaptive security frameworks, offering valuable insights for safeguarding critical IoT infrastructures against evolving threats. Full article

Electric drive systems (EDSs) are vital for automotive and industrial applications but remain highly vulnerable to cyber and physical anomalies (CPAs), such as inverter open-circuit faults, sensor failures, and malicious cyberattacks. Ensuring reliable EDS operation requires the controller to receive accurate and uncompromised feedback and reference signals continuously. However, many existing data-driven detection and mitigation strategies rely on large training datasets, impose significant computational overhead, and often lose effectiveness under various abnormal operating conditions. To overcome these limitations, this paper introduces a trust evaluation framework that continuously assesses the reliability of all incoming signals to the EDS controller by combining behavioral analysis with historical reliability records. The proposed scheme offers a lightweight and model-independent approach, enabling reliable, adaptive decision-making by leveraging both current and historical signal behavior. To this end, this paper further integrates the resulting trust values into a torque-split optimization algorithm, enabling adaptive load optimization by dynamically reducing the torque contribution of motors operating under abnormal or low-trust conditions, thereby demonstrating clear applicability for automotive drive systems. The framework is validated in a real-time OPAL-RT environment across multiple CPA scenarios, demonstrating accurate anomaly detection and adaptive torque redistribution. Owing to its simplicity and versatility, the proposed method can be readily extended to other safety-critical drive applications. Full article

Cyberbullying is a growing concern in university settings, with significant consequences on students’ mental, physical, and social health. This study evaluates the structural quality of the “CyberBullying University Students” dataset, which collects sociodemographic and psychological variables as well as cyberbullying experiences, in 615 German university students. Data quality assessment metrics were applied, and seven supervised classification models were trained to detect cyberbullying cases. Decision Tree models were the best-performing algorithms (achieving an average accuracy of 99.1% with outstanding evaluation metrics: 100% precision, 98.6% recall, and 99.2% F1 score). The findings suggest that this model can be a useful tool for the early detection of cyberbullying in educational settings, provided that it is integrated with an ethical approach and professional support. It is concluded that the use of artificial intelligence models can strengthen institutional prevention strategies, especially when combined with educational programs that promote empathy and institutional justice. Full article

Background/Objectives: Organized physical activity is frequently considered a protective factor against bullying behaviors, yet evidence within the university context remains limited. This study investigates the relationships between physical activity levels, body mass index (BMI), and involvement in traditional and digital bullying, taking into account the differences between students with and without structured sports training. Methods: A total of 2767 first-year students from Transylvania University of Brașov participated. The sports group (n = 161; 65 females, 96 males) was compared to the non-sports group (n = 2606; 1472 females, 1134 males). Instruments included the Physical Activity Questionnaire for Adolescents (PAQ-A), validated scales for traditional and cyberbullying and victimization, and BMI calculation. Statistical analyses involved t-tests (two-tailed), 2 × 2 factorial ANOVA, and sex-stratified multiple linear regressions. Results: Students with sports training reported higher physical activity (PAQ-A 4.2–4.6), lower BMI, and lower bullying involvement (traditional ≈ 14–21% vs. ≈32%; cyber ≈ 8–17% vs. ≈25%). Group differences were large for physical activity (Hedges’ g ≈ 1.5) and moderate for BMI and bullying (g ≈ 0.68–0.96; point-biserial r² ≈ 3–4%). ANOVA showed sports status main effects (partial η_p² ≈ 4–5% for bullying/BMI; ≈20% for PAQ-A). In regressions, sports status (B = −0.30 to −0.44) and physical activity (B = −0.22 to −0.32) predicted lower aggression/victimization, whereas BMI showed positive associations (B = 0.11 to 0.18) (all p < 0.001). Sex × sports interactions were significant for PAQ-A and for traditional and cyber-victimization. Conclusions: Structured physical activity contributes to reducing the risk of bullying involvement and supports better psychosocial adjustment among students. These findings underscore the educational and preventive potential of university sports programs. Full article

Cybersecurity has become a critical concern in the automotive sector, where the increasing connectivity and complexity of modern vehicles—particularly in the context of autonomous driving—have significantly expanded the attack surface. In response to these challenges, this paper presents the Welcome To The Machine (WTTM) framework, developed to support proactive and structured cyber risk management throughout the entire vehicle lifecycle. Specifically tailored to the automotive domain, the framework encompasses four core actions: detection, analysis, response, and remediation. A central element of WTTM is the WTTM Questionnaire, designed to assess the organizational cybersecurity maturity of automotive manufacturers and suppliers. The questionnaire addresses six key areas: Governance, Risk Management, Concept and Design, Security Requirements, Validation and Testing, and Supply Chain. This paper focuses on the development and validation of WTTM-Q. Statistical validation was performed using responses from 43 participants, demonstrating high internal consistency (Cronbach’s alpha > 0.70) and strong construct validity (CFI = 0.94, RMSEA = 0.061). A supervised classifier (XGBoost), trained on 115 hypothetical response configurations, was employed to predict a priori risk classes, achieving 78% accuracy and a ROC AUC of 0.84. The WTTM framework, supported by a Vehicle Security Operations Center, provides a scalable, standards-aligned solution for enhancing cybersecurity in the automotive industry. Full article

With the recent intensification of geopolitical tensions, cyber-attacks have become increasingly sophisticated and dynamic. Traditional machine learning-based anomaly detection techniques, which rely on pre-trained data, often suffer from performance degradation when exposed to novel attack types not seen during training. To address this limitation, this study proposes a continual learning-based anomaly detection framework capable of incrementally incorporating new attack patterns without forgetting previously learned information. The proposed method consists of three key stages: first, preprocessing and data augmentation are applied to construct high-quality, balanced datasets; second, a base anomaly detection model is trained; and third, new attack data are incrementally integrated to continuously update and evaluate the model. To enhance adaptability and efficiency, the framework incorporates Memory-LGBM, a lightweight architecture that combines a prototype-based memory module with a gradient-free LGBM classifier. The model maintains class-wise latent representations instead of raw samples, enabling compact, memory-efficient learning. Experimental results on the CICIDS 2017 dataset demonstrate that the proposed approach outperforms existing continual learning methods in accuracy, adaptability, and resistance to forgetting, making it a practical and scalable solution for real-world anomaly detection scenarios that demand rapid adaptation, strong knowledge retention, and low computational overhead. Full article

This article solves the anomalies’ operational detection in the network traffic problem for cyber police units by developing an adaptive neural network platform combining a variational autoencoder with continuous stochastic dynamics of the latent space (integration according to the Euler–Maruyama scheme), a continuous–discrete Kalman filter for latent state estimation, and Hotelling’s T² statistical criterion for deviation detection. This paper implements an online learning mechanism (“on the fly”) via the Euler Euclidean gradient step. Verification includes variational autoencoder training and validation, ROC/PR and confusion matrix analysis, latent representation projections (PCA), and latency measurements during streaming processing. The model’s stable convergence and anomalies’ precise detection with the metrics precision is ≈0.83, recall is ≈0.83, the F1-score is ≈0.83, and the end-to-end delay of 1.5–6.5 ms under 100–1000 sessions/s load was demonstrated experimentally. The computational estimate for typical model parameters is ≈5152 operations for a forward pass and ≈38,944 operations, taking into account batch updating. At the same time, the main bottleneck, the O(m³) term in the Kalman step, was identified. The obtained results’ practical significance lies in the possibility of the developed adaptive neural network platform integrating into cyber police units (integration with Kafka, Spark, or Flink; exporting incidents to SIEM or SOAR; monitoring via Prometheus or Grafana) and in proposing applied optimisation paths for embedded and high-load systems. Full article

As smart cities evolve, the demand for real-time, secure, and adaptive network monitoring, continues to grow. Software-Defined Networking (SDN) offers a centralized approach to managing network flows; However, anomaly detection within SDN environments remains a significant challenge, particularly at the intelligent edge. This paper presents a conceptual Kafka-enabled ML framework for scalable, real-time analytics in SDN environments, supported by offline evaluation and a prototype streaming demonstration. A range of supervised ML models covering traditional methods and ensemble approaches (Random Forest, Linear Regression & XGBoost) were trained and validated using the InSDN intrusion detection dataset. These models were tested against multiple cyber threats, including botnets, dos, ddos, network reconnaissance, brute force, and web attacks, achieving up to 99% accuracy for ensemble classifiers under offline conditions. A Dockerized prototype demonstrates Kafka’s role in offline data ingestion, processing, and visualization through PostgreSQL and Grafana. While full ML pipeline integration into Kafka remains part of future work, the proposed architecture establishes a foundation for secure and intelligent Software-Defined Vehicular Networking (SDVN) infrastructure in smart cities. Full article

The Industrial Internet of Things (IIoT) is transforming industrial operations through connected devices and real-time automation but also introduces significant cybersecurity risks. Cyber threat intelligence (CTI) is critical for detecting and mitigating such threats, yet traditional centralized CTI approaches face limitations in latency, scalability, and data privacy. Federated learning (FL) offers a privacy-preserving alternative by enabling decentralized model training without sharing raw data. This survey explores how FL can enhance CTI in IIoT environments. It reviews FL architectures, orchestration strategies, and aggregation methods, and maps their applications to domains such as intrusion detection, malware analysis, botnet mitigation, anomaly detection, and trust management. Among its contributions is an empirical synthesis comparing FL aggregation strategies—including FedAvg, FedProx, Krum, ClippedAvg, and Multi-Krum—across accuracy, robustness, and efficiency under IIoT constraints. The paper also presents a taxonomy of FL-based CTI approaches and outlines future research directions to support the development of secure, scalable, and decentralized threat intelligence systems for industrial ecosystems. Full article

Phishing is a form of cyber-attack that aims to steal sensitive information by impersonating a trusted entity. To overcome this threat, various artificial intelligence (AI) methods have been developed to improve the effectiveness of phishing detection. This study evaluates three machine learning models, namely Decision Tree (DT), Random Forest (RF), and Support Vector Machine (SVM), using an open dataset containing phishing and non-phishing URLs. The research process includes data preprocessing stages such as cleaning, normalization, categorical feature encoding, feature selection, and dividing the dataset into training and test data. The trained models are then evaluated using accuracy, precision, recall, F1-score, and comparison score metrics to determine the best model in phishing classification. The evaluation results show that the Random Forest model has the best performance with higher accuracy and generalization of 98.64% compared to Decision Tree which is only 98.37% and SVM 92.67%. Decision Tree has advantages in speed and interpretability but is susceptible to overfitting. SVM shows good performance on high-dimensional datasets but is less efficient in computing time. Based on the research results, Random Forest is recommended as the most optimal model for machine learning-based phishing detection. Full article

The number of people and applications using the internet has increased substantially in recent years. The increased use of the internet has also resulted in various security issues. As the volume of data increases, cyber-attacks become increasingly sophisticated, exploiting vulnerabilities in network structures. The incorporation of modern technologies, particularly data mining, emerges as an essential method for analyzing huge amounts of data in real time, enabling the proactive detection of anomalies and potential security breaches. This research seeks to identify the most robust machine learning model for exploit detection. It applies five feature selection techniques and eight classification models to the UNSW-NB15 dataset. A comprehensive evaluation is conducted based on classification accuracy, computational efficiency, and execution time. The results demonstrate the efficiency of the Decision Tree model using Random Forest for feature selection in the real-time detection of exploit attacks, exhibiting an accuracy of 87.9%, along with a very short training (0.96 s) and testing time (0.29 ms/record). Full article

Personalized, scalable, and data-driven learning is now possible in cyber science education because of artificial intelligence (AI). This article examines how AI technologies, such as intelligent tutoring, adaptive learning, virtual labs, and AI assessments, are being included in cyber science curricula. Using examples and research studies published between 2020 and 2025 that have undergone peer review, this paper combines qualitative analysis and framework analysis to discover any similarities in how these policies were put into place and their effects. According to the findings, using AI in instruction boosts student interest, increases the number of courses finished, improves skills, and ensures clear instruction in areas such as cybersecurity, digital forensics, and incident response. Ethical issues related to privacy, bias in algorithms, and access issues are also covered in this paper. This study gives a useful approach that helps teachers, curriculum designers, and institution heads use AI in cyber education properly. Full article

In cyber-physical systems governed by nonlinear partial differential equations (PDEs), real-time control is often limited by sparse sensor data and high-dimensional system dynamics. Deep reinforcement learning (DRL) has shown promise for controlling such systems, but training DRL agents directly on full-order simulations is computationally intensive. This paper presents a sensor-driven, non-intrusive reduced-order modeling (NIROM) framework called FAE-CAE-LSTM, which combines convolutional and fully connected autoencoders with a long short-term memory (LSTM) network. The model compresses high-dimensional states into a latent space and captures their temporal evolution. A DRL agent is trained entirely in this reduced space, interacting with the surrogate built from sensor-like spatiotemporal measurements, such as pressure and velocity fields. A CNN-MLP reward estimator provides data-driven feedback without requiring access to governing equations. The method is tested on benchmark systems including Burgers’ equation, the Kuramoto–Sivashinsky equation, and flow past a circular cylinder; accuracy is further validated on flow past a square cylinder. Experimental results show that the proposed approach achieves accurate reconstruction, robust control, and significant computational speedup over traditional simulation-based training. These findings confirm the effectiveness of the FAE-CAE-LSTM surrogate in enabling real-time, sensor-informed, scalable DRL-based control of nonlinear dynamical systems. Full article

With the growing integration of digital technologies on modern vessels, ranging from satellite links and mobile networks to onboard Wi-Fi, the exposure of maritime systems to cyber threats has become a pressing concern. Wireless networks on ships, although essential for operations and crew welfare, often lack sufficient protection and are frequently overlooked in broader cybersecurity strategies. This article explores vulnerabilities linked to Man-in-the-Middle attacks and rogue access points, particularly in port areas where attackers may exploit signal range and proximity. A simulation carried out in a public setting near the Port of Rijeka demonstrated how standard crew devices could be lured into connecting to a counterfeit Wi-Fi network, resulting in traffic interception and potential data leaks. Although practical limitations, such as signal attenuation and distance, reduce the feasibility of such intrusions at sea, the risk remains significant while in port. Insecure configurations and common user behaviors were identified as key enablers. The article outlines a series of countermeasures aligned with international guidelines ranging from segmentation and encryption to crew training and intrusion detection. Addressing these wireless vulnerabilities is essential for building resilience and ensuring that digital transformation efforts in the maritime sector do not come at the expense of security. Full article