Search Results (614)

Stealth attacks targeting industrial control systems (ICS) exploit subtle sequences of malicious actions, making them difficult to detect with conventional methods. The OPC Unified Architecture (OPC UA) protocol—now widely adopted in SCADA/ICS environments—enhances OT–IT integration but simultaneously increases the exposure of critical infrastructures to sophisticated cyberattacks. Traditional detection approaches, which rely on instantaneous traffic features and static models, neglect the sequential dimension that is essential for uncovering such gradual intrusions. To address this limitation, we propose a hybrid sequential anomaly detection pipeline that combines Markov chain modeling to capture temporal dependencies with machine learning algorithms for anomaly detection. The pipeline is further augmented by explainability through SHapley Additive exPlanations (SHAP) and causal inference using the PC algorithm. Experimental evaluation on an OPC UA dataset simulating Man-In-The-Middle (MITM) and denial-of-service (DoS) attacks demonstrates that incorporating a second-order sequential memory significantly improves detection: F1-score increases by +2.27%, precision by +2.33%, and recall by +3.02%. SHAP analysis identifies the most influential features and transitions, while the causal graph highlights deviations from the system’s normal structure under attack, thereby providing interpretable insights into the root causes of anomalies. Full article

Cyber-physical infrastructures such as hospitals and smart campuses face hybrid threats that target both digital and physical domains. Traditional security solutions separate surveillance from network monitoring, leaving blind spots when attackers combine these vectors. This paper introduces ARGUS, an autonomous robotic platform designed to close this gap by correlating cyber and physical anomalies in real time. ARGUS integrates computer vision for facial and weapon detection with intrusion detection systems (Snort, Suricata) for monitoring malicious network activity. Operating through an edge-first microservice architecture, it ensures low latency and resilience without reliance on cloud services. Our evaluation covered five scenarios—access control, unauthorized entry, weapon detection, port scanning, and denial-of-service attacks—with each repeated ten times under varied conditions such as low light, occlusion, and crowding. Results show face recognition accuracy of 92.7% (500 samples), weapon detection accuracy of 89.3% (450 samples), and intrusion detection latency below one second, with minimal false positives. Audio analysis of high-risk sounds further enhanced situational awareness. Beyond performance, ARGUS addresses GDPR and ISO 27001 compliance and anticipates adversarial robustness. By unifying cyber and physical detection, ARGUS advances beyond state-of-the-art patrol robots, delivering comprehensive situational awareness and a practical path toward resilient, ethical robotic security. Full article

Low-Earth-Orbit Satellite Internet (LEO SI), with its capability for seamless global coverage, is a key solution for connecting IoT devices in areas beyond terrestrial network reach, playing a vital role in building a future ubiquitous IoT system. Inspired by the IEEE 802.15.4 Improved Adaptive Backoff Algorithm (I-ABA), this paper proposes an Attack-Aware Adaptive Backoff Indicator (AA-BI) mechanism to enhance the security and robustness of the two-step random access process in LEO SI. The mechanism constructs a composite threat intensity indicator that incorporates collision probability, Denial-of-Service (DoS) attack strength, and replay attack intensity. This quantified threat level is smoothly mapped to a dynamic backoff window to achieve adaptive backoff adjustment. Simulation results demonstrate that, with 200 pieces of user equipment (UE), the AA-BI mechanism significantly improves the access success rate (ASR) and jamming resistance rate (JRR) under various attack scenarios compared to the I-ABA and Binary Exponential Backoff (BEB) algorithms. Notably, under high-attack conditions, AA-BI improves ASR by up to 25.1% and 56.6% over I-ABA and BEB, respectively. Moreover, under high-load conditions with 800 users, AA-BI still maintains superior performance, achieving an ASR of 0.42 and a JRR of 0.68, thereby effectively ensuring the access performance and reliability of satellite Internet in malicious environments. Full article

Protecting communications within vehicular networks is of paramount importance, particularly when data are transmitted using wireless ad-hoc technologies such as Dedicated Short-Range Communications (DSRC). Vulnerabilities in Vehicle-to-Everything (V2X) communications, especially along highways, pose significant risks, such as unauthorized interception or alteration of vehicle data. This study proposes a Software-Defined Radio (SDR)-based tool designed to assess the protection level of V2X communication systems against cyber attacks. The proposed tool can emulate both reception and transmission of IEEE 802.11p packets while testing DSRC implementation and robustness. The results of this investigation offer valuable contributions toward shaping cybersecurity strategies and frameworks designed to protect the integrity of Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communications. Full article

The smart grid (SG) plays a seminal role in the modern energy landscape by integrating digital technologies, the Internet of Things (IoT), and Advanced Metering Infrastructure (AMI) to enable bidirectional energy flow, real-time monitoring, and enhanced operational efficiency. However, these advancements also introduce critical challenges related to data privacy, cybersecurity, and operational balance. This review critically evaluates SG systems, beginning with an analysis of data privacy vulnerabilities, including Man-in-the-Middle (MITM), Denial-of-Service (DoS), and replay attacks, as well as insider threats, exemplified by incidents such as the 2023 Hydro-Québec cyberattack and the 2024 blackout in Spain. The review further details the SG architecture and its key components, including smart meters (SMs), control centers (CCs), aggregators, smart appliances, and renewable energy sources (RESs), while emphasizing essential security requirements such as confidentiality, integrity, availability, secure storage, and scalability. Various privacy preservation techniques are discussed, including cryptographic tools like Homomorphic Encryption, Zero-Knowledge Proofs, and Secure Multiparty Computation, anonymization and aggregation methods such as differential privacy and k-Anonymity, as well as blockchain-based approaches and machine learning solutions. Additionally, the review examines pricing models and their resolution strategies, Demand–Supply Balance Programs (DSBPs) utilizing optimization, game-theoretic, and AI-based approaches, and energy storage systems (ESSs) encompassing lead–acid, lithium-ion, sodium-sulfur, and sodium-ion batteries, highlighting their respective advantages and limitations. By synthesizing these findings, the review identifies existing research gaps and provides guidance for future studies aimed at advancing secure, efficient, and sustainable smart grid implementations. Full article

The increasing deployment of internet of things(IoT) systems across critical domains has broadened the threat landscape, and being the catalyst for a variety of security concerns, including very stealthy slow denial of service (slow DoS) attacks. These exploit the hypertext transfer protocol’s (HTTP) application-layer protocol to either close down service requests or degrade responsiveness while closely mimicking legitimate traffic. Current available datasets fail to capture the more stealthy operational profiles of slow DoS attacks or account for the presence of genuine slow nodes (SN), which are devices experiencing high latency. These can significantly degrade detection accuracy since slow DoS attacks closely emulate SN. This paper addresses these problems by synthesising a realistic HTTP slow DoS dataset derived from a live IoT network, that incorporates both stealth-tuned slow DoS traffic and legitimate SN traffic, with the three main slow DoS variants of slow GET, slow Read, and slow POST being critically evaluated under these network conditions. A limited packet capture (LPC) strategy is adopted which focuses on just two metadata attributes, namely packet length ($lp$) and packet inter-arrival time ($\mathrm{\Delta }t$). Using a resource lightweight decision tree classifier, the proposed model achieves over 96% accuracy while incurring minimal computational overheads. Experimental results in a live IoT network reveal the negative classification impact of including SN traffic, thereby underscoring the importance of modelling stealthy attacks and SN latency in any slow DoS detection framework. Finally, a MPerf (Modelling Performance) is presented which quantifies and balances detection accuracy against processing costs to facilitate scalable deployment of low-cost detection models in resource-constrained IoT networks. This represents a practical solution to improving IoT resilience against stealthy slow DoS attacks whilst pragmatically balancing the resource-constraints of IoT nodes. By analysing the impact of SN on detection performance, a robust reliable model has been developed which can both measure and fine tune the accuracy-efficiency nexus. Full article

The Internet of Things (IoT) has revolutionized industries by enabling seamless data exchange between billions of connected devices. However, the rapid proliferation of IoT devices has introduced significant security challenges, as many of these devices lack robust protection against cyber threats such as data breaches and denial-of-service attacks. Addressing these vulnerabilities is critical to maintaining the integrity and trust of IoT ecosystems. Traditional cybersecurity solutions often fail in dynamic, heterogeneous IoT environments due to device diversity, limited computational resources, and inconsistent communication protocols, which hinder the deployment of uniform and scalable security mechanisms. Moreover, there is a notable lack of realistic, high-quality datasets for training and evaluating machine learning (ML) models for IoT security, limiting their effectiveness in detecting complex and evolving threats. This paper presents the development and implementation of a novel physical smart office/home testbed designed to evaluate ML algorithms for detecting and mitigating IoT security vulnerabilities. The testbed replicates a real-world office environment, integrating a variety of IoT devices, such as different types of sensors, cameras, smart plugs, and workstations, within a network generating authentic traffic patterns. By simulating diverse attack scenarios including unauthorized access and network intrusions, the testbed provides a controlled platform to train, test, and validate ML-based anomaly detection systems. Experimental results show that the XGBoost model achieved a balanced accuracy of up to 99.977% on testbed-generated data, comparable to 99.985% on the benchmark IoT-23 dataset. Notably, the SVM model achieved up to 96.71% accuracy using our testbed data, outperforming its results on IoT-23, which peaked at 94.572%. The findings demonstrate the testbed’s effectiveness in enabling realistic security evaluations and ability to generate real-world datasets, highlighting its potential as a valuable tool for advancing IoT security research. This work contributes to the development of more resilient and adaptive security frameworks, offering valuable insights for safeguarding critical IoT infrastructures against evolving threats. Full article

Operating systems such as Windows, Linux, and macOS include built-in commands that enable administrators to perform essential tasks. These same commands can be exploited by attackers for malicious purposes that may go undetected by traditional security solutions. This research identifies an unmitigated risk of misuse of a standard command to disconnect network services on victim devices. Thus, we developed a novel Proof-of-Concept (PoC) malware named DCmal-2025 and documented every step of its lifecycle, including the core idea of the malware, its development, impact, analysis, and possible countermeasures. The proposed DCmal-2025 malware can cause a Denial-of-Service (DoS) condition without exploiting any software vulnerabilities; instead, it misuses legitimate standard commands and manipulates the routing table to achieve this. We developed two types of DCmal-2025: one that triggers a DoS immediately and another that initiates it after a predefined delay before restoring connectivity. This study evaluated 72 antivirus detection rates of two malware types (DCmal-2025 Type 1 and Type 2) written in C and Rust using VirusTotal. The source code for both types was undetected by any of the antivirus engines. However, after compiling the source code into executable files, only some Windows executables were flagged by general keywords unrelated to DCmal-2024 behaviour; Linux executables remained undetected. Rust significantly reduced detection rates compared to C—from 7.04% to 1.39% for Type 1 and from 9.72% to 4.17% for Type 2. An educational institution was chosen as a case study. The institution’s network topology was simulated using the GNS3 simulator. The result of the case study reveals that both malware types could cause a successful DoS attack by disconnecting targeted devices from all network-based services. The findings underscore the need for enhanced detection methods and heightened awareness that unexplained network disconnections may be caused by undetected malware, such as DCmal-2025. Full article

This research presents a methodology for the detection of distributed denial-of-service (DDoS) attacks in software-defined networks (SDNs). An SDN was configured using the Mininet simulator, the Open Daylight controller, and a web server, which acted as the target to execute a DDoS attack on the HTTP protocol. The attack tools GoldenEye, Slowloris, HULK, Slowhttptest, and XerXes were used, and two datasets were built using the CICFlowMeter and NTLFlowLyzer flow and feature generation tools, with 424,922 and 731,589 flows, respectively, as well as two independent test datasets. These tools were used to compare their functionalities and efficiency in generating flows and features. Finally, the XGBoost and Random Forest models were evaluated with each dataset, with the objective of identifying the model that provides the best classification result in the detection of malicious traffic. For the XGBoost model, the accuracy results were 99.48% and 97.61%, while for the Random Forest model, better results were obtained with 99.97% and 99.99% using the CIC-Dataset and NTL-Dataset, respectively, in both cases. This allows determining that the Random Forest model outperformed XGBoost in classification, as it achieved the lowest false negative rate of 0.00001 using the NTL-Dataset. Full article

The growing reliance on satellite-based infrastructures for communication, navigation, defense, and environmental monitoring has magnified the urgency of securing Space Information Networks (SINs) against cyber threats. This paper presents a comprehensive review of the vulnerabilities, threat vectors, and advanced countermeasures impacting SINs. Key vulnerabilities, including system complexity, use of Commercial Off-the-Shelf (COTS) components, lack of standardized security frameworks, and emerging quantum threats, are critically analyzed. This paper classifies cyber threats into active and passive categories, highlighting real-world case studies such as Denial-of-Service attacks, message modification, eavesdropping, and satellite transponder hijacking. A detailed survey of countermeasures follows, focusing on AI-driven intrusion detection, federated learning approaches, deep learning techniques, random routing algorithms, and quantum-resistant encryption. This study emphasizes the pressing need for integrated, resilient, and proactive security architectures tailored to the unique constraints of space systems. It concludes by identifying research gaps and recommending future directions to enhance the resilience of SINs against evolving cyber threats in an increasingly contested space environment. Full article

For multi-agent systems under Denial-of-Service (DoS) attacks, a relative threshold strategy for event triggering and a state-constrained control method with prescribed performance are proposed. Within the framework of combining graph theory with the leader–follower approach, coordinate transformation is utilized to decouple the multi-agent system. Inspired by the three-way handshake technology of TCP communication, a DoS detection system is designed based on event-triggering. This system is used to detect DoS attacks, prevent the impacts brought by DoS attacks, and reduce the update frequency of the controller. Fuzzy logic systems are employed to approximate the unknown nonlinear functions within the system. By using a first-order filter to approximate the derivative of the virtual controller, the computational complexity issue in the backstepping method is addressed. Furthermore, The Barrier Lyapunov Function (BLF) possesses unique mathematical properties. When the system state approaches the pre-set boundary, it can exhibit a special variation trend, thereby imposing a restrictive effect on the system state. The Prescribed Performance Function (PPF), on the other hand, defines the expected performance standards that the system aims to achieve in the tracking task, covering key indicators such as tracking accuracy and response speed. By organically integrating these two functions, the system can continuously monitor and adjust its own state during operation. When there is a tendency for the tracking error to deviate from the specified range, the combined function mechanism will promptly come into play. Through the reasonable adjustment of the system’s control input, it ensures that the tracking error always remains within the pre-specified range. Finally, through Lyapunov analysis, the proposed control protocol ensures that all closed-loop signals remain bounded under attacks, with the outputs of all followers synchronizing with the leader’s output in the communication graph. Full article

Software-defined networking (SDN) is a transformative approach for managing modern network architectures, particularly in Internet-of-Things (IoT) applications. However, ensuring the optimal SDN performance and security often needs a robust sensitivity analysis (SA). To complement existing SA methods, this study proposes a new SA framework that integrates design of experiments (DOE) and machine-learning (ML) techniques. Although existing SA methods have been shown to be effective and scalable, most of these methods have yet to hybridize anomaly detection and classification (ADC) and data augmentation into a single, unified framework. To fill this gap, a targeted application of well-established existing techniques is proposed. This is achieved by hybridizing these existing techniques to undertake a more robust SA of a typified SDN-reliant IoT network. The proposed hybrid framework combines Latin hypercube sampling (LHS)-based DOE and generative adversarial network (GAN)-driven data augmentation to improve SA and support ADC in SDN-reliant IoT networks. Hence, it is called DOE-GAN-SA. In DOE-GAN-SA, LHS is used to ensure uniform parameter sampling, while GAN is used to generate synthetic data to augment data derived from typified real-world SDN-reliant IoT network scenarios. DOE-GAN-SA also employs a classification and regression tree (CART) to validate the GAN-generated synthetic dataset. Through the proposed framework, ADC is implemented, and an artificial neural network (ANN)-driven SA on an SDN-reliant IoT network is carried out. The performance of the SDN-reliant IoT network is analyzed under two conditions: namely, a normal operating scenario and a distributed-denial-of-service (DDoS) flooding attack scenario, using throughput, jitter, and response time as performance metrics. To statistically validate the experimental findings, hypothesis tests are conducted to confirm the significance of all the inferences. The results demonstrate that integrating LHS and GAN significantly enhances SA, enabling the identification of critical SDN parameters affecting the modeled SDN-reliant IoT network performance. Additionally, ADC is also better supported, achieving higher DDoS flooding attack detection accuracy through the incorporation of synthetic network observations that emulate real-time traffic. Overall, this work highlights the potential of hybridizing LHS-based DOE, GAN-driven data augmentation, and ANN-assisted SA for robust network behavioral analysis and characterization in a new hybrid framework. Full article

Distributed denial-of-service (DDoS) attacks are a prevalent threat to resource-constrained IoT deployments. We present an edge-based detection and mitigation system integrated with the oneM2M architecture. By using a Raspberry Pi 4 client and five Raspberry Pi 3 attack nodes in a smart-home testbed, we collected 200,000 packets with 19 features across four traffic states (normal, SYN/UDP/ICMP floods), trained Decision Tree, 2D-CNN, and LSTM models, and deployed the best model on an edge computer for real-time inference. The edge node classifies traffic and triggers per-attack defenses on the device (SYN cookies, UDP/ICMP iptables rules). On a held-out test set, the 2D-CNN achieved 98.45% accuracy, outperforming the LSTM (96.14%) and Decision Tree (93.77%). In end-to-end trials, the system sustained service during SYN floods (time to capture 200 packets increased from 5.05 s to 5.51 s after enabling SYN cookies), mitigated ICMP floods via rate limiting, and flagged UDP floods for administrator intervention due to residual performance degradation. These results show that lightweight, edge-deployed learning with targeted controls can harden oneM2M-based IoT systems against common DDoS vectors. Full article

This paper presents an in-depth review of cybersecurity challenges and advanced solutions in modern power-generation systems, with particular emphasis on smart grids. It examines vulnerabilities in devices such as smart meters (SMs), Phasor Measurement Units (PMUs), and Remote Terminal Units (RTUs) to cyberattacks, including False Data Injection Attacks (FDIAs), Denial of Service (DoS), and Replay Attacks (RAs). The study evaluates cutting-edge detection and mitigation techniques, such as Cluster Partition, Fuzzy Broad Learning System (CP-BLS), multimodal deep learning, and autoencoder models, achieving detection accuracies of (up to 99.99%) for FDIA identification. It explores critical aspects of power generation, including resource assessment, environmental and climatic factors, policy and regulatory frameworks, grid and storage integration, and geopolitical and social dimensions. The paper also addresses the transmission and distribution (T&D) system, emphasizing the role of smart-grid technologies and advanced energy-routing strategies that leverage Artificial Neural Networks (ANNs), Generative Adversarial Networks (GANs), and game-theoretic approaches to optimize energy flows and enhance grid stability. Future research directions include high-resolution forecasting, adaptive optimization, and the integration of quantum–AI methods to improve scalability, reliability, and resilience. Full article

Within the framework of a dynamic memory-event-triggered mechanism (DMETM), this paper proposes an estimate-based secure control algorithm for nonlinear networked control systems (NNCSs) that suffer from hybrid attacks. Firstly, a sampled-data observer is employed utilizing the output signals to estimate the states. Secondly, due to the limitation of data transmission capacity in NNCSs, a novel DMETM with auxiliary variable is proposed, which effectively leverages the benefits of historical sampled data. In the process of network data transmission, a hybrid attack model that simultaneously considers the impact of both deception and denial of service (DoS) attacks is introduced, which can undermine signal integrity and disrupt data transmission. Then, a memory-event-triggered controller is developed, and the mean square stability of the NNCSs can be ensured by selecting some appropriate values. Finally, a numerical simulation and a practical example are given to illustrate the meaning of the designed dynamic memory-event-triggered control (DMETC) algorithm. Full article