Phishing,an Internet fraudwhere individuals are deceived into revealing critical personal and account information,poses a significant risk to both consumers and web-based institutions.Data indicates a persistent rise ...Phishing,an Internet fraudwhere individuals are deceived into revealing critical personal and account information,poses a significant risk to both consumers and web-based institutions.Data indicates a persistent rise in phishing attacks.Moreover,these fraudulent schemes are progressively becoming more intricate,thereby rendering them more challenging to identify.Hence,it is imperative to utilize sophisticated algorithms to address this issue.Machine learning is a highly effective approach for identifying and uncovering these harmful behaviors.Machine learning(ML)approaches can identify common characteristics in most phishing assaults.In this paper,we propose an ensemble approach and compare it with six machine learning techniques to determine the type of website and whether it is normal or not based on two phishing datasets.After that,we used the normalization technique on the dataset to transform the range of all the features into the same range.The findings of this paper for all algorithms are as follows in the first dataset based on accuracy,precision,recall,and F1-score,respectively:Decision Tree(DT)(0.964,0.961,0.976,0.968),Random Forest(RF)(0.970,0.964,0.984,0.974),Gradient Boosting(GB)(0.960,0.959,0.971,0.965),XGBoost(XGB)(0.973,0.976,0.976,0.976),AdaBoost(0.934,0.934,0.950,0.942),Multi Layer Perceptron(MLP)(0.970,0.971,0.976,0.974)and Voting(0.978,0.975,0.987,0.981).So,the Voting classifier gave the best results.While in the second dataset,all the algorithms gave the same results in four evaluation metrics,which indicates that each of them can effectively accomplish the prediction process.Also,this approach outperformed the previous work in detecting phishing websites with high accuracy,a lower false negative rate,a shorter prediction time,and a lower false positive rate.展开更多
Bayesian networks are a powerful class of graphical decision models used to represent causal relationships among variables.However,the reliability and integrity of learned Bayesian network models are highly dependent ...Bayesian networks are a powerful class of graphical decision models used to represent causal relationships among variables.However,the reliability and integrity of learned Bayesian network models are highly dependent on the quality of incoming data streams.One of the primary challenges with Bayesian networks is their vulnerability to adversarial data poisoning attacks,wherein malicious data is injected into the training dataset to negatively influence the Bayesian network models and impair their performance.In this research paper,we propose an efficient framework for detecting data poisoning attacks against Bayesian network structure learning algorithms.Our framework utilizes latent variables to quantify the amount of belief between every two nodes in each causal model over time.We use our innovative methodology to tackle an important issue with data poisoning assaults in the context of Bayesian networks.With regard to four different forms of data poisoning attacks,we specifically aim to strengthen the security and dependability of Bayesian network structure learning techniques,such as the PC algorithm.By doing this,we explore the complexity of this area and offer workablemethods for identifying and reducing these sneaky dangers.Additionally,our research investigates one particular use case,the“Visit to Asia Network.”The practical consequences of using uncertainty as a way to spot cases of data poisoning are explored in this inquiry,which is of utmost relevance.Our results demonstrate the promising efficacy of latent variables in detecting and mitigating the threat of data poisoning attacks.Additionally,our proposed latent-based framework proves to be sensitive in detecting malicious data poisoning attacks in the context of stream data.展开更多
Secure platooning control plays an important role in enhancing the cooperative driving safety of automated vehicles subject to various security vulnerabilities.This paper focuses on the distributed secure control issu...Secure platooning control plays an important role in enhancing the cooperative driving safety of automated vehicles subject to various security vulnerabilities.This paper focuses on the distributed secure control issue of automated vehicles affected by replay attacks.A proportional-integral-observer(PIO)with predetermined forgetting parameters is first constructed to acquire the dynamical information of vehicles.Then,a time-varying parameter and two positive scalars are employed to describe the temporal behavior of replay attacks.In light of such a scheme and the common properties of Laplace matrices,the closed-loop system with PIO-based controllers is transformed into a switched and time-delayed one.Furthermore,some sufficient conditions are derived to achieve the desired platooning performance by the view of the Lyapunov stability theory.The controller gains are analytically determined by resorting to the solution of certain matrix inequalities only dependent on maximum and minimum eigenvalues of communication topologies.Finally,a simulation example is provided to illustrate the effectiveness of the proposed control strategy.展开更多
This study investigates resilient platoon control for constrained intelligent and connected vehicles(ICVs)against F-local Byzantine attacks.We introduce a resilient distributed model-predictive platooning control fram...This study investigates resilient platoon control for constrained intelligent and connected vehicles(ICVs)against F-local Byzantine attacks.We introduce a resilient distributed model-predictive platooning control framework for such ICVs.This framework seamlessly integrates the predesigned optimal control with distributed model predictive control(DMPC)optimization and introduces a unique distributed attack detector to ensure the reliability of the transmitted information among vehicles.Notably,our strategy uses previously broadcasted information and a specialized convex set,termed the“resilience set”,to identify unreliable data.This approach significantly eases graph robustness prerequisites,requiring only an(F+1)-robust graph,in contrast to the established mean sequence reduced algorithms,which require a minimum(2F+1)-robust graph.Additionally,we introduce a verification algorithm to restore trust in vehicles under minor attacks,further reducing communication network robustness.Our analysis demonstrates the recursive feasibility of the DMPC optimization.Furthermore,the proposed method achieves exceptional control performance by minimizing the discrepancies between the DMPC control inputs and predesigned platoon control inputs,while ensuring constraint compliance and cybersecurity.Simulation results verify the effectiveness of our theoretical findings.展开更多
Owing to the integration of energy digitization and artificial intelligence technology,smart energy grids can realize the stable,efficient and clean operation of power systems.However,the emergence of cyber-physical a...Owing to the integration of energy digitization and artificial intelligence technology,smart energy grids can realize the stable,efficient and clean operation of power systems.However,the emergence of cyber-physical attacks,such as dynamic load-altering attacks(DLAAs)has introduced great challenges to the security of smart energy grids.Thus,this study developed a novel cyber-physical collaborative security framework for DLAAs in smart energy grids.The proposed framework integrates attack prediction in the cyber layer with the detection and localization of attacks in the physical layer.First,a data-driven method was proposed to predict the DLAA sequence in the cyber layer.By designing a double radial basis function network,the influence of disturbances on attack prediction can be eliminated.Based on the prediction results,an unknown input observer-based detection and localization method was further developed for the physical layer.In addition,an adaptive threshold was designed to replace the traditional precomputed threshold and improve the detection performance of the DLAAs.Consequently,through the collaborative work of the cyber-physics layer,injected DLAAs were effectively detected and located.Compared with existing methodologies,the simulation results on IEEE 14-bus and 118-bus power systems verified the superiority of the proposed cyber-physical collaborative detection and localization against DLAAs.展开更多
The rapid increase in vehicle traffic volume in modern societies has raised the need to develop innovative solutions to reduce traffic congestion and enhance traffic management efficiency.Revolutionary advanced techno...The rapid increase in vehicle traffic volume in modern societies has raised the need to develop innovative solutions to reduce traffic congestion and enhance traffic management efficiency.Revolutionary advanced technology,such as Intelligent Transportation Systems(ITS),enables improved traffic management,helps eliminate congestion,and supports a safer environment.ITS provides real-time information on vehicle traffic and transportation systems that can improve decision-making for road users.However,ITS suffers from routing issues at the network layer when utilising Vehicular Ad Hoc Networks(VANETs).This is because each vehicle plays the role of a router in this network,which leads to a complex vehicle communication network,causing issues such as repeated link breakages between vehicles resulting from the mobility of the network and rapid topological variation.This may lead to loss or delay in packet transmissions;this weakness can be exploited in routing attacks,such as black-hole and gray-hole attacks,that threaten the availability of ITS services.In this paper,a Blockchain-based smart contracts model is proposed to offer convenient and comprehensive security mechanisms,enhancing the trustworthiness between vehicles.Self-Classification Blockchain-Based Contracts(SCBC)and Voting-Classification Blockchain-Based Contracts(VCBC)are utilised in the proposed protocol.The results show that VCBC succeeds in attaining better results in PDR and TP performance even in the presence of Blackhole and Grayhole attacks.展开更多
This paper is aimed at the distributed fault estimation issue associated with the potential loss of actuator efficiency for a type of discrete-time nonlinear systems with sensor saturation.For the distributed estimati...This paper is aimed at the distributed fault estimation issue associated with the potential loss of actuator efficiency for a type of discrete-time nonlinear systems with sensor saturation.For the distributed estimation structure under consideration,an estimation center is not necessary,and the estimator derives its information from itself and neighboring nodes,which fuses the state vector and the measurement vector.In an effort to cut down data conflicts in communication networks,the stochastic communication protocol(SCP)is employed so that the output signals from sensors can be selected.Additionally,a recursive security estimator scheme is created since attackers randomly inject malicious signals into the selected data.On this basis,sufficient conditions for a fault estimator with less conservatism are presented which ensure an upper bound of the estimation error covariance and the mean-square exponential boundedness of the estimating error.Finally,a numerical example is used to show the reliability and effectiveness of the considered distributed estimation algorithm.展开更多
As modern communication technology advances apace,the digital communication signals identification plays an important role in cognitive radio networks,the communication monitoring and management systems.AI has become ...As modern communication technology advances apace,the digital communication signals identification plays an important role in cognitive radio networks,the communication monitoring and management systems.AI has become a promising solution to this problem due to its powerful modeling capability,which has become a consensus in academia and industry.However,because of the data-dependence and inexplicability of AI models and the openness of electromagnetic space,the physical layer digital communication signals identification model is threatened by adversarial attacks.Adversarial examples pose a common threat to AI models,where well-designed and slight perturbations added to input data can cause wrong results.Therefore,the security of AI models for the digital communication signals identification is the premise of its efficient and credible applications.In this paper,we first launch adversarial attacks on the end-to-end AI model for automatic modulation classifi-cation,and then we explain and present three defense mechanisms based on the adversarial principle.Next we present more detailed adversarial indicators to evaluate attack and defense behavior.Finally,a demonstration verification system is developed to show that the adversarial attack is a real threat to the digital communication signals identification model,which should be paid more attention in future research.展开更多
Future 6G communications are envisioned to enable a large catalogue of pioneering applications.These will range from networked Cyber-Physical Systems to edge computing devices,establishing real-time feedback control l...Future 6G communications are envisioned to enable a large catalogue of pioneering applications.These will range from networked Cyber-Physical Systems to edge computing devices,establishing real-time feedback control loops critical for managing Industry 5.0 deployments,digital agriculture systems,and essential infrastructures.The provision of extensive machine-type communications through 6G will render many of these innovative systems autonomous and unsupervised.While full automation will enhance industrial efficiency significantly,it concurrently introduces new cyber risks and vulnerabilities.In particular,unattended systems are highly susceptible to trust issues:malicious nodes and false information can be easily introduced into control loops.Additionally,Denialof-Service attacks can be executed by inundating the network with valueless noise.Current anomaly detection schemes require the entire transformation of the control software to integrate new steps and can only mitigate anomalies that conform to predefined mathematical models.Solutions based on an exhaustive data collection to detect anomalies are precise but extremely slow.Standard models,with their limited understanding of mobile networks,can achieve precision rates no higher than 75%.Therefore,more general and transversal protection mechanisms are needed to detect malicious behaviors transparently.This paper introduces a probabilistic trust model and control algorithm designed to address this gap.The model determines the probability of any node to be trustworthy.Communication channels are pruned for those nodes whose probability is below a given threshold.The trust control algorithmcomprises three primary phases,which feed themodel with three different probabilities,which are weighted and combined.Initially,anomalous nodes are identified using Gaussian mixture models and clustering technologies.Next,traffic patterns are studied using digital Bessel functions and the functional scalar product.Finally,the information coherence and content are analyzed.The noise content and abnormal information sequences are detected using a Volterra filter and a bank of Finite Impulse Response filters.An experimental validation based on simulation tools and environments was carried out.Results show the proposed solution can successfully detect up to 92%of malicious data injection attacks.展开更多
In vehicle edge computing(VEC),asynchronous federated learning(AFL)is used,where the edge receives a local model and updates the global model,effectively reducing the global aggregation latency.Due to different amount...In vehicle edge computing(VEC),asynchronous federated learning(AFL)is used,where the edge receives a local model and updates the global model,effectively reducing the global aggregation latency.Due to different amounts of local data,computing capabilities and locations of the vehicles,renewing the global model with same weight is inappropriate.The above factors will affect the local calculation time and upload time of the local model,and the vehicle may also be affected by Byzantine attacks,leading to the deterioration of the vehicle data.However,based on deep reinforcement learning(DRL),we can consider these factors comprehensively to eliminate vehicles with poor performance as much as possible and exclude vehicles that have suffered Byzantine attacks before AFL.At the same time,when aggregating AFL,we can focus on those vehicles with better performance to improve the accuracy and safety of the system.In this paper,we proposed a vehicle selection scheme based on DRL in VEC.In this scheme,vehicle’s mobility,channel conditions with temporal variations,computational resources with temporal variations,different data amount,transmission channel status of vehicles as well as Byzantine attacks were taken into account.Simulation results show that the proposed scheme effectively improves the safety and accuracy of the global model.展开更多
With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detectin...With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detecting and alerting against malicious activity.IDS is important in developing advanced security models.This study reviews the importance of various techniques,tools,and methods used in IoT detection and/or prevention systems.Specifically,it focuses on machine learning(ML)and deep learning(DL)techniques for IDS.This paper proposes an accurate intrusion detection model to detect traditional and new attacks on the Internet of Vehicles.To speed up the detection of recent attacks,the proposed network architecture developed at the data processing layer is incorporated with a convolutional neural network(CNN),which performs better than a support vector machine(SVM).Processing data are enhanced using the synthetic minority oversampling technique to ensure learning accuracy.The nearest class mean classifier is applied during the testing phase to identify new attacks.Experimental results using the AWID dataset,which is one of the most common open intrusion detection datasets,revealed a higher detection accuracy(94%)compared to SVM and random forest methods.展开更多
Adversarial attacks have been posing significant security concerns to intelligent systems,such as speaker recognition systems(SRSs).Most attacks assume the neural networks in the systems are known beforehand,while bla...Adversarial attacks have been posing significant security concerns to intelligent systems,such as speaker recognition systems(SRSs).Most attacks assume the neural networks in the systems are known beforehand,while black-box attacks are proposed without such information to meet practical situations.Existing black-box attacks improve trans-ferability by integrating multiple models or training on multiple datasets,but these methods are costly.Motivated by the optimisation strategy with spatial information on the perturbed paths and samples,we propose a Dual Spatial Momentum Iterative Fast Gradient Sign Method(DS-MI-FGSM)to improve the transferability of black-box at-tacks against SRSs.Specifically,DS-MI-FGSM only needs a single data and one model as the input;by extending to the data and model neighbouring spaces,it generates adver-sarial examples against the integrating models.To reduce the risk of overfitting,DS-MI-FGSM also introduces gradient masking to improve transferability.The authors conduct extensive experiments regarding the speaker recognition task,and the results demonstrate the effectiveness of their method,which can achieve up to 92%attack success rate on the victim model in black-box scenarios with only one known model.展开更多
This case report investigates the manifestation of cerebral amyloid angiopathy (CAA) through recurrent Transient Ischemic Attacks (TIAs) in an 82-year-old patient. Despite initial diagnostic complexities, cerebral ang...This case report investigates the manifestation of cerebral amyloid angiopathy (CAA) through recurrent Transient Ischemic Attacks (TIAs) in an 82-year-old patient. Despite initial diagnostic complexities, cerebral angiography-MRI revealed features indicative of CAA. Symptomatic treatment resulted in improvement, but the patient later developed a fatal hematoma. The discussion navigates the intricate therapeutic landscape of repetitive TIAs in the elderly with cardiovascular risk factors, emphasizing the pivotal role of cerebral MRI and meticulous bleeding risk management. The conclusion stresses the importance of incorporating SWI sequences, specifically when suspecting a cardioembolic TIA, as a diagnostic measure to explore and exclude CAA in the differential diagnosis. This case report provides valuable insights into these challenges, highlighting the need to consider CAA in relevant cases.展开更多
Users face the threat of trajectory privacy leakage when using location-based service applications, especially when their behavior is collected and stored for a long period of time. This accumulated information is exp...Users face the threat of trajectory privacy leakage when using location-based service applications, especially when their behavior is collected and stored for a long period of time. This accumulated information is exploited by opponents, greatly increasing the risk of trajectory privacy leakage. This attack method is called a long-term observation attack. On the premise of ensuring lower time overhead and higher cache contribution rate, the existing methods cannot utilize cache to answer subsequent queries while also resisting long-term observation attacks. So this article proposes a trajectory privacy protection method to resist long-term observation attacks. This method combines caching technology and improves the existing differential privacy mechanism, while incorporating randomization factors that are difficult for attackers to recognize after long-term observation to enhance privacy. Search for locations in the cache of both the mobile client and edge server that can replace the user’s actual location. If there are replacement users in the cache, the query results can be obtained more quickly. Simultaneously obfuscating the spatiotemporal correlation of actual trajectories by generating confusion regions. If it does not exist, the obfuscated location generation method that resists long-term observation attacks is executed to generate the real anonymous area and send it to the service provider. The above steps can comprehensively protect the user’s trajectory privacy. The experimental results show that this method can protect user trajectories from long-term observation attacks while ensuring low time overhead and a high cache contribution rate.展开更多
In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by Io...In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by IoT technology,the growing number of IoT devices escalates the likelihood of attacks,emphasizing the need for robust security tools to automatically detect and explain threats.This paper introduces a deep learning methodology for detecting and classifying distributed denial of service(DDoS)attacks,addressing a significant security concern within IoT environments.An effective procedure of deep transfer learning is applied to utilize deep learning backbones,which is then evaluated on two benchmarking datasets of DDoS attacks in terms of accuracy and time complexity.By leveraging several deep architectures,the study conducts thorough binary and multiclass experiments,each varying in the complexity of classifying attack types and demonstrating real-world scenarios.Additionally,this study employs an explainable artificial intelligence(XAI)AI technique to elucidate the contribution of extracted features in the process of attack detection.The experimental results demonstrate the effectiveness of the proposed method,achieving a recall of 99.39%by the XAI bidirectional long short-term memory(XAI-BiLSTM)model.展开更多
Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misr...Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misreporting of normal data,which will impact the normal operation of IoT.To mitigate the impact caused by the high false positive rate of ADS,this paper proposes an ADS management scheme for clustered IoT.First,we model the data transmission and anomaly detection in clustered IoT.Then,the operation strategy of the clustered IoT is formulated as the running probabilities of all ADSs deployed on every IoT device.In the presence of a high false positive rate in ADSs,to deal with the trade-off between the security and availability of data,we develop a linear programming model referred to as a security trade-off(ST)model.Next,we develop an analysis framework for the ST model,and solve the ST model on an IoT simulation platform.Last,we reveal the effect of some factors on the maximum combined detection rate through theoretical analysis.Simulations show that the ADS management scheme can mitigate the data unavailability loss caused by the high false positive rates in ADS.展开更多
The Internet of Things(IoT)is a growing technology that allows the sharing of data with other devices across wireless networks.Specifically,IoT systems are vulnerable to cyberattacks due to its opennes The proposed wo...The Internet of Things(IoT)is a growing technology that allows the sharing of data with other devices across wireless networks.Specifically,IoT systems are vulnerable to cyberattacks due to its opennes The proposed work intends to implement a new security framework for detecting the most specific and harmful intrusions in IoT networks.In this framework,a Covariance Linear Learning Embedding Selection(CL2ES)methodology is used at first to extract the features highly associated with the IoT intrusions.Then,the Kernel Distributed Bayes Classifier(KDBC)is created to forecast attacks based on the probability distribution value precisely.In addition,a unique Mongolian Gazellas Optimization(MGO)algorithm is used to optimize the weight value for the learning of the classifier.The effectiveness of the proposed CL2ES-KDBC framework has been assessed using several IoT cyber-attack datasets,The obtained results are then compared with current classification methods regarding accuracy(97%),precision(96.5%),and other factors.Computational analysis of the CL2ES-KDBC system on IoT intrusion datasets is performed,which provides valuable insight into its performance,efficiency,and suitability for securing IoT networks.展开更多
Deep Neural Networks(DNNs)are integral to various aspects of modern life,enhancing work efficiency.Nonethe-less,their susceptibility to diverse attack methods,including backdoor attacks,raises security concerns.We aim...Deep Neural Networks(DNNs)are integral to various aspects of modern life,enhancing work efficiency.Nonethe-less,their susceptibility to diverse attack methods,including backdoor attacks,raises security concerns.We aim to investigate backdoor attack methods for image categorization tasks,to promote the development of DNN towards higher security.Research on backdoor attacks currently faces significant challenges due to the distinct and abnormal data patterns of malicious samples,and the meticulous data screening by developers,hindering practical attack implementation.To overcome these challenges,this study proposes a Gaussian Noise-Targeted Universal Adversarial Perturbation(GN-TUAP)algorithm.This approach restricts the direction of perturbations and normalizes abnormal pixel values,ensuring that perturbations progress as much as possible in a direction perpendicular to the decision hyperplane in linear problems.This limits anomalies within the perturbations improves their visual stealthiness,and makes them more challenging for defense methods to detect.To verify the effectiveness,stealthiness,and robustness of GN-TUAP,we proposed a comprehensive threat model.Based on this model,extensive experiments were conducted using the CIFAR-10,CIFAR-100,GTSRB,and MNIST datasets,comparing our method with existing state-of-the-art attack methods.We also tested our perturbation triggers using various defense methods and further experimented on the robustness of the triggers against noise filtering techniques.The experimental outcomes demonstrate that backdoor attacks leveraging perturbations generated via our algorithm exhibit cross-model attack effectiveness and superior stealthiness.Furthermore,they possess robust anti-detection capabilities and maintain commendable performance when subjected to noise-filtering methods.展开更多
The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are ...The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.展开更多
Network attack detection and mitigation require packet collection,pre-processing,feature analysis,classification,and post-processing.Models for these tasks sometimes become complex or inefficient when applied to real-...Network attack detection and mitigation require packet collection,pre-processing,feature analysis,classification,and post-processing.Models for these tasks sometimes become complex or inefficient when applied to real-time data samples.To mitigate hybrid assaults,this study designs an efficient forensic layer employing deep learning pattern analysis and multidomain feature extraction.In this paper,we provide a novel multidomain feature extraction method using Fourier,Z,Laplace,Discrete Cosine Transform(DCT),1D Haar Wavelet,Gabor,and Convolutional Operations.Evolutionary method dragon fly optimisation reduces feature dimensionality and improves feature selection accuracy.The selected features are fed into VGGNet and GoogLeNet models using binary cascaded neural networks to analyse network traffic patterns,detect anomalies,and warn network administrators.The suggested model tackles the inadequacies of existing approaches to hybrid threats,which are growing more common and challenge conventional security measures.Our model integrates multidomain feature extraction,deep learning pattern analysis,and the forensic layer to improve intrusion detection and prevention systems.In diverse attack scenarios,our technique has 3.5% higher accuracy,4.3% higher precision,8.5% higher recall,and 2.9% lower delay than previous models.展开更多
基金funding from Deanship of Scientific Research in King Faisal University with Grant Number KFU 241085.
文摘Phishing,an Internet fraudwhere individuals are deceived into revealing critical personal and account information,poses a significant risk to both consumers and web-based institutions.Data indicates a persistent rise in phishing attacks.Moreover,these fraudulent schemes are progressively becoming more intricate,thereby rendering them more challenging to identify.Hence,it is imperative to utilize sophisticated algorithms to address this issue.Machine learning is a highly effective approach for identifying and uncovering these harmful behaviors.Machine learning(ML)approaches can identify common characteristics in most phishing assaults.In this paper,we propose an ensemble approach and compare it with six machine learning techniques to determine the type of website and whether it is normal or not based on two phishing datasets.After that,we used the normalization technique on the dataset to transform the range of all the features into the same range.The findings of this paper for all algorithms are as follows in the first dataset based on accuracy,precision,recall,and F1-score,respectively:Decision Tree(DT)(0.964,0.961,0.976,0.968),Random Forest(RF)(0.970,0.964,0.984,0.974),Gradient Boosting(GB)(0.960,0.959,0.971,0.965),XGBoost(XGB)(0.973,0.976,0.976,0.976),AdaBoost(0.934,0.934,0.950,0.942),Multi Layer Perceptron(MLP)(0.970,0.971,0.976,0.974)and Voting(0.978,0.975,0.987,0.981).So,the Voting classifier gave the best results.While in the second dataset,all the algorithms gave the same results in four evaluation metrics,which indicates that each of them can effectively accomplish the prediction process.Also,this approach outperformed the previous work in detecting phishing websites with high accuracy,a lower false negative rate,a shorter prediction time,and a lower false positive rate.
文摘Bayesian networks are a powerful class of graphical decision models used to represent causal relationships among variables.However,the reliability and integrity of learned Bayesian network models are highly dependent on the quality of incoming data streams.One of the primary challenges with Bayesian networks is their vulnerability to adversarial data poisoning attacks,wherein malicious data is injected into the training dataset to negatively influence the Bayesian network models and impair their performance.In this research paper,we propose an efficient framework for detecting data poisoning attacks against Bayesian network structure learning algorithms.Our framework utilizes latent variables to quantify the amount of belief between every two nodes in each causal model over time.We use our innovative methodology to tackle an important issue with data poisoning assaults in the context of Bayesian networks.With regard to four different forms of data poisoning attacks,we specifically aim to strengthen the security and dependability of Bayesian network structure learning techniques,such as the PC algorithm.By doing this,we explore the complexity of this area and offer workablemethods for identifying and reducing these sneaky dangers.Additionally,our research investigates one particular use case,the“Visit to Asia Network.”The practical consequences of using uncertainty as a way to spot cases of data poisoning are explored in this inquiry,which is of utmost relevance.Our results demonstrate the promising efficacy of latent variables in detecting and mitigating the threat of data poisoning attacks.Additionally,our proposed latent-based framework proves to be sensitive in detecting malicious data poisoning attacks in the context of stream data.
基金supported in part by the National Natural Science Foundation of China (61973219,U21A2019,61873058)the Hainan Province Science and Technology Special Fund (ZDYF2022SHFZ105)。
文摘Secure platooning control plays an important role in enhancing the cooperative driving safety of automated vehicles subject to various security vulnerabilities.This paper focuses on the distributed secure control issue of automated vehicles affected by replay attacks.A proportional-integral-observer(PIO)with predetermined forgetting parameters is first constructed to acquire the dynamical information of vehicles.Then,a time-varying parameter and two positive scalars are employed to describe the temporal behavior of replay attacks.In light of such a scheme and the common properties of Laplace matrices,the closed-loop system with PIO-based controllers is transformed into a switched and time-delayed one.Furthermore,some sufficient conditions are derived to achieve the desired platooning performance by the view of the Lyapunov stability theory.The controller gains are analytically determined by resorting to the solution of certain matrix inequalities only dependent on maximum and minimum eigenvalues of communication topologies.Finally,a simulation example is provided to illustrate the effectiveness of the proposed control strategy.
基金the financial support from the Natural Sciences and Engineering Research Council of Canada(NSERC)。
文摘This study investigates resilient platoon control for constrained intelligent and connected vehicles(ICVs)against F-local Byzantine attacks.We introduce a resilient distributed model-predictive platooning control framework for such ICVs.This framework seamlessly integrates the predesigned optimal control with distributed model predictive control(DMPC)optimization and introduces a unique distributed attack detector to ensure the reliability of the transmitted information among vehicles.Notably,our strategy uses previously broadcasted information and a specialized convex set,termed the“resilience set”,to identify unreliable data.This approach significantly eases graph robustness prerequisites,requiring only an(F+1)-robust graph,in contrast to the established mean sequence reduced algorithms,which require a minimum(2F+1)-robust graph.Additionally,we introduce a verification algorithm to restore trust in vehicles under minor attacks,further reducing communication network robustness.Our analysis demonstrates the recursive feasibility of the DMPC optimization.Furthermore,the proposed method achieves exceptional control performance by minimizing the discrepancies between the DMPC control inputs and predesigned platoon control inputs,while ensuring constraint compliance and cybersecurity.Simulation results verify the effectiveness of our theoretical findings.
基金supported by the National Nature Science Foundation of China under 62203376the Science and Technology Plan of Hebei Education Department under QN2021139+1 种基金the Nature Science Foundation of Hebei Province under F2021203043the Open Research Fund of Jiangsu Collaborative Innovation Center for Smart Distribution Network,Nanjing Institute of Technology under No.XTCX202203.
文摘Owing to the integration of energy digitization and artificial intelligence technology,smart energy grids can realize the stable,efficient and clean operation of power systems.However,the emergence of cyber-physical attacks,such as dynamic load-altering attacks(DLAAs)has introduced great challenges to the security of smart energy grids.Thus,this study developed a novel cyber-physical collaborative security framework for DLAAs in smart energy grids.The proposed framework integrates attack prediction in the cyber layer with the detection and localization of attacks in the physical layer.First,a data-driven method was proposed to predict the DLAA sequence in the cyber layer.By designing a double radial basis function network,the influence of disturbances on attack prediction can be eliminated.Based on the prediction results,an unknown input observer-based detection and localization method was further developed for the physical layer.In addition,an adaptive threshold was designed to replace the traditional precomputed threshold and improve the detection performance of the DLAAs.Consequently,through the collaborative work of the cyber-physics layer,injected DLAAs were effectively detected and located.Compared with existing methodologies,the simulation results on IEEE 14-bus and 118-bus power systems verified the superiority of the proposed cyber-physical collaborative detection and localization against DLAAs.
文摘The rapid increase in vehicle traffic volume in modern societies has raised the need to develop innovative solutions to reduce traffic congestion and enhance traffic management efficiency.Revolutionary advanced technology,such as Intelligent Transportation Systems(ITS),enables improved traffic management,helps eliminate congestion,and supports a safer environment.ITS provides real-time information on vehicle traffic and transportation systems that can improve decision-making for road users.However,ITS suffers from routing issues at the network layer when utilising Vehicular Ad Hoc Networks(VANETs).This is because each vehicle plays the role of a router in this network,which leads to a complex vehicle communication network,causing issues such as repeated link breakages between vehicles resulting from the mobility of the network and rapid topological variation.This may lead to loss or delay in packet transmissions;this weakness can be exploited in routing attacks,such as black-hole and gray-hole attacks,that threaten the availability of ITS services.In this paper,a Blockchain-based smart contracts model is proposed to offer convenient and comprehensive security mechanisms,enhancing the trustworthiness between vehicles.Self-Classification Blockchain-Based Contracts(SCBC)and Voting-Classification Blockchain-Based Contracts(VCBC)are utilised in the proposed protocol.The results show that VCBC succeeds in attaining better results in PDR and TP performance even in the presence of Blackhole and Grayhole attacks.
基金supported in part by the National Natural Science Foundation of China(62073189,62173207)the Taishan Scholar Project of Shandong Province(tsqn202211129)。
文摘This paper is aimed at the distributed fault estimation issue associated with the potential loss of actuator efficiency for a type of discrete-time nonlinear systems with sensor saturation.For the distributed estimation structure under consideration,an estimation center is not necessary,and the estimator derives its information from itself and neighboring nodes,which fuses the state vector and the measurement vector.In an effort to cut down data conflicts in communication networks,the stochastic communication protocol(SCP)is employed so that the output signals from sensors can be selected.Additionally,a recursive security estimator scheme is created since attackers randomly inject malicious signals into the selected data.On this basis,sufficient conditions for a fault estimator with less conservatism are presented which ensure an upper bound of the estimation error covariance and the mean-square exponential boundedness of the estimating error.Finally,a numerical example is used to show the reliability and effectiveness of the considered distributed estimation algorithm.
基金supported by the National Natural Science Foundation of China(61771154)the Fundamental Research Funds for the Central Universities(3072022CF0601)supported by Key Laboratory of Advanced Marine Communication and Information Technology,Ministry of Industry and Information Technology,Harbin Engineering University,Harbin,China.
文摘As modern communication technology advances apace,the digital communication signals identification plays an important role in cognitive radio networks,the communication monitoring and management systems.AI has become a promising solution to this problem due to its powerful modeling capability,which has become a consensus in academia and industry.However,because of the data-dependence and inexplicability of AI models and the openness of electromagnetic space,the physical layer digital communication signals identification model is threatened by adversarial attacks.Adversarial examples pose a common threat to AI models,where well-designed and slight perturbations added to input data can cause wrong results.Therefore,the security of AI models for the digital communication signals identification is the premise of its efficient and credible applications.In this paper,we first launch adversarial attacks on the end-to-end AI model for automatic modulation classifi-cation,and then we explain and present three defense mechanisms based on the adversarial principle.Next we present more detailed adversarial indicators to evaluate attack and defense behavior.Finally,a demonstration verification system is developed to show that the adversarial attack is a real threat to the digital communication signals identification model,which should be paid more attention in future research.
基金funding by Comunidad de Madrid within the framework of the Multiannual Agreement with Universidad Politécnica de Madrid to encourage research by young doctors(PRINCE project).
文摘Future 6G communications are envisioned to enable a large catalogue of pioneering applications.These will range from networked Cyber-Physical Systems to edge computing devices,establishing real-time feedback control loops critical for managing Industry 5.0 deployments,digital agriculture systems,and essential infrastructures.The provision of extensive machine-type communications through 6G will render many of these innovative systems autonomous and unsupervised.While full automation will enhance industrial efficiency significantly,it concurrently introduces new cyber risks and vulnerabilities.In particular,unattended systems are highly susceptible to trust issues:malicious nodes and false information can be easily introduced into control loops.Additionally,Denialof-Service attacks can be executed by inundating the network with valueless noise.Current anomaly detection schemes require the entire transformation of the control software to integrate new steps and can only mitigate anomalies that conform to predefined mathematical models.Solutions based on an exhaustive data collection to detect anomalies are precise but extremely slow.Standard models,with their limited understanding of mobile networks,can achieve precision rates no higher than 75%.Therefore,more general and transversal protection mechanisms are needed to detect malicious behaviors transparently.This paper introduces a probabilistic trust model and control algorithm designed to address this gap.The model determines the probability of any node to be trustworthy.Communication channels are pruned for those nodes whose probability is below a given threshold.The trust control algorithmcomprises three primary phases,which feed themodel with three different probabilities,which are weighted and combined.Initially,anomalous nodes are identified using Gaussian mixture models and clustering technologies.Next,traffic patterns are studied using digital Bessel functions and the functional scalar product.Finally,the information coherence and content are analyzed.The noise content and abnormal information sequences are detected using a Volterra filter and a bank of Finite Impulse Response filters.An experimental validation based on simulation tools and environments was carried out.Results show the proposed solution can successfully detect up to 92%of malicious data injection attacks.
基金supported in part by the National Natural Science Foundation of China(No.61701197)in part by the National Key Research and Development Program of China(No.2021YFA1000500(4))in part by the 111 Project(No.B23008).
文摘In vehicle edge computing(VEC),asynchronous federated learning(AFL)is used,where the edge receives a local model and updates the global model,effectively reducing the global aggregation latency.Due to different amounts of local data,computing capabilities and locations of the vehicles,renewing the global model with same weight is inappropriate.The above factors will affect the local calculation time and upload time of the local model,and the vehicle may also be affected by Byzantine attacks,leading to the deterioration of the vehicle data.However,based on deep reinforcement learning(DRL),we can consider these factors comprehensively to eliminate vehicles with poor performance as much as possible and exclude vehicles that have suffered Byzantine attacks before AFL.At the same time,when aggregating AFL,we can focus on those vehicles with better performance to improve the accuracy and safety of the system.In this paper,we proposed a vehicle selection scheme based on DRL in VEC.In this scheme,vehicle’s mobility,channel conditions with temporal variations,computational resources with temporal variations,different data amount,transmission channel status of vehicles as well as Byzantine attacks were taken into account.Simulation results show that the proposed scheme effectively improves the safety and accuracy of the global model.
基金The author extends the appreciation to the Deanship of Postgraduate Studies and Scientific Research atMajmaah University for funding this research work through the project number(R-2024-920).
文摘With the increasing number of connected devices in the Internet of Things(IoT)era,the number of intrusions is also increasing.An intrusion detection system(IDS)is a secondary intelligent system for monitoring,detecting and alerting against malicious activity.IDS is important in developing advanced security models.This study reviews the importance of various techniques,tools,and methods used in IoT detection and/or prevention systems.Specifically,it focuses on machine learning(ML)and deep learning(DL)techniques for IDS.This paper proposes an accurate intrusion detection model to detect traditional and new attacks on the Internet of Vehicles.To speed up the detection of recent attacks,the proposed network architecture developed at the data processing layer is incorporated with a convolutional neural network(CNN),which performs better than a support vector machine(SVM).Processing data are enhanced using the synthetic minority oversampling technique to ensure learning accuracy.The nearest class mean classifier is applied during the testing phase to identify new attacks.Experimental results using the AWID dataset,which is one of the most common open intrusion detection datasets,revealed a higher detection accuracy(94%)compared to SVM and random forest methods.
基金The Major Key Project of PCL,Grant/Award Number:PCL2022A03National Natural Science Foundation of China,Grant/Award Numbers:61976064,62372137Zhejiang Provincial Natural Science Foundation of China,Grant/Award Number:LZ22F020007。
文摘Adversarial attacks have been posing significant security concerns to intelligent systems,such as speaker recognition systems(SRSs).Most attacks assume the neural networks in the systems are known beforehand,while black-box attacks are proposed without such information to meet practical situations.Existing black-box attacks improve trans-ferability by integrating multiple models or training on multiple datasets,but these methods are costly.Motivated by the optimisation strategy with spatial information on the perturbed paths and samples,we propose a Dual Spatial Momentum Iterative Fast Gradient Sign Method(DS-MI-FGSM)to improve the transferability of black-box at-tacks against SRSs.Specifically,DS-MI-FGSM only needs a single data and one model as the input;by extending to the data and model neighbouring spaces,it generates adver-sarial examples against the integrating models.To reduce the risk of overfitting,DS-MI-FGSM also introduces gradient masking to improve transferability.The authors conduct extensive experiments regarding the speaker recognition task,and the results demonstrate the effectiveness of their method,which can achieve up to 92%attack success rate on the victim model in black-box scenarios with only one known model.
文摘This case report investigates the manifestation of cerebral amyloid angiopathy (CAA) through recurrent Transient Ischemic Attacks (TIAs) in an 82-year-old patient. Despite initial diagnostic complexities, cerebral angiography-MRI revealed features indicative of CAA. Symptomatic treatment resulted in improvement, but the patient later developed a fatal hematoma. The discussion navigates the intricate therapeutic landscape of repetitive TIAs in the elderly with cardiovascular risk factors, emphasizing the pivotal role of cerebral MRI and meticulous bleeding risk management. The conclusion stresses the importance of incorporating SWI sequences, specifically when suspecting a cardioembolic TIA, as a diagnostic measure to explore and exclude CAA in the differential diagnosis. This case report provides valuable insights into these challenges, highlighting the need to consider CAA in relevant cases.
文摘Users face the threat of trajectory privacy leakage when using location-based service applications, especially when their behavior is collected and stored for a long period of time. This accumulated information is exploited by opponents, greatly increasing the risk of trajectory privacy leakage. This attack method is called a long-term observation attack. On the premise of ensuring lower time overhead and higher cache contribution rate, the existing methods cannot utilize cache to answer subsequent queries while also resisting long-term observation attacks. So this article proposes a trajectory privacy protection method to resist long-term observation attacks. This method combines caching technology and improves the existing differential privacy mechanism, while incorporating randomization factors that are difficult for attackers to recognize after long-term observation to enhance privacy. Search for locations in the cache of both the mobile client and edge server that can replace the user’s actual location. If there are replacement users in the cache, the query results can be obtained more quickly. Simultaneously obfuscating the spatiotemporal correlation of actual trajectories by generating confusion regions. If it does not exist, the obfuscated location generation method that resists long-term observation attacks is executed to generate the real anonymous area and send it to the service provider. The above steps can comprehensively protect the user’s trajectory privacy. The experimental results show that this method can protect user trajectories from long-term observation attacks while ensuring low time overhead and a high cache contribution rate.
文摘In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by IoT technology,the growing number of IoT devices escalates the likelihood of attacks,emphasizing the need for robust security tools to automatically detect and explain threats.This paper introduces a deep learning methodology for detecting and classifying distributed denial of service(DDoS)attacks,addressing a significant security concern within IoT environments.An effective procedure of deep transfer learning is applied to utilize deep learning backbones,which is then evaluated on two benchmarking datasets of DDoS attacks in terms of accuracy and time complexity.By leveraging several deep architectures,the study conducts thorough binary and multiclass experiments,each varying in the complexity of classifying attack types and demonstrating real-world scenarios.Additionally,this study employs an explainable artificial intelligence(XAI)AI technique to elucidate the contribution of extracted features in the process of attack detection.The experimental results demonstrate the effectiveness of the proposed method,achieving a recall of 99.39%by the XAI bidirectional long short-term memory(XAI-BiLSTM)model.
基金This study was funded by the Chongqing Normal University Startup Foundation for PhD(22XLB021)was also supported by the Open Research Project of the State Key Laboratory of Industrial Control Technology,Zhejiang University,China(No.ICT2023B40).
文摘Internet of Things(IoT)is vulnerable to data-tampering(DT)attacks.Due to resource limitations,many anomaly detection systems(ADSs)for IoT have high false positive rates when detecting DT attacks.This leads to the misreporting of normal data,which will impact the normal operation of IoT.To mitigate the impact caused by the high false positive rate of ADS,this paper proposes an ADS management scheme for clustered IoT.First,we model the data transmission and anomaly detection in clustered IoT.Then,the operation strategy of the clustered IoT is formulated as the running probabilities of all ADSs deployed on every IoT device.In the presence of a high false positive rate in ADSs,to deal with the trade-off between the security and availability of data,we develop a linear programming model referred to as a security trade-off(ST)model.Next,we develop an analysis framework for the ST model,and solve the ST model on an IoT simulation platform.Last,we reveal the effect of some factors on the maximum combined detection rate through theoretical analysis.Simulations show that the ADS management scheme can mitigate the data unavailability loss caused by the high false positive rates in ADS.
文摘The Internet of Things(IoT)is a growing technology that allows the sharing of data with other devices across wireless networks.Specifically,IoT systems are vulnerable to cyberattacks due to its opennes The proposed work intends to implement a new security framework for detecting the most specific and harmful intrusions in IoT networks.In this framework,a Covariance Linear Learning Embedding Selection(CL2ES)methodology is used at first to extract the features highly associated with the IoT intrusions.Then,the Kernel Distributed Bayes Classifier(KDBC)is created to forecast attacks based on the probability distribution value precisely.In addition,a unique Mongolian Gazellas Optimization(MGO)algorithm is used to optimize the weight value for the learning of the classifier.The effectiveness of the proposed CL2ES-KDBC framework has been assessed using several IoT cyber-attack datasets,The obtained results are then compared with current classification methods regarding accuracy(97%),precision(96.5%),and other factors.Computational analysis of the CL2ES-KDBC system on IoT intrusion datasets is performed,which provides valuable insight into its performance,efficiency,and suitability for securing IoT networks.
基金funded by National Natural Science Foundation of China under Grant No.61806171The Sichuan University of Science&Engineering Talent Project under Grant No.2021RC15Sichuan University of Science&Engineering Graduate Student Innovation Fund under Grant No.Y2023115,The Scientific Research and Innovation Team Program of Sichuan University of Science and Technology under Grant No.SUSE652A006.
文摘Deep Neural Networks(DNNs)are integral to various aspects of modern life,enhancing work efficiency.Nonethe-less,their susceptibility to diverse attack methods,including backdoor attacks,raises security concerns.We aim to investigate backdoor attack methods for image categorization tasks,to promote the development of DNN towards higher security.Research on backdoor attacks currently faces significant challenges due to the distinct and abnormal data patterns of malicious samples,and the meticulous data screening by developers,hindering practical attack implementation.To overcome these challenges,this study proposes a Gaussian Noise-Targeted Universal Adversarial Perturbation(GN-TUAP)algorithm.This approach restricts the direction of perturbations and normalizes abnormal pixel values,ensuring that perturbations progress as much as possible in a direction perpendicular to the decision hyperplane in linear problems.This limits anomalies within the perturbations improves their visual stealthiness,and makes them more challenging for defense methods to detect.To verify the effectiveness,stealthiness,and robustness of GN-TUAP,we proposed a comprehensive threat model.Based on this model,extensive experiments were conducted using the CIFAR-10,CIFAR-100,GTSRB,and MNIST datasets,comparing our method with existing state-of-the-art attack methods.We also tested our perturbation triggers using various defense methods and further experimented on the robustness of the triggers against noise filtering techniques.The experimental outcomes demonstrate that backdoor attacks leveraging perturbations generated via our algorithm exhibit cross-model attack effectiveness and superior stealthiness.Furthermore,they possess robust anti-detection capabilities and maintain commendable performance when subjected to noise-filtering methods.
基金extend their appreciation to Researcher Supporting Project Number(RSPD2023R582)King Saud University,Riyadh,Saudi Arabia.
文摘The healthcare sector holds valuable and sensitive data.The amount of this data and the need to handle,exchange,and protect it,has been increasing at a fast pace.Due to their nature,software-defined networks(SDNs)are widely used in healthcare systems,as they ensure effective resource utilization,safety,great network management,and monitoring.In this sector,due to the value of thedata,SDNs faceamajor challengeposed byawide range of attacks,such as distributed denial of service(DDoS)and probe attacks.These attacks reduce network performance,causing the degradation of different key performance indicators(KPIs)or,in the worst cases,a network failure which can threaten human lives.This can be significant,especially with the current expansion of portable healthcare that supports mobile and wireless devices for what is called mobile health,or m-health.In this study,we examine the effectiveness of using SDNs for defense against DDoS,as well as their effects on different network KPIs under various scenarios.We propose a threshold-based DDoS classifier(TBDC)technique to classify DDoS attacks in healthcare SDNs,aiming to block traffic considered a hazard in the form of a DDoS attack.We then evaluate the accuracy and performance of the proposed TBDC approach.Our technique shows outstanding performance,increasing the mean throughput by 190.3%,reducing the mean delay by 95%,and reducing packet loss by 99.7%relative to normal,with DDoS attack traffic.
文摘Network attack detection and mitigation require packet collection,pre-processing,feature analysis,classification,and post-processing.Models for these tasks sometimes become complex or inefficient when applied to real-time data samples.To mitigate hybrid assaults,this study designs an efficient forensic layer employing deep learning pattern analysis and multidomain feature extraction.In this paper,we provide a novel multidomain feature extraction method using Fourier,Z,Laplace,Discrete Cosine Transform(DCT),1D Haar Wavelet,Gabor,and Convolutional Operations.Evolutionary method dragon fly optimisation reduces feature dimensionality and improves feature selection accuracy.The selected features are fed into VGGNet and GoogLeNet models using binary cascaded neural networks to analyse network traffic patterns,detect anomalies,and warn network administrators.The suggested model tackles the inadequacies of existing approaches to hybrid threats,which are growing more common and challenge conventional security measures.Our model integrates multidomain feature extraction,deep learning pattern analysis,and the forensic layer to improve intrusion detection and prevention systems.In diverse attack scenarios,our technique has 3.5% higher accuracy,4.3% higher precision,8.5% higher recall,and 2.9% lower delay than previous models.