immUNITY is a system that enhances network security by combining programmable switches and SmartNICs to efficiently detect and mitigate low-volume and slow network attacks.

ML Defender (aRGus NDR) is an open-source, embedded Machine Learning Network Intrusion Detection System (NIDS) that achieves superior detection rates for botnet and anomalous traffic on resource-const…

The paper introduces an end-to-end framework that not only detects network intrusions using deep learning but also generates actionable, citation-grounded mitigation reports using a Retrieval-Augmente…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

The paper introduces Honeyval, a comprehensive evaluation framework, to rigorously test LLM-powered HTTP honeypots, demonstrating that these honeypots provide substantially longer and harder-to-detect…

The paper introduces Honeyval, a comprehensive evaluation framework, to rigorously test LLM-powered HTTP honeypots, demonstrating that these systems provide substantially longer and harder-to-detect i…

This paper analyzes darknet traffic to characterize advanced, AI-assisted bot reconnaissance, finding that modern evasion techniques allow most bot traffic to bypass standard IDS thresholds.

This paper evaluates a novel black-box adversarial attack to demonstrate the vulnerability of ML-based IoT Intrusion Detection Systems (IDS) and proposes a robust defense mechanism to mitigate these e…

This paper introduces an active traffic analysis method (NATA) and a deep learning framework (BM-Net) to demonstrate that bandwidth perturbations can be used by an adversary to correlate and de-anonym…

GETA is a protocol-agnostic framework that analyzes encrypted network traffic using only metadata, achieving state-of-the-art performance across diverse tasks without needing large labeled datasets.

This study empirically measures the consistency and success rate of autonomous LLM penetration testing across multiple services, finding statistically significant differences in exploitation capabilit…

This study empirically measures the consistency and effectiveness of autonomous LLM penetration testing across multiple services, finding statistically significant differences in exploitation rates am…

The paper establishes a standardized security assessment framework and develops a multi-layered defensive system, demonstrating that systematic testing and external defenses are crucial for safe LLM d…

The paper introduces 'adversarial restlessness,' an activation-level signature in LLM residual streams, to detect multi-turn prompt injection attacks with high accuracy.

EdgeDetect is a communication-efficient and privacy-preserving federated intrusion detection system that uses gradient binarization and homomorphic encryption to significantly reduce bandwidth usage w…

The paper identifies a critical vulnerability, the Camouflage Detection Gap (CDG), where standard LLM injection detectors fail dramatically when malicious payloads mimic the target domain's language a…

The paper proposes Shaperd, a real-time traffic shaper designed to enhance the resilience of fully encrypted protocols against censorship by allowing users to generate traffic flows with customizable…

The paper introduces HIDBench, a new benchmark for evaluating LLMs' ability to perform host-based intrusion detection using complex, noisy system logs, finding that model performance degrades signific…

This paper provides the first systematic threat analysis of State-Space Models (SSMs) in safety-critical applications, introducing novel attack classes and formal metrics to quantify their security an…