The paper identifies a universal, statistically predictable distribution (Mandelbrot) governing LLM outputs, enabling a highly efficient, model-agnostic scoring primitive for provenance and quality as…

CALIBURN introduces a novel, five-component streaming pipeline for intrusion detection that allows operators to specify alerting behavior using cost and budget constraints, achieving state-of-the-art…

The paper introduces SIR-Bench, a comprehensive benchmark of 794 test cases, to rigorously evaluate autonomous security incident response agents by measuring their ability to perform deep forensic inv…

The paper introduces SCOUT, a dynamic detector allocation framework that improves prompt-injection defense by predicting detector reliability and latency to optimize the trade-off between safety and o…

The paper develops a stochastic framework using Laplace-Carson transforms to model and quantify optimal proactive defense timing against a single cyberattack, providing closed-form solutions for defen…

The paper proposes a novel structural invariant approach, derived from the economic constraints of fraud, that amplifies weak, low-precision signals into highly accurate fraud detections without requi…

The paper introduces HIDBench, a new benchmark for evaluating LLMs' ability to perform host-based intrusion detection using complex, noisy system logs, finding that model performance degrades signific…

PARD-SSM is a probabilistic framework that models network traffic as a switching state-space system to detect multi-stage cyber-attacks in real-time with high accuracy and predictive capability.

This study longitudinally evaluates the adversarial robustness of Android malware detection systems over a decade, finding that temporal separation significantly degrades robustness due to concept dri…

The paper introduces a sample-wise targeted adversarial attack that successfully misclassifies only specific, triggered inputs during test-time adaptation while maintaining the overall label distribut…

The paper introduces MonitoringBench, a semi-automated red-teaming methodology that generates diverse and stronger attacks, revealing that current coding-agent monitors often fail against sophisticate…

The paper proposes a dual-regime architecture combining Bernoulli CUSUM and asymmetric scoring to significantly improve trust fraud detection in sparse rating networks, achieving superior performance…

This paper provides the first systematic threat analysis of State-Space Models (SSMs) in safety-critical applications, introducing novel attack classes and formal metrics to quantify their security an…

The paper demonstrates a detection inversion, showing that an adaptive insider threat (mole) can actively reduce their detectable suspicion profile below that of an innocent agent when using advanced…

The paper develops a structurally justified framework for measuring Quantum Cryptographic Exposure (HNDL) by showing that the compromise probability factorizes into distinct, interacting components ba…

The paper develops a formal theory to analyze how throughput changes in AI-enhanced cybersecurity pipelines when stage capacities are perturbed by multipliers.

ZERO-APT introduces a novel closed-loop adversarial framework for automated penetration testing that simulates attacks against an intelligent, real-time defending system, achieving a high attack succe…

The paper introduces FIRCE, a framework that enhances intrusion detection systems by combining conformal evaluation for uncertainty quantification and drift detection with an adaptive chunking mechani…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…