The paper proposes a dynamic risk assessment framework that combines Bayesian Attack Graphs (BAGs) with process mining to continuously monitor system behavior and update the probability of active vuln…

The paper introduces an end-to-end framework that not only detects network intrusions using deep learning but also generates actionable, citation-grounded mitigation reports using a Retrieval-Augmente…

The paper evaluates AI's effectiveness in detecting network intrusions and cryptographic side-channel leakage, finding high accuracy in stable environments but performance degradation with novel traff…

The paper introduces a novel pipeline integrating formal verification and process mining to systematically identify and analyze root causes of security property invalidations in complex automotive net…

The paper argues that zero-day attacks primarily exploit undisclosed vulnerabilities rather than exhibiting novel behaviors, advocating for vulnerability-centric detection methods over purely behavior…

This paper systematically evaluates Provenance-based Intrusion Detection Systems (PIDSes) in real industrial scenarios, revealing that existing systems struggle with data heterogeneity, advanced attac…

The paper demonstrates that simpler, shallower Deep Neural Network architectures with reduced features and ReLU activations can inherently improve the robustness of ML-NIDS against gradient-based adve…

This Survey of Knowledge (SoK) identifies a disconnect between academic NIDS research and real-world operational contexts, proposing foundational changes to reshape future research.

The paper introduces FIRCE, a framework that enhances intrusion detection systems by combining conformal evaluation for uncertainty quantification and drift detection with an adaptive chunking mechani…

The study assesses the generalization capability of supervised machine learning models for intrusion detection using UNSW-NB15 and TON_IoT, finding a significant performance drop when models are teste…

This paper analyzes darknet traffic to characterize advanced, AI-assisted bot reconnaissance, finding that modern evasion techniques allow most bot traffic to bypass standard IDS thresholds.

This paper discusses the significant challenges in developing a holistic intrusion detection system for Industrial Control Systems (ICS) that must cover all operational dimensions.

The paper introduces ESPRESSO, a deep learning model that significantly improves the detection of sophisticated stepping-stone intrusions by correlating network flows across multiple relay hosts.

GRASP introduces a novel graph-based anomaly detection system that uses masked self-supervised classification on process provenance graphs to robustly identify unknown and unknown-unknown anomalous be…

The paper proposes a confidence-aware, multi-layered Cloud-IDS pipeline that integrates adaptive Q-Learning, Chroma memory, and LLM semantic analysis to enhance detection accuracy and reduce reliance…

The paper proposes a system-aware unsupervised framework that combines lightweight online detection with a contextual digital twin and LLM to provide interpretable, actionable anomaly diagnoses for In…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

NLLog introduces a lightweight system that converts structured security logs into natural language sentences for improved anomaly detection, achieving high performance with low false-positive rates su…

NLLog is a lightweight pipeline that rewrites system-generated logs into natural language for improved analysis and comprehension.