This paper systematically evaluates Provenance-based Intrusion Detection Systems (PIDSes) in real industrial scenarios, revealing that existing systems struggle with data heterogeneity, advanced attac…

The paper proposes a system-aware unsupervised framework that combines lightweight online detection with a contextual digital twin and LLM to provide interpretable, actionable anomaly diagnoses for In…

This paper evaluates the security of industrial control systems (ICS) transitioning to 5G communication, finding that while optimal conditions allow for resilience, degraded channel conditions signifi…

This paper investigates the vulnerability of machine learning-based fault detection and localization systems in Cyber-Physical Systems (CPS) to backdoor attacks, demonstrating that such attacks are su…

IstGPT introduces a novel LLM-based framework for real-time, fine-grained anomaly detection in complex industrial cyber-physical systems, achieving state-of-the-art performance across multiple benchma…

The paper proposes a semi-automated framework that integrates network topology and vulnerability data to generate and analyze multi-step attack graphs in Industrial Control Systems, demonstrated using…

The paper proposes a Digital Twin (DT)-driven hybrid system that combines deterministic heuristics and constrained Large Language Model (LLM) reasoning to achieve highly accurate and interpretable rea…

This Survey of Knowledge (SoK) identifies a disconnect between academic NIDS research and real-world operational contexts, proposing foundational changes to reshape future research.

The paper argues that zero-day attacks primarily exploit undisclosed vulnerabilities rather than exhibiting novel behaviors, advocating for vulnerability-centric detection methods over purely behavior…

This paper proposes a lightweight, multi-layer Machine Learning-based security framework for Industrial IoT (IIoT) to enhance trust convergence and detect advanced threats.

This paper provides the first comprehensive threat model for IoT-enabled Controlled Environment Agriculture (CEA) systems, identifying 123 unique threats and proposing a defense-in-depth framework to…

This paper evaluates unsupervised temporal learning models, specifically recurrent autoencoders, for real-time anomaly detection in vulnerable IEC-61850 GOOSE networks, demonstrating that the GRU mode…

This survey comprehensively analyzes the IoT threat landscape by detailing 28 common attacks and mapping them to foundational vulnerability classes, providing a structured roadmap for building secure…

The paper introduces a novel byte-level method to encode network flow records into fixed-size RGB images, significantly improving the performance of Intrusion Detection Systems (IDS) by allowing convo…

FlowGuard introduces an identity-independent defense using flow matching to detect data-free model stealing attacks by identifying synthetic queries as out-of-distribution based on their lower-dimensi…

This paper proposes a lightweight, machine learning-based model for on-device intrusion detection in resource-constrained IoT devices, achieving high detection accuracy for common cyber threats.

This paper adapts the Single Packet Header Binary Image (SPHBI) intrusion detection method from IoT to Modbus TCP, achieving high binary accuracy (98.1%) and strong multiclass classification performan…

The paper systematically evaluates 27 Spiking Neural Network (SNN) configurations to determine the optimal combination of neuron model and spike encoding scheme for network intrusion detection, findin…

The paper evaluates 27 different Spiking Neural Network (SNN) configurations to determine the optimal design for network intrusion detection, finding that the LeakyParallel neuron combined with latenc…

This paper enhances an existing autonomous online Intrusion Detection System (AOC-IDS) for IoT by addressing class imbalance, pseudo-label reliability, and computational overhead, achieving significan…