The study assesses the generalization capability of supervised machine learning models for intrusion detection using UNSW-NB15 and TON_IoT, finding a significant performance drop when models are teste…

This paper proposes a lightweight, machine learning-based model for on-device intrusion detection in resource-constrained IoT devices, achieving high detection accuracy for common cyber threats.

This paper experimentally demonstrates the high detection performance of machine learning-based intrusion detection systems for identifying cyberattacks targeting OPC UA applications running over priv…

The paper proposes a dynamic queueing framework that estimates an organization's cyber resources and attack surface dynamics by analyzing the timestamps of vulnerabilities and fixes, achieving high ac…

CLAD is a federated learning framework that jointly performs anomaly detection and attack classification in heterogeneous IoT environments by combining clustered learning with a dual-mode architecture…

ML Defender (aRGus NDR) is an open-source, embedded Machine Learning Network Intrusion Detection System (NIDS) that achieves superior detection rates for botnet and anomalous traffic on resource-const…

EdgeDetect is a communication-efficient and privacy-preserving federated intrusion detection system that uses gradient binarization and homomorphic encryption to significantly reduce bandwidth usage w…

The paper proposes a confidence-aware, multi-layered Cloud-IDS pipeline that integrates adaptive Q-Learning, Chroma memory, and LLM semantic analysis to enhance detection accuracy and reduce reliance…

The paper proposes a trust-aware federated hybrid intrusion detection framework using multiple ML models at distributed edge nodes to proactively secure highly connected Intelligent Transport Systems.

This paper proposes using Age of Information (AoI)-guided client selection to improve the timeliness and robustness of federated intrusion detection in cloud-edge environments, achieving significant r…

The paper proposes a graph-based framework for detecting attacks in LLM agent tool-call traffic, finding that content-level embeddings are crucial for high accuracy and that tree ensembles on these em…

This paper proposes using a fine-tuned foundation model (MOMENT) to detect and classify various attacks in RPL-based IoT networks, achieving performance comparable to state-of-the-art methods.

This paper evaluates a novel black-box adversarial attack to demonstrate the vulnerability of ML-based IoT Intrusion Detection Systems (IDS) and proposes a robust defense mechanism to mitigate these e…

This paper proposes and evaluates a federated deep learning framework using autoencoders for lightweight, privacy-preserving, and scalable real-time anomaly detection in resource-constrained IoT netwo…

The paper proposes XAI-SOH-FL, an enhanced Federated Learning framework that improves IoT intrusion detection by integrating adaptive aggregation and explainable AI, achieving high accuracy and interp…

The paper proposes XAI-SOH-FL, an enhanced Federated Learning framework that improves IoT intrusion detection by integrating adaptive aggregation and explainable AI, achieving high accuracy and interp…

MA-IDS proposes a Multi-Agent RAG framework that uses LLMs and a self-building Experience Library to achieve explainable and self-improving intrusion detection for resource-constrained IoT networks.

CALIBURN introduces a novel, five-component streaming pipeline for intrusion detection that allows operators to specify alerting behavior using cost and budget constraints, achieving state-of-the-art…

This paper enhances an existing autonomous online Intrusion Detection System (AOC-IDS) for IoT by addressing class imbalance, pseudo-label reliability, and computational overhead, achieving significan…

This paper proposes an explainable threat attribution system for IoT networks that uses SHAP and flow behavior modeling to accurately classify and explain over 30 distinct attack variants into 8 meani…