RuleForge is an automated system that generates and validates detection rules for web vulnerabilities from structured CVE templates, significantly improving detection accuracy and reducing false posit…

The paper demonstrates that generative AI can automate and scale highly personalized, context-aware spear-phishing attacks using only public social media data, resulting in messages that are significa…

The paper introduces a deterministic method to automatically synthesize initial SIEM detection rules (Sigma rules) from attack simulation findings, ensuring full traceability back to the specific orig…

The paper proposes a graph-based framework for detecting attacks in LLM agent tool-call traffic, finding that content-level embeddings are crucial for high accuracy and that tree ensembles on these em…

The paper introduces Honeyval, a comprehensive evaluation framework, to rigorously test LLM-powered HTTP honeypots, demonstrating that these honeypots provide substantially longer and harder-to-detect…

The paper introduces Honeyval, a comprehensive evaluation framework, to rigorously test LLM-powered HTTP honeypots, demonstrating that these systems provide substantially longer and harder-to-detect i…

This paper introduces a component-centric framework and a novel detector, Connor, to understand and detect sophisticated, multi-component attacks targeting the Model Context Protocol (MCP) servers.

This paper develops and evaluates supervised machine learning models to detect malicious tool descriptions within the Model Context Protocol (MCP), achieving high detection rates in both binary and mu…

The paper introduces HIDBench, a new benchmark for evaluating LLMs' ability to perform host-based intrusion detection using complex, noisy system logs, finding that model performance degrades signific…

The paper introduces the CAI Dataset, a massive, multi-terabyte corpus of real-world, hands-on cybersecurity LLM trajectories, designed to address the performance bottleneck caused by expert operator…

This paper proposes an explainable threat attribution system for IoT networks that uses SHAP and flow behavior modeling to accurately classify and explain over 30 distinct attack variants into 8 meani…

MA-IDS proposes a Multi-Agent RAG framework that uses LLMs and a self-building Experience Library to achieve explainable and self-improving intrusion detection for resource-constrained IoT networks.

GuardSec is a deployable, multi-modal web platform designed for the African context that enables non-technical users to perform real-time digital fraud detection and assess their own connection securi…

The paper introduces BRIDGE, a standardized benchmark for cross-domain IoT botnet detection, and TCH-Net, a novel multi-branch network that achieves state-of-the-art generalization performance across…

The paper proposes CASCADE, a novel three-tiered, fully local defense architecture for detecting prompt injection and tool poisoning attacks in Model Context Protocol (MCP)-based LLM systems, achievin…

LanG is a governance-aware, open-source agentic AI platform that unifies security operations by providing advanced correlation, automated rule generation, and attack reconstruction capabilities.

This paper proposes the first web-focused threat model for agentic browsers, demonstrating that traditional web social engineering attacks can be amplified into dangerous, reproducible threats when ex…

The paper evaluates AI's effectiveness in detecting network intrusions and cryptographic side-channel leakage, finding high accuracy in stable environments but performance degradation with novel traff…

The paper introduces Sieve, a system that uses a large language model (LLM) to generate executable query code from natural language security questions, significantly improving the ability to perform c…

The paper introduces the Canonical Security Telemetry Substrate (CSTS), a standardized, AI-ready foundation designed to harmonize fragmented and heterogeneous cybersecurity data into a unified model f…