The paper introduces FIRCE, a framework that enhances intrusion detection systems by combining conformal evaluation for uncertainty quantification and drift detection with an adaptive chunking mechani…

PACT is a Pareto-aware active learning controller that significantly reduces the false-positive investigation burden in low-prevalence security alert streams without sacrificing recall.

The paper introduces SCOUT, a dynamic detector allocation framework that improves prompt-injection defense by predicting detector reliability and latency to optimize the trade-off between safety and o…

The paper proposes a federated, high-throughput stream-processing framework for cross-sector threat detection and automated containment, achieving end-to-end operational convergence within 12-20 secon…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

This Survey of Knowledge (SoK) identifies a disconnect between academic NIDS research and real-world operational contexts, proposing foundational changes to reshape future research.

ML Defender (aRGus NDR) is an open-source, embedded Machine Learning Network Intrusion Detection System (NIDS) that achieves superior detection rates for botnet and anomalous traffic on resource-const…

This paper analyzes darknet traffic to characterize advanced, AI-assisted bot reconnaissance, finding that modern evasion techniques allow most bot traffic to bypass standard IDS thresholds.

FlowGuard introduces an identity-independent defense using flow matching to detect data-free model stealing attacks by identifying synthetic queries as out-of-distribution based on their lower-dimensi…

The paper introduces a deterministic method to automatically synthesize initial SIEM detection rules (Sigma rules) from attack simulation findings, ensuring full traceability back to the specific orig…

PARD-SSM is a probabilistic framework that models network traffic as a switching state-space system to detect multi-stage cyber-attacks in real-time with high accuracy and predictive capability.

The paper introduces a robust streaming probing objective that requires multiple evidence tokens to support a prediction, significantly improving the detection of harmful intent in LLMs, especially in…

This survey reviews AI-driven methods for filtering and prioritizing security alerts to combat alert fatigue, establishing a four-stage workflow taxonomy and identifying critical gaps in current resea…

The paper proposes a novel framework, LPCD, that uses latent causal modeling to robustly assess evolving adversarial risks in live streaming by decoupling malicious intent from superficial tactical sh…

CLOUDBURST introduces a novel framework and taxonomy for passive cloud-native beacons, demonstrating that IAM Canary Roles are the most effective vector for real-time threat attribution in modern clou…

The paper introduces the Hiremath Early Detection (HED) Score, a new measure-theoretic standard that accurately quantifies the time-value of early detection, significantly outperforming traditional me…

The paper proposes a confidence-aware, multi-layered Cloud-IDS pipeline that integrates adaptive Q-Learning, Chroma memory, and LLM semantic analysis to enhance detection accuracy and reduce reliance…

The paper introduces ESPRESSO, a deep learning model that significantly improves the detection of sophisticated stepping-stone intrusions by correlating network flows across multiple relay hosts.

The paper introduces an end-to-end framework that not only detects network intrusions using deep learning but also generates actionable, citation-grounded mitigation reports using a Retrieval-Augmente…