This survey reviews AI-driven methods for filtering and prioritizing security alerts to combat alert fatigue, establishing a four-stage workflow taxonomy and identifying critical gaps in current resea…

The paper introduces SCOUT, a dynamic detector allocation framework that improves prompt-injection defense by predicting detector reliability and latency to optimize the trade-off between safety and o…

This paper enhances an existing autonomous online Intrusion Detection System (AOC-IDS) for IoT by addressing class imbalance, pseudo-label reliability, and computational overhead, achieving significan…

The study assesses the generalization capability of supervised machine learning models for intrusion detection using UNSW-NB15 and TON_IoT, finding a significant performance drop when models are teste…

The paper introduces AI-native asset intelligence, a framework that structures heterogeneous security data into a consistent, contextual layer for proactive, stable, and accurate asset-level risk prio…

PACT is a Pareto-aware active learning controller that significantly reduces the false-positive investigation burden in low-prevalence security alert streams without sacrificing recall.

This paper analyzes how vulnerable various machine learning models are to data poisoning attacks in IoT intrusion detection, finding that ensemble methods are more robust than Logistic Regression and…

CALIBURN introduces a novel, five-component streaming pipeline for intrusion detection that allows operators to specify alerting behavior using cost and budget constraints, achieving state-of-the-art…

This paper proposes a gap-prioritization framework to bridge the gap between theoretical cyber attack prediction research and practical operational deployment by identifying critical implementation hu…

This paper proposes an explainable threat attribution system for IoT networks that uses SHAP and flow behavior modeling to accurately classify and explain over 30 distinct attack variants into 8 meani…

The paper proposes a confidence-aware, multi-layered Cloud-IDS pipeline that integrates adaptive Q-Learning, Chroma memory, and LLM semantic analysis to enhance detection accuracy and reduce reliance…

This paper enhances anomaly detection and threat intelligence in Zero Trust IoT environments by applying and comparing various machine learning classifiers, notably using SMOTE to improve accuracy on…

The paper introduces an end-to-end framework that not only detects network intrusions using deep learning but also generates actionable, citation-grounded mitigation reports using a Retrieval-Augmente…

The paper demonstrates that relying on strict regular-expression parsing for evaluating LLM-based security log classifiers introduces systematic errors, potentially causing a functional model to appea…

The paper proposes ExAI5G, a logic-based explainable AI framework that integrates a Transformer-based IDS with XAI techniques to provide highly accurate and transparent intrusion detection for 5G netw…

This paper proposes a reliability-aware framework to solve the fuzzy shortest path problem in directed graphs, optimizing routes based not only on cost but also on the reliability of the associated fu…

This study investigated whether Security Operations Center (SOC) analysts can justify their decisions when triaging alarms, finding that while they are often correct in identifying true threats, they…

The paper argues that zero-day attacks primarily exploit undisclosed vulnerabilities rather than exhibiting novel behaviors, advocating for vulnerability-centric detection methods over purely behavior…

The paper introduces FIRCE, a framework that enhances intrusion detection systems by combining conformal evaluation for uncertainty quantification and drift detection with an adaptive chunking mechani…

The paper demonstrates that simpler, shallower Deep Neural Network architectures with reduced features and ReLU activations can inherently improve the robustness of ML-NIDS against gradient-based adve…