Detecting vulnerability in network systems through AI

91亚色 researchers are exploring how to better secure a digital world increasingly shaped by the Internet of Things (IoT) by understanding how malicious bots operate and developing stronger defences against them.

IoT devices are everyday objects that connect to the internet so they can send, receive and act on data. They range from home thermostats and baby monitors to traffic sensors, medical equipment and industrial controls. Many operate quietly in the background and are rarely updated or closely monitored, making them especially attractive targets for cybercriminals.

How 91亚色 researchers are strengthening cybersecurity

91亚色 researchers are exploring how to better secure a digital world increasingly shaped by the Internet of Things (IoT) by understanding how malicious bots operate and developing stronger defences against them.

IoT devices are everyday objects that connect to the internet so they can send, receive and act on data. They range from home thermostats and baby monitors to traffic sensors, medical equipment and industrial controls. Many operate quietly in the background and are rarely updated or closely monitored, making them especially attractive targets for cybercriminals.

With the inevitable growth of information digitization, Portable Document Format (PDF) has become one of the most popular exploited file formats for document exchange among various applications and platforms. Consequently, PDF files have become an attractive target for attackers to infect and deliver malicious codes to users. Despite the efficacy and success of machine learning classifiers in detecting malicious PDF files, they require tedious feature engineering and have some limitations. Additionally, one of the main reasons for resistance to using deep learning models is their lack of interpretability. To address these challenges, this study proposes using the TabNet model for malicious PDF detection, offering global and local interpretability while maintaining high or competitive detection performance. The Optuna optimization framework is employed to further enhance the model鈥檚 capabilities. The proposed approach is evaluated on the real-world Evasive-PDFMal2022 dataset and demonstrates state-of-the-art performance compared to baseline methods.

The rapid proliferation of Internet of Things (IoT) devices has improved connectivity but introduced new cybersecurity risks, particularly from botnets. Detecting and identifying malicious botnet activities is crucial for early attack mitigation, understanding attack patterns, and deploying effective countermeasures. However, state-of-the-art IoT botnet detection models often struggle to handle imbalanced data, capture temporal patterns, and provide interpretable, explainable insights. This work proposes an IoT botnet detection and profiling model that leverages Explainable Artificial Intelligence (XAI) methods, including eXtreme Gradient Boosting (XGBoost) for feature selection, a Long Short-Term Memory (LSTM) neural network model for botnet detection and classification, and Shapley Additive Explanations (SHAP) for interpretability. This model integrates a feature selection approach that combines correlation analysis with the XGBoost algorithm to improve efficiency. The LSTM model is optimized and fine-tuned using Bayesian optimization to achieve accurate botnet detection and classification. The SHAP method provides interpretable insights into individual and collective botnet behaviors for profiling. Finally, the performance of the proposed model was evaluated with the augmented BCCC-Aposemat-IoT-Bot-2024 dataset and compared with state-of-the-art models. The results demonstrate that our proposed model achieves competitive performance while offering key advantages, including effective handling of sequential and imbalanced data, improved computational efficiency, and enhanced explainability.

MQTT is widely used in IoT systems but remains vulnerable due to its lightweight design. This paper proposes an interpretable deep learning-based intrusion detection framework that processes raw PCAP data through flow-based analysis. It introduces MQTTFlowLyzer for extracting protocol-aware features and presents the BCCC-IoT-MQTT-IDS-2025 dataset, which includes diverse attack scenarios. The framework leverages TabNet, GANDALF, and NODE to enable accurate and interpretable detection of known and novel attacks. Results show strong performance across attack types, with attention-based explanations providing insights into behavioral patterns and supporting zero-day threat identification.

Malware Memory Snapshot and process-level behavioral Log Dataset (BCCC-MalMem-SnapLog-2025)

The dataset was systematically developed to capture memory-level behavioral dynamics of malware and benign processes through interval-based snapshot analysis. Unlike prior datasets that predominantly rely on static binaries or network-level observations, this dataset focuses on runtime memory behavior and process persistence, enabling a deeper understanding of how malicious activities evolve over time. It integrates diverse malware families and benign software, ensuring realistic and unbiased modeling of system-level threats in dynamic execution environments.

Captured and labeled 2 Data sources: Memory snapshot data and process-level behavioral logs
Testbed: Controlled execution environment with interval-based memory dumping across multiple time windows
Attack Profile:聽Eight malware categories, including Backdoor, Hoax, HackTool, Trojan, Worm, Virus, Rootkit, and Exploit, alongside benign software samples
Data size: 40 TB of memory snapshots and associated behavioral records across multiple execution intervals
Data records: 2000 malware samples and 250 benign samples with varying persistence patterns across snapshots
Data capturing: Interval-based memory snapshot collection capturing transient and persistent process behaviors
Extracted Features: Memory and process-level features capturing temporal persistence, behavioral transitions, and execution patterns.聽.聽.

Dataset: BCCC-MalMem-SnapLog-2025