Detecting vulnerability in network systems through AI

91ÑÇÉ« researchers are exploring how to better secure a digital world increasingly shaped by the Internet of Things (IoT) by understanding how malicious bots operate and developing stronger defences against them.

IoT devices are everyday objects that connect to the internet so they can send, receive and act on data. They range from home thermostats and baby monitors to traffic sensors, medical equipment and industrial controls. Many operate quietly in the background and are rarely updated or closely monitored, making them especially attractive targets for cybercriminals.

How 91ÑÇÉ« researchers are strengthening cybersecurity

91ÑÇÉ« researchers are exploring how to better secure a digital world increasingly shaped by the Internet of Things (IoT) by understanding how malicious bots operate and developing stronger defences against them.

IoT devices are everyday objects that connect to the internet so they can send, receive and act on data. They range from home thermostats and baby monitors to traffic sensors, medical equipment and industrial controls. Many operate quietly in the background and are rarely updated or closely monitored, making them especially attractive targets for cybercriminals.

With the inevitable growth of information digitization, Portable Document Format (PDF) has become one of the most popular exploited file formats for document exchange among various applications and platforms. Consequently, PDF files have become an attractive target for attackers to infect and deliver malicious codes to users. Despite the efficacy and success of machine learning classifiers in detecting malicious PDF files, they require tedious feature engineering and have some limitations. Additionally, one of the main reasons for resistance to using deep learning models is their lack of interpretability. To address these challenges, this study proposes using the TabNet model for malicious PDF detection, offering global and local interpretability while maintaining high or competitive detection performance. The Optuna optimization framework is employed to further enhance the model’s capabilities. The proposed approach is evaluated on the real-world Evasive-PDFMal2022 dataset and demonstrates state-of-the-art performance compared to baseline methods.

The rapid proliferation of Internet of Things (IoT) devices has improved connectivity but introduced new cybersecurity risks, particularly from botnets. Detecting and identifying malicious botnet activities is crucial for early attack mitigation, understanding attack patterns, and deploying effective countermeasures. However, state-of-the-art IoT botnet detection models often struggle to handle imbalanced data, capture temporal patterns, and provide interpretable, explainable insights. This work proposes an IoT botnet detection and profiling model that leverages Explainable Artificial Intelligence (XAI) methods, including eXtreme Gradient Boosting (XGBoost) for feature selection, a Long Short-Term Memory (LSTM) neural network model for botnet detection and classification, and Shapley Additive Explanations (SHAP) for interpretability. This model integrates a feature selection approach that combines correlation analysis with the XGBoost algorithm to improve efficiency. The LSTM model is optimized and fine-tuned using Bayesian optimization to achieve accurate botnet detection and classification. The SHAP method provides interpretable insights into individual and collective botnet behaviors for profiling. Finally, the performance of the proposed model was evaluated with the augmented BCCC-Aposemat-IoT-Bot-2024 dataset and compared with state-of-the-art models. The results demonstrate that our proposed model achieves competitive performance while offering key advantages, including effective handling of sequential and imbalanced data, improved computational efficiency, and enhanced explainability.

MQTT is widely used in IoT systems but remains vulnerable due to its lightweight design. This paper proposes an interpretable deep learning-based intrusion detection framework that processes raw PCAP data through flow-based analysis. It introduces MQTTFlowLyzer for extracting protocol-aware features and presents the BCCC-IoT-MQTT-IDS-2025 dataset, which includes diverse attack scenarios. The framework leverages TabNet, GANDALF, and NODE to enable accurate and interpretable detection of known and novel attacks. Results show strong performance across attack types, with attention-based explanations providing insights into behavioral patterns and supporting zero-day threat identification.

In-vehicle Controller Area Networks (CAN) are vulnerable to various injection attacks that can compromise the safety of vehicle occupants and result in financial losses. While a substantial body of work on CAN intrusion detection exists, it lacks multiclass attack classification models. Current multiclass models do not encompass all attack types or account for the vehicle’s state, i.e., whether the car is stationary or in motion. This work addresses these limitations by proposing CAN-BiGRUBERT, a multiclass CAN intrusion detection model that jointly predicts the vehicle state and attack class from CAN traffic windows. CAN-BiGRUBERT employs Bidirectional Encoder Representations from Transformers (BERT) to capture spatial dependencies within individual CAN frames, and a Bidirectional Gated Recurrent Unit (BiGRU) network to capture temporal dependencies across multiple frames in a window.  

SCs are self-executing programs on the blockchain, used for transactions without intermediaries, particularly in cryptocurrencies like Ethereum. However, they are vulnerable to security flaws that can lead to significant financial losses, as demonstrated by the DAO hack 2016. Common vulnerabilities include re-entrancy errors, timestamp dependency, infinite loops, and integer overflows. Detecting these flaws is crucial but complex due to the immutable nature of the blockchain and the complexity of the contracts. Therefore, developing techniques for analyzing, testing, and verifying the security of SCs is essential to ensure their reliability and safety. This work presents a novel approach to detecting vulnerabilities in SCs using deep learning. 

This article introduces BCCC-IoT-IDS-Zwave-2025, the most extensive and diverse IoT smart home dataset to date, developed over five months using a large-scale testbed comprising more than 50 IoT devices and encompassing over 80 distinct attack scenarios. Unlike prior datasets that focus primarily on IP network-layer traffic, our dataset integrates multi-source data, including IP-based network traffic, IoT-Zwave communication signals, device activity, and MQTT-based traffic and logs, with attack scenarios specifically designed for each data source, enabling a holistic view of IoT threats. To further enhance IoT threat analysis, we developed IoT-ZwaveNetLyzer, the first dedicated traffic analyzer for Z-Wave networks, addressing the gap left by traditional PC-focused tools. Extensive experimental evaluations demonstrate the dataset’s effectiveness, with state-of-the-art classifiers achieving an average detection accuracy exceeding 95% and a false positive rate as low as 2.2% on average, establishing BCCC-IoT-IDS-Zwave-2025 as a cornerstone for future IoT security research and the development of advanced detection methodologies.