37 matches found
exploits
exploits CVE explai...
XAI FL-IDS: A Federated Learning and SHAP-Based Explainable Framework for Distributed Intrusion Detection Systems
An Intrusion Detection System IDS is vital in cybersecurity, detecting unauthorized activity across networks. With attacks on network layers increasing, stronger IDSs are needed. Yet most IDSs rely on centralized detection, forcing IoT nodes to ship data to a server, adding overhead and offering ...
Explainable Machine Learning for Phishing Detection on Heterogeneous Datasets with MCP-Enabled Deployment
With the growth in digital transformation and Internet usage, the Social Engineering techniques such as Phishing have become a major concern for the users and the organizations. Phishing attacks involve deceptive techniques to trick users into revealing confidential information that causes...
On-Device Interpretable Tsetlin Machine-Based Intrusion Detection for Secure IoMT
The rapid evolution of digital health technologies is redefining healthcare services worldwide. The integration of wireless communication and Internet-enabled medical devices within Internet of Medical Things IoMT networks enables continuous, real-time patient monitoring. However, this increased...
Evaluating Retrieval-Augmented Generation for Explainable Malware Analysis
Large Language Models LLMs are increasingly being used as security engineering tools to summarize and explain malware behavior to analysts. A common assumption is that Retrieval-Augmented Generation RAG improves explanation quality by injecting external security knowledge. In this work, we...
ExploitSense
ExploitSense ExploitSense is a local-first vulnerability anal...
SDNGuardStack: An Explainable Ensemble Learning Framework for High-Accuracy Intrusion Detection in Software-Defined Networks
Software-Defined Networking SDN is another technology that has been developing in the last few years as a relevant technique to improve network programmability and administration. Nonetheless, its centralized design presents a major security issue, which requires effective intrusion detection...
Enhancing Anomaly-Based Intrusion Detection Systems with Process Mining
Anomaly-based Intrusion Detection Systems IDSs ensure protection against malicious attacks on networked systems. While deep learning-based IDSs achieve effective performance, their limited trustworthiness due to black-box architectures remains a critical constraint. Despite existing explainable...
Exploit for Type Confusion in Apple Ipados
🛡️ corunaanalysis - Understand Malware Exploit Behavior Simpl...
PROVEX: Enhancing SOC Analyst Trust with Explainable Provenance-Based IDS
Modern intrusion detection systems IDS leverage graph neural networks GNNs to detect malicious activity in system provenance data, but their decisions often remain a black box to analysts. This paper presents a comprehensive XAI framework designed to bridge the trust gap in Security Operations...
BEACON: A Unified Behavioral-Tactical Framework for Explainable Cybercrime Analysis with Large Language Models
Cybercrime increasingly exploits human cognitive biases in addition to technical vulnerabilities, yet most existing analytical frameworks focus primarily on operational aspects and overlook psychological manipulation. This paper proposes BEACON, a unified dual-dimension framework that integrates...
From One Attack Domain to Another: Contrastive Transfer Learning with Siamese Networks for APT Detection
Advanced Persistent Threats APT pose a major cybersecurity challenge due to their stealth, persistence, and adaptability. Traditional machine learning detectors struggle with class imbalance, high dimensional features, and scarce real world traces. They often lack transferability-performing well ...
Randomized Controlled Trials for Phishing Triage Agent
Security operations centers SOCs face a persistent challenge: efficiently triaging a high volume of user-reported phishing emails while maintaining robust protection against threats. This paper presents the first randomized controlled trial RCT evaluating the impact of a domain-specific AI agent ...
Explainable Transformer-Based Email Phishing Classification with Adversarial Robustness
Phishing and related cyber threats are becoming more varied and technologically advanced. Among these, email-based phishing remains the most dominant and persistent threat. These attacks exploit human vulnerabilities to disseminate malware or gain unauthorized access to sensitive information. Dee...
Automated and Explainable Denial of Service Analysis for AI-Driven Intrusion Detection Systems
With the increasing frequency and sophistication of Distributed Denial of Service DDoS attacks, it has become critical to develop more efficient and interpretable detection methods. Traditional detection systems often struggle with scalability and transparency, hindering real-time response and...
Explaining Software Vulnerabilities with Large Language Models
The prevalence of security vulnerabilities has prompted companies to adopt static application security testing SAST tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic warning messages do not sufficiently communicate important...
Explainable but Vulnerable: Adversarial Attacks on XAI Explanation in Cybersecurity Applications
Explainable Artificial Intelligence XAI has aided machine learning ML researchers with the power of scrutinizing the decisions of the black-box models. XAI methods enable looking deep inside the models' behavior, eventually generating explanations along with a perceived trust and transparency...
ALPHA: LLM-Enabled Active Learning for Human-Free Network Anomaly Detection
Network log data analysis plays a critical role in detecting security threats and operational anomalies. Traditional log analysis methods for anomaly detection and root cause analysis rely heavily on expert knowledge or fully supervised learning models, both of which require extensive labeled dat...
Explainable Ensemble Learning for Graph-Based Malware Detection
Malware detection in modern computing environments demands models that are not only accurate but also interpretable and robust to evasive techniques. Graph neural networks GNNs have shown promise in this domain by modeling rich structural dependencies in graph-based program representations such a...
ProvX: Generating Counterfactual-Driven Attack Explanations for Provenance-Based Detection
Provenance graph-based intrusion detection systems are deployed on hosts to defend against increasingly severe Advanced Persistent Threat. Using Graph Neural Networks to detect these threats has become a research focus and has demonstrated exceptional performance. However, the widespread adoption...