Research

This academic paper analyzes how Internet of Things devices (smart devices connected to the internet, like security cameras or smart home systems) receive and install software updates. The research examines the mechanisms these devices use to stay current with security patches and new features. The publication appears in a peer-reviewed security journal and was made available online in May 2026.

This research paper proposes DEGAN, a machine learning approach using dual-enhanced GAN (generative adversarial network, a type of AI that learns by having two competing neural networks) to detect botnets (networks of infected computers controlled remotely) in IIoT (industrial internet of things, devices like sensors and machines in factories connected to the internet). The method addresses the challenge of imbalanced data, where there are far fewer examples of botnet attacks than normal network activity, which makes training detection systems difficult.

FARO-Droid is a new system that uses AI to detect malware (malicious software) on Android phones by analyzing multiple types of code features and combining them intelligently, even when attackers try to hide the malware through obfuscation (code transformation techniques that make programs harder to read and analyze). The system is designed to be reliable and resistant to these hiding techniques.

This academic article examines how hospital staff adopt defensive cybersecurity practices, focusing on the influence of leadership, human-centered skills, and rule-following requirements. The research explores organizational and behavioral factors that help healthcare workers protect systems and data from security threats, rather than technical fixes alone.

This academic paper describes FastPoS, a new security method for verifying that data is actually stored in fog-cloud IoT systems (networks of internet-connected devices distributed between local edge servers and central cloud storage). The method uses polynomial commitments (a cryptographic technique that lets someone prove they're storing data without revealing the data itself) to make verification faster and more efficient than existing approaches.

Model extraction attacks (MEA, where attackers steal the functionality of AI models by creating a clone with similar behavior) are a security threat that defenders counter by using auxiliary data to make the victim model give misleading predictions. However, realistic auxiliary data is hard to obtain, gives inconsistent protection, and doesn't protect all data categories equally. The paper proposes MDV (Model Defense Variational Autoencoder, a machine learning technique that generates synthetic data rather than using real data) to create virtual auxiliary data that effectively addresses all three problems.

This research presents a method to detect deepfakes (AI-generated fake videos or images of faces) by identifying inconsistencies in how image quality degrades between the background and the manipulated face regions. The approach uses a framework that learns to spot these degradation differences through two connected neural networks (deep learning models), one that creates fake images and another that detects them, working together in an adversarial process similar to a GAN (generative adversarial network, where two AI systems compete to improve each other). The method shows better performance when detecting deepfakes created by new, unseen manipulation techniques.

Industrial Internet of Things (IIoT, which is the network of physical devices and machines used in factories and industries) faces unique security challenges that make existing vulnerability analysis techniques difficult to apply directly. Researchers developed TS-VulA, a framework that uses machine learning (ModernBERT, a neural network trained on text) and network analysis to identify vulnerabilities in three stages: assessing individual device risks, calculating which devices are most important to protect, and prioritizing which vulnerabilities to fix based on both risk and device importance.

Vul-CTG is a new AI framework for detecting software vulnerabilities (bugs that create security weaknesses) by combining two approaches: PLMs (pretrained language models, AI systems trained on large amounts of text) and GNNs (graph neural networks, AI systems that analyze connected data structures). The framework improves on existing methods by better combining code text analysis with program graph analysis, using contrastive learning (training the AI to recognize similarities and differences) and handling unreliable training labels, achieving about 3% better accuracy than previous approaches.

This research addresses leaky private information retrieval (L-PIR), a system where a user queries a database while accepting some measurable privacy leakage, quantified using differential privacy (a mathematical framework that bounds how much information an observer can learn about individual data). The researchers developed an improved L-PIR scheme that reduces privacy leakage from O(K) to O(log K) by using cyclic permutations (mathematical rearrangements) and assigning higher probabilities to keys with lower Hamming weights (fewer 1-bits in binary representation), achieving better privacy-to-cost tradeoffs than previous methods.

Researchers have developed a new backdoor attack method called Trigger without Trace (TwT) that can secretly compromise text-to-image diffusion models (AI systems that generate images from text descriptions) while avoiding detection. The method works by using syntactic structures (grammar patterns) as hidden triggers and employing a mathematical technique called Kernel Maximum Mean Discrepancy (KMMD, a way to match statistical distributions) to make malicious samples look identical to legitimate ones, achieving a 97.5% success rate while bypassing three existing defense detection systems.

An OpenAI language model has solved a famous 80-year-old math problem in discrete geometry (the study of geometric shapes made from separate points) by disproving a long-held belief about how many pairs of points can be exactly one unit apart. The AI found an infinite family of point arrangements that beat the previous best solution, and external mathematicians have verified the proof, marking the first time an AI has autonomously solved a prominent open problem central to a mathematical field.

Garland is a system for recommendation engines that use graph neural networks (GNNs, which are AI models that learn patterns from interconnected user-item relationships) in federated settings, where data stays on users' devices instead of being sent to one central server. The system addresses a key problem: untrusted servers that help expand users' local data can spy on both item information and user relationships, so Garland uses secret-shared shuffle (a cryptographic technique that mixes data while keeping it encrypted) to protect privacy while still catching if a malicious server tries to cheat.

This is a scoping review (a broad survey of existing research) that examines how small and medium-sized enterprises can prevent and respond to cyber incidents (security breaches and attacks). The paper synthesizes research findings to help SMEs understand best practices for protecting their systems and recovering when attacks occur.

This research addresses a security weakness in neural steganography (hiding secret messages inside audio files using AI networks), where sender and receiver models must stay perfectly synchronized, creating risks of information leakage. The researchers propose a decoupled framework based on the destruction-restoration principle, where embedding works through a destructive operation and recovery uses a separate neural network, allowing the sender to change their embedding network without breaking the receiver's ability to extract the hidden message.

This research proposes ByITFL and LoByITFL, two new federated learning (FL, a method where multiple computers train an AI model together without sharing raw data) schemes that protect user privacy while defending against Byzantine users (participants who send corrupted or malicious data). ByITFL uses Lagrange coded computing (a technique that spreads data across multiple servers to protect it) and re-randomization to achieve perfect privacy but requires significant communication overhead, while LoByITFL reduces communication costs but requires a Trusted Third Party (TTP, an external organization that users must trust) for one-time setup before training begins.

Backdoor attacks (hidden triggers that manipulate AI model predictions while keeping normal performance intact) are a serious security threat to deep neural networks (machine learning models with many layers). This paper presents PVDI, a defense method that removes backdoors by selectively preserving important attention patterns (the AI's focus on relevant input features) while disrupting irrelevant ones, successfully reducing attack success rates without hurting the model's normal performance.

Network traffic patterns constantly change, causing traditional malicious traffic detection systems to become less effective over time, a problem called concept drift (when the patterns an AI learned on no longer match real-world data). Researchers developed Argus, a framework that automatically detects when traffic patterns shift, identifies new malicious patterns without human help, and continuously updates itself to maintain high detection accuracy even as attacks evolve.

Website fingerprinting (WF) attacks identify which websites users visit on Tor, a privacy network, but struggle when traffic patterns differ between training and real-world scenarios. This research presents UDA-WF, a new method using unsupervised domain adaptation (a machine learning technique that helps models work across different data distributions) to identify websites more efficiently with less training data. UDA-WF reduces the auxiliary data needed by 95% while maintaining 97.37% accuracy.