The American critic argues that the 2025 U.S.National Security Strategy,with its isolationist and confrontational approach towards allies and China,is a desperate fiction that undermines genuine American prosperity an...The American critic argues that the 2025 U.S.National Security Strategy,with its isolationist and confrontational approach towards allies and China,is a desperate fiction that undermines genuine American prosperity and security.展开更多
The increasing interconnection of modern industrial control systems(ICSs)with the Internet has enhanced operational efficiency,but alsomade these systemsmore vulnerable to cyberattacks.This heightened exposure has dri...The increasing interconnection of modern industrial control systems(ICSs)with the Internet has enhanced operational efficiency,but alsomade these systemsmore vulnerable to cyberattacks.This heightened exposure has driven a growing need for robust ICS security measures.Among the key defences,intrusion detection technology is critical in identifying threats to ICS networks.This paper provides an overview of the distinctive characteristics of ICS network security,highlighting standard attack methods.It then examines various intrusion detection methods,including those based on misuse detection,anomaly detection,machine learning,and specialised requirements.This paper concludes by exploring future directions for developing intrusion detection systems to advance research and ensure the continued security and reliability of ICS operations.展开更多
Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share ...Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share over security,leading to insecure smart products.Traditional host-based protection solutions are less effective due to limited resources.Overcoming these challenges and enhancing the security of IoT Devices requires a security design at the network level that uses lightweight cryptographic parameters.In order to handle control,administration,and security concerns in traditional networking,the Gateway Node offers a contemporary networking architecture.By managing all network-level computations and complexity,the Gateway Node relieves IoT devices of these responsibilities.In this study,we introduce a novel privacy-preserving security architecture for gateway-node smart homes.Subsequently,we develop Smart Homes,An Efficient,Anonymous,and Robust Authentication Scheme(EARAS)based on the foundational principles of this security architecture.Furthermore,we formally examine the security characteristics of our suggested protocol that makes use of methodology such as ProVerif,supplemented by an informal analysis of security.Lastly,we conduct performance evaluations and comparative analyses to assess the efficacy of our scheme.Performance analysis shows that EARAS achieves up to 30%to 54%more efficient than most protocols and lower computation cost compared to Banerjee et al.’s scheme,and significantly reduces communication overhead compared to other recent protocols,while ensuring comprehensive security.Our objective is to provide robust security measures for smart homes while addressing resource constraints and preserving user privacy.展开更多
Malnutrition remains a significant global challenge,particularly in developing countries.Policymakers have increasingly focused on improving household food security and nutrition through farm production diversity(FPD)...Malnutrition remains a significant global challenge,particularly in developing countries.Policymakers have increasingly focused on improving household food security and nutrition through farm production diversity(FPD).While research indicates that FPD correlates positively with reduced malnutrition,other studies emphasize the importance of market access for improved nutritional outcomes.However,this evidence varies by region and remains inconsistent.To address this knowledge gap,this study analyzed survey data from 450 smallholder farmers in Punjab,Pakistan,using regression models to examine the relationship between FPD and dietary diversity,as well as the underlying impact pathways.The findings demonstrate that FPD significantly correlates with increased household dietary diversity score(HDDS).FPD influences dietary diversification through both own-farm production and market food consumption pathways,with the ownfarm production pathway showing greater impact.The increase in food expenditure through own-farm production yielded a marginal return of 8% in household dietary diversity compared to 5.3% through marketing.Gender differences emerged as significant,with male-headed households showing relatively lower dietary diversity.These findings have substantial implications for countries with smallholder farming systems,providing valuable insights for the formation of agricultural policies,resource optimization,and rural development initiatives.展开更多
Andrew Wangota,a 48-year-old Ugandan farmer,has been using agrivoltaics technology,a solar technology that uses agricultural land for both food production and solar power generation,on his farm in Bunashimolo Parish,B...Andrew Wangota,a 48-year-old Ugandan farmer,has been using agrivoltaics technology,a solar technology that uses agricultural land for both food production and solar power generation,on his farm in Bunashimolo Parish,Bukyiende Subcounty in Uganda where he has been cultivating plantain,coffee and Irish potatoes for the past 16 years.展开更多
Purpose-Amidst an increasingly severe cybersecurity landscape,the widespread adoption of Xinchuang endpoints has become a strategic imperative.Governments and enterprises have established terminal localization as a cr...Purpose-Amidst an increasingly severe cybersecurity landscape,the widespread adoption of Xinchuang endpoints has become a strategic imperative.Governments and enterprises have established terminal localization as a critical objective,aiming for comprehensive indigenous replacement through rapid technological iteration.Consequently,Xinchuang systems and Windows platforms are expected to coexist over an extended period.This study seeks to establish an automated verification framework for multi-version operating systems and validate the efficacy of baseline hardening in mitigating security risks.Design/methodology/approach-Based on the Classified Protection 2.0 framework and relevant national standards for endpoint security,this study proposes an endpoint security baseline verification scheme applicable to multiple operating systems.The scheme addresses divergent security policies and implementation methodologies across heterogeneous environments.It automates the inspection of core baselines,including account password complexity,default shared service status and patch installation status.Furthermore,a comprehensive scoring model is established by incorporating differentiated weights for account security,patch management and log auditing,ultimately generating visualized risk reports to facilitate remediation prioritization.Findings-This study reveals that baseline configuration serves as the fundamental prerequisite in endpoint security practices.Through a scalable detection engine and quantitative scoring model,the system can promptly identify and remediate potential risks,thereby reducing the attack surface and mitigating intrusion risks.However,on certain domestic chip architectures,compatibility issues persist in detecting specific configuration items.Further improvement in hardware-software co-adaptation for domestic platforms is required to advance the development of localized security protection systems.Originality/value-Through in-depth research on security baseline configurations across multiple operating systems,this study implements an automated and visualized baseline verification methodology.This approach significantly strengthens the security posture of domestic operating systems and supports the establishment of a more robust,national-level cybersecurity defense framework.展开更多
Fault-tolerant systems are crucial for ensuring the reliability and availability of missioncritical applications in modern computing environments.The dynamic heterogeneous redundancy(DHR)architecture is a key componen...Fault-tolerant systems are crucial for ensuring the reliability and availability of missioncritical applications in modern computing environments.The dynamic heterogeneous redundancy(DHR)architecture is a key component in constructing fault-tolerant systems,particularly in areas such as national security,power networks,and banking private networks.DHR is transforming the cyberspace security industry chain by accommodating a broader range of applications and increasingly capturing the market.However,the development of applications for DHR architecture encounters challenges due to the complexities of handling heterogeneity,managing dynamism,and maintaining usability.To address these issues,we introduce MimicStudio,a comprehensive development framework with a standardized workflow.To our knowledge,MimicStudio is the first effective solution for DHR software development.We present a detailed implementation of MimicStudio with a heterogeneous microcontroller unit project,encompassing three CPUs with different instruction set architectures.The paper evaluates MimicStudio’s support for essential features,including zero-copy synchronization,parallelized build,multi-core collaborative debugging,and dynamic adjustment of the software system’s structure.Our results show that MimicStudio provides a flexible and efficient solution for supporting the dynamic,heterogeneous,and redundant features of fault-tolerant systems.展开更多
The Financial Technology(FinTech)sector has witnessed rapid growth,resulting in increasingly complex and high-volume digital transactions.Although this expansion improves efficiency and accessibility,it also introduce...The Financial Technology(FinTech)sector has witnessed rapid growth,resulting in increasingly complex and high-volume digital transactions.Although this expansion improves efficiency and accessibility,it also introduces significant vulnerabilities,including fraud,money laundering,and market manipulation.Traditional anomaly detection techniques often fail to capture the relational and dynamic characteristics of financial data.Graph Neural Networks(GNNs),capable of modeling intricate interdependencies among entities,have emerged as a powerful framework for detecting subtle and sophisticated anomalies.However,the high-dimensionality and inherent noise of FinTech datasets demand robust feature selection strategies to improve model scalability,performance,and interpretability.This paper presents a comprehensive survey of GNN-based approaches for anomaly detection in FinTech,with an emphasis on the synergistic role of feature selection.We examine the theoretical foundations of GNNs,review state-of-the-art feature selection techniques,analyze their integration with GNNs,and categorize prevalent anomaly types in FinTech applications.In addition,we discuss practical implementation challenges,highlight representative case studies,and propose future research directions to advance the field of graph-based anomaly detection in financial systems.展开更多
The great northern wilderness,known as Beidahuang in Chinese,refers to the extreme,northeastern region of China.After the founding of the People's Republic of China,hundreds of thousands of youngsters were sent to...The great northern wilderness,known as Beidahuang in Chinese,refers to the extreme,northeastern region of China.After the founding of the People's Republic of China,hundreds of thousands of youngsters were sent to the region to help the nascent nation ensure food security,and modernize its agricultural production.展开更多
The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement proto...The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement protocols have been developed,current approaches are constrained by homogeneous cryptosystem frameworks,namely public key infrastructure(PKI),identity-based cryptography(IBC),or certificateless cryptography(CLC),each presenting limitations in client-server architectures.Specifically,PKI incurs certificate management overhead,IBC introduces key escrow risks,and CLC encounters cross-system interoperability challenges.To overcome these shortcomings,this study introduces a heterogeneous signcryption-based authentication and key agreement protocol that synergistically integrates IBC for client operations(eliminating PKI’s certificate dependency)with CLC for server implementation(mitigating IBC’s key escrow issue while preserving efficiency).Rigorous security analysis under the mBR(modified Bellare-Rogaway)model confirms the protocol’s resistance to adaptive chosen-ciphertext attacks.Quantitative comparisons demonstrate that the proposed protocol achieves 10.08%–71.34%lower communication overhead than existing schemes across multiple security levels(80-,112-,and 128-bit)compared to existing protocols.展开更多
Industrial Cyber-Physical Systems(ICPSs)play a vital role in modern industries by providing an intellectual foundation for automated operations.With the increasing integration of information-driven processes,ensuring ...Industrial Cyber-Physical Systems(ICPSs)play a vital role in modern industries by providing an intellectual foundation for automated operations.With the increasing integration of information-driven processes,ensuring the security of Industrial Control Production Systems(ICPSs)has become a critical challenge.These systems are highly vulnerable to attacks such as denial-of-service(DoS),eclipse,and Sybil attacks,which can significantly disrupt industrial operations.This work proposes an effective protection strategy using an Artificial Intelligence(AI)-enabled Smart Contract(SC)framework combined with the Heterogeneous Barzilai-Borwein Support Vector(HBBSV)method for industrial-based CPS environments.The approach reduces run time and minimizes the probability of attacks.Initially,secured ICPSs are achieved through a comprehensive exchange of views on production plant strategies for condition monitoring using SC and blockchain(BC)integrated within a BC network.The SC executes the HBBSV strategy to verify the security consensus.The Barzilai-Borwein Support Vectorized algorithm computes abnormal attack occurrence probabilities to ensure that components operate within acceptable production line conditions.When a component remains within these conditions,no security breach occurs.Conversely,if a component does not satisfy the condition boundaries,a security lapse is detected,and those components are isolated.The HBBSV method thus strengthens protection against DoS,eclipse,and Sybil attacks.Experimental results demonstrate that the proposed HBBSV approach significantly improves security by enhancing authentication accuracy while reducing run time and authentication time compared to existing techniques.展开更多
The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreser...The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreserving computation.Classical MPC relies on cryptographic techniques such as homomorphic encryption,secret sharing,and oblivious transfer,which may become vulnerable in the post-quantum era due to the computational power of quantum adversaries.This study presents a review of 140 peer-reviewed articles published between 2000 and 2025 that used different databases like MDPI,IEEE Explore,Springer,and Elsevier,examining the applications,types,and security issues with the solution of Quantum computing in different fields.This review explores the impact of quantum computing on MPC security,assesses emerging quantum-resistant MPC protocols,and examines hybrid classicalquantum approaches aimed at mitigating quantum threats.We analyze the role of Quantum Key Distribution(QKD),post-quantum cryptography(PQC),and quantum homomorphic encryption in securing multiparty computations.Additionally,we discuss the challenges of scalability,computational efficiency,and practical deployment of quantumsecure MPC frameworks in real-world applications such as privacy-preserving AI,secure blockchain transactions,and confidential data analysis.This review provides insights into the future research directions and open challenges in ensuring secure,scalable,and quantum-resistant multiparty computation.展开更多
Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic to...Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic topology,and open wireless channels.Existing security protocols for Mobile Ad-Hoc Networks(MANETs)cannot be directly applied to FANETs,as FANETs require lightweight,high real-time performance,and strong anonymity.The current FANETs security protocol cannot simultaneously meet the requirements of strong anonymity,high security,and low overhead in high dynamic and resource-constrained scenarios.To address these challenges,this paper proposes an Anonymous Authentication and Key Exchange Protocol(AAKE-OWA)for UAVs in FANETs based on OneWay Accumulators(OWA).During the UAV registration phase,the Key Management Center(KMC)generates an identity ticket for each UAV using OWA and transmits it securely to the UAV’s on-board tamper-proof module.In the key exchange phase,UAVs generate temporary authentication tickets with random numbers and compute the same session key leveraging the quasi-commutativity of OWA.For mutual anonymous authentication,UAVs encrypt random numbers with the session key and verify identities by comparing computed values with authentication values.Formal analysis using the Scyther tool confirms that the protocol resists identity spoofing,man-in-the-middle,and replay attacks.Through Burrows Abadi Needham(BAN)logic proof,it achieves mutual anonymity,prevents simulation and physical capture attacks,and ensures secure connectivity of 1.Experimental comparisons with existing protocols prove that the AAKE-OWA protocol has lower computational overhead,communication overhead,and storage overhead,making it more suitable for resource-constrained FANET scenarios.Performance comparison experiments show that,compared with other schemes,this scheme only requires 8 one-way accumulator operations and 4 symmetric encryption/decryption operations,with a total computational overhead as low as 2.3504 ms,a communication overhead of merely 1216 bits,and a storage overhead of 768 bits.We have achieved a reduction in computational costs from 6.3%to 90.3%,communication costs from 5.0%to 69.1%,and overall storage costs from 33%to 68%compared to existing solutions.It can meet the performance requirements of lightweight,real-time,and anonymity for unmanned aerial vehicles(UAVs)networks.展开更多
The increased connectivity and reliance on digital technologies have exposed smart transportation systems to various cyber threats,making intrusion detection a critical aspect of ensuring their secure operation.Tradit...The increased connectivity and reliance on digital technologies have exposed smart transportation systems to various cyber threats,making intrusion detection a critical aspect of ensuring their secure operation.Traditional intrusion detection systems have limitations in terms of centralized architecture,lack of transparency,and vulnerability to single points of failure.This is where the integration of blockchain technology with signature-based intrusion detection can provide a robust and decentralized solution for securing smart transportation systems.This study tackles the issue of database manipulation attacks in smart transportation networks by proposing a signaturebased intrusion detection system.The introduced signature facilitates accurate detection and systematic classification of attacks,enabling categorization according to their severity levels within the transportation infrastructure.Through comparative analysis,the research demonstrates that the blockchain-based IDS outperforms traditional approaches in terms of security,resilience,and data integrity.展开更多
This paper presents an intelligent patrol and security robot integrating 2D LiDAR and RGB-D vision sensors to achieve semantic simultaneous localization and mapping(SLAM),real-time object recognition,and dynamic obsta...This paper presents an intelligent patrol and security robot integrating 2D LiDAR and RGB-D vision sensors to achieve semantic simultaneous localization and mapping(SLAM),real-time object recognition,and dynamic obstacle avoidance.The system employs the YOLOv7 deep-learning framework for semantic detection and SLAM for localization and mapping,fusing geometric and visual data to build a high-fidelity 2D semantic map.This map enables the robot to identify and project object information for improved situational awareness.Experimental results show that object recognition reached 95.4%mAP@0.5.Semantic completeness increased from 68.7%(single view)to 94.1%(multi-view)with an average position error of 3.1 cm.During navigation,the robot achieved 98.0%reliability,avoided moving obstacles in 90.0%of encounters,and replanned paths in 0.42 s on average.The integration of LiDAR-based SLAMwith deep-learning–driven semantic perception establishes a robust foundation for intelligent,adaptive,and safe robotic navigation in dynamic environments.展开更多
Although Named Entity Recognition(NER)in cybersecurity has historically concentrated on threat intelligence,vital security data can be found in a variety of sources,such as open-source intelligence and unprocessed too...Although Named Entity Recognition(NER)in cybersecurity has historically concentrated on threat intelligence,vital security data can be found in a variety of sources,such as open-source intelligence and unprocessed tool outputs.When dealing with technical language,the coexistence of structured and unstructured data poses serious issues for traditional BERT-based techniques.We introduce a three-phase approach for improved NER inmulti-source cybersecurity data that makes use of large language models(LLMs).To ensure thorough entity coverage,our method starts with an identification module that uses dynamic prompting techniques.To lessen hallucinations,the extraction module uses confidence-based self-assessment and cross-checking using regex validation.The tagging module links to knowledge bases for contextual validation and uses SecureBERT in conjunction with conditional random fields to detect entity boundaries precisely.Our framework creates efficient natural language segments by utilizing decoderbased LLMs with 10B parameters.When compared to baseline SecureBERT implementations,evaluation across four cybersecurity data sources shows notable gains,with a 9.4%–25.21%greater recall and a 6.38%–17.3%better F1-score.Our refined model matches larger models and achieves 2.6%–4.9%better F1-score for technical phrase recognition than the state-of-the-art alternatives Claude 3.5 Sonnet,Llama3-8B,and Mixtral-7B.The three-stage architecture identification-extraction-tagging pipeline tackles important cybersecurity NER issues.Through effective architectures,these developments preserve deployability while setting a new standard for entity extraction in challenging security scenarios.The findings show how specific enhancements in hybrid recognition,validation procedures,and prompt engineering raise NER performance above monolithic LLM approaches in cybersecurity applications,especially for technical entity extraction fromheterogeneous sourceswhere conventional techniques fall short.Because of itsmodular nature,the framework can be upgraded at the component level as new methods are developed.展开更多
The Double Take column looks at a single topic from an African and Chinese perspective.This month,we discuss how to understand the growing emphasis on emotional returns among young people.Emotional value has emerged a...The Double Take column looks at a single topic from an African and Chinese perspective.This month,we discuss how to understand the growing emphasis on emotional returns among young people.Emotional value has emerged as a central force shaping youth decision-making across work,consumption,relationships and lifestyle choices.Unlike traditional economic rationality that prioritises income and material security,emotional value focuses on how choices make individuals feel and how they align with personal meaning.This shift is particularly evident in rapidly transforming societies such as China and Ghana,where economic restructuring,globalisation and social change have reshaped pathways to adulthood.展开更多
With the large-scale deployment of the Internet ofThings(IoT)devices,their weak securitymechanisms make them prime targets for malware attacks.Attackers often use Domain Generation Algorithm(DGA)to generate random dom...With the large-scale deployment of the Internet ofThings(IoT)devices,their weak securitymechanisms make them prime targets for malware attacks.Attackers often use Domain Generation Algorithm(DGA)to generate random domain names,hiding the real IP of Command and Control(C&C)servers to build botnets.Due to the randomness and dynamics of DGA,traditional methods struggle to detect them accurately,increasing the difficulty of network defense.This paper proposes a lightweight DGA detection model based on knowledge distillation for resource-constrained IoT environments.Specifically,a teacher model combining CharacterBERT,a bidirectional long short-term memory(BiLSTM)network,and attention mechanism(ATT)is constructed:it extracts character-level semantic features viaCharacterBERT,captures sequence dependencieswith the BiLSTM,and integrates theATT for key feature weighting,formingmulti-granularity feature fusion.An improved knowledge distillation approach transfers the teacher model’s learned knowledge to the simplified DistilBERT student model.Experimental results show the teacher model achieves 98.68%detection accuracy.The student modelmaintains slightly improved accuracy while significantly compressing parameters to approximately 38.4%of the teacher model’s scale,greatly reducing computational overhead for IoT deployment.展开更多
As containerized environments become increasingly prevalent in cloud-native infrastructures,the need for effective monitoring and detection of malicious behaviors has become critical.Malicious containers pose signific...As containerized environments become increasingly prevalent in cloud-native infrastructures,the need for effective monitoring and detection of malicious behaviors has become critical.Malicious containers pose significant risks by exploiting shared host resources,enabling privilege escalation,or launching large-scale attacks such as cryptomining and botnet activities.Therefore,developing accurate and efficient detection mechanisms is essential for ensuring the security and stability of containerized systems.To this end,we propose a hybrid detection framework that leverages the extended Berkeley Packet Filter(eBPF)to monitor container activities directly within the Linux kernel.The framework simultaneously collects flow-based network metadata and host-based system-call traces,transforms them into machine-learning features,and applies multi-class classification models to distinguish malicious containers from benign ones.Using six malicious and four benign container scenarios,our evaluation shows that runtime detection is feasible with high accuracy:flow-based detection achieved 87.49%,while host-based detection using system-call sequences reached 98.39%.The performance difference is largely due to similar communication patterns exhibited by certain malware families which limit the discriminative power of flow-level features.Host-level monitoring,by contrast,exposes fine-grained behavioral characteristics,such as file-system access patterns,persistence mechanisms,and resource-management calls that do not appear in network metadata.Our results further demonstrate that both monitoring modality and preprocessing strategy directly influence model performance.More importantly,combining flow-based and host-based telemetry in a complementary hybrid approach resolves classification ambiguities that arise when relying on a single data source.These findings underscore the potential of eBPF-based hybrid analysis for achieving accurate,low-overhead,and behavior-aware runtime security in containerized environments,and they establish a practical foundation for developing adaptive and scalable detection mechanisms in modern cloud systems.展开更多
Distributed Denial-of-Service(DDoS)attacks pose severe threats to Industrial Control Networks(ICNs),where service disruption can cause significant economic losses and operational risks.Existing signature-based methods...Distributed Denial-of-Service(DDoS)attacks pose severe threats to Industrial Control Networks(ICNs),where service disruption can cause significant economic losses and operational risks.Existing signature-based methods are ineffective against novel attacks,and traditional machine learning models struggle to capture the complex temporal dependencies and dynamic traffic patterns inherent in ICN environments.To address these challenges,this study proposes a deep feature-driven hybrid framework that integrates Transformer,BiLSTM,and KNN to achieve accurate and robust DDoS detection.The Transformer component extracts global temporal dependencies from network traffic flows,while BiLSTM captures fine-grained sequential dynamics.The learned embeddings are then classified using an instance-based KNN layer,enhancing decision boundary precision.This cascaded architecture balances feature abstraction and locality preservation,improving both generalization and robustness.The proposed approach was evaluated on a newly collected real-time ICN traffic dataset and further validated using the public CIC-IDS2017 and Edge-IIoT datasets to demonstrate generalization.Comprehensive metrics including accuracy,precision,recall,F1-score,ROC-AUC,PR-AUC,false positive rate(FPR),and detection latency were employed.Results show that the hybrid framework achieves 98.42%accuracy with an ROC-AUC of 0.992 and FPR below 1%,outperforming baseline machine learning and deep learning models.Robustness experiments under Gaussian noise perturbations confirmed stable performance with less than 2%accuracy degradation.Moreover,detection latency remained below 2.1 ms per sample,indicating suitability for real-time ICS deployment.In summary,the proposed hybrid temporal learning and instance-based classification model offers a scalable and effective solution for DDoS detection in industrial control environments.By combining global contextual modeling,sequential learning,and instance-based refinement,the framework demonstrates strong adaptability across datasets and resilience against noise,providing practical utility for safeguarding critical infrastructure.展开更多
文摘The American critic argues that the 2025 U.S.National Security Strategy,with its isolationist and confrontational approach towards allies and China,is a desperate fiction that undermines genuine American prosperity and security.
文摘The increasing interconnection of modern industrial control systems(ICSs)with the Internet has enhanced operational efficiency,but alsomade these systemsmore vulnerable to cyberattacks.This heightened exposure has driven a growing need for robust ICS security measures.Among the key defences,intrusion detection technology is critical in identifying threats to ICS networks.This paper provides an overview of the distinctive characteristics of ICS network security,highlighting standard attack methods.It then examines various intrusion detection methods,including those based on misuse detection,anomaly detection,machine learning,and specialised requirements.This paper concludes by exploring future directions for developing intrusion detection systems to advance research and ensure the continued security and reliability of ICS operations.
基金Deanship of Graduate Studies and Scientific Research at Qassim University for financial support(QU-APC-2025).
文摘Cyber-criminals target smart connected devices for spyware distribution and security breaches,but existing Internet of Things(IoT)security standards are insufficient.Major IoT industry players prioritize market share over security,leading to insecure smart products.Traditional host-based protection solutions are less effective due to limited resources.Overcoming these challenges and enhancing the security of IoT Devices requires a security design at the network level that uses lightweight cryptographic parameters.In order to handle control,administration,and security concerns in traditional networking,the Gateway Node offers a contemporary networking architecture.By managing all network-level computations and complexity,the Gateway Node relieves IoT devices of these responsibilities.In this study,we introduce a novel privacy-preserving security architecture for gateway-node smart homes.Subsequently,we develop Smart Homes,An Efficient,Anonymous,and Robust Authentication Scheme(EARAS)based on the foundational principles of this security architecture.Furthermore,we formally examine the security characteristics of our suggested protocol that makes use of methodology such as ProVerif,supplemented by an informal analysis of security.Lastly,we conduct performance evaluations and comparative analyses to assess the efficacy of our scheme.Performance analysis shows that EARAS achieves up to 30%to 54%more efficient than most protocols and lower computation cost compared to Banerjee et al.’s scheme,and significantly reduces communication overhead compared to other recent protocols,while ensuring comprehensive security.Our objective is to provide robust security measures for smart homes while addressing resource constraints and preserving user privacy.
基金appreciation to the National Natural Science Foundation of China(72071074)Natural Science Foundation of Hunan Province,China(2025JJ30031)for their financial support。
文摘Malnutrition remains a significant global challenge,particularly in developing countries.Policymakers have increasingly focused on improving household food security and nutrition through farm production diversity(FPD).While research indicates that FPD correlates positively with reduced malnutrition,other studies emphasize the importance of market access for improved nutritional outcomes.However,this evidence varies by region and remains inconsistent.To address this knowledge gap,this study analyzed survey data from 450 smallholder farmers in Punjab,Pakistan,using regression models to examine the relationship between FPD and dietary diversity,as well as the underlying impact pathways.The findings demonstrate that FPD significantly correlates with increased household dietary diversity score(HDDS).FPD influences dietary diversification through both own-farm production and market food consumption pathways,with the ownfarm production pathway showing greater impact.The increase in food expenditure through own-farm production yielded a marginal return of 8% in household dietary diversity compared to 5.3% through marketing.Gender differences emerged as significant,with male-headed households showing relatively lower dietary diversity.These findings have substantial implications for countries with smallholder farming systems,providing valuable insights for the formation of agricultural policies,resource optimization,and rural development initiatives.
文摘Andrew Wangota,a 48-year-old Ugandan farmer,has been using agrivoltaics technology,a solar technology that uses agricultural land for both food production and solar power generation,on his farm in Bunashimolo Parish,Bukyiende Subcounty in Uganda where he has been cultivating plantain,coffee and Irish potatoes for the past 16 years.
基金supported by scientific research projects of China Academy of Railway Sciences Co.,Ltd.(grant no.2024YJ117).
文摘Purpose-Amidst an increasingly severe cybersecurity landscape,the widespread adoption of Xinchuang endpoints has become a strategic imperative.Governments and enterprises have established terminal localization as a critical objective,aiming for comprehensive indigenous replacement through rapid technological iteration.Consequently,Xinchuang systems and Windows platforms are expected to coexist over an extended period.This study seeks to establish an automated verification framework for multi-version operating systems and validate the efficacy of baseline hardening in mitigating security risks.Design/methodology/approach-Based on the Classified Protection 2.0 framework and relevant national standards for endpoint security,this study proposes an endpoint security baseline verification scheme applicable to multiple operating systems.The scheme addresses divergent security policies and implementation methodologies across heterogeneous environments.It automates the inspection of core baselines,including account password complexity,default shared service status and patch installation status.Furthermore,a comprehensive scoring model is established by incorporating differentiated weights for account security,patch management and log auditing,ultimately generating visualized risk reports to facilitate remediation prioritization.Findings-This study reveals that baseline configuration serves as the fundamental prerequisite in endpoint security practices.Through a scalable detection engine and quantitative scoring model,the system can promptly identify and remediate potential risks,thereby reducing the attack surface and mitigating intrusion risks.However,on certain domestic chip architectures,compatibility issues persist in detecting specific configuration items.Further improvement in hardware-software co-adaptation for domestic platforms is required to advance the development of localized security protection systems.Originality/value-Through in-depth research on security baseline configurations across multiple operating systems,this study implements an automated and visualized baseline verification methodology.This approach significantly strengthens the security posture of domestic operating systems and supports the establishment of a more robust,national-level cybersecurity defense framework.
基金supported by National Key Research and Development Program of China(No.2023YFB 4404200).
文摘Fault-tolerant systems are crucial for ensuring the reliability and availability of missioncritical applications in modern computing environments.The dynamic heterogeneous redundancy(DHR)architecture is a key component in constructing fault-tolerant systems,particularly in areas such as national security,power networks,and banking private networks.DHR is transforming the cyberspace security industry chain by accommodating a broader range of applications and increasingly capturing the market.However,the development of applications for DHR architecture encounters challenges due to the complexities of handling heterogeneity,managing dynamism,and maintaining usability.To address these issues,we introduce MimicStudio,a comprehensive development framework with a standardized workflow.To our knowledge,MimicStudio is the first effective solution for DHR software development.We present a detailed implementation of MimicStudio with a heterogeneous microcontroller unit project,encompassing three CPUs with different instruction set architectures.The paper evaluates MimicStudio’s support for essential features,including zero-copy synchronization,parallelized build,multi-core collaborative debugging,and dynamic adjustment of the software system’s structure.Our results show that MimicStudio provides a flexible and efficient solution for supporting the dynamic,heterogeneous,and redundant features of fault-tolerant systems.
基金supported by Ho Chi Minh City Open University,Vietnam under grant number E2024.02.1CD and Suan Sunandha Rajabhat University,Thailand.
文摘The Financial Technology(FinTech)sector has witnessed rapid growth,resulting in increasingly complex and high-volume digital transactions.Although this expansion improves efficiency and accessibility,it also introduces significant vulnerabilities,including fraud,money laundering,and market manipulation.Traditional anomaly detection techniques often fail to capture the relational and dynamic characteristics of financial data.Graph Neural Networks(GNNs),capable of modeling intricate interdependencies among entities,have emerged as a powerful framework for detecting subtle and sophisticated anomalies.However,the high-dimensionality and inherent noise of FinTech datasets demand robust feature selection strategies to improve model scalability,performance,and interpretability.This paper presents a comprehensive survey of GNN-based approaches for anomaly detection in FinTech,with an emphasis on the synergistic role of feature selection.We examine the theoretical foundations of GNNs,review state-of-the-art feature selection techniques,analyze their integration with GNNs,and categorize prevalent anomaly types in FinTech applications.In addition,we discuss practical implementation challenges,highlight representative case studies,and propose future research directions to advance the field of graph-based anomaly detection in financial systems.
文摘The great northern wilderness,known as Beidahuang in Chinese,refers to the extreme,northeastern region of China.After the founding of the People's Republic of China,hundreds of thousands of youngsters were sent to the region to help the nascent nation ensure food security,and modernize its agricultural production.
基金supported by the Key Project of Science and Technology Research by Chongqing Education Commission under Grant KJZD-K202400610the Chongqing Natural Science Foundation General Project Grant CSTB2025NSCQ-GPX1263.
文摘The ubiquitous adoption of mobile devices as essential platforms for sensitive data transmission has heightened the demand for secure client-server communication.Although various authentication and key agreement protocols have been developed,current approaches are constrained by homogeneous cryptosystem frameworks,namely public key infrastructure(PKI),identity-based cryptography(IBC),or certificateless cryptography(CLC),each presenting limitations in client-server architectures.Specifically,PKI incurs certificate management overhead,IBC introduces key escrow risks,and CLC encounters cross-system interoperability challenges.To overcome these shortcomings,this study introduces a heterogeneous signcryption-based authentication and key agreement protocol that synergistically integrates IBC for client operations(eliminating PKI’s certificate dependency)with CLC for server implementation(mitigating IBC’s key escrow issue while preserving efficiency).Rigorous security analysis under the mBR(modified Bellare-Rogaway)model confirms the protocol’s resistance to adaptive chosen-ciphertext attacks.Quantitative comparisons demonstrate that the proposed protocol achieves 10.08%–71.34%lower communication overhead than existing schemes across multiple security levels(80-,112-,and 128-bit)compared to existing protocols.
文摘Industrial Cyber-Physical Systems(ICPSs)play a vital role in modern industries by providing an intellectual foundation for automated operations.With the increasing integration of information-driven processes,ensuring the security of Industrial Control Production Systems(ICPSs)has become a critical challenge.These systems are highly vulnerable to attacks such as denial-of-service(DoS),eclipse,and Sybil attacks,which can significantly disrupt industrial operations.This work proposes an effective protection strategy using an Artificial Intelligence(AI)-enabled Smart Contract(SC)framework combined with the Heterogeneous Barzilai-Borwein Support Vector(HBBSV)method for industrial-based CPS environments.The approach reduces run time and minimizes the probability of attacks.Initially,secured ICPSs are achieved through a comprehensive exchange of views on production plant strategies for condition monitoring using SC and blockchain(BC)integrated within a BC network.The SC executes the HBBSV strategy to verify the security consensus.The Barzilai-Borwein Support Vectorized algorithm computes abnormal attack occurrence probabilities to ensure that components operate within acceptable production line conditions.When a component remains within these conditions,no security breach occurs.Conversely,if a component does not satisfy the condition boundaries,a security lapse is detected,and those components are isolated.The HBBSV method thus strengthens protection against DoS,eclipse,and Sybil attacks.Experimental results demonstrate that the proposed HBBSV approach significantly improves security by enhancing authentication accuracy while reducing run time and authentication time compared to existing techniques.
文摘The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreserving computation.Classical MPC relies on cryptographic techniques such as homomorphic encryption,secret sharing,and oblivious transfer,which may become vulnerable in the post-quantum era due to the computational power of quantum adversaries.This study presents a review of 140 peer-reviewed articles published between 2000 and 2025 that used different databases like MDPI,IEEE Explore,Springer,and Elsevier,examining the applications,types,and security issues with the solution of Quantum computing in different fields.This review explores the impact of quantum computing on MPC security,assesses emerging quantum-resistant MPC protocols,and examines hybrid classicalquantum approaches aimed at mitigating quantum threats.We analyze the role of Quantum Key Distribution(QKD),post-quantum cryptography(PQC),and quantum homomorphic encryption in securing multiparty computations.Additionally,we discuss the challenges of scalability,computational efficiency,and practical deployment of quantumsecure MPC frameworks in real-world applications such as privacy-preserving AI,secure blockchain transactions,and confidential data analysis.This review provides insights into the future research directions and open challenges in ensuring secure,scalable,and quantum-resistant multiparty computation.
基金supported in part by National Natural Science Foundation of China(under Grant 61902163)the Jiangsu“Qing Lan Project”,Natural Science Foundation of the Jiangsu Higher Education Institutions of China(Major Research Project:23KJA520007)Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX25_1303).
文摘Unmanned Aerial Vehicles(UAVs)in Flying Ad-Hoc Networks(FANETs)are widely used in both civilian and military fields,but they face severe security,trust,and privacy vulnerabilities due to their high mobility,dynamic topology,and open wireless channels.Existing security protocols for Mobile Ad-Hoc Networks(MANETs)cannot be directly applied to FANETs,as FANETs require lightweight,high real-time performance,and strong anonymity.The current FANETs security protocol cannot simultaneously meet the requirements of strong anonymity,high security,and low overhead in high dynamic and resource-constrained scenarios.To address these challenges,this paper proposes an Anonymous Authentication and Key Exchange Protocol(AAKE-OWA)for UAVs in FANETs based on OneWay Accumulators(OWA).During the UAV registration phase,the Key Management Center(KMC)generates an identity ticket for each UAV using OWA and transmits it securely to the UAV’s on-board tamper-proof module.In the key exchange phase,UAVs generate temporary authentication tickets with random numbers and compute the same session key leveraging the quasi-commutativity of OWA.For mutual anonymous authentication,UAVs encrypt random numbers with the session key and verify identities by comparing computed values with authentication values.Formal analysis using the Scyther tool confirms that the protocol resists identity spoofing,man-in-the-middle,and replay attacks.Through Burrows Abadi Needham(BAN)logic proof,it achieves mutual anonymity,prevents simulation and physical capture attacks,and ensures secure connectivity of 1.Experimental comparisons with existing protocols prove that the AAKE-OWA protocol has lower computational overhead,communication overhead,and storage overhead,making it more suitable for resource-constrained FANET scenarios.Performance comparison experiments show that,compared with other schemes,this scheme only requires 8 one-way accumulator operations and 4 symmetric encryption/decryption operations,with a total computational overhead as low as 2.3504 ms,a communication overhead of merely 1216 bits,and a storage overhead of 768 bits.We have achieved a reduction in computational costs from 6.3%to 90.3%,communication costs from 5.0%to 69.1%,and overall storage costs from 33%to 68%compared to existing solutions.It can meet the performance requirements of lightweight,real-time,and anonymity for unmanned aerial vehicles(UAVs)networks.
基金supported by the National Research Foundation(NRF),Republic of Korea,under project BK21 FOUR(4299990213939).
文摘The increased connectivity and reliance on digital technologies have exposed smart transportation systems to various cyber threats,making intrusion detection a critical aspect of ensuring their secure operation.Traditional intrusion detection systems have limitations in terms of centralized architecture,lack of transparency,and vulnerability to single points of failure.This is where the integration of blockchain technology with signature-based intrusion detection can provide a robust and decentralized solution for securing smart transportation systems.This study tackles the issue of database manipulation attacks in smart transportation networks by proposing a signaturebased intrusion detection system.The introduced signature facilitates accurate detection and systematic classification of attacks,enabling categorization according to their severity levels within the transportation infrastructure.Through comparative analysis,the research demonstrates that the blockchain-based IDS outperforms traditional approaches in terms of security,resilience,and data integrity.
基金supported by the National Science and Technology Council of under Grant NSTC 114-2221-E-130-007.
文摘This paper presents an intelligent patrol and security robot integrating 2D LiDAR and RGB-D vision sensors to achieve semantic simultaneous localization and mapping(SLAM),real-time object recognition,and dynamic obstacle avoidance.The system employs the YOLOv7 deep-learning framework for semantic detection and SLAM for localization and mapping,fusing geometric and visual data to build a high-fidelity 2D semantic map.This map enables the robot to identify and project object information for improved situational awareness.Experimental results show that object recognition reached 95.4%mAP@0.5.Semantic completeness increased from 68.7%(single view)to 94.1%(multi-view)with an average position error of 3.1 cm.During navigation,the robot achieved 98.0%reliability,avoided moving obstacles in 90.0%of encounters,and replanned paths in 0.42 s on average.The integration of LiDAR-based SLAMwith deep-learning–driven semantic perception establishes a robust foundation for intelligent,adaptive,and safe robotic navigation in dynamic environments.
文摘Although Named Entity Recognition(NER)in cybersecurity has historically concentrated on threat intelligence,vital security data can be found in a variety of sources,such as open-source intelligence and unprocessed tool outputs.When dealing with technical language,the coexistence of structured and unstructured data poses serious issues for traditional BERT-based techniques.We introduce a three-phase approach for improved NER inmulti-source cybersecurity data that makes use of large language models(LLMs).To ensure thorough entity coverage,our method starts with an identification module that uses dynamic prompting techniques.To lessen hallucinations,the extraction module uses confidence-based self-assessment and cross-checking using regex validation.The tagging module links to knowledge bases for contextual validation and uses SecureBERT in conjunction with conditional random fields to detect entity boundaries precisely.Our framework creates efficient natural language segments by utilizing decoderbased LLMs with 10B parameters.When compared to baseline SecureBERT implementations,evaluation across four cybersecurity data sources shows notable gains,with a 9.4%–25.21%greater recall and a 6.38%–17.3%better F1-score.Our refined model matches larger models and achieves 2.6%–4.9%better F1-score for technical phrase recognition than the state-of-the-art alternatives Claude 3.5 Sonnet,Llama3-8B,and Mixtral-7B.The three-stage architecture identification-extraction-tagging pipeline tackles important cybersecurity NER issues.Through effective architectures,these developments preserve deployability while setting a new standard for entity extraction in challenging security scenarios.The findings show how specific enhancements in hybrid recognition,validation procedures,and prompt engineering raise NER performance above monolithic LLM approaches in cybersecurity applications,especially for technical entity extraction fromheterogeneous sourceswhere conventional techniques fall short.Because of itsmodular nature,the framework can be upgraded at the component level as new methods are developed.
文摘The Double Take column looks at a single topic from an African and Chinese perspective.This month,we discuss how to understand the growing emphasis on emotional returns among young people.Emotional value has emerged as a central force shaping youth decision-making across work,consumption,relationships and lifestyle choices.Unlike traditional economic rationality that prioritises income and material security,emotional value focuses on how choices make individuals feel and how they align with personal meaning.This shift is particularly evident in rapidly transforming societies such as China and Ghana,where economic restructuring,globalisation and social change have reshaped pathways to adulthood.
基金supported by the following projects:National Natural Science Foundation of China(62461041)Natural Science Foundation of Jiangxi Province China(20242BAB25068).
文摘With the large-scale deployment of the Internet ofThings(IoT)devices,their weak securitymechanisms make them prime targets for malware attacks.Attackers often use Domain Generation Algorithm(DGA)to generate random domain names,hiding the real IP of Command and Control(C&C)servers to build botnets.Due to the randomness and dynamics of DGA,traditional methods struggle to detect them accurately,increasing the difficulty of network defense.This paper proposes a lightweight DGA detection model based on knowledge distillation for resource-constrained IoT environments.Specifically,a teacher model combining CharacterBERT,a bidirectional long short-term memory(BiLSTM)network,and attention mechanism(ATT)is constructed:it extracts character-level semantic features viaCharacterBERT,captures sequence dependencieswith the BiLSTM,and integrates theATT for key feature weighting,formingmulti-granularity feature fusion.An improved knowledge distillation approach transfers the teacher model’s learned knowledge to the simplified DistilBERT student model.Experimental results show the teacher model achieves 98.68%detection accuracy.The student modelmaintains slightly improved accuracy while significantly compressing parameters to approximately 38.4%of the teacher model’s scale,greatly reducing computational overhead for IoT deployment.
基金supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.RS-2024-00351898 and No.RS-2025-02263915)the MOTIE under Training Industrial Security Specialist forHigh-Tech Industry(RS-2024-00415520)supervised by theKorea Institute for Advancement of Technology(KIAT)+1 种基金the MSIT under the ICAN(ICT Challenge and Advanced Network of HRD)program(No.IITP-2022-RS-2022-00156310)supervised by the Institute of Information&Communication Technology Planning&Evaluation(IITP).
文摘As containerized environments become increasingly prevalent in cloud-native infrastructures,the need for effective monitoring and detection of malicious behaviors has become critical.Malicious containers pose significant risks by exploiting shared host resources,enabling privilege escalation,or launching large-scale attacks such as cryptomining and botnet activities.Therefore,developing accurate and efficient detection mechanisms is essential for ensuring the security and stability of containerized systems.To this end,we propose a hybrid detection framework that leverages the extended Berkeley Packet Filter(eBPF)to monitor container activities directly within the Linux kernel.The framework simultaneously collects flow-based network metadata and host-based system-call traces,transforms them into machine-learning features,and applies multi-class classification models to distinguish malicious containers from benign ones.Using six malicious and four benign container scenarios,our evaluation shows that runtime detection is feasible with high accuracy:flow-based detection achieved 87.49%,while host-based detection using system-call sequences reached 98.39%.The performance difference is largely due to similar communication patterns exhibited by certain malware families which limit the discriminative power of flow-level features.Host-level monitoring,by contrast,exposes fine-grained behavioral characteristics,such as file-system access patterns,persistence mechanisms,and resource-management calls that do not appear in network metadata.Our results further demonstrate that both monitoring modality and preprocessing strategy directly influence model performance.More importantly,combining flow-based and host-based telemetry in a complementary hybrid approach resolves classification ambiguities that arise when relying on a single data source.These findings underscore the potential of eBPF-based hybrid analysis for achieving accurate,low-overhead,and behavior-aware runtime security in containerized environments,and they establish a practical foundation for developing adaptive and scalable detection mechanisms in modern cloud systems.
基金supported by the Extral High Voltage Power Transmission Company,China Southern Power Grid Co.,Ltd.
文摘Distributed Denial-of-Service(DDoS)attacks pose severe threats to Industrial Control Networks(ICNs),where service disruption can cause significant economic losses and operational risks.Existing signature-based methods are ineffective against novel attacks,and traditional machine learning models struggle to capture the complex temporal dependencies and dynamic traffic patterns inherent in ICN environments.To address these challenges,this study proposes a deep feature-driven hybrid framework that integrates Transformer,BiLSTM,and KNN to achieve accurate and robust DDoS detection.The Transformer component extracts global temporal dependencies from network traffic flows,while BiLSTM captures fine-grained sequential dynamics.The learned embeddings are then classified using an instance-based KNN layer,enhancing decision boundary precision.This cascaded architecture balances feature abstraction and locality preservation,improving both generalization and robustness.The proposed approach was evaluated on a newly collected real-time ICN traffic dataset and further validated using the public CIC-IDS2017 and Edge-IIoT datasets to demonstrate generalization.Comprehensive metrics including accuracy,precision,recall,F1-score,ROC-AUC,PR-AUC,false positive rate(FPR),and detection latency were employed.Results show that the hybrid framework achieves 98.42%accuracy with an ROC-AUC of 0.992 and FPR below 1%,outperforming baseline machine learning and deep learning models.Robustness experiments under Gaussian noise perturbations confirmed stable performance with less than 2%accuracy degradation.Moreover,detection latency remained below 2.1 ms per sample,indicating suitability for real-time ICS deployment.In summary,the proposed hybrid temporal learning and instance-based classification model offers a scalable and effective solution for DDoS detection in industrial control environments.By combining global contextual modeling,sequential learning,and instance-based refinement,the framework demonstrates strong adaptability across datasets and resilience against noise,providing practical utility for safeguarding critical infrastructure.
