The growing sophistication of cyber threats exposes the limits of signature-based detection in Security Information and Event Management (SIEM) systems. User and Entity Behavior Analytics (UEBA) advances SIEM by enabling behavior-based anomaly detection, yet legacy approaches struggle with high false positives and poor adaptability to evolving threats. This research proposes an AI-driven UEBA framework that combines deep learning for modeling user behavior with graph-based tools to map system relationships, enhancing anomaly detection in enterprise environments. Using datasets such as CERT Insider Threat, UNSW-NB15, and TON_IoT, we simulate diverse behaviors and evaluate performance. Our Transformer-GNN ensemble achieved an F1-score of 0.90, reduced false positives by 40%, and cut incident triage time by 78% compared to rule-based SIEM. To support real-world use, we provide an open-source pipeline integrating with SIEM platforms via Kafka, Elastic search, and a modular ML inference layer. This work bridges AI research and deployable cybersecurity practice, advancing the development of adaptive, intelligent, and robust UEBA systems.
Harsh industrial environments such as oilfields present unique challenges to electronic systems, including extreme temperatures, limited connectivity, power constraints, and operational unpredictability. Traditional Internet of Things (IoT) deployments often fail to adapt in real-time, exposing systems to risks such as data loss, late anomaly detection, or critical failure. This paper proposes a lightweight, Artificial Intelligence (AI)-driven eSystem architecture tailored for such conditions, integrating edge intelligence, secure communication, and self-adaptive mechanisms. We demonstrate the framework's viability through simulating a case study of real-time sensor data from pipeline infrastructure, applying a Long Short-Term Memory (LSTM)-based anomaly detection model deployed at the edge. Results show significant improvements in detection latency, bandwidth efficiency, and system resilience. The framework offers a modular blueprint for deploying AI-enhanced eSystems across energy, mining, and remote critical infrastructure domains.
This research introduces a deep learning-based framework for anomaly detection in wireless communication networks using Channel State Information (CSI)—a fine-grained physical-layer signal that captures wireless channel dynamics. Traditional detection methods often fall short in identifying subtle or evolving threats, whereas CSI provides a rich, underutilized source for context-aware monitoring. Inspired by its use in human activity recognition, we apply and compare deep learning architectures such as Convolutional Neural Networks (CNNs), Long Short-Term Memory (LSTMs), and Transformers to learn normal network behavior and detect anomalies, including spoofing, jamming, rogue access points, environmental disruptions, and Quality of Service (QoS) degradation. The system supports supervised, semi-supervised, and unsupervised settings, accommodating scenarios with limited labeled data. CSI data is collected using tools like the Intel 5300 NIC and Nexmon CSI under both controlled and realistic conditions. We benchmark our models against traditional techniques (e.g., Isolation Forests, Support Vector Machines (SVMs), Principal Component Analysis (PCA)), evaluating accuracy, false positives, latency, and robustness. To enhance transparency, we employ interpretability methods such as Gradient-weighted Class Activation Mapping (Grad-CAM) and t-distributed Stochastic Neighbor Embedding (t-SNE). Experimental results show that deep learning models outperform classical baselines by up to 30% in detection accuracy. The Transformer architecture achieved 96.2% accuracy with a false positive rate of 3.9%, while the CNN-LSTM hybrid achieved the best latency–performance tradeoff (5.1ms inference). Compared to Isolation Forest and One-Class SVM, our framework reduced false positives by over 10–14%.
The emergence of Large Language Models (LLMs) has opened new frontiers in artificial intelligence applications across multiple domains, including cybersecurity. This paper presents a comprehensive review of the role of LLMs in enhancing cyber defense mechanisms, with a particular focus on their effectiveness in identifying, mitigating, and responding to Advanced Persistent Threats (APTs) and other sophisticated cyber-attacks. We explore the integration of LLMs in threat intelligence, anomaly detection, automated incident response, and adversarial behavior analysis. By examining recent advancements, case studies, and state-of-the-art implementations, we highlight the strengths and limitations of current LLM-based approaches. Furthermore, we assess the challenges related to scalability, adversarial robustness, and ethical considerations inherent in deploying LLMs within cybersecurity infrastructures. The review concludes with future research directions, emphasizing the need for hybrid AI systems that combine LLMs with traditional rule-based and statistical methods to provide resilient and adaptive cybersecurity solutions in the face of evolving digital threats.
Authenticity of tests as a measurement tool has received a lot of attention within learning institutions due to emergences of online classes and remote test administration. Supervision and invigilation methods do not always suffice to deter students from cheating, and thus Academic Cheating Detection Systems (ACDETS) have been invented. This paper presents a critical analysis of the current approaches for identifying cheating in online and face-to-face examination systems. There are plenty of approaches, including behavioral approach, facial expressions tracking, gestures recognition, voice analysis, and video monitoring. CNN (Convolutional Neural Network) algorithms, RNN (Recurrent Neural Network) algorithms, and YOLO models, for instance, have shown great enhancements in both accuracy and scalability of detecting suspicious behaviors. The paper further compares the merits and demerits of these methods and also looks at the possibility of using them for real time detection, large setting for exams, and varied testing conditions. This paper is finalized by the evaluation of the practical applicability of the findings, limitations, and further research prospects concerning the monitoring of academic integrity.
The rapid expansion of smart home and smart city technologies has introduced a complex array of interconnected Internet of Things (IoT) devices, exposing both cyber and physical infrastructures to a growing spectrum of security threats. Traditional cybersecurity models are insufficient to address the dynamic and distributed nature of modern cyber-physical environments, particularly in emerging economies where standardized security frameworks are often lacking. This research proposes a unified, hybrid cyber-physical security framework tailored for smart home and smart city IoT systems. Leveraging publicly available datasets such as UNSW-NB15, TON_IoT, and CICIDS2019, we simulate various attack vectors and evaluate a multi-layered intrusion detection system (IDS) that combines both signature-based and anomaly-based machine learning models. The proposed framework is validated using simulated network topologies built with NS-3 and Cooja, focusing on performance metrics including detection accuracy, false-positive rate, and computational overhead. Results demonstrate that our hybrid approach achieves over 95% accuracy in detecting complex multi-stage attacks, while maintaining scalability and adaptability across different IoT environments. The findings contribute to the development of more secure, resilient, and context-aware smart infrastructure systems offering a practical foundation for real-world deployment in smart cities and connected home ecosystems, especially within developing regions such as Iraq.