Abstract
The increasing connectivity of Internet of Medical Things (IoMT) devices has accentuated their susceptibility to cyberattacks. The sensitive data they handle makes them prime targets for information theft and extortion, while outdated and insecure communication protocols further elevate security risks. This paper presents a lightweight and innovative approach that combines Benford's law with statistical distance functions to detect attacks in IoMT devices. The methodology uses Benford's law to analyze digit frequency and classify IoMT devices traffic as benign or malicious, regardless of attack type. It employs distance-based statistical functions like Jensen-Shannon divergence, KullbackLeibler divergence, Pearson correlation, and the Kolmogorov test to detect anomalies. Experimental validation was conducted on the CIC-IoMT-2024 benchmark dataset, comprising 45 features and multiple attack types. The best performance was achieved with the Kolmogorov test (alpha = 0.01), particularly in DoS ICMP attacks, yielding a precision of.99.24%, a recall of.98.73%, an F1 score of.98.97%, and an accuracy of.97.81%. Jensen-Shannon divergence also performed robustly in detecting SYN-based attacks, demonstrating strong detection with minimal computational cost. These findings confirm that Benford's law, when combined with well-chosen statistical distances, offers a viable and efficient alternative to machine learning models for anomaly detection in constrained environments like IoMT.

Abstract
Ensuring the security of Industrial Control Systems (ICS) is increasingly critical due to increasing connectivity and cyber threats. Traditional security measures often fail to detect evolving attacks, necessitating more effective solutions. This paper evaluates machine learning (ML) methods for ICS cybersecurity, using the ICS-Flow dataset and Optuna for hyperparameter tuning. The selected models, namely Random Forest (RF), AdaBoost, XGBoost, Deep Neural Networks, Artificial Neural Networks, ExtraTrees (ET), and Logistic Regression, are assessed using macro-averaged F1-score to handle class imbalance. Experimental results demonstrate that ensemble-based methods (RF, XGBoost, and ET) offer the highest overall detection performance, particularly in identifying commonly occurring attack types. However, minority classes, such as IP-Scan, remain difficult to detect accurately, indicating that hyperparameter tuning alone is insufficient to fully deal with imbalanced ICS data. These findings highlight the importance of complementary measures, such as focused feature selection, to enhance classification capabilities and protect industrial networks against a wider array of threats.

Abstract

Abstract

Abstract

Abstract
Recent research on online censorship has provided valuable insights into common censorship strategies and censors' tolerance for collateral damage. A consistent finding across these studies is that censors tend to favour cost-effective techniques such as proxy enumeration, active probing, and deep packet inspection (DPI), rather than more complex and non-deterministic methods such as deep learning-based traffic analysis. For example, a recent study on the Snowflake censorship evasion system reinforced this finding by demonstrating that authoritarian regimes primarily relied on DPI to target the system. However, as censorship techniques continue to evolve, two critical questions arise: (1) What future attack vectors are likely to emerge based on current research and observed censor capabilities? (2) How can these emerging threats, along with previously utilised censorship methods, be effectively mitigated? In this paper, we present Obscura, a censorship evasion system designed to resist cost-effective, historically grounded censorship techniques while also defending against a class of plausible future attacks within a cost-effective threat model targeting WebRTC-based censorship evasion systems. Obscura is built upon four core features: (1) encapsulation of traffic within WebRTC media streams, (2) the use of a reliability layer, (3) support for both browser-based and Pion-based clients and proxy instances, and (4) the use of ephemeral proxies. Each feature is intended to mitigate either a known attack observed in the wild or a theoretically plausible attack consistent with the capabilities of a cost-effective censor. We provide a security analysis to justify our design choices and a performance evaluation to demonstrate that Obscura maintains reasonable throughput for typical online activities.