#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #malware #cloud #breach #phishing #ransomware #zero-day #authentication
Articles tagged with: #detection-engineering Clear filter
Unified Threat Detection and Mitigation Framework (UTDMF): Combating Prompt Injection, Deception, and Bias in Enterprise-Scale Transformers

Unified Threat Detection and Mitigation Framework (UTDMF): Combating Prompt Injection, Deception, and Bias in Enterprise-Scale Transformers

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.04528v1 Announce Type: new Abstract: The rapid adoption of large language models (LLMs) in enterprise systems exposes vulnerabilities to prompt injection attacks, strategic deception, and biased outputs, threatening security, trust, and fairness. Extending our adversarial activation patching framework (arXiv:2507.09406), which induced deception in toy networks at a 23.9% rate, we introduce the Unified Threat Detection and Mitigation Framework (UTDMF), a scalable, real-time pipeline...

#security-tools #vulnerability #detection-engineering #threat-detection
MulVuln: Enhancing Pre-trained LMs with Shared and Language-Specific Knowledge for Multilingual Vulnerability Detection

MulVuln: Enhancing Pre-trained LMs with Shared and Language-Specific Knowledge for Multilingual Vulnerability Detection

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.04397v1 Announce Type: new Abstract: Software vulnerabilities (SVs) pose a critical threat to safety-critical systems, driving the adoption of AI-based approaches such as machine learning and deep learning for software vulnerability detection. Despite promising results, most existing methods are limited to a single programming language. This is problematic given the multilingual nature of modern software, which is often complex and written in multiple languages. Current approaches...

#vulnerability #patch-management #detection-engineering
Cyber Warfare During Operation Sindoor: Malware Campaign Analysis and Detection Framework

Cyber Warfare During Operation Sindoor: Malware Campaign Analysis and Detection Framework

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.04118v1 Announce Type: new Abstract: Rapid digitization of critical infrastructure has made cyberwarfare one of the important dimensions of modern conflicts. Attacking the critical infrastructure is an attractive pre-emptive proposition for adversaries as it can be done remotely without crossing borders. Such attacks disturb the support systems of the opponents to launch any offensive activities, crippling their fighting capabilities. Cyberattacks during cyberwarfare can not only be...

#security-tools #malware #detection-engineering
Real-VulLLM: An LLM Based Assessment Framework in the Wild

Real-VulLLM: An LLM Based Assessment Framework in the Wild

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.04056v1 Announce Type: new Abstract: Artificial Intelligence (AI) and more specifically Large Language Models (LLMs) have demonstrated exceptional progress in multiple areas including software engineering, however, their capability for vulnerability detection in the wild scenario and its corresponding reasoning remains underexplored. Prompting pre-trained LLMs in an effective way offers a computationally effective and scalable solution. Our contributions are (i)varied prompt designs...

#security-tools #vulnerability #patch-management #detection-engineering #ai
Pilot Contamination Attacks Detection with Machine Learning for Multi-User Massive MIMO

Pilot Contamination Attacks Detection with Machine Learning for Multi-User Massive MIMO

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.03831v1 Announce Type: new Abstract: Massive multiple-input multiple-output (MMIMO) is essential to modern wireless communication systems, like 5G and 6G, but it is vulnerable to active eavesdropping attacks. One type of such attack is the pilot contamination attack (PCA), where a malicious user copies pilot signals from an authentic user during uplink, intentionally interfering with the base station's (BS) channel estimation accuracy. In this work, we propose to use a Decision Tree...

#incident #detection-engineering
Detection Engineering - Looking for automation projects suggestions

Detection Engineering - Looking for automation projects suggestions

cybersecurity www.reddit.com

Hi - I'm currently a year in detection engineering and believe that automation mindset is a valuable and is in demand for most hiring companies right now. And I want to have my hands on automation project to automate detection workflow but don't know where to start yet and I mostly use Claude to assist atm. So far, I made script to massively close out merge requests or pulling all enabled rules in Splunk in bulk through script but that's about it. From your experience, what automation projects...

#detection-engineering
[Tool] Built CyberBlueSOC - Deploy a Full SOC Lab in less than an hour (Open Source)

[Tool] Built CyberBlueSOC - Deploy a Full SOC Lab in less than an hour (Open Source)

cybersecurity www.reddit.com

I've been working on solving a problem I kept running into: setting up a SOC lab environment takes forever. Manual configuration of Wazuh, MISP, Velociraptor, Suricata, and other tools can take days. So I built CyberBlueSOC - a containerized platform that deploys 15+ integrated security tools with one command. What's included: - SIEM: Wazuh - Threat Intel: MISP (auto-populated with 280K+ IOCs) - DFIR: Velociraptor, Arkime - SOAR: Shuffle, TheHive/Cortex - Network Detection: Suricata, EveBox -...

#security-tools #detection-engineering #siem #dfir #soar
Open Source SOC Lab Platform - Integrated Wazuh, MISP, Velociraptor, Shuffle & More

Open Source SOC Lab Platform - Integrated Wazuh, MISP, Velociraptor, Shuffle & More

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Built an integrated SOC training platform for blue teamers who want to practice without spending days on setup. The stack: - SIEM/XDR: Wazuh + OpenSearch - CTI: MISP with automated feed ingestion - DFIR: Velociraptor for endpoint collection - SOAR: Shuffle for automation workflows - NIDS: Suricata + EveBox for event management - PCAP: Arkime with sample captures - Fleet: osquery fleet management - Detection: 523 YARA rules + 3,047 Sigma rules pre-configured Technical approach: - Docker Compose...

#security-tools #detection-engineering #siem #xdr #soar
Meet ARGUS, the robot built to catch hackers and physical intruders

Meet ARGUS, the robot built to catch hackers and physical intruders

cybersecurity www.reddit.com

Researchers built ARGUS to solve a gap they saw: the lack of real-time correlation between what happens on the network and what happens in the physical space. ARGUS runs facial and weapon detection using computer vision while also hosting intrusion detection software such as Snort and Suricata. submitted by /u/tekz [link] [comments]

#detection-engineering
A Statistical Method for Attack-Agnostic Adversarial Attack Detection with Compressive Sensing Comparison

A Statistical Method for Attack-Agnostic Adversarial Attack Detection with Compressive Sensing Comparison

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02707v1 Announce Type: new Abstract: Adversarial attacks present a significant threat to modern machine learning systems. Yet, existing detection methods often lack the ability to detect unseen attacks or detect different attack types with a high level of accuracy. In this work, we propose a statistical approach that establishes a detection baseline before a neural network's deployment, enabling effective real-time adversarial detection. We generate a metric of adversarial presence...

#incident #detection-engineering
Adaptive Deception Framework with Behavioral Analysis for Enhanced Cybersecurity Defense

Adaptive Deception Framework with Behavioral Analysis for Enhanced Cybersecurity Defense

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02424v1 Announce Type: new Abstract: This paper presents CADL (Cognitive-Adaptive Deception Layer), an adaptive deception framework achieving 99.88% detection rate with 0.13% false positive rate on the CICIDS2017 dataset. The framework employs ensemble machine learning (Random Forest, XGBoost, Neural Networks) combined with behavioral profiling to identify and adapt responses to network intrusions. Through a coordinated signal bus architecture, security components share real-time...

#security-tools #detection-engineering
LLM-Generated Samples for Android Malware Detection

LLM-Generated Samples for Android Malware Detection

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02391v1 Announce Type: new Abstract: Android malware continues to evolve through obfuscation and polymorphism, posing challenges for both signature-based defenses and machine learning models trained on limited and imbalanced datasets. Synthetic data has been proposed as a remedy for scarcity, yet the role of large language models (LLMs) in generating effective malware data for detection tasks remains underexplored. In this study, we fine-tune GPT-4.1-mini to produce structured...

#malware #detection-engineering #ai
On The Fragility of Benchmark Contamination Detection in Reasoning Models

On The Fragility of Benchmark Contamination Detection in Reasoning Models

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02386v1 Announce Type: new Abstract: Leaderboards for LRMs have turned evaluation into a competition, incentivizing developers to optimize directly on benchmark suites. A shortcut to achieving higher rankings is to incorporate evaluation benchmarks into the training data, thereby yielding inflated performance, known as benchmark contamination. Surprisingly, our studies find that evading contamination detections for LRMs is alarmingly easy. We focus on the two scenarios where...

#detection-engineering
A Hybrid CAPTCHA Combining Generative AI with Keystroke Dynamics for Enhanced Bot Detection

A Hybrid CAPTCHA Combining Generative AI with Keystroke Dynamics for Enhanced Bot Detection

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02374v1 Announce Type: new Abstract: Completely Automated Public Turing tests to tell Computers and Humans Apart (CAPTCHAs) are a foundational component of web security, yet traditional implementations suffer from a trade-off between usability and resilience against AI-powered bots. This paper introduces a novel hybrid CAPTCHA system that synergizes the cognitive challenges posed by Large Language Models (LLMs) with the behavioral biometric analysis of keystroke dynamics. Our...

#detection-engineering
Federated Spatiotemporal Graph Learning for Passive Attack Detection in Smart Grids

Federated Spatiotemporal Graph Learning for Passive Attack Detection in Smart Grids

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02371v1 Announce Type: new Abstract: Smart grids are exposed to passive eavesdropping, where attackers listen silently to communication links. Although no data is actively altered, such reconnaissance can reveal grid topology, consumption patterns, and operational behavior, creating a gateway to more severe targeted attacks. Detecting this threat is difficult because the signals it produces are faint, short-lived, and often disappear when traffic is examined by a single node or along...

#incident #detection-engineering
An Investigation into the Performance of Non-Contrastive Self-Supervised Learning Methods for Network Intrusion Detection

An Investigation into the Performance of Non-Contrastive Self-Supervised Learning Methods for Network Intrusion Detection

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02349v1 Announce Type: new Abstract: Network intrusion detection, a well-explored cybersecurity field, has predominantly relied on supervised learning algorithms in the past two decades. However, their limitations in detecting only known anomalies prompt the exploration of alternative approaches. Motivated by the success of self-supervised learning in computer vision, there is a rising interest in adapting this paradigm for network intrusion detection. While prior research mainly...

#detection-engineering
Modeling the Attack: Detecting AI-Generated Text by Quantifying Adversarial Perturbations

Modeling the Attack: Detecting AI-Generated Text by Quantifying Adversarial Perturbations

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.02319v1 Announce Type: new Abstract: The growth of highly advanced Large Language Models (LLMs) constitutes a huge dual-use problem, making it necessary to create dependable AI-generated text detection systems. Modern detectors are notoriously vulnerable to adversarial attacks, with paraphrasing standing out as an effective evasion technique that foils statistical detection. This paper presents a comparative study of adversarial robustness, first by quantifying the limitations of...

#incident #detection-engineering
Upcoming Technical Security Talks & Workshops at BsidesNoVA - Oct 10 - 11 (Arlington VA)

Upcoming Technical Security Talks & Workshops at BsidesNoVA - Oct 10 - 11 (Arlington VA)

Technical Information Security Content & Discussion www.reddit.com

BsidesNoVA (Oct 10 - 11 at GMU Mason Square, Arlington VA) is a community-run, volunteer-organized security conference . Sharing here because several of this year's talks and workshops are deeply technical and may be of interest to practitioners and researchers in the DMV area: 🔹 Detection / Blue-Team / DFIR ATT&CK-driven detection engineering with Sigma & KQL Network-forensics in hybrid environments Memory-forensics at scale on Linux/macOS Threat-intel-driven hunts & breach-simulation lab 🔹...

#incident #detection-engineering #blue-team #breach #mitre-attack