{"id":"https://openalex.org/W7130554341","doi":"https://doi.org/10.48550/arxiv.2602.16098","title":"Collaborative Zone-Adaptive Zero-Day Intrusion Detection for IoBT","display_name":"Collaborative Zone-Adaptive Zero-Day Intrusion Detection for IoBT","publication_year":2026,"publication_date":"2026-02-18","ids":{"openalex":"https://openalex.org/W7130554341","doi":"https://doi.org/10.48550/arxiv.2602.16098"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.16098","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023123333","display_name":"Amirmohammad Pasdar","orcid":"https://orcid.org/0000-0001-5071-5803"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pasdar, Amirmohammad","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045861660","display_name":"Shabnam Kasra Kermanshahi","orcid":"https://orcid.org/0000-0002-7928-0636"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kermanshahi, Shabnam Kasra","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089327837","display_name":"Nour Moustafa","orcid":"https://orcid.org/0000-0001-6127-9349"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Moustafa, Nour","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5056177929","display_name":"Van-Thuan Pham","orcid":"https://orcid.org/0000-0002-9871-3695"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pham, Van-Thuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.6468999981880188,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.6468999981880188,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.0868000015616417,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11896","display_name":"Opportunistic and Delay-Tolerant Networks","score":0.032999999821186066,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7314000129699707},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.48820000886917114},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.4505000114440918},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.426800012588501},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.4106000065803528},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.34599998593330383}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7314000129699707},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7024999856948853},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.48820000886917114},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4578000009059906},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.4505000114440918},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4429999887943268},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.426800012588501},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.4106000065803528},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.39730000495910645},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.36660000681877136},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3513999879360199},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.34599998593330383},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.3359000086784363},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.3292999863624573},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3109999895095825},{"id":"https://openalex.org/C90936777","wikidata":"https://www.wikidata.org/wiki/Q917189","display_name":"Host-based intrusion detection system","level":4,"score":0.28139999508857727},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.27300000190734863},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.27149999141693115},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.25690001249313354}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.16098","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.16098","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.16098","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.16098","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0],"Internet":[1],"of":[2,32,173,186],"Battlefield":[3],"Things":[4],"(IoBT)":[5],"relies":[6],"on":[7,28,128,157],"heterogeneous,":[8],"bandwidth-constrained,":[9],"and":[10,43,57,72,97,116,138,143,149,161],"intermittently":[11],"connected":[12],"tactical":[13],"networks":[14],"that":[15,134,178],"face":[16],"rapidly":[17],"evolving":[18],"cyber":[19],"threats.":[20],"In":[21],"this":[22],"setting,":[23],"intrusion":[24],"detection":[25,56,185],"cannot":[26],"depend":[27],"continuous":[29],"central":[30],"collection":[31],"raw":[33],"traffic":[34,45,86,160],"due":[35],"to":[36,67,118,154,163],"disrupted":[37],"links,":[38],"latency,":[39],"operational":[40],"security":[41],"limits,":[42],"non-IID":[44],"across":[46],"zones.":[47],"We":[48,125],"present":[49],"Zone-Adaptive":[50],"Intrusion":[51],"Detection":[52],"(ZAID),":[53],"a":[54,80,131,170],"collaborative":[55],"model-improvement":[58],"framework":[59],"for":[60,84,101],"unseen":[61,158,188],"attack":[62,70,159],"types,":[63],"where":[64],"\"zero-day\"":[65],"refers":[66],"previously":[68,187],"unobserved":[69],"families":[71],"behaviours":[73],"(not":[74],"vulnerability":[75],"disclosure":[76],"timing).":[77],"ZAID":[78,112,127,151],"combines":[79],"universal":[81],"convolutional":[82],"model":[83],"generalisable":[85],"representations,":[87],"an":[88,93],"autoencoder-based":[89],"reconstruction":[90],"signal":[91],"as":[92],"auxiliary":[94],"anomaly":[95],"score,":[96],"lightweight":[98],"adapter":[99],"modules":[100],"parameter-efficient":[102],"zone":[103],"adaptation.":[104,150],"To":[105],"support":[106],"cross-zone":[107],"generalisation":[108],"under":[109,165],"constrained":[110],"connectivity,":[111],"uses":[113],"federated":[114],"aggregation":[115],"pseudo-labelling":[117],"leverage":[119],"locally":[120],"observed,":[121],"weakly":[122],"labelled":[123],"behaviours.":[124],"evaluate":[126],"ToN_IoT":[129],"using":[130],"zero-day":[132],"protocol":[133],"excludes":[135],"MITM,":[136],"DDoS,":[137],"DoS":[139],"from":[140],"supervised":[141],"training":[142],"introduces":[144],"them":[145],"during":[146],"zone-level":[147],"deployment":[148],"achieves":[152],"up":[153],"83.16%":[155],"accuracy":[156,172],"transfers":[162],"UNSW-NB15":[164],"the":[166,184],"same":[167],"procedure,":[168],"with":[169],"best":[171],"71.64%.":[174],"These":[175],"results":[176],"indicate":[177],"parameter-efficient,":[179],"zone-personalised":[180],"collaboration":[181],"can":[182],"improve":[183],"attacks":[189],"in":[190],"contested":[191],"IoBT":[192],"environments.":[193]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-02-20T00:00:00"}