IoTBDS 2026 Abstracts

Area 1 - Big Data Research

Full Papers

Paper Nr:	64
Title:	Avoiding Entailment Loss in OWL 2 DL: A Two-Phase Reasoning Approach
Authors:	Giulia Biagioni, Barteld Kooi and Revantha Ramanayake
Abstract:	Semantic reasoning is widely used in IoT systems to derive implicit knowledge from heterogeneous device data. This article identifies a case in which expressive OWL 2 DL reasoners may fail to derive entailments that are valid under the OWL 2 Direct Semantics. Through a code-level analysis of Pellet, we show that when a role occurs as the superproperty of a complex role inclusion axiom and is also subject to restrictive role conditions such as asymmetry, irreflexivity, or role disjointness, the reasoner enforces simple-role restrictions during preprocessing, possibly rejecting or weakening the ontology before inference begins. To bypass this limitation, we propose a two-phase reasoning approach in which structure-generating axioms are evaluated first, while restrictive role constraints (i.e. asymmetry, irrefelexivity and role disjointness) are enforced afterwards over the materialized result. We illustrate how this second phase can be operationalized using SHACL and SPARQL, making it possible to preserve semantically valid entailments while still detecting explicit role constraint violations.

Paper Nr:	81
Title:	Toward a Robust Feature Selection for IoT Intrusion Detection Based on Standardized NetFlow Features
Authors:	Amina Lamharzi, Nadia Kabachi and Elhadj Benkhelifa
Abstract:	Feature selection is an important step in the design of machine learning–based intrusion detection systems, particularly in resource-constrained IoT environments. However, most existing studies evaluate these methods on a single dataset and mainly focus on classification performance. In this paper, we analyze several feature selection methods for IoT intrusion detection using standardized NetFlow features. Three representative approaches (filter, wrapper, and embedded) are evaluated with Random Forest and SVM on the NF-ToN-IoT-V2 and NF-BoT-IoT-V2 datasets. The experiments examine detection performance, cross-dataset transferability, stability of selected features, and memory usage. Results show that a reduced subset of features can achieve performance comparable to the full feature set, while significantly reducing the size of the input data. The study also highlights differences in behavior across feature selection methods and suggests the existence of a core set of generic NetFlow features relevant for IoT intrusion detection.

Short Papers

Paper Nr:	40
Title:	ConTemPreT-2: From In-Domain To Cross-Domain
Authors:	Yunus Emre Midilli
Abstract:	Foundational models that are pre-trained with heterogenous time series datasets show competitive results with LLM-based foundational models and task-specific models in time series forecasting. This paper aims to improve the cross-domain capabilities of initial version of ConTemPreT [31], a prompt-based foundational model that is co-trained with masked-autoencoder and contrastive learning based on the trendseasonality decomposition of the input signal. To this end, a two-step pretraining approach is proposed in this paper. In this context, a separate cluster-based prompt pool is analyzed for trend, seasonality and residual components. Experimental results show that the proposed new version of the model, ConTemPreT-2, is competitive with the foundational models that are pre-trained with heterogenous time series datasets as well as LLM-based foundational models. The average 1-7% of improvement in full-shot forecasting, and 21% of improvement in zero-shot forecasting verify the effectiveness of the proposed pre-training approach. Despite the fact that proposed prompt pool doesn’t contribute to the effectiveness of downstream tasks, we note enhancing the prompting capabilities in the future versions.

Paper Nr:	49
Title:	Traffic Flow Scaling Using Sensors and Floating Car Data: Bologna Case Study
Authors:	David Pagano, Thamires de Souza Oliveira, Vincenza Torrisi, Giovanni Calabrò and Salvatore Cavalieri
Abstract:	This paper proposes a methodology for scaling Floating Car Data (FCD) to represent urban traffic flows using a combination of data from fixed sensors and Floating Car Data (FCD), and the methodology is successfully applied to the road network of the city of Bologna. In particular, it focuses on 11 urban roads in the ring road around the city center that are continuously observed by sensors. Machine learning methods, derived from decision tree-based models, are used with the goal of predicting urban traffic flows given the variables related to FCD traffic flows. A comparison of various tree-based machine learning methods is made among CatBoost, LightGBM, XGBoost, AdaBoost Regressor, and Random Forest Regressor. In particular, the approach used to test these machine learning architectures is a simulation analysis regarding the spatial generalization capabilities of those methods via a leave-one-route-out cross-validation approach. Results show that boosting methods, especially those from XGBoost or LightGBM, perform best, achieving the lowest percentage of errors for the specific set of homogeneous routes evaluated More importantly, the results confirm the feasibility of using the proposed approach for the traffic flow scaling in the segments that are not traditionally monitored by physical sensors and hence contribute to the increase of the spatial area that can be managed by traffic management organizations without enlarging the sensor network which can lead to overall lower traffic monitoring and forecasting costs.

Paper Nr:	69
Title:	EDITH: An IoT and Computer-Vision-based Wearable System for Assistive Vehicles
Authors:	Harrison Kurunathan, Anbazhagan M. and Radha Reddy
Abstract:	In dynamic urban traffic management (UTM) settings, real-time environmental perception remains a critical challenge for partially sighted commuters. Although advanced driver assistance systems (ADAS) have significantly improved vehicle safety, existing wearable assistive technologies are limited in their real-time responsiveness, computational capacity, and integration with connected-vehicle infrastructure. A comprehensive survey of IoT-based and vision-enabled wearable technologies reveals a consistent gap in the safety-critical needs of partially sighted commuters. To address this, we present EDITH (Enhanced Detection Intelligent Tech Headwear). This IoT-based vision-enabled smart-glasses system provides real-time obstacle detection and navigation assistance for partially sighted users of UTM. EDITH addresses safety-critical needs through a modular architecture that integrates Raspberry Pi-based embedded processing with quantized YOLO object-detection models and OpenCV-based computer-vision pipelines. The system employs bone-conduction audio feedback while maintaining awareness of the surrounding environment. We evaluate the variants YOLOv5s, YOLOv8s, and YOLOv8m and demonstrate that YOLOv8s achieve an optimal balance between detection reliability (precision: 0.76, recall: 0.67) and computational efficiency (630 ms inference time). Our findings establish the feasibility of lightweight, wearable computer-vision systems for safety-critical vehicular assistance applications.

Paper Nr:	77
Title:	Human-Guided Reinforcement Learning for Knowledge Graph Maintenance
Authors:	Bochra Kader, Maude Manouvrier and Khalid Belhajjame
Abstract:	Knowledge Graphs (KGs) are widely used for integrating and reasoning over heterogeneous data in enterprises as well as in modern scientific domains. As KGs evolve, maintaining them to account for (i) the dynamic nature of the underlying data sources, and (ii) changing application requirements, becomes essential. While prior work has focused on updates driven by the evolution of data sources, less attention has been paid to adaptations triggered by evolving user needs. In this paper, we investigate the maintenance of RDF-based KGs built from tabular data sources in response to changes to applications requirements. Specifically, we present Hologram, a framework that assists users in specifying mappings for newly added ontology elements with minimal manual effort. The novelty of Hologram is twofold. First, it formalizes the problem of specifying mappings that populate new concepts and relationships (introduced through ontology evolution) as a task of learning Steiner Trees over a schema graph representing data source structures. Second, Hologram combines Reinforcement Learning with human feedback to guide the learning process effectively and efficiently. We conducted empirical experiments that demonstrate that Hologram produces high-quality mappings with minimal user input.

Area 2 - Emerging Services and Analytics

Short Papers

Paper Nr:	53
Title:	Air Pollution Source Identification Using Artificial Intelligence and Explainable AI Applied to IoT-Based Monitoring Data: A Case Study of Santiago de Chile
Authors:	José Andrés Neira Soto and Gastón Márquez
Abstract:	Urban air pollution poses a significant challenge for environ- mental management, particularly in metropolitan areas with complex emission sources and adverse meteorological conditions. This study intro- duces a hybrid and explainable methodological framework for predicting and interpreting fine particulate matter (P M2.5) concentrations by in- tegrating atmospheric transport, local meteorological and chemical vari- ables, temporal dynamics, and advanced machine learning techniques. Hourly air quality and meteorological data from 2024, collected at a monitoring station in Santiago, Chile, were analyzed and supplemented with 72-hour air mass back-trajectories computed using the HYSPLIT model. Spatial descriptors were constructed from these trajectories us- ing the Potential Source Contribution Function (PSCF) and Concen- tration Weighted Trajectory (CWT) methods to represent the influence of regional transport processes. The predictive component was imple- mented using XGBoost, incorporating spatial, meteorological, and tem- poral features, including autoregressive lags and seasonal encoding based on Fourier functions. Model performance was evaluated through time- aware cross-validation to preserve the temporal structure of the data, resulting in high predictive accuracy on the test set (R2 = 0.94, RMSE = 1.77 μg/m3). Explainable artificial intelligence techniques based on SHAP were applied to enhance interpretability, enabling the identifica- tion of dominant variables, nonlinear interactions, and spatial regions relevant to P M2.5 transport. The findings demonstrate that integrating atmospheric transport information and temporal memory significantly enhances predictive performance while providing physically consistent explanations.

Paper Nr:	56
Title:	The Development Process and Key Success Factors of China's Internet of Things Standards Formulation
Authors:	Xie Fei, Xu Ye, Zhu Shu, Zheng Junjie and Liu Dong
Abstract:	The article reviews the construction process of international and Chinese IoT standards, comparing the differences and connections between international IoT standards and Chinese standards from perspectives such as standard technical or-ganizations, key standard development, and standard industrialization applica-tions. The article analyzes the five challenges faced by the construction of Chi-nese IoT standards, and on this basis, proposes corresponding measures.

Area 3 - Internet of Things (IoT) Applications

Short Papers

Paper Nr:	36
Title:	Smart-MQTT: IoT Data Management Using TSDB and Embedding Models
Authors:	Ahmed Khaled and Ariunaa Tsegmed
Abstract:	IoT devices produce continuous streams of data points. Edge and cloud systems utilize such data to provide meaningful and quality services. These data points carry a wide spectrum of information; some reflect environmental parameters, while others reflect operational metrics and user interactions. Such a rich variety of data points enables informative monitoring and analytics. However, the effective management of such data points faces a set of challenges: (1) the heterogeneous format of data reported by the different devices, which typically do not follow a specific data model; (2) the ad-hoc nature of the IoT environments, where devices join and leave dynamically without manual system reconfiguration; and (3) the manual management of individual data streams especially in a large-scale IoT deployment, where a large volume of continous data points are expected. In this paper, we address these challenges with an IoT data management system -named Smart-MQTT. Smart-MQTT utilizes the Message Queuing Telemetry Transport (MQTT) protocol and Time-Series Database (TSDB) to manage time-stamped data points efficiently. Smart-MQTT accommodates the diverse data formats without imposing pre-defined schema requirements. In addition to managing individual data streams, Smart-MQTT allows grouping related data streams into user-defined classes and enables class-based queries and visualization. Smart-MQTT also utilizes pre-trained embedding models to learn from current data streams, measure semantic similarities, and dynamically recommend classes. Smart-MQTT is a work in progress, and this paper discusses the main components and presents a proof-of-concept implementation for the main functions.

Paper Nr:	60
Title:	I dOn'T (Z)Know: An Architecture for Zero-Knowledge Cross-Platform IoT Applications
Authors:	Ekene Attoh and Beat Signer
Abstract:	The Internet of Things (IoT) fosters connected environments where devices interact with one another and with users to enable context-aware applications. End-user authoring tools empower individuals to create personalised automations, such as health-related rules that respond to physiological metrics. However, these tools are often tied to specific vendors, limiting the portability of user-defined automations across platforms. This restriction poses significant challenges in domains like healthcare, where users may depend on such automations for daily assistance. To address this issue, in our recent research, we have proposed a write once, run anywhere paradigm to enable rule portability across heterogeneous IoT environments. While this approach improves continuity, it also raises privacy concerns, as user data may be exposed during the migration of automations between platforms. In this paper, we address some of these privacy challenges by introducing a representative user scenario, analysing related work and proposing a privacy-preserving IoT architecture (IOT-ZK) that makes use of zero-knowledge proofs, along with a proof-of-concept implementation. Our proposed solution supports secure and portable automation across IoT platforms, with particular emphasis on safeguarding user data in sensitive domains such as healthcare.

Paper Nr:	80
Title:	Design of an IoT-Supported Learning Environment for Food Processing: Meat Chilling as a Use Case
Authors:	Lasse Harjumaa, Jukka Määttälä, Ilkka Kivelä, Pekka Kujala and Ismo Hakala
Abstract:	Temperature control during the chilling phase is a critical aspect of food safety, which could benefit from Internet-of-Things (IoT) technologies. Furthermore, the increasing digitalization of the food industry highlights the need for educational environments that engage students with modern IoT technologies. This paper presents the design and implementation of an IoT-based monitoring system in an educational food processing context, using meat chilling as a demonstrative use case. The system integrates a Bluetooth temperature sensor, edge computing with Home Assistant, Message Queuing Telemetry Transport (MQTT) messaging, and cloud-based data storage and visualization tools to provide continuous process monitoring. The design is guided by objectives derived from both food industry requirements and IoT-based learning environments. A qualitative evaluation shows that the system supports transparency, accessibility, and hands-on interaction with real-world technologies. The results demonstrate that low-cost, widely available components can be used to create scalable IoT-supported learning environments that enhance digital competencies in food industry education.

Paper Nr:	51
Title:	Data Enrichment at the Edge Computing: Integrating the FHIR Standard with IoT Devices
Authors:	Matheus Correa, Erico Marcelo Hoff do Amaral, Andrea Gomes Campos, Fernanda Schafer, Silvio César Cazella, Cristiano André da Costa and Rodrigo da Rosa Righi
Abstract:	This paper presents a remote patient monitoring system developed to integrate wearable devices with the HL7 FHIR (Fast Healthcare Interoperability Resources) standard, edge processing techniques, and artificial intelligence. The proposal is to develop the EVDE (Edge Vitals Data Enricher) model, a system capable of tracking the patient's vital signs in real time, describing their current condition with enriched and standardized data values. However, many related studies face difficulties in integrating EHR (Electronic Health Record) and CDSS (Clinical Decision Support Systems). Furthermore, studies highlight challenges related to security and maintaining the privacy of clinical data on devices. As a result, this article presents an architecture based on edge computing that enriches clinical data in a distributed manner, uses the FHIR (Fast Healthcare Interoperability Resources) standard to ensure interoperability between systems, and reduce the exposure of sensitive information, making the data more reliable for decision support systems.

Area 4 - Internet of Things (IoT) Fundamentals

Full Papers

Paper Nr:	38
Title:	EdgeAIMetric: Benchmark for Evaluating the Performance and Energy Consumption of Single-Board Computers for Edge AI Environments
Authors:	Gustavo Martins Conceição, Cristiano André da Costa, Rodrigo Marques de Figueiredo, Alex Roehrs, Guilherme Galante and Rodrigo da Rosa Righi
Abstract:	The rapid growth of IoT generates large data volumes, increasing latency and raising security concerns. Edge computing addresses these issues and allows for new application to be created, including real-time machine learning applications, known as Edge AI . Single Board Computers (SBCs) are essential in this context, but existing benchmarks often lack algorithm diversity, scenario variation, or simultaneous measurement of performance and energy. This article presents EdgeAIMetric, a benchmark that systematically measures CPU, RAM, and energy usage when running AI algorithms on SBCs. Its main contribution is a modular and reproducible testing model applied to different algorithms and usage scenarios. Results reveal trade-offs between performance and energy, offering valuable insights for edge AI deployment.

Short Papers

Paper Nr:	67
Title:	Semantic Interoperability and Integration in Open IoT Platforms: BFO Grounded Open Meta Ontology Design Principles
Authors:	Eliot Bytyçi and Bahtijar Vogel
Abstract:	The rapid expansion of IoT platforms, devices, and protocols has created a fragmented ecosystem marked by vendor lock-in, incompatible standards, and semantic mismatches across ontologies like SSN, SOSA, and SAREF. This position paper proposes an open meta-ontology framework grounded in BFO and OpenStand principles to unify heterogeneous IoT semantics, incorporating AI-driven correspondence discovery, such as mapping SSN:System to SAREF:Device. Seven design principles, which emphasize modularity, standard neutrality, scalability, and explicit alignment, guide its architecture, enabling cross-platform interoperability while addressing persistent gaps in existing approaches.

Paper Nr:	41
Title:	A Comparative Study of IEEE 802.15.4 MAC Performance in Industrial IoT
Authors:	Mayssa Ghribi and Meriem Ben Nhila
Abstract:	Nowadays, the Industrial Internet of Things (IIoT) is experiencing significant growth and plays a strategic role in the digital transformation of industrial sectors. At the core of this revolution, Wireless Sensor Networks (WSNs), based on the IEEE 802.15.4 standard, enable efficient data transmission between connected devices. This standard relies on Medium Access Control (MAC) protocols such as CSMA-CA (Carrier Sense Multiple Access with Collision Avoidance) and the more recent PCA (Priority Channel Access), which mainly differ in their channel access mechanisms. In this context, this work conducts an extensive comparative performance evaluation of CSMA-CA and PCA in an IIoT-oriented WSN. Unlike existing studies that mainly rely on analytical and mathematical models, this paper adopts a simulation-based approach using the OMNeT++ platform and the MiXiM framework to capture realistic network dynamics. The evaluation focuses on key performance metrics, including latency, packet delivery ratio (PDR), and energy consumption, with the objective of assessing the ability of each protocol to meet the stringent QoS requirements of industrial applications. A set of simulation scenarios is designed to analyze the impact of varying network densities, traffic loads, data rates, CCA parameters, and multiple IIoT traffic classes. This approach enables a comprehensive and realistic assessment of the protocols’ behavior under diverse operating conditions. Overall, the results provide valuable insights into the suitability of CSMA-CA and PCA for industrial IIoT environments and highlight the benefits and limitations of each protocol in terms of reliability, latency, and energy efficiency, while opening perspectives for future optimization and adaptive MAC mechanisms.

Area 5 - IoT Technologies

Full Papers

Paper Nr:	42
Title:	AI Techniques for Adaptive NPC Behavior and Influence on Player Immersion in Games: A Systematic Review
Authors:	Evyla Linus and Muzaffar Hamzah
Abstract:	This systematic literature review (SLR) investigates the impact of adaptive artificial intelligence (AI) on non-player character (NPC) behavior and player immersion in digital games. Following PRISMA guidelines, this study analyzed 31 peer-reviewed publications from 2020 to 2025 to evaluate the evolution from traditional Finite State Machines (FSMs) to modern adaptive techniques. The findings identify three primary AI paradigms: rule-based architectures, learning-based reinforcement learning, and generative AI driven by Large Language Models (LLMs). Results indicate that while FSMs remain a stable foundation for real-time performance, learning-based agents significantly enhance tactical immersion through superior adaptability. Furthermore, the recent surge in generative AI has transformed narrative and social immersion by enabling context-aware dialogue and character consistency. However, the review identifies critical gaps, including high computational costs for learning models and a lack of rigorous player-centered empirical validation for generative systems. The study concludes that hybrid models balancing rule-based stability with generative adaptivity represent the most promising direction for future NPC development.

Short Papers

Paper Nr:	46
Title:	A Fully Automated, Deployment-Aware Testing Pipeline for IoT-Based Automotive Applications
Authors:	Denesa Zyberaj, Roman Vintonyak, Pascal Hirmer and Marco Aiello
Abstract:	Testing embedded software in modern vehicles is challenging due to system complexity, decentralized architectures, and strict safety and performance constraints. In this work, we present an end-to-end, deployment-aware testing pipeline for IoT-based automotive applications. The pipeline combines requirement-driven test and code generation with large language model (LLM) and vision-language model (VLM) assistance, and human-in-the-loop curation to reduce manual effort and improve consistency. Using Eclipse openDuT, it supports flexible, distributed deployment across geographically separated cyber-physical and IoT infrastructures, optimizing for node availability and cross-organizational coordination. For validation, we conduct a case study using a Child Presence Detection System (CPDS), achieving full functional requirement coverage across all 9 requirements and 100% Gherkin generation accuracy on the controlled requirement set. Distributed test execution across geographically separated ECUs via Eclipse openDuT confirms the pipeline's applicability to OEM--supplier testing workflows.

Paper Nr:	50
Title:	Performance Testing of ChaCha20-Poly1305 for Internet of Things and Industrial Control System Devices
Authors:	Kristján Orri Ragnarsson and Jacky Mallett
Abstract:	Industrial Control Systems (ICS), and many simple Internet of Things (IoT) devices, commonly communicate using unencrypted or unauthenticated protocols. For ICS this is an historical carryover since the introduction of these systems predated practical lightweight cryptography. As the processing power of small devices has grown exponentially at the same time as new, more efficient encryption algorithms have become available, end device encryption of communication protocols is becoming much more practical, but is still not widely used with ICS protocols such as Modbus and IEC61850 (GOOSE) which have tight requirements for both latency and variance. Newer micro-processors can also present challenges both to measurement and use, since features such as dynamic frequency scaling can significantly impact performance measurements. In this paper, we measured the time cost of adding encryption into the communication cycle of low-cost edge devices using ChaCha20-Poly1305, and show that in the worst case the encryption cycle took less than 6 percent of the latency requirements of Goose, and less than 3% for IEC-60834-1 on Raspberry PI 4, and an Intel N95 Mini PC, which is well within the specified latency requirements for these protocols.

Paper Nr:	68
Title:	Improving the Applicability of Artificial Intelligence of Things with a Cloud–Fog–Edge Platform for Geospatial Decentralised Model Repositories
Authors:	Àngel Ruiz-Fas, Alejandro Díaz-Rivero, Celia Sáenz-Martínez, Jesús Goterris, Sahibzada Saadoon Hammad, Joaquín Huerta and Sergio Trilles
Abstract:	The growth of the Internet of Things (IoT) is increasingly demanding near-real-time analytics and prediction over continuous data streams, pushing Machine Learning (ML) closer to the data source due to latency, cost, and privacy constraints. In this context, operationalising Artificial Intelligence of Things (AIoT) remains challenging because of resource limitations at the edge, heterogeneous hardware, unstable sensing data, cold-start conditions, and continuous context shifts that can rapidly degrade model performance. This paper presents a work-in-progress platform that addresses these challenges and improves the applicability of AIoT through a cloud–fog– edge architecture for adaptable, context-aware ML model management. The core idea is to organise IoT devices into geospatial Communities of Interest (CoIs) defined over Discrete Global Grid Systems, using H3 zoning and spatiotemporal aggregation so that devices within the same region can share and reuse specialised models trained under comparable conditions. The cloud layer provides governance and global configuration, the fog layer hosts decentralised model repositories, and the edge layer performs on-device inference whenever feasible using quantised models. A case study on the AVAMET meteorological network (Comunitat Valenciana, Spain) evaluates the approach by deriving four geospatial CoIs through hierarchical clustering and training region-specific Gated Recurrent Unit models for temperature forecasting. Results show lower errors within-region than across regions, supporting geographically specialised models under heterogeneous conditions.

Area 6 - Security, Privacy and Trust

Full Papers

Paper Nr:	33
Title:	Robust Time-Aware and Interpretable Model for Predicting Vulnerability Exploitation
Authors:	Noufal Issa, Damas Gruska and Loubna Ali
Abstract:	Accurately predicting which software vulnerabilities (CVEs) will be exploited is a critical challenge in cybersecurity. We present a robust, time-aware, and fully explainable machine learning pipeline for exploit prediction. Our approach combines structured numeric signals (such as CVSS severity, EPSS probability, vulnerability age, and metadata counts) with semantic features extracted from vulnerability descriptions via TF-IDF (Term Frequency-Inverse Document Frequency) text vectorization, and trains an Explainable Boosting Machine (EBM) classifier with temporal validation, covariate-shift reweighting, isotonic probability calibration, and automated concept drift monitoring. In a large-scale evaluation on recent CVEs, the hybrid TF-IDF + numeric model substantially outperforms conventional severity metrics. The EBM architecture provides feature-level explanations that make individual predictions transparent, supporting analyst trust and model debugging. A lightweight drift detector based on distributional change statistics (including Kolmogorov-Smirnov, Wasserstein, and Mahalanobis distances), continuously monitors incoming vulnerability data and can trigger retraining when the distribution of new CVEs differs from the training set. This end-to-end solution is interpretable and resilient to evolving data, providing a practical decision-support tool for proactive vulnerability risk management.

Paper Nr:	44
Title:	CAMEL: Mitigating Bluetooth Low Energy Packet Injection Attacks
Authors:	Benoit Knuchel, Damian Vizár, Chitchanok Chuengsatiansup and Slim Fatnassi
Abstract:	Bluetooth Low Energy (BLE) is the prevailing low-power wireless communication protocol for Internet of Things devices (IoT). While the protocol security layer is sound, recent research revealed a number of implementation-related vulnerabilities. For example, a race condition vulnerability can be exploited to inject malicious packets, enabling Man-in-the-Middle (MitM) attacks, device hijacking, or efficient Denial-of-Service (DoS) attacks against millions of IoT devices that implement no BLE encryption even today. Recognizing the possible impact, researches proposed detection method for BLE packet injection in the OASIS paper. We experimentally demonstrate that OASIS’ state-of-theart BLE packet injection detection can be reliably bypassed for ≈ 97.7% of the possible values of the BLE connection parameter called the hop interval. We then propose CAMEL, a lightweight, adaptive mitigation that secures a much broader configuration space without sacrificing resource efficiency. CAMEL employs a host-based, probabilistic detection mechanism that establishes a detection threshold from the observed timings of packet transmissions across successive connection events, optimally balancing false positive rates against the likelihood of a successful attack for each given connection. Hardened with our probabilistic recalibration, our method represents a practical and resource effective detection of injection attacks that can help prevent MitM and other serious attacks on millions of IoT devices without BLE encryption.

Paper Nr:	48
Title:	Security Evolution in ThingsBoard: A Repository Mining Study
Authors:	Burak Enes Beygo, Mert Yiğit and Tuğba Gürgen Erdoğan
Abstract:	ThingsBoard is a widely used open-source Internet of Things (IoT) platform that evolves through active community contributions, making security and software quality increasingly critical as the system grows. This study investigates how security-related activities have evolved within the ThingsBoard repository and examines their relationship with overall software quality metrics. Using Mining Software Repositories (MSR) techniques, issue and commit data were collected and analyzed using PyDriller. Temporal and categorical analyses were conducted to identify security-related issues, classify their types, and explore their associations with quality indicators such as issue resolution time, commit frequency, and release intensity. The results reveal a clear increase in security-related issues and commits over time, with notable activity peaks aligned with major releases, particularly in May 2023 and February and July 2024. Prominent security themes include access control, credential management, encryption (e.g., Secure Sockets Layer (SSL)), and communication security. The findings indicate that security-related tasks generally require longer resolution times than non-security bugs and exhibit a moderate correlation with overall project activity. This suggests that security practices are becoming more systematically integrated into the development process without adversely affecting project stability. Overall, the study demonstrates that repository mining provides valuable insights into the evolution of security management and software quality in open-source IoT projects.

Paper Nr:	61
Title:	Integrating AI Models for Intrusion Detection in Vehicle-to-Grid (V2G) Networks: Enhancing Security and Privacy
Authors:	Dipa Diallo
Abstract:	Vehicle-to-Grid (V2G) technology is an emerging innovation that allows electric vehicles to supply electricity to the grid when not in use. This innovative system has the potential to enhance the stability and efficiency of the electrical grid by using the stored energy in electric vehicle batteries. However, V2G technology raises significant concerns regarding availability, integrity, and confidentiality, as data generated from vehicle charging and discharging can be exploited to track drivers’ movements and behaviors. In this paper, we examine the challenges of preserving confidentiality posed by V2G systems and propose a com-prehensive AI-based intrusion detection system. Our approach leverages multiple machine learning models, with Adaptive Boosting (AdaBoost) as our primary classifier, alongside Support Vector Machines (SVM), K-Nearest Neighbors (KNN), Logistic Regression, and Random Forest algorithms. Through extensive experimentation and comparative analysis, our results demonstrate that AdaBoost achieves a 98% success rate in mitigating direct attacks, significantly outperforming other benchmarked models. Our experimental results highlight the potential for broader application of this multi-model approach in securing V2G networks, contributing to the ongoing discourse on digital privacy and proposing a viable solution to one of the main challenges of integrating electric vehicles into the smart grid.

Paper Nr:	72
Title:	DECAF: A Decentralised Privacy-Preserving Reputation Framework for Supply Chain
Authors:	Abubakar Shehu and Steve Schneider
Abstract:	In this paper, we introduce DECAF, a decentralised privacy-preserving reputation framework for supply chain ecosystems. DECAF addresses the fundamental tension between trust verification and commercial confidentiality by combining Self-Sovereign Identity (SSI) with Zero-Knowledge Proofs (ZKPs). Our framework enables supply chain entities to receive verifiable credentials from trusted issuers and generate cryptographic proofs that attest to specific reputational claims; such as transaction history, compliance status, or ethical certifications, without revealing underlying sensitive data. We present a proof-of-concept implementation in the coffee supply chain domain, demonstrating how suppliers can prove their capability to new buyers while protecting existing business relationships. DECAF provides a practical, cryptographically sound approach to transforming reputation into a portable, verifiable, and privacy-preserving asset, offering a privacy-preserving alternative to traditional and centralised reputation systems.

Paper Nr:	78
Title:	An Adaptable Modular IDPS Framework for Cross-Domain Intrusion Detection and Operational Trade-off Analysis
Authors:	Nikolas Naydenov, Kayode S. Adewole, Naomy Jerono Chemungor and Andreas Jacobsson
Abstract:	Conventional Intrusion Detection and Prevention Systems (IDPS) frequently fail to handle the dynamic nature of modern cyber threats, struggling to detect zero-day attacks or generalize across diverse network environments. The operational deployment of machine learning (ML) for intrusion detection also remains a significant challenge. This research addresses these limitations by designing, developing, and evaluating an adaptable modular IDPS framework that leverages machine learning to balance detection efficacy, model generalization, and operational efficiency. The proposed cloud-native architecture employs a two-stage process. Stage 1 utilizes a semi-supervised model to learn the behavioral baseline from unlabeled production traffic, distinguishing novel zero-day threats. Stage 2 uses a supervised model for fine-grained, multiclass classification of detected anomalies. To overcome the lack of labeled data, this research introduces a methodology for creating a composite evaluation dataset by unifying attack classes across public benchmarks (CIC-IDS-2017, CIC-IoT-2023) and adapting them to the real network of a modern organization -- a major European scientific research facility -- using statistical domain transfer. The system's operational sensitivity is managed by a novel, recall-focused thresholding strategy, while a weighted scoring system ranks models based on a holistic set of criteria including recall, precision, and inference time. Analysis of ML experiments shows larger models excel in-domain, but regularization is critical for cross-domain generalization, revealing trade-offs between accuracy and operational efficiency. Crucially, by deploying computationally efficient, offline-trained models via container orchestration, the framework achieves zero-downtime operational adaptability while mitigating the severe risks of adversarial attacks associated with online learning. The primary contribution is not a single optimal model, but a flexible, production-ready framework that can be continuously optimized to meet specific organizational security requirements.

Short Papers

Paper Nr:	28
Title:	Quantifying Human Entry-Point Risk: Phishing Resilience Metrics for Operational Readiness
Authors:	Steph Rudd
Abstract:	Compliance frameworks remain largely descriptive and lack quantifiable measures at the human-control layer. This paper introduces a cross-framework, industry-agnostic model that transposes qualitative obligations from ISO/IEC 27001 and ISO/IEC 27004 into mathematically defined indicators of phishing resilience. By operationalising standard telemetry — Delivered, Clicks, Reports, and Report Time — into derived ratios of susceptibility (Phish Click Rate) and agility (Timeto-Report), the study defines a composite readiness metric, the Phish Resilience Ratio (PRR). Using synthetic scenario analysis, a threshold of PRR ≥ 0.90 is illustrated as representing a highly resilient operational posture, providing a practical benchmark for interpreting human-layer security readiness. The framework bridges behavioural awareness with audit-ready assurance, transforming human-layer security from a qualitative training outcome into a measurable, repeatable, and compliancealigned control applicable across sectors and regulatory regimes.

Paper Nr:	35
Title:	Exploiting CNN Malware Detectors with Functionality-Preserving Perturbations
Authors:	Payal Awwal, Smita Naval and Vijay Laxmi
Abstract:	Adversarial machine learning poses a growing challenge for malware detection systems because carefully crafted modifications to malware samples can cause machine learning classifiers to misclassify malicious files as benign. In this work, we investigate the robustness of image-based malware detection models against functionality-preserving adversarial perturbations. Windows Portable Executable (PE) files are transformed into three visual representations—grayscale, RGB, and Markov transition images—and analyzed using several convolutional neural network (CNN) architectures, including VGG16, MobileNetV2, InceptionV3, a dual-stream ResNet50 model, and EfficientNet-B0. While these models achieve strong detection performance on clean samples, their robustness is evaluated under two realistic adversarial techniques: section injection and overlay padding. Experimental results show that even small functionality-preserving modifications can significantly degrade classification accuracy, with larger payloads further increasing evasion rates. The findings highlight both the effectiveness and the vulnerability of image-based malware detection approaches and emphasize the need for more robust defenses against adversarial manipulation of executable files.

Paper Nr:	47
Title:	Dynamic Key–Driven Privacy-Preserving Multi-Protocol IoT Gateway on FPGA
Authors:	Ananya Maiya, Anisha Raghav, Anmol Hikkalgutti, Stacy Kathaleen and Vadiraja A
Abstract:	This paper deals with the privacy concerns of users due to the fast growth of IoT in smart-home settings. The continous data collection and the use of several protocols for communications without sufficient security may reveal highly personal data.Thus, privacy-preserving measures must be an integral part of the communication environment and not be added as software layers from the outside to offer secure real-time protection. Here we have described a design for a privacy aware IoT gateway that implements privacy preserving features in the hardware communication pipeline to prevent static masking or software, based strategies only. Demonstrated on Arty A7, 35T FPGA platform, the gateway makes it easy to use Modbus RTU, BLE, Zigbee, and Wi, Fi protocols. Moreover, it uses a lightweight hardware assisted dynamic key generation method based on real-time data entropy to secure sensitive information before sending it to the cloud. Real-time in-situ experiments conducted in the presence of multiple protocols running simultaneously have demonstrated that the proposed approach helps to maintain the correct protocol translation without performance degradation, thus showing the effectiveness and feasibility of privacy aware communication in smart home IoT situations.

Paper Nr:	54
Title:	From Counter Desk to Chatbot: Privacy Perceptions in AI-Supported Municipal Services
Authors:	Luisa Vervier, Julian Hildebrandt, Luzia Borgmann and Martina Ziefle
Abstract:	Municipal services increasingly use AI-supported solutions to address demographic change and shortages of skilled workers while improving efficiency and accessibility. Yet the acceptance of digital public services depends on citizens’ perceptions of data protection, security, and trust. This study examines how privacy-related acceptance differs between traditional and digital municipal service processes. An online study with a scenario-based within-subject design was conducted (n = 215). All participants evaluated the same administrative task across four service processes: a traditional in-person process (baseline), a chatbot-based service, a fully digital contract workflow, and a combined chatbot--contract scenario. Across all workflows, perceived security, willingness to disclose personal data, fear of errors, and preference for human interaction were assessed. The results show that traditional in-person services are perceived as more secure and trustworthy than digital alternatives. Among the digital services, structured digital contract workflows are evaluated more positively than chatbot approaches, particularly regarding data disclosure and perceived error susceptibility. Fear of errors emerges as a major barrier to acceptance, while perceived security strongly influences willingness to share personal data. Age-related differences further indicate greater skepticism toward digital administrative services among older users. Overall, the findings highlight the central role of privacy perceptions, predictability, and reliability in citizens’ acceptance of AI-supported municipal services and provide implications for the design of trustworthy digital public services.

Paper Nr:	55
Title:	Advanced Image Steganography in Videos Using Deep Generative Models for Secure Data Embedding
Authors:	Duha Al-Adhami, Hamza Gharsellaoui and Olfa Belkhahla Belkahla
Abstract:	Video steganography must address the principal challenge of high-fidelity secret recovery with cover modifications that are imperceptible. This paper presents a new deep learning architecture for secret image concealment in video frames by integrating a multi-scale encoder-decoder network and attention mechanisms. Our approach combines a Q3-improved encoder that processes cover video frames and stego images in separate 4-layer convolutional channels with ascending sampling, with skip connections and a squeeze-and-excitation-guided decoder. The architecture employs an extremely sophisticated loss function, which is a combination of MSE, L1, SSIM, edge preservation, and gradient consistency terms weighted with curriculum learning methods. Experimental evaluation on HMDB51 video frames with CIFAR-10 images demonstrates improved performance with secret restoration attaining 26.31 ± 2.07 dB PSNR and 0.9595 ± 0.0232 SSIM, while possessing outstanding cover quality at 37.48 ± 0.47 dB PSNR and 0.9404 ± 0.0181 SSIM. The application facilitates mixed precision training and gradient accumulation to reduce memory requirements, enabling deployment on low resource 4GB GPU platforms. Extensive cross-1,375 sample testing at statistical confidence intervals confirms the robustness and reliability of the approach. The resulting architecture surpasses current quality levels for livable steganographic deployment while offering computational efficiency advantages over current techniques.

Paper Nr:	82
Title:	Express Frankly! Your Sentiments Are Secured
Authors:	Reeshav Chowdhury, Shivam Kumar and Ayantika Chatterjee
Abstract:	Pretrained language models enable powerful sentiment analysis across domains such as healthcare, finance, and customer experience, but deploying them in privacy-sensitive settings requires exposing user data in plaintext. To address this challenge, we present a privacy-preserving sentiment analysis framework that implements all layers of Tiny-BERT under fully homomorphic encryption (FHE), enabling end-to-end inference on encrypted data. We use several optimization strategies for efficient ciphertext--ciphertext matrix multiplication (CCMM), the core operation in encrypted transformer inference, including early modulus switching, lazy relinearization, and sparse rotation keys to reduce keyswitching overhead. To support attention computation, we design optimized encrypted matrix transposition routines using a depth-1 ideal decomposition with rotation hoisting, reducing rotation cost. We further analyze transformer computations to identify parallelism in encrypted matrix multiplication and transposition, and implement CPU-based multithreading to execute ciphertext multiplications, rotations, and transpositions concurrently. Our optimized ciphertext--ciphertext (CT--CT) matrix multiplication achieves a 6.63x and encrypted transposition achieves a 7.06x speedup over baseline. Since nonlinear functions cannot be directly evaluated under FHE, we develop polynomial approximations that maintain numerical stability while preserving model accuracy. Using these techniques, we implement optimized single-head attention and extend it to batched multi-head parallel attention using CPU multithreading. Experiments on IMDB and SST-2 achieve accuracy comparable to plaintext inference. For a single encoder layer, our framework achieves 247 s latency, demonstrating the practicality of encrypted transformer inference for privacy-sensitive applications.

Paper Nr:	83
Title:	An Enhanced Deep Learning Approach for Text-Based Cyber Threat Detection
Authors:	Aayush Sharma, Mosab Hamdan and Arghir-Nicolae Moldovan
Abstract:	Cyberattacks increasingly appear within textual communication such as threat re-ports, phishing content, incident alerts, and malware descriptions, creating a need for automated systems capable of classifying complex cyber-related language with high reliability. Traditional detection methods and many earlier analytical models often depend on shallow representations or handcrafted features, which can struggle to capture contextual semantics, subtle linguistic cues, and evolving attacker terminology. This study addresses these challenges through a hybrid ALBERT+LSTM framework for multiclass cybertext threat classification, where ALBERT provides compact contextual embeddings and an LSTM layer learns sequential dependencies within the encoded text. The workflow includes text cleaning and normalization, transformation into model-ready representations, model training, and metric-based comparison against machine learning and deep learning baselines. Experimental results show that the ALBERT+LSTM model achieves an accuracy and F1 of 0.90, exceeding the performance of Random For-est, XGBoost, BiLSTM, and GRU models. Notably, the hybrid model demon-strates superior computational efficiency with inference times of 1.23ms per sam-ple, 3.7× faster than standalone LSTM (4.52ms) and 2.1× faster than BERT-based approaches (2.58ms). These findings demonstrate that combining light-weight contextual modelling with sequence learning improves threat-category separation in cybertext while maintaining practical deployment feasibility in re-source-constrained security environments.

Paper Nr:	18
Title:	Anomaly Detection in IoT: From Hardware to Application Layer
Authors:	Saad El Jaouhari
Abstract:	As IoT ecosystems continue to expand in scale and complexity, ensuring the reliability and security of interconnected devices has become a critical challenge. These systems generate vast volumes of heterogeneous data across multiple layers, making them susceptible to faults, intrusions, and performance anomalies. Anomaly Detection (AD) plays a crucial role in identifying and mitigating such threats by recognizing deviations from expected behavior. This paper presents a review of anomaly detection techniques in IoT systems, structured around a four-layer architecture: hardware, perception, network, and application, representing the source of data for AD. This separation allows for precise localization and analysis of anomalies across the IoT stack. Different techniques have been explored in the literature for anomaly detection, most of which rely on semantical or statistical approaches, including knowledge-based systems, machine learning, and deep learning methods, to evaluate their effectiveness in real-time threat identification. The study focuses on two key aspects: (i) types of anomalies: point, contextual, and collective, including sensor-specific issues like drift and missing data; (ii) and a layer-based taxonomy that maps detection techniques to their respective IoT layers. This layered perspective provides a structured foundation for advancing anomaly detection research and improving the resilience of IoT systems.

Paper Nr:	31
Title:	Deep Federated Learning Model for Privacy-Enhanced Internet of Medical Things Intrusion Detection System
Authors:	Muhammad Liman Gambo, Khalid Ibrahimi and Ayaz H. Khan
Abstract:	The rapid adoption of Internet of Medical Things (IoMT) devices has revolutionized patient care, but it has also introduced critical security and privacy challenges in safeguarding sensitive health data. Existing intrusion detection systems (IDS) typically rely on centralized training, making them vulnerable to data breaches and inference attacks on shared model updates for federated learning (FL) only setup. To address this gap, we propose a deep binary IDS trained via federated averaging and augmented with differential privacy (DP). Through this approach, private collaboration is enabled across resource-constrained IoMT devices without disclosing local data and individual model updates. On the CICIoMT2024 dataset, the proposed privacy-enhanced federated model achieves 98.61% accuracy with only 1.13 percentage-point reduction relative to a standard federated model. We also formalize a threat model in which DP bounds gradient inversion and membership inference risk. This strengthens privacy beyond FL alone and, hence, advances the security posture of next-generation healthcare networks.

Paper Nr:	43
Title:	Lifecycle Security for IoMT Systems: Bridging the Gap between Design and Operation
Authors:	Marcos Didonet Del Fabro, Mahender Kumar, Nabil Moukafih, Miroslaw Malinowski, Pascal Bannerot, Gregory Epiphaniou and Nikolaos Matragkas
Abstract:	The Internet of Medical Things (IoMT) has transformed healthcare by enabling smart devices to automate data collection, processing, and storage, supporting critical services such as remote patient monitoring and advanced surgeries. However, the increasing reliance on these systems introduces security challenges due to their heterogeneous nature and the sensitivity of healthcare data. IoMT systems combine patient safety requirements, regulatory compliance, and the processing of personal data. There is a critical gap between security measures in design-time and the dynamic requirements of operational systems. There is a lack of interoperability between tools (e.g., UML modeling tools) and operational analysis (e.g., risk assessment tools). To bridge this gap, this paper presents an approach for integrating an IoMT Modeling Tool with a Threat, Vulnerability and Risk Analysis tool (TVRA). This integration is engineered through a dedicated RESTful API and a TVRA-compatible UML profile, including model import, threat analysis and attack tree generation, vulnerability scanning, and risk visualization through attack graphs. This continuous loop ensures that operational findings, including specific threats and mitigation recommendations, directly inform and refine future design iterations. Our work shows through a case study in a Remote Patient Monitoring scenario that this integrated environment enables implementing a connected feedback loop, identifying 1,546 threats.