Description:FIELD OF THE INVENTION

[001] The present invention generally relates to the field of computer science and engineering, and more particularly to systems and methods for cybersecurity, intrusion detection, secure data transmission, and cryptographic communication. Specifically, the invention pertains to a hybrid cybersecurity framework integrating explainable artificial intelligence, lightweight physical unclonable cryptographic mechanisms, blockchain-based tamper-resistant communication, and bio-inspired optimization algorithms for enhancing intrusion detection accuracy, system resilience, and secure multipath fault-tolerant data transmission in networked digital environments.

BACKGROUND OF THE INVENTION
[002] In recent years, the proliferation of digital infrastructure and the increasing reliance on interconnected computing systems have significantly heightened the risk and complexity of cybersecurity threats. Conventional intrusion detection systems (IDS) have become inadequate in addressing sophisticated cyberattacks due to limitations in adaptability, accuracy, and the ability to interpret high-dimensional and imbalanced network traffic data. These limitations are further exacerbated by the prevalence of false positives and the inability of traditional systems to provide real-time, transparent, and trustworthy threat assessments.
Artificial intelligence (AI) and machine learning (ML) techniques have emerged as promising tools to enhance intrusion detection capabilities by automating the analysis of complex data patterns and identifying anomalies indicative of malicious behavior. However, despite their demonstrated performance improvements, AI-based systems remain vulnerable to adversarial attacks, data poisoning, and model drift. Moreover, the lack of interpretability in many deep learning models undermines user trust and limits their practical deployment in mission-critical environments such as finance, healthcare, and defense.
The integration of blockchain technology into cybersecurity systems has been explored as a means of addressing the challenges of data integrity, transparency, and decentralization. Blockchain offers an immutable and tamper-resistant record-keeping mechanism that eliminates single points of failure and enhances auditability in security-sensitive applications. Nevertheless, the computational overhead, scalability issues, and latency introduced by blockchain infrastructures pose significant barriers to their seamless integration with real-time AI-driven intrusion detection frameworks.
Simultaneously, cryptographic security remains a cornerstone of secure communication, yet conventional software-based cryptographic schemes are susceptible to cloning, key extraction, and spoofing attacks. Hardware-based solutions, such as Physical Unclonable Functions (PUFs), offer a lightweight and inherently secure alternative by exploiting the uncontrollable physical variations in integrated circuits to generate unique cryptographic keys. However, their practical integration with dynamic, distributed cybersecurity systems has not been fully realized or optimized for intrusion tolerance and multipath data transmission scenarios.
In view of the foregoing, there exists a need for a comprehensive cybersecurity solution that combines explainable AI-based intrusion detection, lightweight hardware-derived cryptographic security, decentralized blockchain verification, and fault-tolerant multipath communication. The present invention addresses these unmet needs by introducing a novel hybrid architecture that integrates advanced deep learning models, optimization algorithms inspired by natural behaviors, secure physical cryptographic primitives, and blockchain-based infrastructure to deliver a scalable, interpretable, and tamper-resistant cybersecurity framework.
OBJECTIVES OF THE INVENTION
[007] It is an object of the present invention to provide an enhanced cybersecurity framework that enables accurate, real-time intrusion detection by employing advanced machine learning models capable of extracting meaningful features from high-dimensional and imbalanced network traffic data.
It is another object of the invention to integrate a blockchain-based communication layer for ensuring decentralized, tamper-proof, and fault-tolerant transmission of security-critical data, thereby eliminating central points of failure and enhancing system integrity.
It is a further object of the invention to utilize Lightweight Physical Unclonable Cryptography (LPUC), which leverages the inherent and unique physical characteristics of hardware components to generate cryptographic keys, thereby ensuring secure, low-overhead authentication and data encryption.
It is yet another object of the invention to optimize intrusion detection performance through the application of a bio-inspired metaheuristic algorithm—Gooseneck Barnacle Optimization (GBO)—for hyperparameter tuning and feature selection, thereby improving model accuracy and learning efficiency.
It is also an object of the invention to address class imbalance prevalent in cybersecurity datasets by implementing a density-aware synthetic oversampling technique (Glow-SMOTE), thereby improving model generalization and detection of rare attack instances.
It is an additional object of the invention to provide explainability and interpretability of AI-based intrusion detection decisions by integrating explainable artificial intelligence (XAI) techniques such as SHAP (SHapley Additive exPlanations), thereby enhancing trust and transparency in the system's operation.
It is an object of the invention to provide a multipath secure data communication architecture wherein each data path is independently authenticated and encrypted using LPUC-generated cryptographic keys, thereby enabling intrusion and fault tolerance through dynamic rerouting.
It is another object of the invention to develop a scalable, adaptable, and modular cybersecurity architecture that can be deployed across various sectors, including finance, healthcare, industrial IoT, and critical infrastructure, while maintaining consistent performance against evolving threat landscapes.
SUMMARY OF THE INVENTION
[017] The present invention provides a novel cybersecurity framework that integrates advanced machine learning techniques, lightweight physical cryptographic primitives, bio-inspired optimization algorithms, and blockchain technology to enhance the detection, prevention, and mitigation of cyber threats in networked computing environments. The invention is designed to overcome the limitations of conventional intrusion detection systems by delivering high accuracy, real-time performance, explainability, and fault-tolerant secure communication.
At the core of the invention is a deep learning model referred to as the Explainable Dual Attention Gooseneck Barnacle Network (EDA-GNET), which utilizes spatial and channel-wise attention mechanisms to extract and prioritize relevant features from network traffic data. The performance of this model is further enhanced through hyperparameter tuning and feature selection using the Gooseneck Barnacle Optimization (GBO) algorithm, a nature-inspired optimization method modeled on the behavioral traits of barnacles. The model is further supported by data preprocessing using a density-aware Synthetic Minority Oversampling Technique (Glow-SMOTE) to address class imbalance in intrusion datasets.
To ensure secure communication and resistance to tampering or data compromise, the invention employs Lightweight Physical Unclonable Cryptography (LPUC), wherein cryptographic keys are derived from inherent physical properties of hardware components. This hardware-based approach enhances security without incurring significant computational overhead. A multipath data routing mechanism is implemented, wherein each communication path is authenticated with a unique LPUC-derived key, thereby providing resilience against intrusion and single-path failures.
In addition, the invention integrates a blockchain layer initialized through a Genesis Block, providing immutable, decentralized, and verifiable logging of communication events and intrusion alerts. This blockchain-based infrastructure ensures integrity, auditability, and resistance to data tampering, further strengthening the security and transparency of the system.
Through the integration of these components, the invention provides a robust, scalable, and explainable cybersecurity solution capable of achieving superior performance metrics in detecting intrusions, managing class imbalance, securing data transmission, and tolerating communication faults. The invention is particularly applicable in critical domains such as financial systems, healthcare networks, industrial IoT, and governmental infrastructure.
DETAIL DESCRIPTION OF THE INVENTION
[025] The present invention provides a hybrid, multi-layered cybersecurity system that integrates advanced machine learning models, lightweight cryptographic mechanisms, nature-inspired optimization algorithms, and blockchain-based secure communication to enhance intrusion detection and data integrity in distributed network environments. The system is designed to detect, prevent, and tolerate cyber intrusions while providing transparency, scalability, and robustness.
In one embodiment, the invention comprises a preprocessing module employing a density-aware oversampling algorithm, herein referred to as Glow-SMOTE, which improves class balance in imbalanced cybersecurity datasets. Glow-SMOTE identifies minority class instances located in high-density regions and synthetically generates additional representative data samples, thereby increasing the generalization capability of the machine learning model while mitigating the risk of overfitting.

The core detection model, in a preferred embodiment, is implemented using the Explainable Dual Attention Gooseneck Barnacle Network (EDA-GNET). The EDA-GNET model is a deep neural network incorporating two specialized attention modules: a Position Attention Module (PAM) that captures spatial dependencies in the input traffic data, and a Channel Attention Module (CAM) that enhances learning of inter-feature relationships. This dual attention mechanism enables the model to identify relevant intrusion patterns while suppressing redundant or noisy signals.
To further improve performance, the invention utilizes a bio-inspired optimization method known as the Gooseneck Barnacle Optimization (GBO) algorithm. The GBO algorithm draws inspiration from the adaptive reproductive and wave-adhering behavior of gooseneck barnacles and is configured to dynamically optimize hyperparameters and feature subsets in the EDA-GNET model. The algorithm balances global exploration and local exploitation of the search space through a fitness function based on classification accuracy and computational efficiency.
To secure communication and prevent unauthorized access or tampering, the invention incorporates a lightweight hardware-based cryptographic framework referred to as Lightweight Physical Unclonable Cryptography (LPUC). In this implementation, cryptographic keys are derived from the intrinsic and non-reproducible physical characteristics of hardware components, such as static random-access memory (SRAM) cell startup states. The LPUC system employs a Data Remanence Algorithm to stabilize SRAM behavior and Fuzzy Extractors to produce reliable and repeatable cryptographic keys even in the presence of noise or environmental variation.
A multipath communication mechanism is further integrated to ensure resilience and intrusion tolerance. In the event of compromise or failure along one communication path, the system dynamically reroutes data through alternate secure channels, each authenticated with a distinct LPUC-generated key. This approach provides redundancy, fault tolerance, and enhanced resistance to targeted attacks on communication infrastructure.
To preserve the integrity and verifiability of intrusion detection logs and communications, the invention further includes a blockchain layer. A Genesis Block is instantiated to initialize a decentralized ledger that records validated events and transactions. All intrusion alerts, cryptographic exchanges, and routing decisions are appended to the blockchain via smart contracts, ensuring tamper-proof, auditable, and transparent operation. The blockchain operates on a consensus mechanism and hash-chain verification to prevent unauthorized alterations to recorded events.
In operation, the system first acquires real-time or historical network traffic data from one or more datasets, such as UNB-CIC-IOT-2023, CICIDS-2017, UNR-IDD, and NF-UQ-NIDS-v2. The preprocessing module applies Glow-SMOTE to balance class distributions. The processed data is then fed into the EDA-GNET model, which performs feature extraction and classification, supported by GBO for optimization. Upon detecting an anomaly, the LPUC module initiates secure key generation, and communication is routed through the most secure available path. Simultaneously, relevant data is recorded on the blockchain for immutable logging and traceability.
In one embodiment, the system includes a SHAP (SHapley Additive exPlanations) interpretability engine integrated with EDA-GNET, which computes the contribution of each input feature to the model’s output decision. This explainability module enhances transparency, supports forensic analysis, and facilitates user trust in AI-driven threat detection systems.
The described invention achieves significant performance improvements over conventional models, delivering detection accuracy of up to 99.84%, precision of 99.74%, recall of 99.59%, and F1-score of 99.68%. These metrics demonstrate the effectiveness of the integrated architecture in addressing real-time cybersecurity threats while maintaining resilience, adaptability, and data integrity across various deployment scenarios.
The foregoing description is illustrative and not intended to be limiting. Various modifications, enhancements, and substitutions may be made to the system components, algorithmic processes, cryptographic mechanisms, or communication protocols without departing from the scope of the present invention as defined by the appended claims.
In an alternative embodiment, the EDA-GNET model may be deployed using modular layers that are dynamically configurable based on the computational capabilities of the host environment. This permits the architecture to scale across edge devices, cloud infrastructures, and hybrid computing systems. In low-resource environments, a pruned or quantized version of the model may be used to reduce latency and memory footprint without compromising detection fidelity.

The Gooseneck Barnacle Optimization (GBO) algorithm, in further embodiments, may employ a hybrid fitness function that incorporates multi-objective parameters including accuracy, false positive rate, model complexity, and computational time. This allows the optimization to be tailored for specific use cases such as real-time detection in latency-sensitive systems, or for forensic analysis in post-event audits where model interpretability is prioritized.

The LPUC mechanism may be implemented on a variety of hardware substrates including, but not limited to, SRAM, Flash, ring oscillators, and delay-based PUFs. Each hardware module is characterized and calibrated during the device enrollment phase, and a helper data algorithm is used to generate reproducible cryptographic keys with minimal entropy loss. The use of fuzzy extractors with embedded error-correcting codes (ECC) ensures robustness against environmental fluctuations.

In one configuration, the multipath routing system is integrated with a secure routing protocol stack that continuously monitors path integrity using blockchain-stored trust scores. Paths demonstrating anomalies, latency spikes, or packet drops are deprioritized or excluded from the routing table. This dynamic routing capability enhances overall system resilience and load distribution while maintaining cryptographic isolation of data streams.
The blockchain component may employ a permissioned or consortium-based consensus model, depending on the deployment environment. For enterprise or critical infrastructure applications, a Byzantine Fault Tolerant (BFT) consensus protocol may be preferred to reduce block finality time and improve throughput. Smart contracts embedded in the blockchain layer govern access policies, key management events, and intrusion alert propagation across nodes.
The invention further contemplates a hierarchical trust model, wherein nodes participating in the network may be assigned varying levels of authority based on their behavior, uptime, and contribution to consensus activities. Trust scores are continuously updated and immutably recorded on the blockchain, thereby enabling a decentralized reputation system that further strengthens security against Sybil attacks and insider threats.
In one embodiment, the SHAP-based explainability module is extended to support real-time visual dashboards, providing system administrators with feature-level attribution scores for each intrusion event. This facilitates rapid threat assessment and supports compliance with regulatory frameworks that mandate explainable AI in decision-making systems, such as GDPR and HIPAA.
To support cross-domain adaptability, the invention includes a model adaptation module capable of online transfer learning. When the system is deployed in a new environment or on a new dataset, the EDA-GNET model undergoes selective fine-tuning using domain-specific features while preserving core detection capabilities. This enables the framework to evolve in response to emerging threats without requiring complete retraining.
In a further embodiment, the invention provides an encrypted audit trail that combines blockchain logs with LPUC-authenticated signatures for post-event forensics. Each intrusion event, communication exchange, and routing decision is cryptographically signed and timestamped, ensuring non-repudiation and enabling tamper-proof investigation of attack vectors and system responses.
Finally, the invention supports seamless integration with existing security information and event management (SIEM) platforms via a dedicated API layer. This allows alerts and model outputs to be ingested into broader enterprise security workflows, facilitating automated incident response, threat correlation, and compliance reporting.
In one embodiment, the Glow-SMOTE preprocessing module may be enhanced with adaptive density estimation techniques such as kernel density estimation (KDE) or local outlier factor (LOF) scoring to dynamically identify high-density regions of the minority class. This allows the synthetic data generation process to prioritize not only quantity but also contextual relevance, thereby improving minority class boundary definition in high-dimensional feature space.
The system may further support a federated learning architecture, wherein the EDA-GNET model is trained across multiple distributed nodes without centralizing sensitive data. Each participating device trains a local version of the model on its native data, and only model weights or gradients are shared with a central aggregator. This preserves data privacy and is especially suited for applications in healthcare, smart grids, and financial services.
To further secure the federated model training process, LPUC can be employed to sign and verify local model updates before aggregation. This prevents poisoning attacks and ensures that only authenticated and untampered contributions influence the global model. The blockchain ledger may be used to track and verify the provenance of each local update, enabling auditability of the federated learning pipeline.
In another embodiment, the blockchain component may support sidechain functionality for modular scalability. High-frequency events such as routing decisions or signature verifications may be recorded on a fast, lightweight sidechain, while high-value events (e.g., confirmed intrusions or forensic snapshots) are anchored to a more secure, slower mainchain. This architecture balances throughput with immutability and trust.
The invention may further include a context-aware intrusion response engine that automatically triggers containment or mitigation procedures based on the severity and location of a detected intrusion. This engine may interface with firewalls, software-defined networking (SDN) controllers, or endpoint detection systems (EDR), and can be governed by smart contracts that execute predefined rules stored on the blockchain.
To support edge computing environments, the invention may be implemented in a containerized format using lightweight virtualization technologies such as Docker or Kubernetes. This enables rapid deployment, portability, and isolation of services across a diverse range of hardware platforms, including edge nodes, gateways, and fog computing devices.
In an additional configuration, the system may employ hardware-assisted acceleration through field-programmable gate arrays (FPGAs) or tensor processing units (TPUs) for the EDA-GNET model. This allows the framework to meet real-time latency requirements for time-sensitive applications such as industrial control systems and autonomous vehicles.
The LPUC key generation process may also be reinforced with physically shielded memory regions and power analysis countermeasures to prevent side-channel attacks. These protections ensure that cryptographic material remains secure even in the presence of physical adversaries or environmental manipulation.

The system may include a data fusion module that combines inputs from multiple heterogeneous sources—such as host-based logs, network flow data, and user behavior analytics—into a unified feature space prior to analysis. This multimodal integration enhances the model’s ability to detect complex or stealthy attack patterns that may be missed when analyzing data in isolation.
Finally, the invention may support compliance and reporting modules tailored for industry-specific regulations such as ISO 27001, NIST 800-53, or PCI DSS. These modules aggregate model performance metrics, intrusion logs, cryptographic verification events, and audit trails into structured formats suitable for external audits, certification processes, and regulatory submissions. , Claims:We Claim:
1. A computer-implemented system for secure and fault-tolerant cyber threat detection and communication, comprising:
a preprocessing module configured to apply a synthetic oversampling technique to balance class distribution in network intrusion data;
a deep learning model comprising a dual attention mechanism configured to extract spatial and channel-wise features from said network intrusion data;
an optimization module implementing a bio-inspired optimization algorithm configured to tune one or more hyperparameters of said deep learning model;
cryptographic module configured to generate one or more device-specific cryptographic keys based on physical characteristics of a hardware component using lightweight physical unclonable cryptographic (LPUC) functions;
multipath communication module configured to route data packets through a plurality of authenticated paths using said cryptographic keys; and
blockchain module configured to record, in an immutable and decentralized ledger, intrusion detection events and routing decisions associated with said communication module.
2. The system of claim 1, wherein said synthetic oversampling technique comprises Glow-SMOTE, configured to generate synthetic minority samples based on density estimation in high-dimensional feature space.
3. The system of claim 1, wherein said dual attention mechanism comprises a position attention module for capturing spatial dependencies and a channel attention module for capturing feature interrelations in network traffic data.
4. The system of claim 1, wherein said bio-inspired optimization algorithm comprises a Gooseneck Barnacle Optimization (GBO) algorithm, configured to perform both global exploration and local exploitation during hyperparameter tuning.
5. The system of claim 1, wherein said cryptographic module comprises a data remanence stabilization algorithm and a fuzzy extractor configured to generate reproducible cryptographic keys from SRAM-based physical unclonable functions.
6. The system of claim 1, wherein said multipath communication module is configured to reroute data in real-time to an alternate authenticated path in response to detection of a compromised or degraded communication path.
7. The system of claim 1, wherein said blockchain module initiates a Genesis Block to log cryptographically signed intrusion detection events, thereby ensuring non-repudiation and data provenance.
8. The system of claim 1, further comprising a SHAP-based explainability module configured to assign attribution scores to input features, thereby enabling interpretation of detection results generated by said deep learning model.
9. The system of claim 1, wherein said deep learning model is deployed in a federated learning environment, wherein model parameters are shared between multiple nodes without centralizing raw data.
10. The system of claim 1, wherein said blockchain module comprises a smart contract layer configured to automatically trigger security response actions based on predefined thresholds of intrusion severity.