共找到 20 条结果
With the development of smart civil aviation, the cybersecurity situation for air traffic management (ATM) continues to be critical. The increasingly exposed attack surface demands more advanced technologies and methods for protection. Large language models (LLMs) have been widely applied in cybersecurity, which has provided a novel paradigm for reconstructing ATM cybersecurity defense systems. However, existing vertical domain LLMs in ATM focus on providing passenger services and supporting daily operations, which do not concern cybersecurity. This neglect is a potential risk in the transition from security to safety. In this paper, a prompt-engineering-based method for generating question-answer pairs for ATM cybersecurity is proposed. Knowledge is extracted from multi-source heterogeneous primary sources and converted into uniformly formatted question-answer pairs, and an ATM cybersecurity fine-tuning dataset and benchmark are constructed. By fine-tuning the Deepseek-llm-7B-base model and DeepSeek-R1-Distill-Qwen-14B model using both instruction fine-tuning and reasoning fine-tuning methods, based on Low-Rank Adaptation (LoRA) and full-parameter fine-tuning technologies, a vertical domain LLM named "AeroSec" for ATM cybersecurity was constructed. By comparing the fine-tuned model with the base model, DeepSeek-V3 model, and DeepSeek-R1 model through the third-party model Qwen-Plus, the useful value of AeroSec in answering questions in specialized domains such as ATM network threat analysis and offensive-defensive techniques has been validated.
The intersection of smart home Internet of Things (IoT) devices, enterprise Information Technology (IT) infrastructures and Operational Technology (OT) systems has greatly expanded the cyberattack surface, opening up smart environments to advanced persistent threats (APTs), ransomware, insider attacks and OT protocol exploits. Current cyber security solutions are largely domain specific, and do not have a unified approach for cross domain threat correlation, adaptive response orchestration and proactive cyber resilience. In this regard, this study introduces a novel framework called Cross-Domain Cyber Resilience Framework (CD-CRF) that combines multi-domain telemetry fusion, behavioral anomaly detection, intelligent threat deduction, probabilistic risk scoring, and adaptive response orchestration under a single architecture. The framework utilizes signature independent behavioral analytics and cross domain threat correlation with identification of complex multi-stage attacks in heterogeneous Home, IT and OT environments. Experimental assessment was performed with a set of heterogenous cybersecurity data sets, including intrusion detection logs, traces of ransomware activities, IoT botnet traffic, SCADA/ICS telemetry, authentication data and communication data for malware. The proposed CD-CRF successfully reduced the false positive rate to 1.8%, and attained a detection accuracy of 98.6%, threat prediction rate of 94.8% and a cross-domain correlation efficiency of 97.1%. Moreover, it had a response time of 120ms, about 50% faster mitigation than traditional methods, and statistically significantly outperformed GCSM and CAT and TinyML models (p < 0.05). The results show that CD-CRF improves cyber situational awareness, it increases the ability to detect threats early, it decreases operational risks, and it offers scalable, adaptive cyber resilience solution to converged IT-OT environments.
Smart meters increasingly operate as grid-edge sensing and communication nodes, extending their role beyond conventional digital billing by generating records for local energy trading. In such settings, smart meter-derived records may support coordination, participant interaction, validation, billing, and settlement across different trading architectures. Once these records leave the metering edge, their security and privacy risks depend on how they are routed, reused, protected, and interpreted across centralized, transactive, and peer-to-peer trading workflows. In this review, we examine smart meter-based energy trading through a record-centric and framework-oriented lens. We first clarify the role of smart meters and smart meter-derived records, then compare three representative trading frameworks in terms of data-path structure, coordination pattern, trust organization, and validation or settlement positioning. Building on the comparison, we identify three lifecycle-based layers of issues: record integrity and temporal consistency, insecure transmission and interface access security, and confidentiality and privacy exposure. We also review existing mitigation mechanisms and remaining limitations for each issue layer. We conclude that future work should prioritize lifecycle-wide record governance, temporal continuity, privacy-accountability co-design, and deployable protection across hybrid trading environments.
A chaotic image encryption technique is introduced relying on efficient non-linear substitution boxes (NL-S boxes) based on Deep convolutional neural networks chaotic key generator and new multi-parameter-multi-prime elliptic curves (Deep-CNN-CKG MP-MP-EC). Deep convolutional neural networks are used in this image encryption algorithm to generate an unexpected key stream. Image encryption system can benefit from the unexpected key stream sequence. In the presented method, a new cascaded 2D sine-cosine cross-chaotic map (cascaded 2D [Formula: see text] map), and this chaotic map is used to generate the multi-parameter and the multi-prime for the elliptic curve's generation. All the elliptic curves tack their parameters based on the pseudo-random sequences produced by the proposed cascaded 2D [Formula: see text] map. Furthermore, the points produced by the proposed cascaded 2D [Formula: see text] map and the generated elliptic curves are utilized to generate dynamic NL-S boxes and dynamic permutation tables. The updated NL-S boxes can be established by changing the shared elliptic curve key and the secure chaotic parameters. A reliable image encryption approach is designed based on the proposed Deep-CNN-CKG MP-MP-EC and the generated strong S-boxes. Finally, security analysis and simulation results confirm the reliability of the suggested encryption scheme, and it can be used as a robust encryption scheme.
The rapid digitization of healthcare through electronic health records (EHRs) and artificial intelligence (AI) is transforming clinical decision-making, data integration, and healthcare delivery. However, increasing dependence on interconnected digital systems introduces significant cybersecurity, interoperability, ethical, and operational challenges that EHRs already face, further compounded by the operational complexity of military-civilian healthcare environments where information-sharing requirements are highly sensitive. AI-enabled systems intensify these concerns through opaque decision processes, extensive data demands, and expanding attack surfaces. This article introduces and applies an integrated cybersecurity framework that advances beyond traditional purple teaming by incorporating human factors, governance, ethical considerations, and operational continuity into resilience planning. The paper highlights how this approach can improve secure interoperability, identify systemic vulnerabilities earlier in the development and deployment lifecycle, and support more resilient military-civilian health data exchange architectures. The article further argues that resilience in digital healthcare systems cannot be achieved through technical safeguards alone but instead requires a sociotechnical framework that balances cybersecurity and clinical operations. Originally conceptualized in the context of the biotechnology governance, this paper extends violet teaming into the domain of military-civilian electronic health record interoperability through an illustrative vignette, demonstrating how the framework may support proactive resilience, governance, and cybersecurity integration within complex healthcare data ecosystems, ultimately mitigating risks to patient safety and human life.
The increasing interconnectivity and digital transformation of Communication, Navigation, and Surveillance (CNS) systems have expanded their attack surface, rendering traditional perimeter-based security models inadequate for protecting these critical infrastructures. Zero Trust Architecture (ZTA), founded on the principle of "never trust, always verify," offers a paradigm shift towards continuous, context-aware security. This paper presents a literature review investigating the application of ZTA principles to secure modern CNS ecosystems, following the guidelines of the International Civil Aviation Organization (ICAO) through its Cybersecurity Strategy and Plan. We analyze the alignment of ZTA core tenets-such as least-privilege access, micro-segmentation, and continuous authentication-with the unique operational requirements of CNS systems. This paper also presents a cybersecurity framework, under development within the Future Communications Digital Infrastructure (FCDI) project of the SESAR JU program, which aims to assist CNS stakeholders in collaboratively identifying cybersecurity threats within their scope of responsibility. The review critically examines implementation challenges for specific CNS subsystems: secure aeronautical communications (e.g., LDACS), resilient PNT (Positioning, Navigation, and Timing) services, and integrated surveillance networks (e.g., ADS-B, multilateration). Furthermore, we identify and evaluate domain-specific challenges, including integration with legacy avionics and ground systems, managing stringent latency and reliability constraints, and protecting against sophisticated threats targeting supply chains and data fusion processes. By synthesizing current research and practical deployment insights, this review aims to provide a foundational reference for aerospace engineers, cybersecurity specialists, and policymakers, offering a roadmap to enhance the cyber-resilience of vital CNS infrastructure in an era of evolving digital threats.
This study examined visual exploration strategies in phishing-email detection by integrating conventional AOI-based eye-tracking measures with a complementary scene-based indicator, the Nearest Neighbor Index (NNI), to capture the global spatial organization of fixations. Thirty-two volunteers completed an email-classification task involving 106 static email stimuli; data from 30 participants were included in the final analyses. For each stimulus, participants judged whether the email was authentic or phishing, allowing for the computation of eye-tracking metrics across Signal Detection Theory classification outcomes. Concerning the NNI, the results showed that the spatial distribution of fixations was higher for suspicious than for non-suspicious emails, indicating a broader visual exploration pattern under higher task demands. More importantly, correct and incorrect responses differed reliably: hits were associated with more dispersed and regular fixation patterns, whereas false alarms were associated with more clustered scanning; misses showed a descriptively similar tendency that did not survive correction for multiple comparisons. Participants also responded faster when correct than when incorrect. When cybersecurity awareness (CAIN) was included as a mean-centered covariate, the primary effects of Signal and Outcome on NNI and decision time remained significant, indicating that the experimental effects are robust to individual differences in cybersecurity knowledge. However, CAIN did not emerge as a reliable predictor of eye-tracking measures within these models, suggesting that its role operates more at the level of classification performance than moment-by-moment gaze organization.
Internet connectivity has significantly enhanced the efficiency of daily operations, information retrieval, and global communication. However, this heightened reliance on technology has also exposed us to cybersecurity threats that are often beyond our control. Consequently, securing the data, privacy, and critical systems demands essential cybersecurity measures. This study focuses on the role of artificial intelligence in strengthening security systems to thwart network breaches. The study proposes a comprehensive three-part approach for software-defined networking (SDN) security. The first is that the concentration is on assuring data integrity and reliability for an SDN intrusion dataset. This involves critical steps such as data cleaning, preprocessing, and normalization. In the second step, six popular feature selection strategies are applied, which encompass recursive feature elimination (RFE), polynomial features, artificial neural networks, SelectKBest, least absolute shrinkage and selection operator (LASSO), and correlation-based features. These techniques help identify and incorporate significant and relevant features, thereby improving the overall model performance. The third part involves the creation of a lightweight hybrid model (LwHM) that leverages the strengths of k-nearest neighbors and decision tree models, utilizing a voting classifier. The LwHM surpasses the performance of the InSDN dataset, achieved an impressive accuracy score of 99.93% with RFE features, and enhance the SDN security efficiently.
Decision support pipelines increasingly combine machine learning predictions with human judgment, yet most public benchmarks evaluate model outputs only and do not encode the interaction process that determines final decisions. This limits reproducible analysis of when human intervention improves or degrades system-level performance. We introduce HCCD-DS v2, a transparent and configurable synthetic benchmark dataset that models decision-time interaction between an AI recommender and simulated users with continuous expertise levels under contextual uncertainty. Each decision instance links input context, system confidence, explainability metadata, human acceptance/override behavior, override rationale, and realized outcome. The dataset simulates distinct profiles for healthcare, cybersecurity, and Internet of Things (IoT) scenarios to support cross-domain evaluation. Empirical analyses and benchmark experiments show that human intervention is condition-dependent: expert overrides are more likely to improve outcomes, while novice overrides more often reduce success. By exposing this interaction in a unified and reusable resource under explicit behavioral assumptions (sequential trust updates, individual risk tolerance, and explanation sensitivity), HCCD-DS v2 provides a controlled environment for benchmarking trust calibration, explanation-aware interaction policies, and algorithms that learn to defer. We discuss the limits of predictive recoverability in simulated human behavior and frame the benchmark's F1-score transitions as a measure of policy complexity.
The increasing deployment of IoT-enabled electric-vehicle charging networks has created a rapidly evolving cyber-physical environment in which security mechanisms must operate amid ever-changing data patterns and resource constraints. In these environments, static Machine Learning (ML) pipelines are often insufficient because they struggle to adapt to concept drift issues, emerging attacks, and real-time operational requirements. We analyzed cybersecurity vulnerabilities, challenges of conventional ML approaches, and the possibilities of AI-powered, adaptive security measures. This paper examines Online AutoML and its advantages, including automated adaptation to streaming data, reduced human intervention, and privacy-preserving, resource-aware learning. Furthermore, this paper discusses adversarial attacks and defences in Online AutoML systems, highlighting the need for frameworks that jointly address concept drift, scalability, privacy, and adversarial threats. Finally, this study emphasizes the importance of establishing comprehensive public benchmarks for Online AutoML research.
The detection of malware in network traffic remains a critical cybersecurity challenge. Traditional signature-based intrusion detection demonstrates a high level of familiarity with issues that have been recorded in the database; but show significantly lower effectiveness when it comes to polymorphic or zero-day attacks. Conversely, anomaly-based approaches are also endowed with the ability to detect new incursions, but often have a high false-positive rate. This study proposes a combined malware-detection framework which makes use of RNA encoding network-flow attributes alongside Convolutional Neural Network (CNN) classifiers. The framework has three functionalities: a Signature-CNN, which is trained on RNA-encoded representation of known malicious flows; an Anomaly-CNN, which is developed to distinguish between benign and malicious traffic without any signature prior knowledge; and a Hybrid-CNN, which combines both paradigms in a two-stage detection pipeline. The research is carried out on the 10,000 samples that are split into training and testing subsets based on the 70/30 split strategy. The given model is trained in the context of a supervised learning model and assessed in terms of common performance metrics, such as accuracy, precision, recall, and F1-score. The experimental design is written in Python and deep learning libraries, so that the evaluation environment of all experiments is consistent and reproducible. Experiments conducted on the Malicious Network Dataset show that the Signature-CNN achieves 91% accuracy with strong precision on known threats, the Anomaly-CNN achieves 93% detection rate on unknown malware, and the Hybrid-CNN achieves the best overall performance with 95% detection rate and 94.5% F1 score. The results demonstrate that RNA encoding combined with CNN classifiers offers a robust and scalable solution for malware detection in networked environments.
Modern connected vehicles rely on the controller area network (CAN) to disseminate safety-critical in-vehicle information, including sensor-related and vehicle-state signals such as engine revolutions per minute (RPM) and gear state, among electronic control units (ECUs). Because CANs lack built-in authentication and encryption, malicious message injection and spoofing can compromise the integrity and availability of vehicular sensing and control functions. Existing deep-learning-based intrusion-detection systems (IDSs) show a clear trade-off: supervised methods perform well on known attacks but rely on costly labels, whereas unsupervised methods can identify unseen attacks but often suffer from high false-positive rates. To address these limitations, this paper proposes a semi-supervised generative adversarial network (SGAN) framework for CAN bus intrusion detection that combines image-based CAN representation with adversarial learning. Consecutive CAN messages are converted into 64×9 grayscale images, and the proposed framework is trained in three phases. First, the discriminator establishes an initial decision boundary using a small labeled subset. It then refines this boundary through distribution-level likelihood objectives and generated samples. Finally, the generator is trained to produce realistic samples capable of deceiving the discriminator. The proposed method was evaluated on the Hacking and Countermeasure Research Lab (HCRL) car-hacking dataset using leave-one-class-out experiments to simulate unknown attacks and achieved an average accuracy of 99.73% and an average F1-score of 99.63% on unknown attacks. Moreover, with only 0.21 M parameters and 3.25 M floating-point operations (FLOPs), the model is well suited for resource-constrained in-vehicle platforms. These results indicate that the proposed framework can serve as a practical cybersecurity component for protecting CAN-carried data in vehicular sensing applications.
Neurosurgery has evolved from an anatomy-driven analog discipline into a digitally augmented field supported by multimodal imaging, neuronavigation, intraoperative imaging, neurophysiological monitoring, robotics, augmented reality, and artificial intelligence. To examine how this transition has altered professional responsibility, informed consent, training, and medico-legal accountability in neurosurgical practice. We performed a structured narrative review of the literature on digital neurosurgery and its ethical and professional implications, focusing on publications from 1990 onward and supplemented by landmark historical papers. Sources were selected for relevance to cranial, spinal, skull base, stereotactic, and neuro-oncological neurosurgery, and then synthesized into thematic domains including brain shift, eloquent cortex preservation, stereotactic accuracy, intraoperative neurophysiology, workflow integration, equity, and liability. Digital systems improve lesion localization, function-preserving surgery, stereotactic precision, documentation, and training, but they also introduce new vulnerabilities related to registration error, brain shift, platform dependence, data overload, cost, cybersecurity, deskilling, and diffuse accountability. Digital augmentation expands rather than diminishes the neurosurgeon's responsibility. The neurosurgeon remains accountable for surgical indication, interpretation of technology-generated information, intraoperative override, and communication of technology-specific risks. The central ethical challenge is to integrate digital tools without weakening patient-centered judgment.
Phishing is a fraudulent activity that includes tricking folks into disclosing personal information by impersonating a legitimate individual or organization. Nowadays, phishing attacks are increasing due to the widespread availability of Internet access, leading more individuals to use online platforms for various services like banking, shopping, etc. Cybercriminals exploit this shift using various tricks to find their victims online. The cybersecurity experts and professionals are leveraging machine learning to enhance phishing detection rate, as conventional methods are becoming less effective. The conventional machine learning and ensemble learning approaches often result in high false positive and false negative rates. Thus, it is essential to design and develop more reliable solutions for identifying phishing webpages. The primary contribution of the paper is enhancing phishing detection accuracy by combining base classifiers using ranking schemes derived from their prediction errors. The effectiveness of the proposed approach is evaluated using a benchmark dataset. The results reveal that the proposed approach outperforms traditional machine learning and ensemble learning methods in phishing detection. The proposed approach provides the weighted F-measure of 0.984 as compared to the stacking of all classifiers and top three classifiers selected using ranking strategies which achieve the weighted F-measure of 0.970 and 0.974, respectively. Further, to evaluate the validity and generalization capability of the proposed approach, experiments are conducted using an additional standard benchmark dataset.
With the help of harsh propagation environments, reliable data acquisition in UWSNs/UGWSNs may suffer from packet loss a few times, extra communication latency, energy scarcity, and retransmission overhead. These elements lead to two common problems for the data quality: missing values attributed to packets lost or nodes going down and duplicate readings introduced by retransmissions/synchronization problems. Current data filtering techniques either solve these issues separately or adopt computationally complex models, which are not appropriate for resource-constrained UWSN/UGWSN scenarios. To address this, we have introduced a computationally simple real-time hybrid data refinement framework that leverages a Kalman filter (KF) for imputation of missing entities and relies on a Sliding Window that is based on Manhattan Distance (SWMD) approach for detection of repetitive entries. The proposed scheme along with existing approaches have been implemented and experimentally validated in the OMNeT++ simulation environment for UWSN-realistic conditions-where, in addition to node energy spanning percentage losses and random delays, 20-40% of packets are lost-the framework jointly considers the two types of anomalies without needing any training data or cloud offloading. Evaluated on 1200 diverse sensor nodes over 20,000 recordings, the proposed method reaches a Mean Absolute Deviation (MAE) of 1.20 and Root Mean Square Error (RMSE) of 1.75 for missing value estimation; it has filtered out 20.5% redundant packets, and enhances the Packet Delivery Ratio (PDR) to up to 88% than existing methodologies. More importantly, the network lifetime achieved was up to 122s (over two-times longer than state-of-the-art baselines methodologies), while the average end-to-end delay is maintained within 11.1 ms. By supporting high-quality, both accurate and complete, as well as energy-efficient data streams, this framework enables robust real-time analytics for long-term monitoring in environments preventing break-in accessibility, such as deep-sea observatories, subterranean infrastructure, and mining systems.
In wireless communication, the multipath effect and the time-varying channel due to mobility will directly lead to the key update cycle lagging far behind the channel change, which is difficult to effectively resist various malicious attacks and stealing behaviors, and affects the effect of privacy data protection in wireless communication. To this end, a deep learning-based dual chaos encryption method is proposed for wireless communication privacy data. Combining the chaotic characteristics of one-dimensional Logistic mapping and two-dimensional Henon mapping, the dual chaotic key is generated to extend the key space and improve the anti-attack ability; and the bidirectional long and short-term memory network (BiLSTM) is used to analyze the data such as key usage records, accurately predict the timing of the key updating, and generate a new key when anomalies are detected, and then distribute it securely. Taking the updated double chaotic key as input, the AES algorithm is used to realize wireless communication privacy data encryption through key expansion, initial round encryption, multiple rounds of iterative encryption and final round encryption, while the decryption process restores the plaintext by inverse operation. Experiments demonstrate that the method can effectively realize wireless communication privacy data encryption, and the security index can reach more than 0.94 in the face of different types of network attacks. It demonstrates that the proposed method can have the ability to resist all kinds of attacks and protect the security of private data.
The secondary use of health data holds substantial potential for advancing biomedical research, strengthening population health analytics, and enabling artificial intelligence-driven decision-making support. Yet, ensuring that such reuse respects patient autonomy, privacy, and regulatory obligations remains a major challenge. Conventional consent mechanisms are typically static, difficult to revoke, and offer limited transparency or accountability after data disclosure. This review aimed to systematically examine blockchain-based frameworks that enable dynamic, auditable, and revocable consent for the secondary use of health data. A structured literature search was conducted in PubMed, Scopus, and Web of Science covering the period 2020 to 2025. Following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) guidelines, 55 peer-reviewed studies meeting predefined inclusion criteria were analyzed. Data extraction focused on four dimensions: (1) consent life cycle management, (2) auditability and traceability, (3) usability and patient empowerment, and (4) legal and ethical alignment. Findings indicate that blockchain technologies provide a robust foundation for automating consent life cycles, ensuring immutable auditability, and enabling decentralized patient control. Most frameworks used smart contracts, decentralized identifiers, and verifiable credentials to implement programmable and verifiable consent processes. Nevertheless, key challenges persist, including limited usability testing, complexities in real-time revocation propagation, interoperability gaps with clinical systems, and tensions with regulatory requirements such as the General Data Protection Regulation right to erasure. Only a small subset of studies reported real-world deployments or user-centered evaluations. Blockchain offers substantial promise for improving the trustworthiness, transparency, and accountability of consent management for secondary health data use. However, wider adoption requires human-centered design approaches, stronger interoperability through standards such as Fast Healthcare Interoperability Resources, verifiable credentials, and consent receipts, and clearer legal guidance for compliance. Future research should prioritize integrating blockchain-enabled consent infrastructures into national and cross-border digital health ecosystems such as the European Health Data Space to support secure, patient-controlled, and ethically governed secondary data use.
Hyperspectral identification has been extensively investigated for evaluating the quality of Chinese herbal medicines; however, its practical application is hindered by prohibitive costs. The cost of hyperspectral instrument is primarily driven by the spectral coverage range and spectral resolution. Reducing the spectral coverage range can decrease the number of detector modules required, while lowering the spectral resolution can reduce the cost of dispersive components. The guiding principle of instrument simplification is to ensure that evaluation accuracy does not degrade significantly. This study proposes a two-step spectral simplification strategy that, while guaranteeing evaluation accuracy, maximally compresses both spectral range and resolution, transforming a hyperspectral spectrometer into a multispectral instrument. Using the identification of wild and cultivated Ophiocordyceps sinensis as a case study, through a data-simulation study utilizing hyperspectral band reconstruction, an eight-band multispectral design multispectral scheme with a 30 nm bandwidth was developed, resulting in the reduction of the system from three detector modules to one. This was achieved with a minimal trade-off in accuracy, dropping from 98.73% using the full spectrum to 97.51% with the multispectral scheme. This simplification strategy reduces the instrument cost to one-tenth of the original, providing a reference for the application of spectroscopy in the Chinese herbal medicine and food sectors.
The rapid expansion of Internet of Things (IoT) systems has introduced significant security challenges, particularly in resource-constrained environments where traditional security mechanisms are often impractical. This paper presents a secure and lightweight hybrid framework that integrates cryptographic techniques with machine learning-based anomaly detection for IoT-based cyber defense. The proposed framework employs Elliptic Curve Cryptography (ECC) for key exchange, SPECK for lightweight encryption, and SHA-3 for data integrity, combined with a Random Forest classifier for anomaly detection. The framework is implemented and evaluated on a Raspberry Pi-based edge environment using the CIC-BCCC-NRC-IoT-2023 dataset. Experimental results demonstrate an accuracy of 89.5% and an F1-score of 90%, with an average end-to-end latency of 1.08 ms and energy consumption of approximately 4.5 mJ per inference. These results indicate that the proposed approach achieves a practical balance between security, computational efficiency, and detection performance under constrained conditions. While the framework shows promising results, its evaluation is limited to a controlled setup and a single primary dataset. Future work will focus on cross-dataset validation, adversarial robustness, and large-scale deployment analysis.
Accurate brain tumor segmentation from magnetic resonance imaging (MRI) is essential for computer-assisted diagnosis, treatment planning, and disease monitoring. However, brain tumors usually exhibit irregular, heterogeneous, and multi-scale spatial patterns with complex and ambiguous boundaries. At the same time, the performance of deep segmentation models is often constrained by the limited availability of voxel-level annotations, which are expensive and time-consuming to obtain. To address these challenges, this paper proposes Semi-SwinUNeTR, a semi-supervised framework for 3D brain tumor segmentation with limited annotated data. The proposed method adopts SwinUNeTR as the segmentation backbone, enabling hierarchical volumetric representation learning through shifted-window self-attention while preserving the encoder-decoder structure required for dense prediction. On top of this backbone, we introduce a dual-consistency semi-supervised learning strategy, consisting of mean teacher-based model consistency and interpolation consistency-based data consistency. In addition, voxel-wise consistency weights are used to redistribute semi-supervised supervision toward structurally complex and boundary-irregular tumor regions without changing the SwinUNeTR backbone. Experiments on the BraTS 2019 benchmark demonstrate that the proposed framework achieves strong performance across different annotation ratios. The original Semi-SwinUNeTR achieves Dice scores of 84.93%, 86.25%, 87.05%, and 87.83% under the 10%, 20%, 40%, and 80% labeled-data settings, respectively. With the weighted consistency extension, the Dice scores are further improved to 85.64%, 87.94%, and 88.59% under the 10%, 20%, and 80% labeled-data settings, respectively, while the corresponding HD95 values are reduced to 8.9826, 8.1854, and 7.4533. These results indicate that combining a SwinUNeTR backbone with complementary model consistency, data consistency, and voxel-wise consistency weighting is an effective strategy for semi-supervised volumetric medical image segmentation under limited annotation.