Search Results (162)

This study presents a novel and interpretable, deployment-ready framework for predicting cybersecurity incidents through item-level behavioral, cognitive, and dispositional indicators. Based on survey data from 453 professionals across countries and sectors, we developed 72 logistic regression models across twelve self-reported incident outcomes—from account lockouts to full device compromise—within six analytically stratified layers (Education, IT, Hungary, UK, USA, and full sample). Drawing on five theoretically grounded domains—cybersecurity behavior, digital literacy, personality traits, risk rationalization, and work–life boundary blurring—our models preserve the full granularity of individual responses rather than relying on aggregated scores, offering rare transparency and interpretability for real-world applications. This approach reveals how stratified models, despite smaller sample sizes, often outperform general ones by capturing behavioral and contextual specificity. Moderately prevalent outcomes (e.g., suspicious logins, multiple mild incidents) yielded the most robust predictions, while rare-event models, though occasionally high in “Area Under the Receiver Operating Characteristic Curve” (AUC), suffered from overfitting under cross-validation. Beyond model construction, we introduce threshold calibration and fairness-aware integration of demographic variables, enabling ethically grounded deployment in diverse organizational contexts. By unifying theoretical depth, item-level precision, multilayer stratification, and operational guidance, this study establishes a scalable blueprint for human-centric cybersecurity. It bridges the gap between behavioral science and risk analytics, offering the tools and insights needed to detect, predict, and mitigate user-level threats in increasingly blurred digital environments. Full article

Smart grids (SGs) are becoming increasingly complex with the integration of communication, protection, and automation technologies. However, this digital transformation has introduced new vulnerabilities, especially false data injection attacks (FDIAs) and Denial of Service (DoS) attacks. FDIAs can subtly corrupt measurement data, misleading operators without triggering traditional bad data detection (BDD) methods in state estimation (SE), while DoS attacks disrupt the availability of sensor data, affecting grid observability. This paper presents a deep learning-based framework for detecting and localizing FDIAs, including under DoS conditions. A hybrid CNN, Transformer, and BiLSTM model captures spatial, global, and temporal correlations to forecast measurements and detect anomalies using a threshold-based approach. For further detection and localization, a Multi-layer Perceptron (MLP) model maps forecast errors to the compromised sensor locations, effectively complementing or replacing BDD methods. Unlike conventional SE, the approach is fully data-driven and does not require knowledge of grid topology. Experimental evaluation on IEEE 14–bus and 118–bus systems demonstrates strong performance for the FDIA condition, including precision of 0.9985, recall of 0.9980, and row-wise accuracy (RACC) of 0.9670 under simultaneous FDIA and DoS conditions. Furthermore, the proposed method outperforms existing machine learning models, showcasing its potential for real-time cybersecurity and situational awareness in modern SGs. Full article

Ransomware attacks pose a serious threat to global cybersecurity, inflicting severe financial and operational damage on organizations, individuals, and critical infrastructure. Despite their pervasive impact, proactive measures to mitigate ransomware threats remain underdeveloped, with most efforts focused on reactive responses. Moreover, prior literature reveals a significant gap in systematic approaches for predicting such incidents. This research seeks to address this gap by employing time-series analysis to forecast ransomware attacks. Using 1880 ransomware incidents, we decompose the dataset into trend, seasonal, and residual components, fit a time-series model, and forecast future attacks. The results indicate that time-series analysis is useful for uncovering broad, structural patterns in ransomware data. To gain further insight into these results, we perform sub-analyses based on attacks targeting the top five sectors. The findings reveal reasonable predictive performance for ransomware attacks against government facilities and the healthcare and public health sector, with the latter showing an upward trend in attacks. By providing a predictive lens, our model equips organizations with actionable intelligence, enabling preemptive measures and enhanced situational awareness. Finally, this research underscores the importance of integrating time-series forecasting into cybersecurity strategies and seeks to pave the way for future advancements in predictive analytics for cyber threats. Full article

Phishing attacks are an increasingly common cybersecurity threat and are characterized by deceiving people into giving out their private credentials via emails, websites, and messages. An insight into students’ challenges in recognizing phishing threats can provide valuable information on how AI-based detection systems can be improved to enhance accuracy, reduce false positives, and build user trust in cybersecurity. This study focuses on students’ awareness of phishing attempts and evaluates AI-based phishing detection systems. Questionnaires were circulated amongst students, and responses were evaluated to uncover prevailing patterns and issues. The results indicate that most college students are knowledgeable about phishing methods, but many do not recognize the dangers of phishing. Because of this, AI-based detection systems have potential but also face issues relating to accuracy, false positives, and user faith. This research highlights the importance of bolstering cybersecurity education and ongoing enhancements to AI models to improve phishing detection. Future studies should include a more representative sample, evaluate AI detection systems in real-world settings, and assess longer-term changes in phishing-related awareness. By combining AI-driven solutions with education a safer digital world can created. Full article

As cyber threats such as phishing and ransomware continue to escalate, healthcare systems are facing significant challenges in protecting sensitive data and ensuring operational continuity. This study explores how email communication practices influence cybersecurity in Saudi Arabia’s healthcare sector, particularly within the framework of rapid digitalisation under Vision 2030. The research employs a qualitative approach, with semi-structured interviews conducted with 40 healthcare professionals across various hospitals. A phenomenological analysis of the data revealed several key vulnerabilities, including inconsistent cybersecurity training, a reliance on informal messaging apps, and limited awareness of phishing tactics. The inconsistent cybersecurity training across regions emerged as a major weakness affecting overall resilience. These findings, grounded in rich qualitative data, offer a significant standalone contribution to understanding cybersecurity in healthcare settings. The findings highlight the need for mandatory training and awareness programmes and policy reforms to enhance cyber resilience within healthcare settings. Full article

Modern cloud-based Internet of Things (IoT) infrastructures face increasingly sophisticated and diverse cyber threats that challenge traditional detection systems in terms of scalability, adaptability, and explainability. In this paper, we present (H-DIR)², a hybrid entropy-based framework designed to detect and mitigate anomalies in large-scale heterogeneous networks. The framework combines Shannon entropy analysis with Associated Random Neural Networks (ARNNs) and integrates semantic reasoning through RDF/SPARQL, all embedded within a distributed Apache Spark 3.5.0 pipeline. We validate (H-DIR)² across three critical attack scenarios—SYN Flood (TCP), DAO-DIO (RPL), and NTP amplification (UDP)—using real-world datasets. The system achieves a mean detection latency of 247 ms and an AUC of 0.978 for SYN floods. For DAO-DIO manipulations, it increases the packet delivery ratio from 81.2% to 96.4% (p < 0.01), and for NTP amplification, it reduces the peak load by 88%. The framework achieves vertical scalability across millions of endpoints and horizontal scalability on datasets exceeding 10 TB. All code, datasets, and Docker images are provided to ensure full reproducibility. By coupling adaptive neural inference with semantic explainability, (H-DIR)² offers a transparent and scalable solution for cloud–IoT cybersecurity, establishing a robust baseline for future developments in edge-aware and zero-day threat detection. Full article

Cyber threat intelligence summarization plays a critical role in enhancing threat awareness and operational response in cybersecurity. However, existing summarization models often fail to capture essential threat elements due to the unstructured nature of cyber threat intelligence documents and the lack of domain-specific knowledge. This paper presents a knowledge-guided cyber threat intelligence summarization framework via term-oriented input construction, designed to improve summary fidelity, semantic relevance, and model robustness. The proposed approach consists of two key components: a hybrid term construction pipeline that combines unsupervised keyword extraction and supervised term generation with rule-based refinement, and a knowledge-injected input construction paradigm that explicitly incorporates structured terms into the model input. This strategy enhances the model’s understanding of critical threat semantics without altering its architecture. Extensive experiments conducted on cyber threat intelligence summarization benchmarks under both zero-shot and supervised settings demonstrate that the proposed method consistently improves summarization performance across different models, offering strong generalization and deployment flexibility. Full article

Despite the focus on improving cybersecurity awareness, the number of cyberattacks has increased significantly, leading to huge financial losses, with their risks spreading throughout the world. This is due to the techniques deployed in cyberattacks that mainly aim at exploiting humans, the weakest link in any defence system. The existing literature on human factors in phishing attacks is limited and does not live up to the witnessed advances in phishing attacks, which have become exponentially more dangerous with the introduction of generative artificial intelligence (GenAI). This paper studies the implications of AI advancement, specifically the exploitation of GenAI and human factors in phishing attacks. We conduct a systematic literature review to study different human factors exploited in phishing attacks, potential solutions and preventive measures, and the complexity introduced by GenAI-driven phishing attacks. This paper aims to address the gap in the research by providing a deeper understanding of the evolving landscape of phishing attacks with the application of GenAI and associated human implications, thereby contributing to the field of knowledge to defend against phishing attacks by creating secure digital interactions. Full article

In recent years, data augmentation techniques have become the predominant approach for addressing highly imbalanced classification problems in machine learning. Algorithms such as the Synthetic Minority Over-sampling Technique (SMOTE) and Conditional Tabular Generative Adversarial Network (CTGAN) have proven effective in synthesizing minority class samples. However, these methods often introduce distributional bias and noise, potentially leading to model overfitting, reduced predictive performance, increased computational costs, and elevated cybersecurity risks. To overcome these limitations, we propose a novel architecture, FADEL, which integrates feature-type awareness with a supervised discretization strategy. FADEL introduces a unique feature augmentation ensemble framework that preserves the original data distribution by concurrently processing continuous and discretized features. It dynamically routes these feature sets to their most compatible base models, thereby improving minority class recognition without the need for data-level balancing or augmentation techniques. Experimental results demonstrate that FADEL, solely leveraging feature augmentation without any data augmentation, achieves a recall of 90.8% and a G-mean of 94.5% on the internal test set from Kaohsiung Chang Gung Memorial Hospital in Taiwan. On the external validation set from Kaohsiung Medical University Chung-Ho Memorial Hospital, it maintains a recall of 91.9% and a G-mean of 86.7%. These results outperform conventional ensemble methods trained on CTGAN-balanced datasets, confirming the superior stability, computational efficiency, and cross-institutional generalizability of the FADEL architecture. Altogether, FADEL uses feature augmentation to offer a robust and practical solution to extreme class imbalance, outperforming mainstream data augmentation-based approaches. Full article

This comprehensive review maps the fast-evolving landscape in which artificial intelligence (AI) and deep-learning (DL) techniques converge with the Internet of Things (IoT) to manage energy, comfort, and sustainability across smart environments. A PRISMA-guided search of four databases retrieved 1358 records; after applying inclusion criteria, 143 peer-reviewed studies published between January 2019 and April 2025 were analyzed. This review shows that AI-driven controllers—especially deep-reinforcement-learning agents—deliver median energy savings of 18–35% for HVAC and other major loads, consistently outperforming rule-based and model-predictive baselines. The evidence further reveals a rapid diversification of methods: graph-neural-network models now capture spatial interdependencies in dense sensor grids, federated-learning pilots address data-privacy constraints, and early integrations of large language models hint at natural-language analytics and control interfaces for heterogeneous IoT devices. Yet large-scale deployment remains hindered by fragmented and proprietary datasets, unresolved privacy and cybersecurity risks associated with continuous IoT telemetry, the growing carbon and compute footprints of ever-larger models, and poor interoperability among legacy equipment and modern edge nodes. The authors of researches therefore converges on several priorities: open, high-fidelity benchmarks that marry multivariate IoT sensor data with standardized metadata and occupant feedback; energy-aware, edge-optimized architectures that lower latency and power draw; privacy-centric learning frameworks that satisfy tightening regulations; hybrid physics-informed and explainable models that shorten commissioning time; and digital-twin platforms enriched by language-model reasoning to translate raw telemetry into actionable insights for facility managers and end users. Addressing these gaps will be pivotal to transforming isolated pilots into ubiquitous, trustworthy, and human-centered IoT ecosystems capable of delivering measurable gains in efficiency, resilience, and occupant wellbeing at scale. Full article

End-users in a decision-oriented Internet of Things (IoT) healthcare system are often left in the dark regarding critical security information necessary for making informed decisions about potential risks. This is partly due to the lack of transparency and system security awareness end-users have in such systems. To empower end-users and enhance their cybersecurity situational awareness, it is imperative to thoroughly document and report the runtime security controls in place, as well as the security-relevant aspects of the devices they rely on, while the need for better transparency is obvious, it remains uncertain whether current systems offer adequate security metadata for end-users and how future designs can be improved to ensure better visibility into the security measures implemented. To address this gap, we conducted table-top exercises with ten security and ICT experts to evaluate a typical IoT-Health scenario. These exercises revealed the critical role of security metadata, identified the available ones to be presented to users, and suggested potential enhancements that could be integrated into system design. We present our observations from the exercises, highlighting experts’ valuable suggestions, concerns, and views, backed by our in-depth analysis. Moreover, as a proof-of-concept of our study, we simulated three relevant use cases to detect cyber risks. This comprehensive analysis underscores critical considerations that can significantly improve future system protocols, ensuring end-users are better equipped to navigate and mitigate security risks effectively. Full article

The increased occurrence and severity of cyber-attacks on critical infrastructure have underscored the need to embrace systematic and prospective approaches to resilience. The current research takes as its hypothesis that the InfraGuard Cybersecurity Framework—a capability model that measures the maturity of cyber resilience through three functional pillars, Cyber as a Shield, Cyber as a Space, and Cyber as a Sword—is an implementable and understandable means to proceed with. The model treats the significant aspects of situational awareness, active defense, risk management, and recovery from incidents and is measured using globally standardized maturity models like ISO/IEC 15504, NIST CSF, and COBIT. The contributions include multidimensional measurements of resilience, a scored scale of capability (0–5), and domain-based classification enabling organizations to assess and enhance their cybersecurity situation in a formalized manner. The framework’s applicability is illustrated in three exploratory settings of power grids, healthcare systems, and airports, each constituting various levels of maturity in resilience. This study provides down-to-earth recommendations to policymakers through the translation of the attributes of resilience into concrete assessment indicators, promoting policymaking, investment planning, and global cyber defense collaboration. Full article

This study investigates the cybersecurity landscape of Aotearoa-New Zealand through a culturally grounded lens, focusing on the integration of Indigenous Māori values into cybersecurity frameworks. In response to escalating cyber threats, the research adopts a mixed-methods and interdisciplinary approach—combining surveys, focus groups, and case studies—to explore how cultural principles such as whanaungatanga (collective responsibility) and manaakitanga (care and respect) influence digital safety practices. The findings demonstrate that culturally informed strategies enhance trust, resilience, and community engagement, particularly in rural and underserved Māori communities. Quantitative analysis revealed that 63% of urban participants correctly identified phishing attempts compared to 38% of rural participants, highlighting a significant urban–rural awareness gap. Additionally, over 72% of Māori respondents indicated that cybersecurity messaging was more effective when delivered through familiar cultural channels, such as marae networks or iwi-led training programmes. Focus groups reinforced this, with participants noting stronger retention and behavioural change when cyber risks were communicated using Māori metaphors, language, or values-based analogies. The study also confirms that culturally grounded interventions—such as incorporating Māori motifs (e.g., koru, poutama) into secure interface design and using iwi structures to disseminate best practices—can align with international standards like NIST CSF and ISO 27001. This compatibility enhances stakeholder buy-in and demonstrates universal applicability in multicultural contexts. Key challenges identified include a cybersecurity talent shortage in remote areas, difficulties integrating Indigenous perspectives into mainstream policy, and persistent barriers from the digital divide. The research advocates for cross-sector collaboration among government, private industry, and Indigenous communities to co-develop inclusive, resilient cybersecurity ecosystems. Based on the UTAUT and New Zealand’s cybersecurity vision “Secure Together—Tō Tātou Korowai Manaaki 2023–2028,” this study provides a model for small nations and multicultural societies to create robust, inclusive cybersecurity frameworks. Full article

Ransomware, a significant cybersecurity threat, encrypts files and causes substantial damage, making early detection crucial yet challenging. This paper introduces a novel multi-phase framework for early ransomware detection, designed to enhance accuracy and minimize false positives. The framework addresses the limitations of existing methods by integrating operational data with situational and threat intelligence, enabling it to dynamically adapt to the evolving ransomware landscape. Key innovations include (1) data augmentation using a Bi-Gradual Minimax Generative Adversarial Network (BGM-GAN) to generate synthetic ransomware attack patterns, addressing data insufficiency; (2) Incremental Mutual Information Selection (IMIS) for dynamically selecting relevant features, adapting to evolving ransomware behaviors and reducing computational overhead; and (3) a Deep Belief Network (DBN) detection architecture, trained on the augmented data and optimized with Uncertainty-Aware Dynamic Early Stopping (UA-DES) to prevent overfitting. The model demonstrates a 4% improvement in detection accuracy (from 90% to 94%) through synthetic data generation and reduces false positives from 15.4% to 14%. The IMIS technique further increases accuracy to 96% while reducing false positives. The UA-DES optimization boosts accuracy to 98.6% and lowers false positives to 10%. Overall, this framework effectively addresses the challenges posed by evolving ransomware, significantly enhancing detection accuracy and reliability. Full article

As we move toward a more digitalized and interconnected world, new cybersecurity challenges emerge. While most related research has focused on large companies, this study aims to fill a gap in the literature by exploring cybersecurity issues in small and medium-sized enterprises (SMEs), particularly in relation to nontechnical, soft-skill, and intellectual capital aspects. This study examines the interplay between cybersecurity awareness and perception and ownership structure in SMEs in the Silesian region of Poland. Unlike the majority of cybersecurity literature, our focus is on how ownership structure influences cybersecurity perception. We surveyed 200 SMEs at random within the respective region and utilized hierarchical and simple linear regression analyses to assess the relationships between these factors and financial performance. Our results indicate that larger enterprises and those without a family-owned structure exhibit significantly greater levels of cybersecurity. Additionally, we found a positive correlation between cybersecurity and a firm’s financial performance and overall health. These findings underscore the importance of cybersecurity awareness and practices for the growth and stability of SMEs. Full article