J. Cybersecur. Priv., Volume 5, Issue 1 (March 2025) – 10 articles

The increasing complexity and scale of modern software-defined networking demands advanced solutions to address security challenges, particularly distributed denial-of-service (DDoS) attacks in multi-controller environments. Traditional single-controller implementations are struggling to effectively counter sophisticated cyber threats, necessitating a faster and scalable solution. This study introduces a novel approach for attack detection and mitigation with optimized multi-controller software-defined networking (SDN) using machine learning (ML). The study focuses on the design, implementation, and assessment of the optimal placement of multi-controllers using K-means++ and OPTICS in real topologies and an intrusion detection system (IDS) using the XGBoost classification algorithm to detect and mitigate attacks efficiently with accuracy, precision, and recall of 98.5%, 97.0%, and 97.0%, respectively. Additionally, the IDS decouples from the controllers, preserves controller resources, and allows for efficient near-real-time attack detection and mitigation. The proposed solution outperforms well by autonomously identifying anomalous behaviors in networks through successfully combining the controller placement problem (CPP) and DDoS security. Full article

The increasing sophistication of fraud tactics necessitates advanced detection methods to protect financial assets and maintain system integrity. Various approaches based on artificial intelligence have been proposed to identify fraudulent activities, leveraging techniques such as machine learning and deep learning. However, class imbalance remains a significant challenge. We propose several solutions based on advanced generative modeling techniques to address the challenges posed by class imbalance in fraud detection. Class imbalance often hinders the performance of machine learning models by limiting their ability to learn from minority classes, such as fraudulent transactions. Generative models offer a promising approach to mitigate this issue by creating realistic synthetic samples, thereby enhancing the model’s ability to detect rare fraudulent cases. In this study, we introduce and evaluate multiple generative models, including Variational Autoencoders (VAEs), standard Autoencoders (AEs), Generative Adversarial Networks (GANs), and a hybrid Autoencoder–GAN model (AE-GAN). These models aim to generate synthetic fraudulent samples to balance the dataset and improve the model’s learning capacity. Our primary objective is to compare the performance of these generative models against traditional oversampling techniques, such as SMOTE and ADASYN, in the context of fraud detection. We conducted extensive experiments using a real-world credit card dataset to evaluate the effectiveness of our proposed solutions. The results, measured using the BEFS metrics, demonstrate that our generative models not only address the class imbalance problem more effectively but also outperform conventional oversampling methods in identifying fraudulent transactions. Full article

This paper presents an integrated chaos-based algorithm for image encryption that combines the chaotic Hénon map and chaotic logistic map (CLM) to enhance the security of digital image communication. The proposed method leverages chaos theory to generate cryptographic keys, utilizing a 1D key from the logistic map generator and a 2D key from the chaotic Hénon map generator. These chaotic maps produce highly unpredictable and complex keys essential for robust encryption. Extensive experiments demonstrate the algorithm’s resilience against various attacks, including chosen-plaintext, noise, clipping, occlusion, and known-plaintext attacks. Performance evaluation in terms of encryption time, throughput, and image quality metrics validates the effectiveness of the proposed integrated approach. The results indicate that the chaotic Hénon–logistic map integration provides a powerful and secure method for safeguarding digital images during transmission and storage with a key space that reaches up to $2^{200}$. Moreover, the algorithm has potential applications in secure image sharing, cloud storage, and digital forensics, inspiring new possibilities. Full article

The relationship and the interplay between the EU AI Act and the data protection law is a challenging issue. This paper focuses on exploring the interplay between legal provisions stemming from the AI Act and those stemming from the GDPR, with the ultimate goal of developing an integrated framework that simultaneously implements Fundamental Rights Impact Assessment (FRIA) and Data Protection Impact Assessment (DPIA) within the context of Artificial Intelligence (AI) systems, particularly focusing on systems that utilize personal data. This approach is designed to simplify the evaluation processes for stakeholders managing risks related to personal data protection, as well as to other fundamental rights in AI systems, enhancing both efficiency and accuracy in these assessments as well as facilitating compliance with the relevant legal provisions. The methodology adopted involves developing a holistic model that can be applied not only to specific case studies but more broadly across various sectors. Full article

Advances in deep learning have led to dramatic improvements in generative synthetic speech, eliminating robotic speech patterns to create speech that is indistinguishable from a human voice. Although these advances are extremely useful in various applications, they also facilitate powerful attacks against both humans and machines. Recently, a new type of speech attack called partial fake (PF) speech has emerged. This paper studies how well humans and machines, including speaker recognition systems and existing fake-speech detection tools, can distinguish between human voice and computer-generated speech. Our study shows that both humans and machines can be easily deceived by PF speech, and the current defences against PF speech are insufficient. These findings emphasise the urgency of increasing awareness for humans and creating new automated defences against PF speech for machines. Full article

Common data environments (CDEs) are centralized repositories in the architecture, engineering, and construction (AEC) industry designed to improve collaboration and project efficiency. However, CDEs hosted on cloud platforms face significant risks from insider threats, as stakeholders with legitimate access may act maliciously. To address these vulnerabilities, we developed a game-theoretic framework using Bayesian games that account for incomplete information, modeling both simultaneous and sequential interactions between insiders and data defenders. In the simultaneous move game, insiders and defenders act without prior knowledge of each other’s decisions, while the sequential game allows the defender to respond after observing insider actions. Our analysis used Bayesian Nash Equilibrium to predict malicious insider behavior and identify optimal defense strategies for safeguarding CDE data. Through simulation experiments and validation with real project data, we illustrate how various parameters affect insider–defender dynamics. Our results provide insights into effective cybersecurity strategies tailored to the AEC sector, bridging theoretical models with practical applications and supporting data security within the increasingly digitalized construction industry. Full article

Banking malware poses a significant threat to users by infecting their computers and then attempting to perform malicious activities such as surreptitiously stealing confidential information from them. Banking malware variants are also continuing to evolve and have been increasing in numbers for many years. Amongst these, the banking malware Zeus and its variants are the most prevalent and widespread banking malware variants discovered. This prevalence was expedited by the fact that the Zeus source code was inadvertently released to the public in 2004, allowing malware developers to reproduce the Zeus banking malware and develop variants of this malware. Examples of these include Ramnit, Citadel, and Zeus Panda. Tools such as anti-malware programs do exist and are able to detect banking malware variants, however, they have limitations. Their reliance on regular updates to incorporate new malware signatures or patterns means that they can only identify known banking malware variants. This constraint inherently restricts their capability to detect novel, previously unseen malware variants. Adding to this challenge is the growing ingenuity of malicious actors who craft malware specifically developed to bypass signature-based anti-malware systems. This paper presents an overview of the Zeus, Zeus Panda, and Ramnit banking malware variants and discusses their communication architecture. Subsequently, a methodology is proposed for detecting banking malware C&C communication traffic, and this methodology is tested using several feature selection algorithms to determine which feature selection algorithm performs the best. These feature selection algorithms are also compared with a manual feature selection approach to determine whether a manual, automated, or hybrid feature selection approach would be more suitable for this type of problem. Full article

Intrusion detection has been a vast-surveyed topic for many decades as network attacks are tremendously growing. This has heightened the need for security in networks as web-based communication systems are advanced nowadays. The proposed work introduces an intelligent semi-supervised intrusion detection system based on different algorithms to classify the network attacks accurately. Initially, the pre-processing is accomplished using null value dropping and standard scaler normalization. After pre-processing, an enhanced Deep Reinforcement Learning (EDRL) model is employed to extract high-level representations and learn complex patterns from data by means of interaction with the environment. The enhancement of deep reinforcement learning is made by associating a deep autoencoder (AE) and an improved flamingo search algorithm (IFSA) to approximate the Q-function and optimal policy selection. After feature representations, a support vector machine (SVM) classifier, which discriminates the input into normal and attack instances, is employed for classification. The presented model is simulated in the Python platform and evaluated using the UNSW-NB15, CICIDS2017, and NSL-KDD datasets. The overall classification accuracy is 99.6%, 99.93%, and 99.42% using UNSW-NB15, CICIDS2017, and NSL-KDD datasets, which is higher than the existing detection frameworks. Full article

The Zero Trust Architecture (ZTA) security system follows the “never trust, always verify” principle. The process constantly verifies users and devices trying to access resources. This paper describes how Microsoft Azure uses ZTA to enforce strict identity verification and access rules across the cloud environment to improve security. Implementation takes time and effort. Azure’s extensive services and customizations require careful design and implementation. Azure administrators need help navigating and changing configurations due to its complex user interface (UI). Each Azure ecosystem component must meet ZTA criteria. ZTAs comprehensive policy definitions, multi-factor and passwordless authentication, and other advanced features are tested in a mid-size business scenario. The document delineates several principal findings concerning the execution of Azure’s ZTA within mid-sized enterprises. Azure ZTA significantly improves security by reducing attack surfaces via ongoing identity verification, stringent access controls, and micro-segmentation. Nonetheless, its execution is resource-demanding and intricate, necessitating considerable expertise and meticulous planning. A notable disparity exists between theoretical ZTA frameworks and their practical implementation, characterized by disjointed management interfaces and user fatigue resulting from incessant authentication requests. The case studies indicate that although Zero Trust Architecture enhances organizational security and mitigates risks, it may disrupt operations and adversely affect user experience, particularly in hybrid and fully cloud-based settings. The study underscores the necessity for customized configurations and the equilibrium between security and usability to ensure effective ZTA implementation. Full article

Digital evidence is a critical component in today’s organizations, as it is the foundation on which any certification is based. This paper presents a risk assessment of evidence in the certification domain to identify the main security risks. To mitigate these risks, it also proposes an adaptation of an existing Blockchain-based audit trail system to create an evidence trustworthiness system enhancing security and usability. This system covers specific additional requirements from auditors: evidence confidentiality and integrity verification automation. The system has been validated with cloud service providers to increase the security of evidence for a cybersecurity certification process. However, it can be also extended to other certification domains. Full article