J. Cybersecur. Priv., Volume 5, Issue 2 (June 2025) – 16 articles

Phishing remains a persistent cybersecurity threat, often bypassing traditional detection methods due to evolving attack techniques. This study presents a Reinforcement Learning (RL)-based phishing detection framework, leveraging a Deep Q-Network (DQN) to enhance detection accuracy, reduce false positives, and improve classification performance. The model was trained and evaluated using a real-world dataset comprising 5000 emails (2500 phishing and 2500 benign) and externally validated against a synthetic phishing dataset of 1000 samples simulating unseen attacks. It achieved a 95% accuracy, 96% precision, 94% recall, and a 2% false positive rate on the real-world dataset and a 93% accuracy, 94% precision, and a 4% false positive rate on the synthetic dataset. Area Under the Curve (AUC) analysis yielded a score of 0.92, confirming excellent classification separability and alignment with the model’s high accuracy and low false positive rate. This work contributes to scalable, real-world phishing defense by addressing the limitations of static detection systems and improving detection reliability. Full article

Data generated by Internet of Things devices enable the design of new business models and services, improving user experience and satisfaction. This data also serve as an essential information source for many fields, including disaster management, bio-surveillance, smart cities, and smart health. However, personal data are also collected in this context, introducing new challenges concerning data privacy protection, such as profiling, localization and tracking, linkage, and identification. This dilemma is further complicated by the “privacy paradox”, where users compromise privacy for service convenience. Hence, this paper reviews the literature on data privacy in the IoT, particularly emphasizing Personal Data Store (PDS)-based approaches as a promising class of user-centric solutions. PDS represents a user-centric approach to decentralizing data management, enhancing privacy by granting individuals control over their data. Addressing privacy solutions involves a triad of user privacy awareness, technology support, and ways to regulate data processing. Our discussion aims to advance the understanding of IoT privacy issues while emphasizing the potential of PDS to balance privacy protection and service delivery. Full article

The pandemic forced educators to shift abruptly to distance learning, also referred to as e-learning education. Educational institutions integrated new educational tools and online platforms. Several schools, colleges, and universities began incorporating online laboratories in different fields of education, such as engineering, information technology, physics, and chemistry. Online laboratories may take the form of virtual laboratories, software-based simulations available via the Internet, or remote labs, which involve accessing physical equipment online. Adopting remote laboratories as a substitute for conventional hands-on labs has raised concerns regarding the safety and security of both the remote lab stations and the Online Laboratory Management Systems (OLMSs). Design patterns and architectures need to be developed to attain security by design in remote laboratories. Before these can be developed, software architects and developers must understand the domain and existing and proposed solutions. This paper presents an extensive literature review of safety and security concerns related to remote laboratories and an overview of the industry, national and multinational standards, and legal requirements and regulations that need to be considered in building secure and safe Online Laboratory Management Systems. This analysis provides a taxonomy and classification of published standards as well as security and safety problems and possible solutions that can facilitate the documentation of best practices, and implemented solutions to produce security by design for remote laboratories and OLMSs. Full article

Sophisticated mechanisms for attacking computer networks are emerging, making it crucial to have equally advanced mechanisms in place to defend against these malicious attacks. Autonomous cyber operations (ACOs) are considered a potential solution to provide timely defense. In ACOs, an agent that attacks the network is called a red agent, while an agent that defends against the red agent is called a blue agent. In real-world scenarios, different types of red agents can attack a network, requiring blue agents to defend against a variety of red agents, each with unique attack strategies and goals. This requires the training of blue agents capable of responding effectively, regardless of the specific strategy employed RED. Additionally, a generic blue agent must also be adaptable to different network topologies. This paper presents a framework for the training of a generic blue agent capable of defending against various red agents. The framework combines reinforcement learning (RL) and supervised learning. RL is used to train a blue agent against a specific red agent in a specific networking environment, resulting in multiple RL-trained blue agents—one for each red agent. Supervised learning is then used to train a generic blue agent using these RL-trained blue agents. Our results demonstrate that the proposed framework successfully trains a generic blue agent that can defend against different types of red agents across various network topologies. The framework demonstrates consistently improved performance over a range of existing methods, as validated through extensive empirical evaluation. Detailed comparisons highlight its robustness and generalization capabilities. Additionally, to enable generalization across different adversarial strategies, the framework employs a variational autoencoder (VAE) that learns compact latent representations of observations, allowing the blue agent to focus on high-level behavioral features rather than raw inputs. Our results demonstrate that incorporating a VAE into the proposed framework further improves its overall performance. Full article

The rapid expansion of distributed systems such as the Internet of Things (IoT) has increased the need for robust authentication and data integrity mechanisms to ensure public security in dynamic environments. This article presents a hierarchical multiparty digital signature (HMPS) technique designed to address the unique challenges of resource-constrained and decentralized systems. By integrating a modified ElGamal-based individual signature with linear encryption and hierarchical aggregation, HMPS delivers enhanced security through collaborative and layered signing processes. A key application is demonstrated in intelligent vehicle surveillance, where the scheme ensures the authenticity and integrity of commands and data in multi-level communication scenarios. Comprehensive security analysis confirms resistance to forgery, single points of failure, and unauthorized access. HMPS exhibits superior computational efficiency, scalability, and energy efficiency, as evidenced by comparative performance evaluations with state-of-the-art techniques. These results highlight HMPS as a highly effective solution for secure, real-time IoT applications, providing a pathway to more resilient and trustworthy distributed systems. Full article

This paper proposes a Human-AI collaborative framework for cybersecurity consulting tailored to the needs of small businesses, designed and implemented within a Master of Cybersecurity capstone program. The framework outlines a structured four-stage development model that integrates students into real-world consulting tasks while aligning with academic and industry objectives. Human–AI collaboration is embedded throughout the process, combining generative AI tools and domain-specific AI agents with human expertise to support the design, delivery, and refinement of consulting resources. The four stages include (1) AI agent development; (2) cybersecurity roadmap creation; (3) resource development; and (4) industry application. Each stage supports both development-oriented outputs—such as templates, training materials, and client deliverables—and research-oriented projects that explore design practices, collaboration models, and consulting strategies. This dual-track structure enables iterative learning and improvement while addressing educational standards and the evolving cybersecurity landscape for small businesses. This framework provides a scalable foundation for capstone-based consulting initiatives that bridge academic learning and industry impact through Human–AI collaboration. Full article

Significant vulnerabilities in traditional authentication systems have been demonstrated due to the high dependence on smartphone hardware devices to execute many different and complicated tasks. PINs, passwords, and static biometric techniques have been shown to be subjected to various serious attacks, such as environmental limitations, spoofing, and brute force attacks, and this in turn mitigates the security level of the entire system. In this study, a robust framework for smartphone authentication is presented. Touch dynamic pattern recognitions, including trajectory curvature, touch pressure, acceleration, two-dimensional spatial coordinates, and velocity, have been extracted and assessed as behavioral biometric features. The TOPSIS (Technique for Order of Preference by Similarity to Ideal Solution) methodology has also been incorporated to obtain the most affected and valuable features, which are then fed as input to three different Machine Learning (ML) algorithms: Random Forest (RF), Gradient Boosting Machines (GBM), and K-Nearest Neighbors (KNN). Our analysis, supported by experimental results, ensure that the RF model outperforms the two other ML algorithms by getting F1-Score, accuracy, recall, and precision of 95.1%, 95.2%, 95.5%, and 94.8%, respectively. In order to further increase the resiliency of the proposed technique, the data perturbation approach, including temporal scaling and noise insertion, has been augmented. Also, the proposal has been shown to be resilient against both environmental variation-based attacks by achieving accuracy above 93% and spoofing attacks by obtaining a detection rate of 96%. This emphasizes that the proposed technique provides a promising solution to many authentication issues and offers a user-friendly and scalable method to improve the security of the smartphone against cybersecurity attacks. Full article

While security frameworks like the NIST CSF and ISO 27001 provide organizations with standardized best practices for cybersecurity, these practices must be implemented in organizations by people with the necessary skills and knowledge and be supported by effective technological solutions. This article explores the challenges and opportunities of building sustainable cybersecurity capabilities in resource-constrained organizations, specifically Norwegian municipalities. The research introduces the concept of sustainable cybersecurity capabilities, emphasizing the importance of a socio-technical approach that integrates technology, people, and organizational structure. A mixed-methods study was employed, combining document analysis of relevant cybersecurity frameworks with a modified Delphi study and semi-structured interviews with municipal cybersecurity practitioners. Findings highlight six core cybersecurity capabilities within municipalities, along with key challenges in implementing and sustaining these capabilities. These challenges include ambiguities in role formalization, skills gaps, difficulties in deploying advanced security technologies, and communication barriers between central IT and functional areas. Furthermore, the potential of artificial intelligence and cooperative strategies to enhance municipal cybersecurity is considered. Ultimately, the study highlights the need for a holistic perspective in developing sustainable cybersecurity capabilities, offering implications for both research and practice within municipalities and local government. Full article

The evolution of deepfake technology has the potential to reshape the threat landscape in corporate environments by enabling highly convincing digital impersonations. In this paper, we explore how artificial media produced by AI can be misused to assume authoritative personas, leaving traditional cybersecurity programs with significant vulnerabilities. Drawing from interviews with cybersecurity professionals across various industries, we find that the majority of organizations remain vulnerable due to their adoption of broad, vendor-centric security solutions that are not specifically designed to protect against deepfake attacks. In response to the evolving threat landscape, we introduce the PREDICT framework—a cyclical, iterative theoretical model. This model combines definitive policy direction, organizational preparedness, targeted employee training, and advanced AI detection tools. Additionally, it incorporates effective incident response plans with continuous improvement and simulations. Our findings underscore the need to revise the current security protocols and offer practical suggestions for strengthening corporate defenses against the increasingly dynamic threat landscape posed by deepfakes. Full article

Small and medium-sized enterprises (SMEs) continue to face significant cybersecurity challenges due to limited financial resources, technical capacity, and awareness. This study addresses these issues by pursuing four key objectives: (1) conducting a comprehensive assessment of cybersecurity knowledge and awareness within the SME sector through a systematic literature review, (2) evaluating the impact and effectiveness of cybersecurity awareness programs on SME behaviors and risk mitigation, (3) identifying core barriers—financial, technical, and organizational—that hinder effective cybersecurity adoption, and (4) introducing and validating the enhanced ROHAN model in conjunction with the Cyber Guardian Framework (CGF) to offer a scalable roadmap for cybersecurity resilience. Drawing on secondary data from Rawindaran (2023), the research highlights critical deficiencies in SME cybersecurity practices and emphasizes the need for tailored role-specific awareness initiatives. The enhanced ROHAN model addresses this need by delivering customized cybersecurity education based on industry sector, professional role, and educational background. Integrated with the CGF, the framework promotes structured, ongoing improvements across organizational, technological, and human domains. A mixed-methods approach was used, combining quantitative survey data from Welsh SMEs with qualitative interviews involving SME stakeholders. Advanced analytical techniques, including regression testing, Principal Component Analysis (PCA), and data visualization, were employed to uncover key insights and patterns. A distinctive feature of the ROHAN model is its integration of AI-powered tools for real-time risk assessment and decision-making, reflecting the principles of Industry 5.0. By aligning technological innovation with targeted education, this study presents a practical and adaptable cybersecurity framework for SMEs. The findings aim to bridge critical knowledge gaps and provide a foundation for a more resilient, cyber-aware SME sector in Wales and comparable regions. Full article

The increasing interconnectivity of devices on the Internet of Things (IoT) introduces significant security challenges, particularly around authentication and data management. Traditional centralized approaches are not sufficient to address these risks, requiring more robust and decentralized solutions. This paper presents a decentralized authentication protocol leveraging blockchain technology and the IPFS data management framework to provide secure and real-time communication between IoT devices. Using the Ethereum blockchain, smart contracts, elliptic curve cryptography, and ASCON encryption, the proposed protocol ensures the confidentiality, integrity, and availability of sensitive IoT data. The mutual authentication process involves the use of asymmetric key pairs, public key registration on the blockchain, and the Diffie–Hellman key exchange algorithm to establish a shared secret that, combined with a unique identifier, enables secure device verification. Additionally, IPFS is used for secure data storage, with the content identifier (CID) encrypted using ASCON and integrated into the blockchain for traceability and authentication. This integrated approach addresses current IoT security challenges and provides a solid foundation for future applications in decentralized IoT environments. Full article

The automated identification and evaluation of potential attack paths within infrastructures is a critical aspect of cybersecurity risk assessment. However, existing methods become impractical when applied to complex infrastructures. While machine learning (ML) has proven effective in predicting the exploitation of individual vulnerabilities, its potential for full-path prediction remains largely untapped. This challenge stems from two key obstacles: the lack of adequate datasets for training the models and the dimensionality of the learning problem. To address the first issue, we provide a dataset of 1033 detailed environment graphs and associated attack paths, with the objective of supporting the community in advancing ML-based attack path prediction. To tackle the second, we introduce a novel Physics-Informed Graph Neural Network (PIGNN) architecture for attack path prediction. Our experiments demonstrate its effectiveness, achieving an F1 score of $0.9308$ for full-path prediction. We also introduce a self-supervised learning architecture for initial access and impact prediction, achieving F1 scores of $0.9780$ and $0.8214$, respectively. Our results indicate that the PIGNN effectively captures adversarial patterns in high-dimensional spaces, demonstrating promising generalization potential towards fully automated assessments. Full article

The implementation of Central Bank Digital Currencies (CBDCs) faces significant challenges in achieving the same level of anonymity and convenience in offline transactions as cash. This limitation imposes considerable constraints on the development and widespread adoption of CBDCs. Unlike cash, digital currencies, similar to other electronic payment methods, necessitate internet or other network connectivity to verify payment eligibility. This study proposes a secure offline payment model for CBDCs that operates independently of internet or network connections by utilizing a Trusted Platform Module (TPM) to enhance the security of digital currency transactions. Additionally, the monotonic counter, the basic component of the TPM, is integrated into this model to prevent double spending in a completely offline environment. Our research presents a protocol model that combines these easily implementable technologies to facilitate the efficient processing of transactions in CBDCs entirely offline. However, it is crucial to acknowledge the security implications associated with the TPMs and near-field communications upon which this protocol relies. Full article

The efficiency of Shor’s and Grover’s algorithms and the advancement of quantum computers implies that the cryptography used until now to protect one’s privacy is potentially vulnerable to retrospective decryption, also known as the harvest now, decrypt later attack in the near future. This dissertation proposes an overview of the cryptographic schemes used by Tor, highlighting the non-quantum-resistant ones and introducing theoretical performance assessment methods of a local Tor network. The measurement is divided into three phases. We start with benchmarking a local Tor network simulation on constrained devices to isolate the time taken by classical cryptography processes. Secondly, the analysis incorporates existing benchmarks of quantum-secure algorithms and compares these performances on the devices. Lastly, the estimation of overhead is calculated by replacing the measured times of traditional cryptography with the times recorded for Post-Quantum Cryptography (PQC) execution within the specified Tor environment. By focusing on the replaceable cryptographic components, using theoretical estimations, and leveraging existing benchmarks, valuable insights into the potential impact of PQC can be obtained without needing to implement it fully. Full article

Implementing machine learning is imperative for enhancing advanced cybersecurity practices globally. The current cybersecurity landscape needs further investigation into the potential impasse. This scientometric study aims to comprehensively analyse the study patterns and key contributions at the nexus of cybersecurity and machine learning. The analysis examines publication trends, citation analysis, and intensive research networks to discover key authors, significant organisations, major countries, and emerging research areas. The search was conducted on the Scopus database, and 3712 final documents were selected after a thorough screening from January 2016 to January 2025. The VOSviewer tool was used to map citation networks and visualise co-authorship networks, enabling the discovery of research patterns, top contributors, and hot topics in the domain. The findings uncovered the substantial growth in publications bridging cybersecurity with machine learning and deep learning, involving 2865 authors across 160 institutions and 114 countries. Saudi Arabia emerged as a top contributing nation with flaunting high productivity. IEEE and Sensors are the key publication sources instrumental in producing interdisciplinary research. Iqbal H. Sarker and N. Moustafa are notable authors, with 17 and 16 publications each. This study emphasises the significance of global partnerships and multidisciplinary research in enhancing cybersecurity posture and identifying key research areas for future studies. This study further highlights its importance by guiding policymakers and practitioners to develop advanced machine learning-based cybersecurity strategies. Full article

The growing adoption of smart grid systems presents significant advancements in the efficiency of energy distribution, along with enhanced monitoring and control capabilities. However, the interconnected and distributed nature of these systems also introduces critical security vulnerabilities that must be addressed. This study proposes a secure communication protocol specifically designed for smart grid environments, focusing on authentication, secret key establishment, symmetric encryption, and hash-based message authentication to provide confidentiality and integrity for communication in smart grid environments. The proposed protocol employs the Elliptic Curve Digital Signature Algorithm (ECDSA) for authentication, Elliptic Curve Diffie–Hellman (ECDH) for secure key exchange, and Advanced Encryption Standard 256 (AES-256) encryption to protect data transmissions. The protocol follows a structured sequence: (1) authentication—verifying smart grid devices using digital signatures; (2) key establishment—generating and securely exchanging cryptographic keys; and (3) secure communication—encrypting and transmitting/receiving data. An experimental framework has been established to evaluate the protocol’s performance under realistic operational conditions, assessing metrics such as time, throughput, power, and failure recovery. The experimental results show that the protocol completes one server–client request in 3.469 ms for a desktop client and 41.14 ms for a microcontroller client and achieves a throughput of 288.27 requests/s and 24.30 requests/s, respectively. Furthermore, the average power consumed by the protocol is 37.77 watts. The results also show that the proposed protocol is able to recover from transient network disruptions and sustain secure communication. Full article