J. Cybersecur. Priv., Volume 5, Issue 2 (June 2025) – 25 articles

As offensive cyber operations have become more commonplace, cyber collateral damage (CCD) to society and to civilian infrastructure has expanded in impact and severity. Several research contexts, frameworks, and methods apply to these collateral effects, especially as they pertain to reducing them. To investigate and map this area of research, five leading scientific databases (Scopus, IEEE Xplore, Springer Link, ScienceDirect, and ProQuest) were searched for papers on CCD. From 716 search results, 74 relevant papers were selected. Using surface categories as well as thematic analysis, these were grouped into the main emergent categories of legal, ethical, targeting-oriented, and econometric papers, with each category showing a recent research trend. The papers were qualitatively assessed for importance and coverage and compared bibliographically to identify key papers and authors. Within the identified areas of research, significant gaps remain. While CCD is becoming increasingly well understood from a legal and operational perspective, this accounts only for a fraction of the civilian harm caused by offensive cyber operations. This study identifies potential pathways for the synthesis of the current research areas (targeting, taxonomy, econometrics) with broader definitions of collateral damage to include civilian harm. These include updating national cyber doctrines to require collateral damage estimates, as well as exploiting emerging open datasets to understand which cyber capabilities cause the greatest collateral effects. Finally, we observe that the research definitions and taxonomy of CCD differ widely and have been subjected to limited scrutiny and challenge to date. Full article

The increasing complexity and sophistication of cyber threats underscore the critical need for advanced threat detection mechanisms within Security Operations Centers (SOCs) to effectively mitigate risks and enhance cybersecurity resilience. This study enhances the capabilities of Wazuh, an open-source Security Information and Event Management (SIEM) system, by addressing its primary limitation: high false-positive rates in rule-based detection. We propose a hybrid approach that integrates machine learning (ML) techniques—specifically, Random Forest (RF) and DBSCAN—into Wazuh’s detection pipeline to improve both accuracy and operational efficiency. Experimental results show that RF achieves 97.2% accuracy, while DBSCAN yields 91.06% accuracy with a false-positive rate of 0.0821, significantly improving alert quality. Real-time deployment requirements are rigorously evaluated, with all models maintaining end-to-end processing latencies below 100 milliseconds and 95% of events processed within 500 milliseconds. Scalability testing confirms linear performance up to 500 events per second, with an average processing latency of 45 milliseconds under typical SOC workloads. This integration demonstrates a practical, resource-efficient solution for enhancing real-time threat detection in modern cybersecurity environments. Full article

Cyber situational awareness systems are increasingly used for creating cyber common operating pictures for cybersecurity analysis and education. However, these systems face data occlusion and convolution issues due to the burgeoning complexity, dimensionality, and heterogeneity of cybersecurity data, which damages cyber situational awareness of end-users. Moreover, conventional forms of human–computer interactions, such as mouse and keyboard, increase the mental effort and cognitive load of cybersecurity practitioners when analyzing cyber situations of large-scale infrastructures. Therefore, immersive technologies, such as virtual reality, augmented reality, and mixed reality, are employed in the cybersecurity realm to create intuitive, engaging, and interactive cyber common operating pictures. Immersive cyber situational awareness (ICSA) systems provide several unique visualization techniques and interaction features for the perception, comprehension, and projection of cyber situational awareness. However, there has been no attempt to comprehensively investigate and classify the existing state of the art in the use of immersive technologies for cyber situational awareness. Therefore, in this paper, we have gathered, analyzed, and synthesized the existing body of knowledge on ICSA systems. In particular, our survey has identified visualization and interaction techniques, evaluation mechanisms, and different levels of cyber situational awareness (i.e., perception, comprehension, and projection) for ICSA systems. Consequently, our survey has enabled us to propose (i) a reference framework for designing and analyzing ICSA systems by mapping immersive visualization and interaction techniques to the different levels of ICSA; (ii) future research directions for advancing the state of the art on ICSA systems; and (iii) an in-depth analysis of the industrial implications of ICSA systems to enhance cybersecurity operations. Full article

The increasing prevalence of malicious Microsoft Office documents poses a significant threat to cybersecurity. Conventional methods of detecting these malicious documents often rely on prior knowledge of the document or the exploitation method employed, thus enabling the use of signature-based or rule-based approaches. Given the accelerated pace of change in the threat landscape, these methods are unable to adapt effectively to the evolving environment. Existing machine learning approaches are capable of identifying sophisticated features that enable the prediction of a file’s nature, achieving sufficient results on existing samples. However, they are seldom adequately prepared for the detection of new, advanced malware techniques. This paper proposes a novel approach to detecting malicious Microsoft Office documents by leveraging the power of large language models (LLMs). The method involves extracting textual content from Office documents and utilising advanced natural language processing techniques provided by LLMs to analyse the documents for potentially malicious indicators. As a supplementary tool to contemporary antivirus software, it is currently able to assist in the analysis of malicious Microsoft Office documents by identifying and summarising potentially malicious indicators with a foundation in evidence, which may prove to be more effective with advancing technology and soon to surpass tailored machine learning algorithms, even without the utilisation of signatures and detection rules. As such, it is not limited to Office Open XML documents, but can be applied to any maliciously exploitable file format. The extensive knowledge base and rapid analytical abilities of a large language model enable not only the assessment of extracted evidence but also the contextualisation and referencing of information to support the final decision. We demonstrate that Claude 3.5 Sonnet by Anthropic, provided with a substantial quantity of raw data, equivalent to several hundred pages, can identify individual malicious indicators within an average of five to nine seconds and generate a comprehensive static analysis report, with an average cost of USD 0.19 per request and an F1-score of 0.929. Full article

In an age of AI-generated content and deepfakes, fake news and disinformation are increasingly spread using manipulated or fabricated images. To address this challenge, we introduce Post-Quantum VerITAS, a cryptographic framework for verifying the authenticity and history of digital images—even in a future where quantum computers threaten classical encryption. Our system supports common image edits, like cropping or resizing, while proving that the image is derived from a legitimate, signed source. Using quantum-resistant tools, like lattice-based hashing, modified Poseidon functions, and zk-SNARK proofs, we ensure fast, privacy-preserving verification without relying on trusted third parties. Post-Quantum VerITAS offers a scalable, post-quantum-ready solution for image integrity, with direct applications in journalism, social media, and secure digital communication. Full article

Containerized applications are pivotal to contemporary cloud-native architectures, yet they present novel security challenges. Kubernetes, a prevalent open-source platform for container orchestration, provides robust automation but lacks inherent security measures. The intricate architecture and scattered security documentation may result in misconfigurations and vulnerabilities, jeopardizing system confidentiality, integrity, and availability. This paper analyzes the key aspects of Kubernetes security by combining theoretical examination with practical application, concentrating on architectural hardening, access control, image security, and compliance assessment. The text commences with a synopsis of Kubernetes architecture, networking, and storage, analyzing prevalent security issues in containerized environments. The emphasis transitions to practical methodologies for safeguarding clusters, encompassing image scanning, authentication and authorization, monitoring, and logging. The paper also examines recognized Kubernetes CVEs and illustrates vulnerability scanning on a local cluster. The objective is to deliver explicit, implementable recommendations for enhancing Kubernetes security, assisting organizations in constructing more robust containerized systems. Full article

As adaptive multi-rate (AMR) speech applications become increasingly widespread, AMR-based steganography presents growing security risks. Conventional steganalysis methods often assume known embedding rates, limiting their practicality in real-world scenarios where embedding rates are unknown. To overcome this limitation, we introduce a novel framework that integrates a multi-scale transformer architecture with multi-task learning for joint classification and regression. The classification task effectively distinguishes between cover and stego samples, while the regression task enhances feature representation by predicting continuous embedding values, providing deeper insights into embedding behaviors. This joint optimization strategy improves model adaptability to diverse embedding conditions and captures the underlying relationships between discrete embedding classes and their continuous distributions. The experimental results demonstrate that our approach achieves higher accuracy and robustness than existing steganalysis methods across varying embedding rates. Full article

The security of commonly used cryptographic systems like RSA and ECC might be threatened by the future development of quantum computing. Verkle-based HORST decreases the size of signatures by 75% (from 12.8 KB to 3.2 KB) and enables O(1)-sized proofs by replacing Merkle trees with Verkle trees. Because verification shifts from O(log t) to constant time, it is ideal for blockchain and IoT applications that require short signatures and fast validation. In order to increase efficiency, this study introduces Verkle-based HORST, a hash-based signature method that uses Verkle trees. Our primary contributions are the following: a formal security analysis proving maintained protection levels under standard assumptions; a thorough performance evaluation demonstrating significant improvements in signature size and verification complexity in comparison to conventional Merkle tree approaches; and a novel signature construction employing polynomial commitments to achieve compact proofs. The proposed approach has a lot of benefits for real-world implementation, especially when dealing with situations that call for a large number of signatures or settings with limited resources. We offer comprehensive implementation instructions and parameter choices to promote uptake while preserving hash-based cryptography’s quantum-resistant security features. Our findings suggest that this method is a good fit for post-quantum cryptography systems’ standardization. Full article

Wireless Local Area Networks (WLANs), particularly Wi-Fi, serve as the backbone of modern connectivity, supporting billions of devices globally and forming a critical component in Internet of Things (IoT) ecosystems. However, the increasing ubiquity of WLANs also presents an expanding attack surface for adversaries—especially Advanced Persistent Threats (APTs), which operate with high levels of sophistication, resources, and long-term strategic objectives. This paper provides a holistic security analysis of WLANs under the lens of APT threat models, categorizing APT actors by capability tiers and examining their ability to compromise WLANs through logical attack surfaces. The study identifies and explores three primary attack surfaces: Radio Access Control interfaces, compromised insider nodes, and ISP gateway-level exposures. A series of empirical experiments—ranging from traffic analysis of ISP-controlled routers to offline password attack modeling—evaluate the current resilience of WLANs and highlight specific vulnerabilities such as credential reuse, firmware-based leakage, and protocol downgrade attacks. Furthermore, the paper demonstrates how APT resources significantly accelerate attacks through formal models of computational scaling. It also incorporates threat modeling frameworks, including STRIDE and MITRE ATT&CK, to contextualize risks and map adversary tactics. Based on these insights, this paper offers practical recommendations for enhancing WLAN resilience through improved authentication mechanisms, network segmentation, AI-based anomaly detection, and open firmware adoption. The findings underscore that while current WLAN implementations offer basic protections, they remain highly susceptible to well-resourced adversaries, necessitating a shift toward more robust, context-aware security architectures. Full article

Phishing remains a persistent cybersecurity threat, often bypassing traditional detection methods due to evolving attack techniques. This study presents a Reinforcement Learning (RL)-based phishing detection framework, leveraging a Deep Q-Network (DQN) to enhance detection accuracy, reduce false positives, and improve classification performance. The model was trained and evaluated using a real-world dataset comprising 5000 emails (2500 phishing and 2500 benign) and externally validated against a synthetic phishing dataset of 1000 samples simulating unseen attacks. It achieved a 95% accuracy, 96% precision, 94% recall, and a 2% false positive rate on the real-world dataset and a 93% accuracy, 94% precision, and a 4% false positive rate on the synthetic dataset. Area Under the Curve (AUC) analysis yielded a score of 0.92, confirming excellent classification separability and alignment with the model’s high accuracy and low false positive rate. This work contributes to scalable, real-world phishing defense by addressing the limitations of static detection systems and improving detection reliability. Full article

Data generated by Internet of Things devices enable the design of new business models and services, improving user experience and satisfaction. This data also serve as an essential information source for many fields, including disaster management, bio-surveillance, smart cities, and smart health. However, personal data are also collected in this context, introducing new challenges concerning data privacy protection, such as profiling, localization and tracking, linkage, and identification. This dilemma is further complicated by the “privacy paradox”, where users compromise privacy for service convenience. Hence, this paper reviews the literature on data privacy in the IoT, particularly emphasizing Personal Data Store (PDS)-based approaches as a promising class of user-centric solutions. PDS represents a user-centric approach to decentralizing data management, enhancing privacy by granting individuals control over their data. Addressing privacy solutions involves a triad of user privacy awareness, technology support, and ways to regulate data processing. Our discussion aims to advance the understanding of IoT privacy issues while emphasizing the potential of PDS to balance privacy protection and service delivery. Full article

The pandemic forced educators to shift abruptly to distance learning, also referred to as e-learning education. Educational institutions integrated new educational tools and online platforms. Several schools, colleges, and universities began incorporating online laboratories in different fields of education, such as engineering, information technology, physics, and chemistry. Online laboratories may take the form of virtual laboratories, software-based simulations available via the Internet, or remote labs, which involve accessing physical equipment online. Adopting remote laboratories as a substitute for conventional hands-on labs has raised concerns regarding the safety and security of both the remote lab stations and the Online Laboratory Management Systems (OLMSs). Design patterns and architectures need to be developed to attain security by design in remote laboratories. Before these can be developed, software architects and developers must understand the domain and existing and proposed solutions. This paper presents an extensive literature review of safety and security concerns related to remote laboratories and an overview of the industry, national and multinational standards, and legal requirements and regulations that need to be considered in building secure and safe Online Laboratory Management Systems. This analysis provides a taxonomy and classification of published standards as well as security and safety problems and possible solutions that can facilitate the documentation of best practices, and implemented solutions to produce security by design for remote laboratories and OLMSs. Full article

Sophisticated mechanisms for attacking computer networks are emerging, making it crucial to have equally advanced mechanisms in place to defend against these malicious attacks. Autonomous cyber operations (ACOs) are considered a potential solution to provide timely defense. In ACOs, an agent that attacks the network is called a red agent, while an agent that defends against the red agent is called a blue agent. In real-world scenarios, different types of red agents can attack a network, requiring blue agents to defend against a variety of red agents, each with unique attack strategies and goals. This requires the training of blue agents capable of responding effectively, regardless of the specific strategy employed RED. Additionally, a generic blue agent must also be adaptable to different network topologies. This paper presents a framework for the training of a generic blue agent capable of defending against various red agents. The framework combines reinforcement learning (RL) and supervised learning. RL is used to train a blue agent against a specific red agent in a specific networking environment, resulting in multiple RL-trained blue agents—one for each red agent. Supervised learning is then used to train a generic blue agent using these RL-trained blue agents. Our results demonstrate that the proposed framework successfully trains a generic blue agent that can defend against different types of red agents across various network topologies. The framework demonstrates consistently improved performance over a range of existing methods, as validated through extensive empirical evaluation. Detailed comparisons highlight its robustness and generalization capabilities. Additionally, to enable generalization across different adversarial strategies, the framework employs a variational autoencoder (VAE) that learns compact latent representations of observations, allowing the blue agent to focus on high-level behavioral features rather than raw inputs. Our results demonstrate that incorporating a VAE into the proposed framework further improves its overall performance. Full article

The rapid expansion of distributed systems such as the Internet of Things (IoT) has increased the need for robust authentication and data integrity mechanisms to ensure public security in dynamic environments. This article presents a hierarchical multiparty digital signature (HMPS) technique designed to address the unique challenges of resource-constrained and decentralized systems. By integrating a modified ElGamal-based individual signature with linear encryption and hierarchical aggregation, HMPS delivers enhanced security through collaborative and layered signing processes. A key application is demonstrated in intelligent vehicle surveillance, where the scheme ensures the authenticity and integrity of commands and data in multi-level communication scenarios. Comprehensive security analysis confirms resistance to forgery, single points of failure, and unauthorized access. HMPS exhibits superior computational efficiency, scalability, and energy efficiency, as evidenced by comparative performance evaluations with state-of-the-art techniques. These results highlight HMPS as a highly effective solution for secure, real-time IoT applications, providing a pathway to more resilient and trustworthy distributed systems. Full article

This paper proposes a Human-AI collaborative framework for cybersecurity consulting tailored to the needs of small businesses, designed and implemented within a Master of Cybersecurity capstone program. The framework outlines a structured four-stage development model that integrates students into real-world consulting tasks while aligning with academic and industry objectives. Human–AI collaboration is embedded throughout the process, combining generative AI tools and domain-specific AI agents with human expertise to support the design, delivery, and refinement of consulting resources. The four stages include (1) AI agent development; (2) cybersecurity roadmap creation; (3) resource development; and (4) industry application. Each stage supports both development-oriented outputs—such as templates, training materials, and client deliverables—and research-oriented projects that explore design practices, collaboration models, and consulting strategies. This dual-track structure enables iterative learning and improvement while addressing educational standards and the evolving cybersecurity landscape for small businesses. This framework provides a scalable foundation for capstone-based consulting initiatives that bridge academic learning and industry impact through Human–AI collaboration. Full article

Significant vulnerabilities in traditional authentication systems have been demonstrated due to the high dependence on smartphone hardware devices to execute many different and complicated tasks. PINs, passwords, and static biometric techniques have been shown to be subjected to various serious attacks, such as environmental limitations, spoofing, and brute force attacks, and this in turn mitigates the security level of the entire system. In this study, a robust framework for smartphone authentication is presented. Touch dynamic pattern recognitions, including trajectory curvature, touch pressure, acceleration, two-dimensional spatial coordinates, and velocity, have been extracted and assessed as behavioral biometric features. The TOPSIS (Technique for Order of Preference by Similarity to Ideal Solution) methodology has also been incorporated to obtain the most affected and valuable features, which are then fed as input to three different Machine Learning (ML) algorithms: Random Forest (RF), Gradient Boosting Machines (GBM), and K-Nearest Neighbors (KNN). Our analysis, supported by experimental results, ensure that the RF model outperforms the two other ML algorithms by getting F1-Score, accuracy, recall, and precision of 95.1%, 95.2%, 95.5%, and 94.8%, respectively. In order to further increase the resiliency of the proposed technique, the data perturbation approach, including temporal scaling and noise insertion, has been augmented. Also, the proposal has been shown to be resilient against both environmental variation-based attacks by achieving accuracy above 93% and spoofing attacks by obtaining a detection rate of 96%. This emphasizes that the proposed technique provides a promising solution to many authentication issues and offers a user-friendly and scalable method to improve the security of the smartphone against cybersecurity attacks. Full article

While security frameworks like the NIST CSF and ISO 27001 provide organizations with standardized best practices for cybersecurity, these practices must be implemented in organizations by people with the necessary skills and knowledge and be supported by effective technological solutions. This article explores the challenges and opportunities of building sustainable cybersecurity capabilities in resource-constrained organizations, specifically Norwegian municipalities. The research introduces the concept of sustainable cybersecurity capabilities, emphasizing the importance of a socio-technical approach that integrates technology, people, and organizational structure. A mixed-methods study was employed, combining document analysis of relevant cybersecurity frameworks with a modified Delphi study and semi-structured interviews with municipal cybersecurity practitioners. Findings highlight six core cybersecurity capabilities within municipalities, along with key challenges in implementing and sustaining these capabilities. These challenges include ambiguities in role formalization, skills gaps, difficulties in deploying advanced security technologies, and communication barriers between central IT and functional areas. Furthermore, the potential of artificial intelligence and cooperative strategies to enhance municipal cybersecurity is considered. Ultimately, the study highlights the need for a holistic perspective in developing sustainable cybersecurity capabilities, offering implications for both research and practice within municipalities and local government. Full article

The evolution of deepfake technology has the potential to reshape the threat landscape in corporate environments by enabling highly convincing digital impersonations. In this paper, we explore how artificial media produced by AI can be misused to assume authoritative personas, leaving traditional cybersecurity programs with significant vulnerabilities. Drawing from interviews with cybersecurity professionals across various industries, we find that the majority of organizations remain vulnerable due to their adoption of broad, vendor-centric security solutions that are not specifically designed to protect against deepfake attacks. In response to the evolving threat landscape, we introduce the PREDICT framework—a cyclical, iterative theoretical model. This model combines definitive policy direction, organizational preparedness, targeted employee training, and advanced AI detection tools. Additionally, it incorporates effective incident response plans with continuous improvement and simulations. Our findings underscore the need to revise the current security protocols and offer practical suggestions for strengthening corporate defenses against the increasingly dynamic threat landscape posed by deepfakes. Full article

Small and medium-sized enterprises (SMEs) continue to face significant cybersecurity challenges due to limited financial resources, technical capacity, and awareness. This study addresses these issues by pursuing four key objectives: (1) conducting a comprehensive assessment of cybersecurity knowledge and awareness within the SME sector through a systematic literature review, (2) evaluating the impact and effectiveness of cybersecurity awareness programs on SME behaviors and risk mitigation, (3) identifying core barriers—financial, technical, and organizational—that hinder effective cybersecurity adoption, and (4) introducing and validating the enhanced ROHAN model in conjunction with the Cyber Guardian Framework (CGF) to offer a scalable roadmap for cybersecurity resilience. Drawing on secondary data from Rawindaran (2023), the research highlights critical deficiencies in SME cybersecurity practices and emphasizes the need for tailored role-specific awareness initiatives. The enhanced ROHAN model addresses this need by delivering customized cybersecurity education based on industry sector, professional role, and educational background. Integrated with the CGF, the framework promotes structured, ongoing improvements across organizational, technological, and human domains. A mixed-methods approach was used, combining quantitative survey data from Welsh SMEs with qualitative interviews involving SME stakeholders. Advanced analytical techniques, including regression testing, Principal Component Analysis (PCA), and data visualization, were employed to uncover key insights and patterns. A distinctive feature of the ROHAN model is its integration of AI-powered tools for real-time risk assessment and decision-making, reflecting the principles of Industry 5.0. By aligning technological innovation with targeted education, this study presents a practical and adaptable cybersecurity framework for SMEs. The findings aim to bridge critical knowledge gaps and provide a foundation for a more resilient, cyber-aware SME sector in Wales and comparable regions. Full article

The increasing interconnectivity of devices on the Internet of Things (IoT) introduces significant security challenges, particularly around authentication and data management. Traditional centralized approaches are not sufficient to address these risks, requiring more robust and decentralized solutions. This paper presents a decentralized authentication protocol leveraging blockchain technology and the IPFS data management framework to provide secure and real-time communication between IoT devices. Using the Ethereum blockchain, smart contracts, elliptic curve cryptography, and ASCON encryption, the proposed protocol ensures the confidentiality, integrity, and availability of sensitive IoT data. The mutual authentication process involves the use of asymmetric key pairs, public key registration on the blockchain, and the Diffie–Hellman key exchange algorithm to establish a shared secret that, combined with a unique identifier, enables secure device verification. Additionally, IPFS is used for secure data storage, with the content identifier (CID) encrypted using ASCON and integrated into the blockchain for traceability and authentication. This integrated approach addresses current IoT security challenges and provides a solid foundation for future applications in decentralized IoT environments. Full article

The automated identification and evaluation of potential attack paths within infrastructures is a critical aspect of cybersecurity risk assessment. However, existing methods become impractical when applied to complex infrastructures. While machine learning (ML) has proven effective in predicting the exploitation of individual vulnerabilities, its potential for full-path prediction remains largely untapped. This challenge stems from two key obstacles: the lack of adequate datasets for training the models and the dimensionality of the learning problem. To address the first issue, we provide a dataset of 1033 detailed environment graphs and associated attack paths, with the objective of supporting the community in advancing ML-based attack path prediction. To tackle the second, we introduce a novel Physics-Informed Graph Neural Network (PIGNN) architecture for attack path prediction. Our experiments demonstrate its effectiveness, achieving an F1 score of $0.9308$ for full-path prediction. We also introduce a self-supervised learning architecture for initial access and impact prediction, achieving F1 scores of $0.9780$ and $0.8214$, respectively. Our results indicate that the PIGNN effectively captures adversarial patterns in high-dimensional spaces, demonstrating promising generalization potential towards fully automated assessments. Full article

The implementation of Central Bank Digital Currencies (CBDCs) faces significant challenges in achieving the same level of anonymity and convenience in offline transactions as cash. This limitation imposes considerable constraints on the development and widespread adoption of CBDCs. Unlike cash, digital currencies, similar to other electronic payment methods, necessitate internet or other network connectivity to verify payment eligibility. This study proposes a secure offline payment model for CBDCs that operates independently of internet or network connections by utilizing a Trusted Platform Module (TPM) to enhance the security of digital currency transactions. Additionally, the monotonic counter, the basic component of the TPM, is integrated into this model to prevent double spending in a completely offline environment. Our research presents a protocol model that combines these easily implementable technologies to facilitate the efficient processing of transactions in CBDCs entirely offline. However, it is crucial to acknowledge the security implications associated with the TPMs and near-field communications upon which this protocol relies. Full article

The efficiency of Shor’s and Grover’s algorithms and the advancement of quantum computers implies that the cryptography used until now to protect one’s privacy is potentially vulnerable to retrospective decryption, also known as the harvest now, decrypt later attack in the near future. This dissertation proposes an overview of the cryptographic schemes used by Tor, highlighting the non-quantum-resistant ones and introducing theoretical performance assessment methods of a local Tor network. The measurement is divided into three phases. We start with benchmarking a local Tor network simulation on constrained devices to isolate the time taken by classical cryptography processes. Secondly, the analysis incorporates existing benchmarks of quantum-secure algorithms and compares these performances on the devices. Lastly, the estimation of overhead is calculated by replacing the measured times of traditional cryptography with the times recorded for Post-Quantum Cryptography (PQC) execution within the specified Tor environment. By focusing on the replaceable cryptographic components, using theoretical estimations, and leveraging existing benchmarks, valuable insights into the potential impact of PQC can be obtained without needing to implement it fully. Full article

Implementing machine learning is imperative for enhancing advanced cybersecurity practices globally. The current cybersecurity landscape needs further investigation into the potential impasse. This scientometric study aims to comprehensively analyse the study patterns and key contributions at the nexus of cybersecurity and machine learning. The analysis examines publication trends, citation analysis, and intensive research networks to discover key authors, significant organisations, major countries, and emerging research areas. The search was conducted on the Scopus database, and 3712 final documents were selected after a thorough screening from January 2016 to January 2025. The VOSviewer tool was used to map citation networks and visualise co-authorship networks, enabling the discovery of research patterns, top contributors, and hot topics in the domain. The findings uncovered the substantial growth in publications bridging cybersecurity with machine learning and deep learning, involving 2865 authors across 160 institutions and 114 countries. Saudi Arabia emerged as a top contributing nation with flaunting high productivity. IEEE and Sensors are the key publication sources instrumental in producing interdisciplinary research. Iqbal H. Sarker and N. Moustafa are notable authors, with 17 and 16 publications each. This study emphasises the significance of global partnerships and multidisciplinary research in enhancing cybersecurity posture and identifying key research areas for future studies. This study further highlights its importance by guiding policymakers and practitioners to develop advanced machine learning-based cybersecurity strategies. Full article

The growing adoption of smart grid systems presents significant advancements in the efficiency of energy distribution, along with enhanced monitoring and control capabilities. However, the interconnected and distributed nature of these systems also introduces critical security vulnerabilities that must be addressed. This study proposes a secure communication protocol specifically designed for smart grid environments, focusing on authentication, secret key establishment, symmetric encryption, and hash-based message authentication to provide confidentiality and integrity for communication in smart grid environments. The proposed protocol employs the Elliptic Curve Digital Signature Algorithm (ECDSA) for authentication, Elliptic Curve Diffie–Hellman (ECDH) for secure key exchange, and Advanced Encryption Standard 256 (AES-256) encryption to protect data transmissions. The protocol follows a structured sequence: (1) authentication—verifying smart grid devices using digital signatures; (2) key establishment—generating and securely exchanging cryptographic keys; and (3) secure communication—encrypting and transmitting/receiving data. An experimental framework has been established to evaluate the protocol’s performance under realistic operational conditions, assessing metrics such as time, throughput, power, and failure recovery. The experimental results show that the protocol completes one server–client request in 3.469 ms for a desktop client and 41.14 ms for a microcontroller client and achieves a throughput of 288.27 requests/s and 24.30 requests/s, respectively. Furthermore, the average power consumed by the protocol is 37.77 watts. The results also show that the proposed protocol is able to recover from transient network disruptions and sustain secure communication. Full article