J. Cybersecur. Priv., Volume 5, Issue 4 (December 2025) – 14 articles

Email continues to serve as a primary vector for cyber-attacks, with phishing, spoofing, and polymorphic malware evolving rapidly to evade traditional defences. Conventional email security systems, often reliant on static, signature-based detection struggle to identify zero-day exploits and protect user privacy in increasingly data-driven environments. This paper introduces TwinGuard, a privacy-preserving framework that leverages digital twin technology to enable adaptive, personalised email threat detection. TwinGuard constructs dynamic behavioural models tailored to individual email ecosystems, facilitating proactive threat simulation and anomaly detection without accessing raw message content. The system integrates a BERT–LSTM hybrid for semantic and temporal profiling, alongside federated learning, secure multi-party computation (SMPC), and differential privacy to enable collaborative intelligence while preserving confidentiality. Empirical evaluations were conducted using both synthetic AI-generated email datasets and real-world datasets sourced from Hugging Face and Kaggle. TwinGuard achieved 98% accuracy, 97% precision, and a false positive rate of 3%, outperforming conventional detection methods. The framework offers a scalable, regulation-compliant solution that balances security efficacy with strong privacy protection in modern email ecosystems. Full article

The rapid expansion of the Internet of Things (IoT) has introduced new vulnerabilities that traditional security mechanisms often fail to address effectively. Signature-based intrusion detection systems cannot adapt to zero-day attacks, while rule-based solutions lack scalability for the diverse and high-volume traffic in IoT environments. To strengthen the security framework for IoT, this paper proposes a deep learning-based anomaly detection approach that integrates Convolutional Neural Networks (CNNs) and Bidirectional Gated Recurrent Units (BiGRUs). The model is further optimized using the Moth–Flame Optimization (MFO) algorithm for automated hyperparameter tuning. To mitigate class imbalance in benchmark datasets, we employ Generative Adversarial Networks (GANs) for synthetic sample generation alongside Z-score normalization. The proposed CNN–BiGRU + MFO framework is evaluated on two widely used datasets, UNSW-NB15 and UCI SECOM. Experimental results demonstrate superior performance compared to several baseline deep learning models, achieving improvements across accuracy, precision, recall, F1-score, and ROC–AUC. These findings highlight the potential of combining hybrid deep learning architectures with evolutionary optimization for effective and generalizable intrusion detection in IoT systems. Full article

Digital banking has become part of everyday life in Aotearoa–New Zealand, offering convenience but also raising questions of trust, security, and long-term commitment. This study examines how service quality, security and privacy, user experience, emotional attachment, and perceived risk shape customer trust and commitment in digital banking platforms. Trust is positioned as a key mediating factor, guided by the Technology Acceptance Model, Commitment–Trust Theory, Service Quality Theory, and Perceived Risk Theory. An online survey of 111 digital banking users from diverse backgrounds was conducted, and Hayes’s PROCESS Model 4 was applied to test both direct and indirect relationships. The results show that security/privacy and emotional attachment are the strongest predictors of commitment, while service quality and user experience contribute indirectly through trust. This study adds three contributions. First, it explains customer commitment rather than intention. Second, it compares the indirect paths through trust from service quality, security and privacy, user experience, and emotional attachment within one model using bias corrected bootstrap confidence intervals. Third, in a sample with many experienced users, perceived risk shows no indirect effect, which suggests a boundary condition for risk focused models. Full article

This paper introduces a novel similarity measure to link transactions which spend outputs of CoinJoin transactions, CoinJoin Spending Transactions (CSTs), by analyzing their on-chain properties, addressing the challenge of preserving user privacy in blockchain systems. Despite the adoption of privacy-enhancing techniques like CoinJoin, users remain vulnerable to transaction linkage through shared output patterns. The proposed method leverages timestamp analysis of mixed outputs and employs a one-sided Chamfer distance to quantify similarities between CSTs, enabling the identification of transactions associated with the same user. The approach is evaluated across three major CoinJoin implementations (Dash, Whirlpool, and Wasabi 2.0) demonstrating its effectiveness in detecting linked CSTs. Additionally, the work improves transaction classification rules for Wasabi 2.0 by introducing criteria for uncommon denomination outputs, reducing false positives. Results show that multiple CSTs spending shared CoinJoin outputs are prevalent, highlighting the practical significance of the similarity measure. The findings underscore the ongoing privacy risks posed by transaction linkage, even within privacy-focused protocols. This work contributes to the understanding of CoinJoin’s limitations and offers insights for developing more robust privacy mechanisms in decentralized systems. To the authors knowledge this is the first work analyzing the linkage between CSTs. Full article

Generative artificial intelligence (AI) and persistent empirical gaps are reshaping the cyber threat landscape faster than Zero-Trust Architecture (ZTA) research can respond. We reviewed 10 recent ZTA surveys and 136 primary studies (2022–2024) and found that 98% provided only partial or no real-world validation, leaving several core controls largely untested. Our critique, therefore, proceeds on two axes: first, mainstream ZTA research is empirically under-powered and operationally unproven; second, generative-AI attacks exploit these very weaknesses, accelerating policy bypass and detection failure. To expose this compounding risk, we contribute the Cyber Fraud Kill Chain (CFKC), a seven-stage attacker model (target identification, preparation, engagement, deception, execution, monetization, and cover-up) that maps specific generative techniques to NIST SP 800-207 components they erode. The CFKC highlights how synthetic identities, context manipulation and adversarial telemetry drive up false-negative rates, extend dwell time, and sidestep audit trails, thereby undermining the Zero-Trust principles of verify explicitly and assume breach. Existing guidance offers no systematic countermeasures for AI-scaled attacks, and that compliance regimes struggle to audit content that AI can mutate on demand. Finally, we outline research directions for adaptive, evidence-driven ZTA, and we argue that incremental extensions of current ZTA that are insufficient; only a generative-AI-aware redesign will sustain defensive parity in the coming threat cycle. Full article

Hardware systems are foundational to critical infrastructure, embedded devices, and consumer products, making robust security assurance essential. However, existing hardware security standards remain fragmented, inconsistent in scope, and difficult to integrate, creating gaps in protection and inefficiencies in assurance planning. This paper proposes a unified, standard-aligned, and threat-validated taxonomy of Security Objective Domains (SODs) for hardware security assurance. The taxonomy was inductively derived from 1287 requirements across ten internationally recognized standards using AI-assisted clustering and expert validation, resulting in 22 domains structured by the Boundary-Driven System of Interest model. Each domain was then validated against 167 documented hardware-related threats from CWE/CVE databases, regulatory advisories, and incident reports. This threat-informed mapping enables quantitative analysis of assurance coverage, prioritization of high-risk areas, and identification of cross-domain dependencies. The framework harmonizes terminology, reduces redundancy, and addresses assurance gaps, offering a scalable basis for sector-specific profiles, automated compliance tooling, and evidence-driven risk management. Looking forward, the taxonomy can be extended with sector-specific standards, expanded threat datasets, and integration of weighted severity metrics such as CVSS to further enhance risk-based assurance. Full article

Intrusion Detection Systems (IDS) play a vital role in safeguarding networks, yet their effectiveness is often challenged, as cyberattacks evolve in new and unexpected ways. Machine learning models, although very powerful, usually perform well only on data that closely resembles what they were trained on. When faced with unfamiliar traffic, they often misclassify. In this work, we examine this generalization gap by training IDS models on one Denial-of-Service (DoS) variant, DoS Hulk, and testing them against other variants such as Goldeneye, Slowloris, and Slowhttptest. Our approach combines careful preprocessing, dimensionality reduction with Principal Component Analysis (PCA), and model training using Random Forests and Deep Neural Networks. To better understand model behavior, we tuned decision thresholds beyond the default 0.5 and found that small adjustments can significantly affect results. We also applied Shapley Additive Explanations (SHAP) to shed light on which features the models rely on, revealing a tendency to focus on fixed components that do not generalize well. Finally, using Uniform Manifold Approximation and Projection (UMAP), we visualized feature distributions and observed overlaps between training and testing datasets, but these did not translate into improved detection performance. Our findings highlight an important lesson: visual or apparent similarity between datasets does not guarantee generalization, and building robust IDS requires exposure to diverse attack patterns during training. Full article

The General Data Protection Regulation (GDPR) imposes additional demands and obligations on service providers that handle and process personal data. In this paper, we examine how advanced cryptographic techniques can be employed to develop a privacy-preserving solution for ensuring GDPR compliance in Industrial Internet of Things (IIoT) systems. The primary objective is to ensure that sensitive data from IIoT devices is encrypted and accessible only to authorized entities, in accordance with Article 32 of the GDPR. The proposed system combines Decentralized Attribute-Based Encryption (DABE) with smart contracts on a blockchain to create a decentralized way of managing access to IIoT systems. The proposed system is used in an IIoT use case where industrial sensors collect operational data that is encrypted according to DABE. The encrypted data is stored in the IPFS decentralized storage system. The access policy and IPFS hash are stored in the blockchain’s smart contracts, allowing only authorized and compliant entities to retrieve the data based on matching attributes. This decentralized system ensures that information is stored encrypted and secure until it is retrieved by legitimate entities, whose access rights are automatically enforced by smart contracts. The implementation and evaluation of the proposed system have been analyzed and discussed, showing the promising achievement of the proposed system. Full article

This study proposes methods of computer simulation to study and optimize the cybersecurity of Small Modular Nuclear Reactors (SMRs). SMRs hold the potential to help build a clean and sustainable power grid but will struggle to gain widespread adoption without public confidence in their security. SMRs are emerging technologies and potentially carry higher cyber threats due to remote operations, large numbers of cyber-physical systems, and cyber connections with other industrial concerns. A method of agent-based computer simulations to model the effects, or payoff, of collaboration between cyber defenders, power plants, and cybersecurity vendors is proposed to strengthen SMR cybersecurity as these new power generators enter into the market. The agent-based model presented in this research is intended to illustrate the potential of using simulation to model a payoff function for collaborative efforts between stakeholders. Employing simulation to heighten cybersecurity will help to safely leverage the potential of SMRs in a modern and low-emission energy grid. Full article

Known attacks on the tropical implementation of Stickel protocol involve finding minimal covers for a certain covering problem, and this leads to an exponential growth in the worst case time required to recover the secret key as the used polynomial degree increases. The computational inefficiency of this attack is also observed in practice, unless the number of explored covers is limited, on the expense of the success rate of the attack. Consequently, it can be argued that Alice and Bob can still repel these attacks on tropical Stickel protocol by utilizing very high polynomial degrees, a feasible approach due to the efficiency of tropical operations. The same is true for the implementation of Stickel protocol over some other semirings with idempotent addition (such as the max–min or digital semiring). In this paper, we propose alternative methods to attack the Stickel protocols that avoid solving the covering problem. These methods involve framing the attacks as a mixed integer linear programming (MILP) problem or applying certain heuristic global optimization techniques. We also include a number of numerical experiments to analyze the success rate and the time required to execute the suggested attacks in practice. Full article

This study investigates the evolution of cybercrime in Greece by analyzing data from the Cyber Crime Division of the Hellenic Police. By combining 2023 statistics with earlier national and international data (e.g., Europol, FBI), this study presents a comprehensive 15-year view of cybercrime trends. Key findings highlight a persistent rise in cyber incidents, with financial fraud as the most common type. Other major threats include unauthorized system access, data breaches, and crimes targeting vulnerable populations. The study assesses national legislation aligned with EU directives and outlines stakeholder roles. It underscores the need for adaptive legal frameworks, inter-agency cooperation, and public awareness to mitigate Greece’s growing cybersecurity challenges. Full article

As more machine learning models are used in sensitive fields like healthcare, finance, and smart infrastructure, protecting structured tabular data from privacy attacks is a key research challenge. Although several privacy-preserving methods have been proposed for tabular data, a comprehensive comparison of their performance and trade-offs has yet to be conducted. We introduce and empirically assess a combined defense system that integrates differential privacy, federated learning, adaptive noise injection, hybrid cryptographic encryption, and ensemble-based obfuscation. The given strategies are analyzed on the benchmark tabular datasets (ADULT, GSS, FTE), showing that the suggested methods can mitigate up to 50 percent of model inversion attacks in relation to baseline models without decreasing the model utility (F1 scores are higher than 0.85). Moreover, on these datasets, our results match or exceed the latest state-of-the-art (SOTA) in terms of privacy. We also transform each defense into essential data privacy laws worldwide (GDPR and HIPAA), suggesting the best applicable guidelines for the ethical and regulation-sensitive deployment of privacy-preserving machine learning models in sensitive spaces. Full article

Cybersecurity management plays a key role in preserving the operational security of nuclear power plants (NPPs), ensuring service continuity and system resilience. The growing number of sophisticated cyber-attacks against NPPs requires cybersecurity experts to detect, analyze, and defend systems and data from cyber threats in near real time. However, managing a large numbers of attacks in a timely manner is impossible without the support of Artificial Intelligence (AI). This study recognizes the need for a structured and in-depth analysis of the literature in the context of NPPs, referring to the role of AI technology in supporting cyber risk assessment processes. For this reason, a systematic literature review (SLR) is adopted to address the following areas of analysis: (i) critical assets to be preserved from cyber-attacks through AI, (ii) security vulnerabilities and cyber threats managed using AI, (iii) cyber risks and business impacts that can be assessed by AI, and (iv) AI-based security countermeasures to mitigate cyber risks. The SLR procedure follows a macro-step approach that includes review planning, search execution and document selection, and document analysis and results reporting, with the aim of providing an overview of the key dimensions of AI-based cybersecurity in NPPs. The structured analysis of the literature allows for the creation of an original tabular outline of emerging evidence (in the fields of critical assets, security vulnerabilities and cyber threats, cyber risks and business impacts, and AI-based security countermeasures) that can help guide AI-based cybersecurity management in NPPs and future research directions. From an academic perspective, this study lays the foundation for understanding and consciously addressing cybersecurity challenges through the support of AI; from a practical perspective, it aims to assist managers, practitioners, and policymakers in making more informed decisions to improve the resilience of digital infrastructure. Full article

Cyber-physical infrastructures such as hospitals and smart campuses face hybrid threats that target both digital and physical domains. Traditional security solutions separate surveillance from network monitoring, leaving blind spots when attackers combine these vectors. This paper introduces ARGUS, an autonomous robotic platform designed to close this gap by correlating cyber and physical anomalies in real time. ARGUS integrates computer vision for facial and weapon detection with intrusion detection systems (Snort, Suricata) for monitoring malicious network activity. Operating through an edge-first microservice architecture, it ensures low latency and resilience without reliance on cloud services. Our evaluation covered five scenarios—access control, unauthorized entry, weapon detection, port scanning, and denial-of-service attacks—with each repeated ten times under varied conditions such as low light, occlusion, and crowding. Results show face recognition accuracy of 92.7% (500 samples), weapon detection accuracy of 89.3% (450 samples), and intrusion detection latency below one second, with minimal false positives. Audio analysis of high-risk sounds further enhanced situational awareness. Beyond performance, ARGUS addresses GDPR and ISO 27001 compliance and anticipates adversarial robustness. By unifying cyber and physical detection, ARGUS advances beyond state-of-the-art patrol robots, delivering comprehensive situational awareness and a practical path toward resilient, ethical robotic security. Full article