Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
5.5
2.5
Journals
Applied Sciences
Special Issues
New Advances in Cybersecurity Technology and Cybersecurity Management
applsci-logo
Submit to Applied Sciences Review for Applied Sciences Propose a Special Issue

Journal Menu

Journal Menu

Journal Browser

Journal Browser
share announcement

New Advances in Cybersecurity Technology and Cybersecurity Management

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: closed (1 February 2026) | Viewed by 9809

Special Issue Editor

Dr. Reiner Creutzburg

E-Mail Website
Guest Editor
1. Technische Hochschule Brandenburg, Department of Informatics and Media, Magdeburger Str. 50, D-14770 Brandenburg, Germany
2. School of Technology and Architecture, Campus Berlin, SRH University of Applied Sciences Heidelberg, Sonnenallee 221c, D-15087 Berlin, Germany
Interests: cybersecurity
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

This Special Issue of the MDPI Journal of Applied Sciences presents recent advances in cybersecurity technology and cybercecurity management, addressing growing digital threats with innovative strategies. A major focus is on enhancing cyber resilience, enabling systems to resist attacks and recover quickly while maintaining critical operations.

This Special Issue highlights the role of open-source intelligence (OSINT) in early threat detection and informed decision-making, demonstrating its significance in both offensive and defensive cybersecurity. Another key theme is critical infrastructure protection, offering frameworks to defend essential systems—such as those in energy and transportation—against advanced threats.

Contributions also explore the integration of cybersecurity into cyber-physical systems (CPSs), emphasizing the need to secure digitally connected physical processes in sectors like healthcare, manufacturing, and smart grids. Additionally, the intersection of cybersecurity and disaster management is examined, focusing on secure systems that support crisis coordination and resilience.

Finally, the Special Issue includes studies on secure communication and cryptographic innovations, presenting new algorithms that ensure data confidentiality and integrity.

Together, these contributions offer a multidimensional view of emerging cybersecurity challenges and solutions, providing valuable insights for researchers, practitioners, and policymakers who are dedicated to safeguarding today’s increasingly interconnected digital and physical environments.

Dr. Reiner Creutzburg
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 250 words) can be sent to the Editorial Office for assessment.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • cybersecurity technology
  • cybersecurity management
  • cyber resilience
  • open-source intelligence (OSINT)
  • critical infrastructure protection
  • cyber-physical systems
  • disaster management
  • secure communications and cryptography

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • Reprint: MDPI Books provides the opportunity to republish successful Special Issues in book format, both online and in print.

Further information on MDPI's Special Issue policies can be found here.

Published Papers (8 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

Jump to: Other

27 pages, 555 KB  
Article
Few-Shot Network Intrusion Detection Using Online Triplet Mining
by Jack Wilkie, Hanan Hindy, Christos Tachtatzis, Miroslav Bures and Robert Atkinson
Appl. Sci. 2026, 16(10), 4589; https://doi.org/10.3390/app16104589 - 7 May 2026
Viewed by 293
Abstract
Network intrusion detection systems play a vital role in protecting networks by detecting malicious network traffic which can then be investigated by a cybersecurity operations centre. State-of-the-art approaches utilise supervised machine learning methods to train a classification model to recognise known cyberattacks; however, [...] Read more.
Network intrusion detection systems play a vital role in protecting networks by detecting malicious network traffic which can then be investigated by a cybersecurity operations centre. State-of-the-art approaches utilise supervised machine learning methods to train a classification model to recognise known cyberattacks; however, these models require a large labelled dataset to train and show poor performance when trained on smaller datasets. In an attempt to address this shortcoming, anomaly detection models learn the distribution of benign traffic and flag non-conforming traffic as malicious. While these methods do not require malicious examples to train, they suffer from high false-positive rates rendering them impractical. As a result, networks may be particularly vulnerable when there are insufficient labelled instances of a specific attack class to train an effective classifier. This often occurs in newly established networks or when previously unseen types of attacks emerge. To address this challenge, this work proposes the use of a triplet network, utilising online triplet mining and a KNN classifier, which is able to perform few-shot classification, enabling effective intrusion detection after being trained on a limited number of malicious examples. Various online triplet mining algorithms were explored and model design choices, such as the inference algorithm and optimised distance metrics, were compared and evaluated through a series of ablation studies. The final model was compared against other state-of-the-art approaches in few-shot binary and multiclass classification, where the proposed approach was found to be competitive with existing methods when trained on as little as 10 malicious samples of each class. Full article
(This article belongs to the Special Issue New Advances in Cybersecurity Technology and Cybersecurity Management)
Show Figures

Figure 1

21 pages, 1990 KB  
Article
Business Continuity Management—Identifying Relevant Processes for a Reference Model
by Daniel Arias-Aranda, Knut Haufe, Srdan Dzombeta and Vladimir Stantchev
Appl. Sci. 2026, 16(7), 3219; https://doi.org/10.3390/app16073219 - 26 Mar 2026
Viewed by 652
Abstract
Currently, a standardized process reference model specifically tailored for the business continuity management system (BCMS) is absent. Moreover, BCMS processes have not been a primary focus of ongoing research endeavors. This paper aims to fill this research gap by presenting findings from a [...] Read more.
Currently, a standardized process reference model specifically tailored for the business continuity management system (BCMS) is absent. Moreover, BCMS processes have not been a primary focus of ongoing research endeavors. This paper aims to fill this research gap by presenting findings from a process mapping study concerning BCMS processes within the most prominent and widely acknowledged standards for business continuity management, alongside insights gleaned from expert interviews. The authors propose a collection of BCMS processes that should comprise a BCMS process reference model intended for implementation at a maturity level tailored to individual organizational needs. It aims to strengthen the resilience of organizations to cyber threats and to optimize the processes for effective management within the disaster management cycle. The study identifies and maps the necessary processes required to build a comprehensive BCMS model. These processes include, among others, risk assessment, business impact analysis, the development of BC strategies and solutions, the creation of BC plans and procedures, incident and emergency management, and periodic reviews and exercises. The relevance of these processes was validated through expert interviews, making a clear distinction between core, management, and support processes. Full article
(This article belongs to the Special Issue New Advances in Cybersecurity Technology and Cybersecurity Management)
Show Figures

Figure 1

18 pages, 785 KB  
Article
Bayesian Networks for Cybersecurity Decision Support: Enhancing Human-Machine Interaction in Technical Systems
by Karla Maradova, Petr Blecha, Vendula Samelova, Tomáš Marada and Daniel Zuth
Appl. Sci. 2026, 16(6), 3053; https://doi.org/10.3390/app16063053 - 21 Mar 2026
Viewed by 521
Abstract
The increasing digitization of manufacturing and the integration of CNC and industrial control systems into the industry 4.0 environment have introduced new cybersecurity risks that directly affect operational reliability. Traditional deterministic risk-assessment methods used for securing ICS—such as SCADA, PLC, and CNC systems—struggle [...] Read more.
The increasing digitization of manufacturing and the integration of CNC and industrial control systems into the industry 4.0 environment have introduced new cybersecurity risks that directly affect operational reliability. Traditional deterministic risk-assessment methods used for securing ICS—such as SCADA, PLC, and CNC systems—struggle to address uncertainty, dynamic operating conditions, and complex dependencies between technical and organizational factors. To overcome these limitations, this study develops a Bayesian Network (BN) model that captures probabilistic relationships between machine-level configuration parameters, network conditions, and potential security incidents. The model is applied to a CNC machining center (ZPS MCG1000i), where it supports scenario-based prediction of cybersecurity risks and provides interpretable outputs suitable for operator decision-making and human–machine interaction. The results demonstrate that BNs are effective in environments with limited data availability and high uncertainty, offering transparent and quantifiable insights into how specific misconfigurations—such as active remote access or irregular firmware updates—elevate overall system exposure. The proposed approach aligns with current regulatory and standardization requirements, including the NIS2 Directive (EU 2022/2555), ISO/IEC 27001:2022, ISO/IEC 27005:2022, and Regulation (EU) 2024/2847 (Cyber Resilience Act), which define cybersecurity obligations for products with digital elements. The study provides a reproducible and future-oriented methodology for integrating cybersecurity into machinery-safety evaluation in modern industrial environments. Full article
(This article belongs to the Special Issue New Advances in Cybersecurity Technology and Cybersecurity Management)
Show Figures

Figure 1

27 pages, 3039 KB  
Article
Few-Shot Open-Set Ransomware Detection Through Meta-Learning and Energy-Based Modeling
by Yun-Yi Fan, Cheng-Yu Chiang and Jung-San Lee
Appl. Sci. 2026, 16(5), 2364; https://doi.org/10.3390/app16052364 - 28 Feb 2026
Viewed by 525
Abstract
As network communication technologies rapidly advance, ransomware has emerged as a significant cybersecurity threat that organizations cannot ignore. Static analysis enables rapid identification of ransomware by examining file structure and code characteristics before execution. However, existing classifiers are predominantly designed under the closed-set [...] Read more.
As network communication technologies rapidly advance, ransomware has emerged as a significant cybersecurity threat that organizations cannot ignore. Static analysis enables rapid identification of ransomware by examining file structure and code characteristics before execution. However, existing classifiers are predominantly designed under the closed-set assumption, causing them to misclassify novel variants into known families. Furthermore, ransomware datasets typically exhibit long-tailed distributions with emerging families having very few available samples, making it difficult for models to learn discriminative features. To address these challenges, we propose Few-Shot Open-Set Ransomware Detection through Meta-learning and Energy-based Modeling (MEM), a unified open-set recognition framework based on static analysis of Portable Executable features. By integrating Model-agnostic Meta-learning (MAML), the model rapidly adapts to new families with limited samples. The Energy Function quantifies the confidence of predictions in distinguishing between known samples and unknown ones, while Focal Loss dynamically adjusts sample weights to reduce bias introduced by imbalanced distributions. The experimental results demonstrate that MEM achieves higher classification accuracy and better rejection performance of unknown samples than existing open-set recognition methods. Full article
(This article belongs to the Special Issue New Advances in Cybersecurity Technology and Cybersecurity Management)
Show Figures

Figure 1

24 pages, 404 KB  
Article
Zero-Shot Social Media Crisis Classification: A Training-Free Multimodal Approach
by Franziska Schwarz, Klaus Dieter Schwarz, Daniel Arias Aranda, Kendrick Bollens, Navaneeth Shivananjappa, Reiner Creutzburg and Vesna Dimitrova
Appl. Sci. 2026, 16(5), 2192; https://doi.org/10.3390/app16052192 - 25 Feb 2026
Viewed by 744
Abstract
Rapid classification of social media content during humanitarian crises is essential for effective disaster relief; however, traditional approaches require extensive annotated training data, which are often unavailable during new disasters. This paper presents a training-free, multimodal classification framework that leverages zero-shot vision-language models [...] Read more.
Rapid classification of social media content during humanitarian crises is essential for effective disaster relief; however, traditional approaches require extensive annotated training data, which are often unavailable during new disasters. This paper presents a training-free, multimodal classification framework that leverages zero-shot vision-language models to analyze disaster-related social media content without task-specific training. The framework employs a two-stage prompt-engineered pipeline using the locally deployable Mistral-Small-3.1-24B-Instruct model, performing binary informativeness detection followed by multiclass categorization into eight humanitarian categories through structured JSON output generation. Evaluation on the CrisisMMD dataset of 18,082 multimodal samples from seven natural disasters demonstrated binary F1 scores above 0.84 for both text and image informativeness detection and weighted F1 scores of 0.61 (text) and 0.72 (image) for humanitarian categorization. The framework generalizes consistently across all disaster types with minimal performance variance (standard deviation below 0.031) and operates entirely on local infrastructure without cloud dependencies, requiring only moderate GPU resources. By eliminating training data requirements, this approach enables immediate deployment during new disasters, demonstrating that zero-shot multimodal classification achieves practically relevant performance for real-time crisis response. Full article
(This article belongs to the Special Issue New Advances in Cybersecurity Technology and Cybersecurity Management)
Show Figures

Figure 1

23 pages, 663 KB  
Article
Authentication Challenges and Solutions in Microservice Architectures
by Constantin Lucian Aldea and Razvan Bocu
Appl. Sci. 2025, 15(22), 12088; https://doi.org/10.3390/app152212088 - 14 Nov 2025
Cited by 1 | Viewed by 3391
Abstract
In this paper, we examine the relevant vulnerabilities and security controls for ensuring the security of applications built on microservice architectures. Zero Trust security principles are used to conceptualize and implement a secure ecosystem using Spring Boot security components and Docker infrastructure. Relevant [...] Read more.
In this paper, we examine the relevant vulnerabilities and security controls for ensuring the security of applications built on microservice architectures. Zero Trust security principles are used to conceptualize and implement a secure ecosystem using Spring Boot security components and Docker infrastructure. Relevant security controls are analyzed and a proof of concept was created. The combination of security controls in the Docker environment, the deployment of these controls, and the analysis of their impact will also be the focus of this paper. Full article
(This article belongs to the Special Issue New Advances in Cybersecurity Technology and Cybersecurity Management)
Show Figures

Figure 1

19 pages, 1382 KB  
Article
A Continual Learning Process to Detect Both Previously Learned and Newly Emerging Attack
by Hansol Park, Taesu Kim, Hanhee Lee, Dongil Shin, Dongkyoo Shin and Moosung Park
Appl. Sci. 2025, 15(18), 10034; https://doi.org/10.3390/app151810034 - 14 Sep 2025
Viewed by 1455
Abstract
With the recent intensification of geopolitical tensions, cyber-attacks have become increasingly sophisticated and dynamic. Traditional machine learning-based anomaly detection techniques, which rely on pre-trained data, often suffer from performance degradation when exposed to novel attack types not seen during training. To address this [...] Read more.
With the recent intensification of geopolitical tensions, cyber-attacks have become increasingly sophisticated and dynamic. Traditional machine learning-based anomaly detection techniques, which rely on pre-trained data, often suffer from performance degradation when exposed to novel attack types not seen during training. To address this limitation, this study proposes a continual learning-based anomaly detection framework capable of incrementally incorporating new attack patterns without forgetting previously learned information. The proposed method consists of three key stages: first, preprocessing and data augmentation are applied to construct high-quality, balanced datasets; second, a base anomaly detection model is trained; and third, new attack data are incrementally integrated to continuously update and evaluate the model. To enhance adaptability and efficiency, the framework incorporates Memory-LGBM, a lightweight architecture that combines a prototype-based memory module with a gradient-free LGBM classifier. The model maintains class-wise latent representations instead of raw samples, enabling compact, memory-efficient learning. Experimental results on the CICIDS 2017 dataset demonstrate that the proposed approach outperforms existing continual learning methods in accuracy, adaptability, and resistance to forgetting, making it a practical and scalable solution for real-world anomaly detection scenarios that demand rapid adaptation, strong knowledge retention, and low computational overhead. Full article
(This article belongs to the Special Issue New Advances in Cybersecurity Technology and Cybersecurity Management)
Show Figures

Figure 1

Other

Jump to: Research

19 pages, 3221 KB  
Tutorial
Cyber–Physical Systems: The Last Defense
by Frank J. Furrer
Appl. Sci. 2026, 16(7), 3467; https://doi.org/10.3390/app16073467 - 2 Apr 2026
Viewed by 653
Abstract
The development, evolution, and operation of a cyber–physical system are cross-domain, holistic processes. The process encompasses all elements of a cyber–physical system, including computation infrastructure, software, interfaces to the physical world, human interactions, and safety and security engineering. The process is holistic because [...] Read more.
The development, evolution, and operation of a cyber–physical system are cross-domain, holistic processes. The process encompasses all elements of a cyber–physical system, including computation infrastructure, software, interfaces to the physical world, human interactions, and safety and security engineering. The process is holistic because it must assure conceptual integrity and correct interoperability across all elements of the CPS. Unfortunately, at every stage of this process, vulnerabilities can be introduced into the system (due to negligence, mistakes, lack of skills, malicious activities, etc.). These dormant vulnerabilities can cause failures of the runtime system, possibly resulting in damage, loss of property or life, safety accidents, or security incidents. A promising approach to mitigate such risks is runtime anomaly detection using artificial intelligence/machine learning. This tutorial paper introduces the fundamental concepts of AI/ML anomaly detection and describes the corresponding intervention mechanisms. Automated intervention mechanisms are the last line of defense against failures, faults, malfunctions, and malicious activities—and their unfortunate consequences. The paper remains at the conceptual level and defers implementation details to subsequent publications. The content addresses advanced students (at the master’s level) and researchers entering this fascinating field. Full article
(This article belongs to the Special Issue New Advances in Cybersecurity Technology and Cybersecurity Management)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-8
Back to TopTop