Journal of Cybersecurity and Privacy

Cybersecurity education requires practical activities such as malware analysis, phishing detection, and Capture the Flag (CTF) challenges. These exercises enable students to actively apply theoretical concepts in realistic scenarios, fostering experiential learning. This article introduces an innovative pedagogical approach relying on gamification in cybersecurity courses, combining technical problem-solving with human factors such as social engineering and risk-taking behavior. By integrating interactive challenges into the courses, engagement and motivation have been enhanced, while addressing both technological and managerial dimensions of cybersecurity. Observations from course implementation indicate that students demonstrate higher involvement when participating in supervised offensive security tasks and social engineering simulations within controlled environments. These findings highlight the potential of gamified strategies to strengthen cybersecurity competencies and promote ethical awareness, paving the way for future research on long-term cybersecurity learning outcomes. Full article

This paper identifies theoretical vulnerabilities in quantum integrity verification by demonstrating that Bell inequality (BI) violations, central to the detection of quantum entanglement, can align with predictions from hidden variable theories (HVTs) under specific measurement configurations. By invoking a Heisenberg-inspired measurement resolution constraint and finite-resolution positive operator-valued measures (POVMs), we identify “convergence vicinities” where the statistical outputs of quantum and classical models become operationally indistinguishable. These results do not challenge Bell’s theorem itself; rather, they expose a vulnerability in quantum integrity frameworks that treat observed Bell violations as definitive, experiment-level evidence of nonclassical entanglement correlations. We support our theoretical analysis with simulations and experimental results from IBM quantum hardware. Our findings call for more robust quantum-verification frameworks, with direct implications for the security of quantum computing, quantum-network architectures, and device-independent cryptographic protocols (e.g., device-independent quantum key distribution (DIQKD)). Full article

Anomaly-based network intrusion detection systems (NIDSs) complement signature-based detection methods to identify unknown (zero-day) attacks. The integration of machine and deep learning enhanced the efficiency of such NIDSs. However, since anomaly-based NIDSs heavily depend on the quality of the training data, the presence of malicious traffic in the training set can significantly degrade the model’s performance. Purging the training data of such traffic is often impractical. This study investigates performance degradation caused by increasing amounts of malicious traffic in the training data. We introduced varying portions of malicious traffic into the training sets of machine and deep learning models to determine which approach is most resilient to unclean training data. Our experiments revealed that Autoencoders, using a byte frequency feature set, achieved the highest F2 score (0.8989), with only a minor decrease of 0.0009 when trained on the most contaminated dataset. This performance drop was the smallest compared to other algorithms tested, including an Isolation Forest, a Local Outlier Factor, a One-Class Support Vector Machine, and Long Short-Term Memory. Full article

Machine learning (ML) techniques have significantly enhanced decision support systems to render them more accurate, efficient, and faster. ML classifiers in securing networks, on the other hand, face a disproportionate risk from the sophisticated adversarial attacks compared to other areas, such as spam filtering, intrusion, and virus detection, and this introduces a continuous competition between malicious users and preventers. Attackers test ML models with inputs that have been specifically crafted to evade these models and obtain inaccurate forecasts. This paper presents a comprehensive review of attack and defensive techniques in ML-based NIDSs. It highlights the current serious challenges that the systems face in preserving robustness against adversarial attacks. Based on our analysis, with respect to their current superior performance and robustness, ML-based NIDS require urgent attention to develop more robust techniques to withstand such attacks. Finally, we discuss the current existing approaches in generating adversarial attacks and reveal the limitations of current defensive approaches. In this paper, the most recent advancements, such as hybrid defensive techniques that integrate multiple strategies to prevent adversarial attacks in NIDS, have highlighted the ongoing challenges. Full article

While face recognition systems are increasingly deployed in critical domains, they remain vulnerable to presentation attacks and exhibit significant demographic bias, particularly affecting African populations. This paper presents a fairness-aware Presentation Attack Detection (PAD) system using Local Binary Patterns (LBPs) with novel ethnicity-aware processing techniques specifically designed for African contexts. Our approach introduces three key technical innovations: (1) adaptive preprocessing with differentiated Contrast-Limited Adaptive Histogram Equalization (CLAHE) parameters and gamma correction optimized for different skin tones, (2) group-specific decision threshold optimization using Equal Error Rate (EER) minimization for each ethnic group, and (3) three novel statistical methods for PAD fairness evaluation such as Coefficient of Variation analysis, McNemar’s significance testing, and bootstrap confidence intervals representing the first application of these techniques in Presentation Attack Detection. Comprehensive evaluation on the Chinese Academy of Sciences Institute of Automation-SURF Cross-ethnicity Face Anti-spoofing dataset (CASIA-SURF CeFA) dataset demonstrates significant bias reduction achievements: a 75.6% reduction in the accuracy gap between African and East Asian subjects (from 3.07% to 0.75%), elimination of statistically significant bias across all ethnic group comparisons, and strong overall performance, with 95.12% accuracy and 98.55% AUC. Our work establishes a comprehensive methodology for measuring and mitigating demographic bias in PAD systems while maintaining security effectiveness, contributing both technical innovations and statistical frameworks for inclusive biometric security research. Full article

Industrial Control Systems (ICS) are fundamental to the operation, monitoring, and automation of critical infrastructure in sectors such as energy, water utilities, manufacturing, transportation, and oil and gas. According to the Purdue Model, ICS encompasses tightly coupled OT and IT layers, becoming increasingly interconnected. Smart grids represent a critical class of ICS; thus, this survey examines encryption and relevant protocols in smart grid communications, with findings extendable to other ICS. Encryption techniques implemented at both the protocol and network layers are among the most effective cybersecurity strategies for protecting communications in increasingly interconnected ICS environments. This paper provides a comprehensive survey of encryption practices within the smart grid as the primary ICS application domain, focusing on protocol-level solutions (e.g., DNP3, IEC 60870-5-104, IEC 61850, ICCP/TASE.2, Modbus, OPC UA, and MQTT) and network-level mechanisms (e.g., VPNs, IPsec, and MACsec). We evaluate these technologies in terms of security, performance, and deployability in legacy and heterogeneous systems that include renewable energy resources. Key implementation challenges are explored, including real-time operational constraints, cryptographic key management, interoperability across platforms, and alignment with NERC CIP, IEC 62351, and IEC 62443. The survey highlights emerging trends such as lightweight Transport Layer Security (TLS) for constrained devices, post-quantum cryptography, and Zero Trust architectures. Our goal is to provide a practical resource for building resilient smart grid security frameworks, with takeaways that generalize to other ICS. Full article

One of the major challenges for effective intrusion detection systems (IDSs) is continuously and efficiently incorporating changes on cyber-attack tactics, techniques, and procedures in the Internet of Things (IoT). Semi-automated cross-organizational sharing of IDS data is a potential solution. However, a major barrier to IDS data sharing is privacy. In this article, we describe the design, implementation, and evaluation of FedPrIDS: a privacy-preserving federated learning system for collaborative network intrusion detection in IoT. We performed experimental evaluation of FedPrIDS using three public network-based intrusion datasets: CIC-IDS-2017, UNSW-NB15, and Bot-IoT. Based on the labels in these datasets for attack type, we created five fictitious organizations, Financial, Technology, Healthcare, Government, and University and evaluated IDS accuracy before and after intelligence sharing. In our evaluation, FedPrIDS showed (1) a detection accuracy net gain of 8.5% to 14.4% from a comparative non-federated approach, with ranges depending on the organization type, where the organization type determines its estimated most likely attack types, privacy thresholds, and data quality measures; (2) a federated detection accuracy across attack types of 90.3% on CIC-IDS-2017, 89.7% on UNSW-NB15, and 92.1% on Bot-IoT; (3) maintained privacy of shared NIDS data via federated machine learning; and (4) reduced inter-organizational communication overhead by an average 50% and showed convergence within 20 training rounds. Full article

This contribution outlines a completely new, fully local approach for secure web-based device control on the basis of browser inter-window messaging. Modern smart home IoT (Internet of Things) devices are commonly controlled with proprietary mobile applications via remote servers, which can have significant adverse implications for the end user. Given that many IoT devices in use today are limited in both available memory and processing speed, standard approaches such as HTTPS-based transport security are not always feasible and a need for more suitable alternatives for such constrained devices arises. The proposed local method for lightweight and secure web-based device control using inter-window messaging leverages existing standard web technologies to enable a maximum degree of privacy, choice, and sustainability within the smart home ecosystem. The implemented proof-of-concept shows that it is feasible to meet essential security objectives in a local web IoT control context while utilizing less than a kilobyte of additional memory compared to an unsecured solution, thereby promoting sustainability through hardening of the control protocols used by existing devices with too few resources for implementing standard web cryptography. In this way, the present work contributes to achieving the vision of a fully open and secure local smart home. Full article

Free live sports streaming (FLS) services attract millions of users who, driven by the excitement of live events, often engage with these high-risk platforms. Although these platforms are widely perceived as risky, the specific threats they pose have lacked large-scale empirical analysis. This paper addresses this gap through a comprehensive study of the FLS ecosystem, conducted during two major international sporting events (UCL playoffs and NHL Stanley Cup Playoffs, 2024–2025 season). We analyze the infrastructure, security threats, and privacy violations that define this space. Analysis of 260 unique domains uncovers systemic security risks, including drive-by downloads delivering persistent malware, and widespread privacy violations, such as invasive device fingerprinting that disregards regulations like the General Data Protection Regulation (GDPR). Furthermore, we map the ecosystem’s resilient infrastructure, identifying eight clusters of co-owned domains. These findings imply that effective countermeasures must target the centralized infrastructure and ephemeral nature of the FLS ecosystem beyond traditional blocking. Full article

Explainability is increasingly expected to support not only interpretation, but also accountability, human oversight, and auditability in high-risk Artificial Intelligence (AI) systems. However, in many deployments, explanations are generated as isolated technical reports, remaining weakly connected to decision provenance, governance actions, audit logs, and regulatory documentation. This short communication introduces XAI-Compliance-by-Design, a modular engineering framework for explainable artificial intelligence (XAI) systems that routes explainability outputs and related technical traces into structured, audit-ready evidence throughout the AI lifecycle, designed to align with key obligations under the European Union Artificial Intelligence Act (EU AI Act) and the General Data Protection Regulation (GDPR). The framework specifies (i) a modular architecture that separates technical evidence generation from governance consumption through explicit interface points for emitting, storing, and querying evidence, and (ii) a Technical–Regulatory Correspondence Matrix—a mapping table linking regulatory anchors to concrete evidence artefacts and governance triggers. As this communication does not report measured results, it also introduces an Evidence-by-Design evaluation protocol defining measurable indicators, baseline configurations, and required artefacts to enable reproducible empirical validation in future work. Overall, the contribution is a practical blueprint that clarifies what evidence must be produced, where it is generated in the pipeline, and how it supports continuous compliance and auditability efforts without relying on post hoc explanations. Full article

Acoustic Side-Channel Attacks (ASCAs) exploit the sound produced by keyboards and other devices to infer sensitive information without breaching software or network defenses. Recent advances in deep learning, large language models, and signal processing have greatly expanded the feasibility and accuracy of these attacks. To clarify the evolving threat landscape, this survey systematically reviews ASCA research published between January 2020 and February 2025. We categorize modern ASCA methods into three levels of text reconstruction—individual keystrokes, short text (words/phrases), and long-text regeneration— and analyze the signal processing, machine learning, and language-model decoding techniques that enable them. We also evaluate how environmental factors such as microphone placement, ambient noise, and keyboard design influence attack performance, and we examine the challenges of generalizing laboratory-trained models to real-world settings. This survey makes three primary contributions: (1) it provides the first structured taxonomy of ASCAs based on text generation granularity and decoding methodology; (2) it synthesizes cross-study evidence on environmental and hardware factors that fundamentally shape ASCA performance; and (3) it consolidates emerging countermeasures, including Generative Adversarial Network-based noise masking, cryptographic defenses, and environmental mitigation, while identifying open research gaps and future threats posed by voice-enabled IoT and prospective quantum side-channels. Together, these insights underscore the need for interdisciplinary, multi-layered defenses against rapidly advancing ASCA techniques. Full article

The Cyber Kill Chain (CKC) is a prevalent concept in cyber defense; nevertheless, its emphasis on post-reconnaissance phases limits the capacity to foresee attacker activities outside the organizational boundary. This study introduces and empirically substantiates a pre-chain phase, referred to as contextual anticipation, which broadens the temporal framework of the CKC by methodically identifying subtle yet actionable signals prior to reconnaissance. The methodology combines the STEMPLES+ framework for socio-technical scanning with General Morphological Analysis (GMA), generating internally coherent scenarios that are translated into Indicators of Threats (IOT). These indicators connect contextual triggers to threshold-based monitoring activities and established courses of action, forming a reproducible and auditable relationship between foresight analysis and operational defense. The application of three illustrative cases—a banking merger, the distribution of a phishing kit in underground marketplaces, and wartime contribution scams—illustrated that contextual anticipation consistently provided quantifiable lead-time benefits varying from several days to six weeks. This proactive stance enabled measures such as registrar takedowns, targeted awareness campaigns, and anticipatory monitoring before distribution and exploitation. By formalizing CKC-0 as an integrated socio-technical phase, the research enhances cybersecurity practice by demonstrating how diffuse contextual drivers can be converted into organized, actionable mechanisms for proactive resilience. Full article

Statistical confidentiality focuses on protecting data to preserve its analytical value while preventing identity exposure, ensuring privacy and security in any system handling sensitive information. Homomorphic encryption allows computations on encrypted data without revealing it to anyone other than an owner or an authorized collector. When combined with other techniques, homomorphic encryption offers an ideal solution for ensuring statistical confidentiality. TFHE (Fast Fully Homomorphic Encryption over the Torus) is a fully homomorphic encryption scheme that supports efficient homomorphic operations on Booleans and integers. Building on TFHE, Zama’s Concrete project offers an open-source compiler that translates high-level Python code (version 3.9 or higher) into secure homomorphic computations. This study examines the feasibility of the Concrete compiler to perform core statistical analyses on encrypted data. We implement traditional algorithms for core statistical measures including the mean, variance, and five-point summary on encrypted datasets. Additionally, we develop a bitonic sort implementation to support the five-point summary. All implementations are executed within the Concrete framework, leveraging its built-in optimizations. Their performance is systematically evaluated by measuring circuit complexity, programmable bootstrapping count (PBS), compilation time, and execution time. We compare these results to findings from previous studies wherever possible. The results show that the complexity of sorting and statistical computations on encrypted data with the Concrete implementation of TFHE increases rapidly, and the size and range of data that can be accommodated is small for most applications. Nevertheless, this work reinforces the theoretical promise of Fully Homomorphic Encryption (FHE) for statistical analysis and highlights a clear path forward: the development of optimized, FHE-compatible algorithms. Full article

Online hate speech poses a growing socio-technological threat that undermines democratic resilience and obstructs progress toward Sustainable Development Goal 16 (SDG 16). This study examines the regulatory and behavioral dimensions of this phenomenon through a combined legal analysis of platform governance and an empirical survey conducted on Meta platforms, based on a sample of young Hungarians (N = 301, aged 14–34). This study focuses on Hungary as a relevant case study of a Central and Eastern European (CEE) state. Countries in this region, due to their shared historical development, face similar societal challenges that are also reflected in the online sphere. The combination of high social media penetration, a highly polarized political discourse, and the tensions between platform governance and EU law (the DSA) makes the Hungarian context particularly suitable for examining digital resilience and the legal awareness of young users. The results reveal a significant “awareness gap”: While a majority of young users can intuitively identify overt hate speech, their formal understanding of platform rules is minimal. Furthermore, their sanctioning preferences often diverge from Meta’s actual policies, indicating a lack of clarity and predictability in platform governance. This gap signals a structural weakness that erodes user trust. The legal analysis highlights the limited enforceability and opacity of content moderation mechanisms, even under the Digital Services Act (DSA) framework. The empirical findings show that current self-regulation models fail to empower users with the necessary knowledge. The contribution of this study is to empirically identify and critically reframe this ‘awareness gap’. Moving beyond a simple knowledge deficit, we argue that the gap is a symptom of a deeper legitimacy crisis in platform governance. It reflects a rational user response—manifesting as digital resignation—to opaque, commercially driven, and unaccountable moderation systems. By integrating legal and behavioral insights with critical platform studies, this paper argues that achieving SDG 16 requires a dual strategy: (1) fundamentally increasing transparency and accountability in content governance to rebuild user trust, and (2) enhancing user-centered digital and legal literacy through a shared responsibility model. Such a strategy must involve both public and private actors in a coordinated, rights-based approach. Ultimately, this study calls for policy frameworks that strengthen democratic resilience not only through better regulation, but by empowering citizens to become active participants—rather than passive subjects—in the governance of online spaces. Full article

The increasing volume of digital medical data offers substantial research opportunities, though its complete utilization is hindered by ongoing privacy and security obstacles. This proof-of-concept study explores and confirms the viability of using Secure Multi-Party Computation (SMPC) to ensure protection and integrity of sensitive patient data, allowing the construction of clinical trial cohorts. Our findings reveal that SMPC facilitates collaborative data analysis on distributed, private datasets with negligible computational costs and optimized data partition sizes. The established architecture incorporates patient information via a blockchain-based decentralized healthcare platform and employs the MPyC library in Python for secure computations on Fast Healthcare Interoperability Resources (FHIR)-format data. The outcomes affirm SMPC’s capacity to maintain patient privacy during cohort formation, with minimal overhead. It illustrates the potential of SMPC-based methodologies to expand access to medical research data. A key contribution of this work is eliminating the need for complex cryptographic key management while maintaining patient privacy, illustrating the potential of SMPC-based methodologies to expand access to medical research data by reducing implementation barriers. Full article

This study proposes the Huffman Tree and Binary Conversion (HTB) which is a preprocessing algorithm to transform the Huffman tree into binary representation before the encryption process. In fact, HTB can improve the structural readiness of plaintext by combining the Huffman code with a deterministic binary representation of the Huffman tree. In addition, binary representation of the Huffman tree and the compressed information will be encrypted by standard cryptographic algorithms. Six datasets, divided into two groups (short and long texts), were chosen to evaluate compression behavior and the processing cost. Moreover, AES and RSA are chosen to combine with the proposed method to analyze the encryption and decryption cycles. The experimental results show that HTB introduces a small linear-time overhead. That means, it is slightly slower than applying only the Huffman code. Across these datasets, HTB maintained a consistently low processing cost. The processing time is below one millisecond in both encoding and decoding processes. However, for long texts, the structural conversion cost becomes amortized across larger encoded messages, and the reduction in plaintext size leads to fewer encryption blocks for both AES and RSA. The reduced plaintext size lowers the number of AES encryption blocks by approximately 30–45% and decreases the number of encryption and decryption rounds in RSA. The encrypted binary representation of the Huffman tree also decreased structural ambiguity and reduced the potential exposure of frequency-related metadata. Although HTB does not replace cryptographic security, it enhances the structural consistency of compression. Therefore, the proposed method demonstrates scalability, predictable overhead, and improved suitability for cryptographic workflows. Full article

High cybersecurity risks and attacks cause information theft, unauthorized access to data and information, reputational damage, and financial loss in small and medium enterprises (SMEs). This creates a need to adopt information security systems of SMEs through innovation and compliance with information security policies. This study seeks to develop an integrated research model assessing the adoption of InfoSec systems in SMEs based on three existing theories, namely the technology acceptance model (TAM), theory of reasoned action (TRA), and unified theory of acceptance and use of technology (UTAUT). A thorough review of literature identified prior experience, enjoyment of new InfoSec technology, top management support, IT infrastructure, security training, legal-governmental regulations, and attitude as potential determinants of adoption of InfoSec systems. A self-developed and self-administered questionnaire was distributed to 418 employees, mid-level managers, and top-level managers working in SMEs operating in Riyadh, Saudi Arabia. The study found that prior experience, top management support, IT infrastructure, security training, and legal-governmental regulations have a positive impact on attitude toward InfoSec systems, which in turn positively influences the adoption of InfoSec systems. Gender, education, and occupation significantly moderated the impact of some determinants on attitude and, consequently, adoption of InfoSec systems. Such an integrated framework offers actionable insights and recommendations, including enhancing information security awareness and compliance with information security policies, as well as increasing profitability within SMEs. The study findings make considerable theoretical contributions to the development of knowledge and deliver practical contributions towards the status of SMEs in Saudi Arabia. Full article

The rapid expansion of Internet of Things (IoT) technologies has introduced significant challenges in understanding the complexity and structure of network traffic data, which is essential for developing effective cybersecurity solutions. This research presents a comprehensive statistical and multivariate analysis of the IoT-23 dataset to identify meaningful network traffic patterns and assess the effectiveness of various analytical methods for IoT security research. The study applies descriptive statistics, inferential analysis, and multivariate techniques, including Principal Component Analysis (PCA), DBSCAN clustering, and factor analysis (FA), to the publicly available IoT-23 dataset. Descriptive analysis reveals clear evidence of non-normal distributions: for example, the features src_bytes, dst_bytes, and src_pkts have skewness values of −4.21, −3.87, and −2.98, and kurtosis values of 38.45, 29.67, and 18.23, respectively. These values indicate highly skewed, heavy-tailed distributions with frequent outliers. Correlation analysis revealed a strong positive correlation (0.97) between orig_bytes and resp_bytes, and a strong negative correlation (−0.76) between duration and resp_bytes, while inferential statistics indicate that linear regression provides optimal modeling of data relationships. Key findings show that PCA is highly effective, capturing 99% of the dataset’s variance and enabling significant dimensionality reduction. DBSCAN clustering identifies six distinct clusters, highlighting diverse network traffic behaviors within IoT environments. In contrast, FA explains only 11.63% of the variance, indicating limited suitability for this dataset. These results establish important benchmarks for future IoT cybersecurity research and demonstrate the superior effectiveness of PCA and DBSCAN for analyzing complex IoT network traffic data. The findings offer practical guidance for researchers in selecting appropriate statistical methods for IoT dataset analysis, ultimately supporting the development of more robust cybersecurity solutions. Full article

Smart phones have become an integral part of our lives in modern society, as we carry and use them throughout a day. However, this “body part” may maliciously collect and leak our personal information without our knowledge. When we install mobile applications on our smart phones and grant their permission requests, these apps can use sensors embedded in the smart phones and the stored data to gather and infer our personal information, preferences, and habits. In this paper, we present our preliminary results on quantifying the privacy risk of mobile applications by assessing whether requested permissions are necessary based on app descriptions through textual entailment decided by language models (LMs). We observe that despite incorporating various improvements of LMs proposed in the literature for natural language processing (NLP) tasks, the performance of the trained model remains far from ideal. Full article