Search Results (19)

As virtual reality technologies evolve toward widespread adoption in education, industry, and social communication, their increasing complexity exposes new and often overlooked security challenges. Immersive environments collect continuous multimodal data, including motion tracking, gaze, voice, and biometric indicators that extend far beyond traditional computing attack surfaces. This paper synthesizes recent research (2023–2025) on cybersecurity, privacy, and behavioral safety in virtual reality (VR) systems, identifies the main vulnerabilities, and proposes a unified defense architecture: the three-layer VR Security Framework (TVR-Sec). Through comparative review and conceptual integration of 31 peer-reviewed studies, three interdependent protection domains emerged: (1) System Integrity, securing hardware, firmware, and network communications against spoofing and malware; (2) User Privacy, ensuring the ethical management of biometric and behavioral data through federated learning and consent-based control; and (3) Socio-Behavioral Safety, addressing harassment, manipulation, and psychological exploitation in shared virtual spaces. The framework situates VR security as a multidimensional adaptive process that combines technical hardening with human-centered defense and ethical design. By aligning cyber–human protections through an AI-driven monitoring and policy engine, TVR-Sec advances a holistic paradigm for securing future immersive ecosystems. Full article

5G systems have delivered on their promise of seamless connectivity and efficiency improvements since their global rollout began in 2020. However, maintaining subscriber identity privacy on the network remains a critical challenge. The 3GPP specifications define numerous identifiers associated with the subscriber and their activity, all of which are critical to the operations of cellular networks. While the introduction of the Subscription Concealed Identifier (SUCI) protects users across the air interface, the 5G Core Network (CN) continues to operate largely on the basis of the Subscription Permanent Identifier (SUPI)—the 5G-equivalent to the IMSI from prior generations—for functions such as authentication, billing, session management, emergency services, and lawful interception. Furthermore, the SUPI relies solely on the transport layer’s encryption for protection from malicious observation and tracking of the SUPI across activities. The crucial role of the largely unprotected SUPI and other closely related identifiers creates a high-value target for insider threats, malware campaigns, and data exfiltration, effectively rendering the Mobile Network Operator (MNO) a single point of failure for identity privacy. In this paper, we analyze the architectural vulnerabilities of identity persistence within the CN, challenging the legacy “honest-but-curious” trust model. To quantify the extent of subscriber identities being utilized and exchange within various API calls in the CN, we conducted a study of the occurrence of SUPI as a parameter throughout the collection of 5G SBI (Service-Based Interface) Core VNF (Virtual Network Function) API (Application Programming Interface) schemas. Our extensive analysis of the 3GPP specifications for 3GPP Release 18 revealed a total of 4284 distinct parameter names being used across all API calls, with a total of 171,466 occurrences across the API schema. More importantly, it revealed a highly skewed distribution in which subscriber identity plays a pivotal role. Specifically, the “supi” parameter ranks 57th with 397 occurrences. We found that SUPI occurs both as a direct parameter (“supi”) and within 72 other parameter names that contain subscriber identifiers as defined in 3GPP TS 23.003. For these 73 parameter names, we identified a total of 8757 occurrences. At over 5.11% of all parameter occurrences, this constitutes a disproportionately large share of total references. We also detail scenarios where subscriber privacy can be compromised by internal actors and review future privacy-preserving frameworks that aim to decouple subscriber identity from network operations. By suggesting a shift towards a zero-trust model for CN architecture and providing subscribers with greater control over their identity management, this work also offers a potential roadmap for mitigating insider threats in current deployments and influencing specific standardization and regulatory requirements for future 6G and Beyond-6G networks. Full article

As digital technology becomes increasingly integral to modern industries, the risks posed by cyber threats, including malware, ransomware, and insider attacks, continue to rise, jeopardizing critical infrastructure including renewable energy system. The world is more vulnerable to sophisticated cyberattacks due to its reliance on smart grids and IoT-enabled renewable energy systems. Without specialized digital forensic frameworks, incident response and critical infrastructure resilience are limited. This research examines the pivotal role of digital forensics in defending renewable energy system against the growing wave of cyber threats. The study highlights the significance of digital forensics in enhancing incident response, evidence collection, and forensic analysis capabilities. Through detailed case studies, it investigates the implementation strategies of digital forensics to identify, track, and mitigate cyber risks. To address this objective, this study proposes a comprehensive and adaptive cybersecurity framework that integrates digital forensics and fuzzy multi-criteria decision-making to enhance cyber resilience in renewable energy systems. Drawing on relevant case studies, the research demonstrates how the integration of digital forensics with fuzzy logic supports dynamic threat evaluation and risk mitigation. Comparative analysis show that the proposed framework outperforms traditional methods in terms of detection accuracy, response time, and adaptability to evolving threat landscapes. Key contributions include: (1) a structured digital forensics-based cybersecurity model tailored to renewable energy systems, (2) application of fuzzy Analytical Hierarchy Process (AHP) for multi-criteria threat evaluation, and (3) policy-oriented recommendations for stakeholders to reinforce national cyber resilience in line with energy transition. The findings underscore the need for a cohesive cybersecurity strategy grounded in advanced decision-support systems to protect the future of sustainable energy. Full article

Cybersecurity has evolved significantly over the years, with a growing interest in biologically inspired models that emulate the immune system’s defense mechanisms. This paper provides a comparative analysis of various immunity-based approaches in cybersecurity, tracking their progression from their inception to the present. It explores the strengths and limitations of these methods across different cybersecurity areas, such as intrusion detection, malware analysis, and network protection. By reviewing foundational research, recent advancements, and existing challenges, this study aims to offer a well-rounded perspective on the effectiveness and constraints of immunity-driven strategies in protecting modern digital infrastructure. Additionally, it highlights emerging trends and future directions, stressing the importance of integrating these approaches with machine learning and other advanced technologies to strengthen cybersecurity resilience. Full article

Cyberattacks, especially Advanced Persistent Threats (APTs), have become more complex. These evolving threats challenge traditional defense systems, which struggle to counter long-lasting and covert attacks. Cybersecurity Knowledge Graphs (CKGs), enabled through the integration of multi-source CTI, introduce novel approaches for proactive defense. However, building CKGs faces challenges such as unclear terminology, overlapping entity relationships in attack chains, and differences in CTI across sources. To tackle these challenges, we propose the CyberKG framework, which improves entity recognition and relation extraction using a SecureBERT_Plus-BiLSTM-Attention-CRF joint architecture. Semantic features are captured using a domain-adapted SecureBERT_Plus model, while temporal dependencies are modeled through BiLSTM. Attention mechanisms highlight key cross-sentence relationships, while CRF incorporates ATT&CK rule constraints. Hierarchical clustering (HAC), based on contextual embeddings, facilitates dynamic entity disambiguation and semantic fusion. Experimental evaluations on the DNRTI and MalwareDB datasets demonstrate strong performance in extraction accuracy, entity normalization, and the resolution of overlapping relations. The constructed knowledge graph supports APT tracking, attack-chain provenance, proactive defense prediction. Full article

Malicious domains are part of the landscape of the internet but are becoming more prevalent and more dangerous both to companies and to individuals. They can be hosted on various technologies and serve an array of content, including malware, command and control and complex phishing sites that are designed to deceive and expose. Tracking, blocking and detecting such domains is complex, and very often it involves complex allowlist or denylist management or SIEM integration with open-source TLS fingerprinting techniques. Many fingerprinting techniques, such as JARM and JA3, are used by threat hunters to determine domain classification, but with the increase in TLS similarity, particularly in CDNs, they are becoming less useful. The aim of this paper was to adapt and evolve open-source TLS fingerprinting techniques with increased features to enhance granularity and to produce a similarity-mapping system that would enable the tracking and detection of previously unknown malicious domains. This was achieved by enriching TLS fingerprints with HTTP header data and producing a fine-grain similarity visualisation that represented high-dimensional data using MinHash and Locality-Sensitive Hashing. Influence was taken from the chemistry domain, where the problem of high-dimensional similarity in chemical fingerprints is often encountered. An enriched fingerprint was produced, which was then visualised across three separate datasets. The results were analysed and evaluated, with 67 previously unknown malicious domains being detected based on their similarity to known malicious domains and nothing else. The similarity-mapping technique produced demonstrates definite promise in the arena of early detection of malware and phishing domains. Full article

Today, cloud computing is a widely used technology that provides a wide range of services to numerous sectors around the world. This technology depends on the interaction and cooperation of virtual machines (VMs) to complete various computing tasks, propagating malware attacks quickly due to the complexity of cloud computing environments and users’ interfaces. As a result of the rising demand for cloud computing from multiple perspectives for complete analysis and decision-making across a range of life disciplines, multi-cloud environments (MCEs) are established. Therefore, in this work, we discuss impacted mathematical modeling for the MCEs’ network dynamics using two deterministic and stochastic approaches. In both approaches, appropriate assumptions are considered. Then, the proposed networks’ VMs are classified to have six different possible states covering media, healthcare, finance, and educational servers. After that, the two developed modeling approaches’ solution existence, uniqueness, equilibrium, and stability are carefully investigated. Using an optimal control strategy, both proposed models are tested for sustaining a certain level of security of the VMs’ states and reducing the propagation of malware within the networks. Finally, we verify the theoretical results by employing numerical simulations to track the malware’s propagation immunization. Results showed how the implemented control methods maintained the essential objectives of managing malware infections. Full article

As digitalization and artificial intelligence advance, cybersecurity threats intensify, making malware—a type of software installed without authorization to harm users—an increasingly urgent concern. Due to malware’s social and economic impacts, accurately modeling its spread has become essential. While diverse models exist for malware propagation, their selection tends to be intuitive, often overlooking the unique aspects of digital environments. Key model choices include deterministic vs. stochastic, planar vs. spatial, analytical vs. simulation-based, and compartment-based vs. individual state-tracking models. In this context, our study assesses fundamental infection spread models to determine those most applicable to malware propagation. It is organized in two parts: the first examines principles of deterministic and stochastic infection models, and the second provides a comparative analysis to evaluate model suitability. Key criteria include scalability, robustness, complexity, workload, transparency, and manageability. Using consistent initial conditions, control examples are analyzed through Python-based numerical methods and agent-based simulations in NetLogo. The findings yield practical insights and recommendations, offering valuable guidance for researchers and cybersecurity professionals in applying epidemiological models to malware spread. Full article

The surge in malware threats propelled by the rapid evolution of the internet and smart device technology necessitates effective automatic malware classification for robust system security. While existing research has primarily relied on some feature extraction techniques, issues such as information loss and computational overhead persist, especially in instruction-level tracking. To address these issues, this paper focuses on the nuanced analysis of API (Application Programming Interface) call sequences between the malware and system and introduces TTDAT (Two-step Training Dual Attention Transformer) for malware classification. TTDAT utilizes Transformer architecture with original multi-head attention and an integrated local attention module, streamlining the encoding of API sequences and extracting both global and local patterns. To expedite detection, we introduce a two-step training strategy: ensemble Transformer models to generate class representation vectors, thereby bolstering efficiency and adaptability. Our extensive experiments demonstrate TTDAT’s effectiveness, showcasing state-of-the-art results with an average F1 score of 0.90 and an accuracy of 0.96. Full article

Cybercriminals are becoming increasingly intelligent and aggressive, making them more adept at covering their tracks, and the global epidemic of cybercrime necessitates significant efforts to enhance cybersecurity in a realistic way. The COVID-19 pandemic has accelerated the cybercrime threat landscape. Cybercrime has a significant impact on the gross domestic product (GDP) of every targeted country. It encompasses a broad spectrum of offenses committed online, including hacking; sensitive information theft; phishing; online fraud; modern malware distribution; cyberbullying; cyber espionage; and notably, cyberattacks orchestrated by botnets. This study provides a new collaborative deep learning approach based on unsupervised long short-term memory (LSTM) and supervised convolutional neural network (CNN) models for the early identification and detection of botnet attacks. The proposed work is evaluated using the CTU-13 and IoT-23 datasets. The experimental results demonstrate that the proposed method achieves superior performance, obtaining a very satisfactory success rate (over 98.7%) and a false positive rate of 0.04%. The study facilitates and improves the understanding of cyber threat intelligence, identifies emerging forms of botnet attacks, and enhances forensic investigation procedures. Full article

Recently, malware has become more abundant and complex as the Internet has become more widely used in daily services. Achieving satisfactory accuracy in malware detection is a challenging task since malicious software exhibit non-relevant features when they change the performed behaviors as a result of their awareness of the analysis environments. However, the existing solutions extract features from the entire collected data offered by malware during the run time. Accordingly, the actual malicious behaviors are hidden during the training, leading to a model trained using unrepresentative features. To this end, this study presents a feature extraction scheme based on the proposed dynamic initial evasion behaviors determination (DIEBD) technique to improve the performance of evasive malware detection. To effectively represent evasion behaviors, the collected behaviors are tracked by examining the entropy distributions of APIs-gram features using the box-whisker plot algorithm. A feature set suggested by the DIEBD-based feature extraction scheme is used to train machine learning algorithms to evaluate the proposed scheme. Our experiments’ outcomes on a dataset of benign and evasive malware samples show that the proposed scheme achieved an accuracy of 0.967, false positive rate of 0.040, and F1 of 0.975. Full article

Cyberattacks always remain the major threats and challenging issues in the modern digital world. With the increase in the number of internet of things (IoT) devices, security challenges in these devices, such as lack of encryption, malware, ransomware, and IoT botnets, leave the devices vulnerable to attackers that can access and manipulate the important data, threaten the system, and demand ransom. The lessons from the earlier experiences of cyberattacks demand the development of the best-practices benchmark of cybersecurity, especially in modern Smart Environments. In this study, we propose an approach with a framework to discover malware attacks by using artificial intelligence (AI) methods to cover diverse and distributed scenarios. The new method facilitates proactively tracking network traffic data to detect malware and attacks in the IoT ecosystem. Moreover, the novel approach makes Smart Environments more secure and aware of possible future threats. The performance and concurrency testing of the deep neural network (DNN) model deployed in IoT devices are computed to validate the possibility of in-production implementation. By deploying the DNN model on two selected IoT gateways, we observed very promising results, with less than 30 kb/s increase in network bandwidth on average, and just a 2% increase in CPU consumption. Similarly, we noticed minimal physical memory and power consumption, with 0.42 GB and 0.2 GB memory usage for NVIDIA Jetson and Raspberry Pi devices, respectively, and an average 13.5% increase in power consumption per device with the deployed model. The ML models were able to demonstrate nearly 93% of detection accuracy and 92% f1-score on both utilized datasets. The result of the models shows that our framework detects malware and attacks in Smart Environments accurately and efficiently. Full article

North Korean cyber-attack groups such as Kimsuky, Lazarus, Andariel, and Venus 121 continue to attempt spear-phishing APT attacks that exploit social issues, including COVID-19. Thus, along with the worldwide pandemic of COVID-19, related threats also persist in cyberspace. In January 2022, a hacking attack, presumed to be Kimsuky, a North Korean cyber-attack group, intending to steal research data related to COVID-19. The problem is that the activities of cyber-attack groups are continuously increasing, and it is difficult to accurately identify cyber-attack groups and attack origins only with limited analysis information. To solve this problem, it is necessary to expand the scope of data analysis by using BGP archive data. It is necessary to combine infrastructure and network information to draw correlations and to be able to classify infrastructure by attack group very accurately. Network-based infrastructure analysis is required in the fragmentary host area, such as malware or system logs. This paper studied cyber ISR and BGP and a case study of cyber ISR visualization for situational awareness, hacking trends of North Korean cyber-attack groups, and cyber-attack tracking. Through related research, we estimated the origin of the attack by analyzing hacking cases through cyber intelligence-based profiling techniques and correlation analysis using BGP archive data. Based on the analysis results, we propose an implementation of the cyber ISR visualization method based on BGP archive data. Future research will include a connection with research on a cyber command-and-control system, a study on the cyber battlefield area, cyber ISR, and a traceback visualization model for the origin of the attack. The final R&D goal is to develop an AI-based cyber-attack group automatic identification and attack-origin tracking platform by analyzing cyber-attack behavior and infrastructure lifecycle. Full article

Ransomware is a strain of malware that disables access to the user’s resources after infiltrating a victim’s system. Ransomware is one of the most dangerous malware organizations face by blocking data access or publishing private data over the internet. The major challenge of any entity is how to decrypt the files encrypted by ransomware. Ransomware’s binary analysis can provide a means to characterize the relationships between different features used by ransomware families to track the ransomware encryption mechanism routine. In this paper, we compare the different ransomware detection approaches and techniques. We investigate the criteria, parameters, and tools used in the ransomware detection ecosystem. We present the main recommendations and best practices for ransomware mitigation. In addition, we propose an efficient ransomware indexing system that provides search functionalities, similarity checking, sample classification, and clustering. The new system scheme mainly targets native ransomware binaries, and the indexing engine depends on hybrid data from the static analyzer system. Our scheme tracks and classifies ransomware based on static features to find the similarity between different ransomware samples. This is done by calculating the absolute Jaccard index. Results have shown that Import Address Table (IAT) feature can be used to classify different ransomware more accurately than the Strings feature. Full article

Accidentally clicking on a link is a type of human error known as a slip in which a user unintentionally performs an unintended task. The risk magnitude is the probability of occurrences of such error with a possible substantial effect to which even experienced individuals are susceptible. Phishing attacks take advantage of slip-based human error by attacking psychological aspects of the users that lead to unintentionally clicking on phishing links. Such actions may lead to installing tracking software, downloading malware or viruses, or stealing private, sensitive information, to list a few. Therefore, a system is needed that detects whether a click on a link is intentional or unintentional and, if unintentional, can then prevent it. This paper proposes a micro-behavioral accidental click detection system (ACDS) to prevent slip-based human error. A within-subject-based experiment was conducted with 20 participants to test the potential of the proposed system. The results reveal the statistical significance between the two cases of intentional vs. unintentional clicks using a smartphone. Random tree, random forest, and support vector machine classifiers were used, exhibiting 82.6%, 87.2%, and 91.6% accuracy in detecting unintentional clicks, respectively. Full article