The digital transformation in Cameroon presents critical cybersecurity challenges that demand immediate attention and strategic intervention. This comprehensive analysis examines the evolving cybersecurity landscape i...The digital transformation in Cameroon presents critical cybersecurity challenges that demand immediate attention and strategic intervention. This comprehensive analysis examines the evolving cybersecurity landscape in Cameroon from 2020 to 2023, during which cyber-attacks increased by 156% and financial losses from digital fraud exceeded $45 million. This research identifies significant vulnerabilities in Cameroon’s cybersecurity ecosystem through a rigorous assessment of national infrastructure, policy frameworks, and institutional capacities. Recent data indicates that while digital service adoption has grown exponentially, with internet penetration reaching 35.2% in 2023, cybersecurity measures have lagged significantly behind international standards. This analysis draws on comprehensive data from multiple sectors, including financial services, government institutions, and telecommunications, incorporating findings from the National Cybersecurity Assessment Program and the Digital Infrastructure Security Report. The research reveals that 73% of organizations lack dedicated security teams, while response times to cyber incidents average 72 hours—three times than the global standard. Based on these findings, this paper proposes evidence-based solutions for enhancing digital resilience, including policy modernization, capacity-building initiatives, and technical infrastructure development. The recommendations encompass short-term tactical responses, medium-term strategic improvements, and long-term structural changes, providing a comprehensive roadmap for strengthening Cameroon’s national cybersecurity frameworks.展开更多
The NIST Cybersecurity Framework (NIST CSF) serves as a voluntary guideline aimed at helping organizations, tiny and medium-sized enterprises (SMEs), and critical infrastructure operators, effectively manage cyber ris...The NIST Cybersecurity Framework (NIST CSF) serves as a voluntary guideline aimed at helping organizations, tiny and medium-sized enterprises (SMEs), and critical infrastructure operators, effectively manage cyber risks. Although comprehensive, the complexity of the NIST CSF can be overwhelming, especially for those lacking extensive cybersecurity resources. Current implementation tools often cater to larger companies, neglecting the specific needs of SMEs, which can be vulnerable to cyber threats. To address this gap, our research proposes a user-friendly, open-source web platform designed to simplify the implementation of the NIST CSF. This platform enables organizations to assess their risk exposure and continuously monitor their cybersecurity maturity through tailored recommendations based on their unique profiles. Our methodology includes a literature review of existing tools and standards, followed by a description of the platform’s design and architecture. Initial tests with SMEs in Burkina Faso reveal a concerning cybersecurity maturity level, indicating the urgent need for improved strategies based on our findings. By offering an intuitive interface and cross-platform accessibility, this solution aims to empower organizations to enhance their cybersecurity resilience in an evolving threat landscape. The article concludes with discussions on the practical implications and future enhancements of the tool.展开更多
The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making...The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making detection more difficult.Numerous researchers and developers have devoted considerable attention to this topic;however,the research field has not yet been fully saturated with high-quality studies that address these problems.For this reason,this paper presents a novel multi-objective Markov-enhanced adaptive whale optimization(MOMEAWO)cybersecurity model to improve the classification of binary and multi-class malware threats through the proposed MOMEAWO approach.The proposed MOMEAWO cybersecurity model aims to provide an innovative solution for analyzing,detecting,and classifying the behavior of obfuscated malware within their respective families.The proposed model includes three classification types:Binary classification and multi-class classification(e.g.,four families and 16 malware families).To evaluate the performance of this model,we used a recently published dataset called the Canadian Institute for Cybersecurity Malware Memory Analysis(CIC-MalMem-2022)that contains balanced data.The results show near-perfect accuracy in binary classification and high accuracy in multi-class classification compared with related work using the same dataset.展开更多
The concept of Supply Chain 4.0 represents a transformative phase in supply chain management through advanced digital technologies like IoT, AI, blockchain, and cyber-physical systems. While these innovations deliver ...The concept of Supply Chain 4.0 represents a transformative phase in supply chain management through advanced digital technologies like IoT, AI, blockchain, and cyber-physical systems. While these innovations deliver operational improvements, the heightened interconnectivity introduces significant cybersecurity challenges, particularly within military logistics, where mission-critical operations and life-safety concerns are paramount. This paper examines these unique cybersecurity requirements, focusing on advanced persistent threats, supply chain poisoning, and data breaches that could compromise sensitive operations. The study proposes a hybrid cybersecurity framework tailored to military logistics, integrating resilience, redundancy, and cross-jurisdictional security measures. Real-world applicability is validated through simulations, offering strategies for securing supply chains while balancing security, efficiency, and flexibility.展开更多
The European Standardization Organizations(ESOs),CEN,CENELEC and ETSI,joined forces with ENISA,the EU Agency for Cybersecurity,to host the 9th Cybersecurity Standardization Conference on March 20 in Brussels,Belgium.
The increasing reliance on digital infrastructure in modern healthcare systems has introduced significant cybersecurity challenges,particularly in safeguarding sensitive patient data and maintaining the integrity of m...The increasing reliance on digital infrastructure in modern healthcare systems has introduced significant cybersecurity challenges,particularly in safeguarding sensitive patient data and maintaining the integrity of medical services.As healthcare becomes more data-driven,cyberattacks targeting these systems continue to rise,necessitating the development of robust,domain-adapted Intrusion Detection Systems(IDS).However,current IDS solutions often lack access to domain-specific datasets that reflect realistic threat scenarios in healthcare.To address this gap,this study introduces HCKDDCUP,a synthetic dataset modeled on the widely used KDDCUP benchmark,augmented with healthcare-relevant attributes such as patient data,treatments,and diagnoses to better simulate the unique conditions of clinical environments.This research applies standard machine learning algorithms Random Forest(RF),Decision Tree(DT),and K-Nearest Neighbors(KNN)to both the KDDCUP and HCKDDCUP datasets.The methodology includes data preprocessing,feature selection,dimensionality reduction,and comparative performance evaluation.Experimental results show that the RF model performed best,achieving 98%accuracy on KDDCUP and 99%on HCKDDCUP,highlighting its effectiveness in detecting cyber intrusions within a healthcare-specific context.This work contributes a valuable resource for future research and underscores the need for IDS development tailored to sector-specific requirements.展开更多
Small and Medium-sized Enterprises (SMEs) are considered the backbone of global economy, but they often face cyberthreats which threaten their financial stability and operational continuity. This work aims to offer a ...Small and Medium-sized Enterprises (SMEs) are considered the backbone of global economy, but they often face cyberthreats which threaten their financial stability and operational continuity. This work aims to offer a proactive cybersecurity approach to safeguard SMEs against these threats. Furthermore, to mitigate these risks, we propose a comprehensive framework of practical and scalable cybersecurity measurements/protocols specifically for SMEs. These measures encompass a spectrum of solutions, from technological fortifications to employee training initiatives and regulatory compliance strategies, in an effort to cultivate resilience and awareness among SMEs. Additionally, we introduce a specially designed a Java-based questionnaire software tool in order to provide an initial framework for essential cybersecurity measures and evaluation for SMEs. This tool covers crucial topics such as social engineering and phishing attempts, implementing antimalware and ransomware defense mechanisms, secure data management and backup strategies and methods for preventing insider threats. By incorporating globally recognized frameworks and standards like ISO/IEC 27001 and NIST guidelines, this questionnaire offers a roadmap for establishing and enhancing cybersecurity measures.展开更多
This paper presents a novel blockchain-embedded cybersecurity framework for industrial solar power systems,integrating immutable machine learning(ML)with distributed ledger technology.Our contribution focused on three...This paper presents a novel blockchain-embedded cybersecurity framework for industrial solar power systems,integrating immutable machine learning(ML)with distributed ledger technology.Our contribution focused on three factors,Quantum-resistant feature engineering using theUNSW-NB15 dataset adapted for solar infrastructure anomalies.An enhanced Light Gradient Boosting Machine(LightGBM)classifier with blockchain-validated decision thresholds,and A cryptographic proof-of-threat(PoT)consensus mechanism for cyber attack verification.The proposed Immutable LightGBM model with majority voting and cryptographic feature encoding achieves 96.9% detection accuracy with 0.97 weighted average of precision,recall and F1-score,outperforming conventional intrusion detection systems(IDSs)by 12.7% in false positive reduction.The blockchain layer demonstrates a 2.4-s average block confirmation time with 256-bit SHA-3 hashing,enabling real-time threat logging in photovoltaic networks.Experimental results improve in attack traceability compared to centralized security systems,establishing new benchmarks for trustworthy anomaly detection in smart grid infrastructures.This study also compared traditional and hybrid ML based blockchian driven IDSs and attained better classification results.The proposed framework not only delivers a resilient,adaptable threat mitigation system(TMS)for Industry 4.0 solar powered infrastructure but also attains high explainability,scalability with tamper-proof logs,and remarkably exceptional ability of endurance to cyber attacks.展开更多
This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 emp...This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 employees across 78 SMEs, qualitative interviews, and case studies, the research examines how psychological factors influence cybersecurity behaviors and policy effectiveness. Key findings reveal significant correlations between psychological factors and security outcomes, including the relationship between self-efficacy and policy compliance (r = 0.42, p β = 0.37, p < 0.001). The study identifies critical challenges in risk perception, policy complexity, and organizational culture affecting SME cybersecurity implementation. Results demonstrate that successful cybersecurity initiatives require the integration of psychological principles with technical solutions. The research provides a framework for developing human-centric security policies that address both behavioral and technical aspects of cybersecurity in resource-constrained environments.展开更多
The increasing sophistication of cyberattacks,coupled with the limitations of rule-based detection systems,underscores the urgent need for proactive and intelligent cybersecurity solutions.Traditional intrusion detect...The increasing sophistication of cyberattacks,coupled with the limitations of rule-based detection systems,underscores the urgent need for proactive and intelligent cybersecurity solutions.Traditional intrusion detection systems often struggle with detecting early-stage threats,particularly in dynamic environments such as IoT,SDNs,and cloud infrastructures.These systems are hindered by high false positive rates,poor adaptability to evolving threats,and reliance on large labeled datasets.To address these challenges,this paper introduces CyberGuard-X,an AI-driven framework designed to identify attack precursors—subtle indicators of malicious intent—before full-scale intrusions occur.CyberGuard-X integrates anomaly detection,time-series analysis,and multi-stage classification within a scalable architecture.The model leverages deep learning techniques such as autoencoders,LSTM networks,and Transformer layers,supported by semi-supervised learning to enhance detection of zero-day and rare threats.Extensive experiments on benchmark datasets(CICIDS2017,CSE-CIC-IDS2018,and UNSW-NB15)demonstrate strong results,including 96.1%accuracy,94.7%precision,and 95.3%recall,while achieving a zero-day detection rate of 84.5%.With an inference time of 12.8 ms and 34.5%latency reduction,the model supports real-time deployment in resource-constrained environments.CyberGuard-X not only surpasses baseline models like LSTM and Random Forest but also enhances proactive threat mitigation across diverse network settings.展开更多
Taking the cooperation between China and Pakistan as an example,this paper expounds on the current situation,governance concept,obstacles to cooperation,and differentiated policies of Western countries in the areas of...Taking the cooperation between China and Pakistan as an example,this paper expounds on the current situation,governance concept,obstacles to cooperation,and differentiated policies of Western countries in the areas of cybersecurity,the role of new e-commerce platforms,and digital sovereignty of BRICS countries.It aims to promote inter-governmental cooperation through civil dialogue and lead information technology cooperation among developing countries through the BRICS mechanism,as well as to collaborate to establish guidelines for global cybersecurity,new e-commerce platforms,and digital sovereignty.展开更多
The growing sophistication of cyberthreats,among others the Distributed Denial of Service attacks,has exposed limitations in traditional rule-based Security Information and Event Management systems.While machine learn...The growing sophistication of cyberthreats,among others the Distributed Denial of Service attacks,has exposed limitations in traditional rule-based Security Information and Event Management systems.While machine learning–based intrusion detection systems can capture complex network behaviours,their“black-box”nature often limits trust and actionable insight for security operators.This study introduces a novel approach that integrates Explainable Artificial Intelligence—xAI—with the Random Forest classifier to derive human-interpretable rules,thereby enhancing the detection of Distributed Denial of Service(DDoS)attacks.The proposed framework combines traditional static rule formulation with advanced xAI techniques—SHapley Additive exPlanations and Scoped Rules-to extract decision criteria from a fully trained model.The methodology was validated on two benchmark datasets,CICIDS2017 and WUSTL-IIOT-2021.Extracted rules were evaluated against conventional Security Information and Event Management Systems rules with metrics such as precision,recall,accuracy,balanced accuracy,and Matthews Correlation Coefficient.Experimental results demonstrate that xAI-derived rules consistently outperform traditional static rules.Notably,the most refined xAI-generated rule achieved near-perfect performance with significantly improved detection of DDoS traffic while maintaining high accuracy in classifying benign traffic across both datasets.展开更多
With the rapid development of information technology, the deep integration of the financial sector and the internet has become a key driving force for economic growth. However, while this trend brings convenience, it ...With the rapid development of information technology, the deep integration of the financial sector and the internet has become a key driving force for economic growth. However, while this trend brings convenience, it also poses significant cybersecurity challenges to the financial sector. This study comprehensively analyzes the current state, challenges, and protective measures of cybersecurity in the financial sector, aiming to provide important references for financial institutions in formulating cybersecurity strategies and enhancing risk management.展开更多
Strengthening cybersecurity education for college students holds significant importance in achieving the strategic goal of building China into a cyber power.This article begins by discussing the significance and neces...Strengthening cybersecurity education for college students holds significant importance in achieving the strategic goal of building China into a cyber power.This article begins by discussing the significance and necessity of implementing cybersecurity education for university students.Drawing on disciplinary characteristics and student learning analysis,it presents a comprehensive construction process and countermeasures for a general cybersecurity education course,covering aspects such as teaching content development,teaching resource creation,and pedagogical approaches.The aim is to provide reference and guidance for other universities in developing general cybersecurity education courses.展开更多
The proliferation of smart communities in Foshan has led to increasingly diverse and prevalent cybersecurity risks for residents.This trend has rendered traditional cybersecurity education models inadequate in address...The proliferation of smart communities in Foshan has led to increasingly diverse and prevalent cybersecurity risks for residents.This trend has rendered traditional cybersecurity education models inadequate in addressing the challenges of the digital era.Guided by the theory of collaborative governance and the framework of digital transformation,this paper examines the multi-stakeholder collaborative mechanism involving the government,businesses,community organizations,universities,and residents.It subsequently proposes a series of implementation strategies such as digitizing educational content,intellectualizing platforms,contextualizing delivery methods,and refining management precision.Studies demonstrate that this model enables effective resource integration,improves educational precision,and boosts resident engagement.It represents a fundamental shift from unilateral dissemination to multi-party interaction and from decentralized management to collaborative synergy,offering a replicable“Foshan Model”for digital governance at the community level.展开更多
In the wake of increased cybercrime against insufficient cybersecurity professionals, there is an urgent need to bridge the skill-gap. The demand for skilled and experienced (approximately 40,000 to 50,000) cybersecur...In the wake of increased cybercrime against insufficient cybersecurity professionals, there is an urgent need to bridge the skill-gap. The demand for skilled and experienced (approximately 40,000 to 50,000) cybersecurity professionals in Kenya is soaring all-time high. This demand is against the available 1700 certified professionals. Therefore, this paper seeks to bring to fore interventions put in place to address the skill gap through curriculum interventions. In order to get a clear understanding, the paper sought to determine the status of cybersecurity skill gap in Kenya and what universities are doing to address the gap. The paper also sought to propose the way forward to close the skill gap. This is a seminal review paper in the field of cybersecurity in Kenya focusing on institutions of higher learning and the interventions to address the cybersecurity skill gap. This research is significant to the general institutions of higher learning in both private and public universities. Results show that the cybersecurity skill gap is very high in Kenya. Interventions being offered by universities include partnerships with private cybersecurity organizations, offering cybersecurity certification training hackathons, and degree programs. However, it was established that only 13.2% of registered universities that offer cybersecurity degree programs in Kenya. The paper therefore strongly recommends launch of cybersecurity programs at the levels of undergraduate and graduate in many universities. This can therefore be augmented with other interventions such as certifications, hackathons and partnerships. Further research can be conducted to establish factors affecting the launch of cybersecurity programs in institutions of higher learning in Kenya. A further research can also be conducted to determine the effect of supplementary cybersecurity trainings such as hackathons and certifications.展开更多
Estimating the global state of a networked system is an important problem in many application domains.The classical approach to tackling this problem is the periodic(observation)method,which is inefficient because it ...Estimating the global state of a networked system is an important problem in many application domains.The classical approach to tackling this problem is the periodic(observation)method,which is inefficient because it often observes states at a very high frequency.This inefficiency has motivated the idea of event-based method,which leverages the evolution dynamics in question and makes observations only when some rules are triggered(i.e.,only when certain conditions hold).This paper initiates the investigation of using the event-based method to estimate the equilibrium in the new application domain of cybersecurity,where equilibrium is an important metric that has no closed-form solutions.More specifically,the paper presents an event-based method for estimating cybersecurity equilibrium in the preventive and reactive cyber defense dynamics,which has been proven globally convergent.The presented study proves that the estimated equilibrium from our trigger rule i)indeed converges to the equilibrium of the dynamics and ii)is Zeno-free,which assures the usefulness of the event-based method.Numerical examples show that the event-based method can reduce 98%of the observation cost incurred by the periodic method.In order to use the event-based method in practice,this paper investigates how to bridge the gap between i)the continuous state in the dynamics model,which is dubbed probability-state because it measures the probability that a node is in the secure or compromised state,and ii)the discrete state that is often encountered in practice,dubbed sample-state because it is sampled from some nodes.This bridge may be of independent value because probability-state models have been widely used to approximate exponentially-many discrete state systems.展开更多
Today,security is a major challenge linked with computer network companies that cannot defend against cyber-attacks.Numerous vulnerable factors increase security risks and cyber-attacks,including viruses,the internet,...Today,security is a major challenge linked with computer network companies that cannot defend against cyber-attacks.Numerous vulnerable factors increase security risks and cyber-attacks,including viruses,the internet,communications,and hackers.Internets of Things(IoT)devices are more effective,and the number of devices connected to the internet is constantly increasing,and governments and businesses are also using these technologies to perform business activities effectively.However,the increasing uses of technologies also increase risks,such as password attacks,social engineering,and phishing attacks.Humans play a major role in the field of cybersecurity.It is observed that more than 39%of security risks are related to the human factor,and 95%of successful cyber-attacks are caused by human error,with most of them being insider threats.The major human factor issue in cybersecurity is a lack of user awareness of cyber threats.This study focuses on the human factor by surveying the vulnerabilities and reducing the risk by focusing on human nature and reacting to different situations.This study highlighted that most of the participants are not experienced with cybersecurity threats and how to protect their personal information.Moreover,the lack of awareness of the top three vulnerabilities related to the human factor in cybersecurity,such as phishing attacks,passwords,attacks,and social engineering,are major problems that need to be addressed and reduced through proper awareness and training.展开更多
This article is dedicated to the creation of the analytical model of quantitative estimation of cybersecurity of Information Systems of Critical Infrastructure (ISCI). The model takes into consideration the existence,...This article is dedicated to the creation of the analytical model of quantitative estimation of cybersecurity of Information Systems of Critical Infrastructure (ISCI). The model takes into consideration the existence, in the discussed ISCI, of both the intelligent tools of detection, analysis and identification of threats and vulnerabilities and means for restauration and elimination of their consequences. The development of the model also takes into consideration probabilistic nature of flow of events happening in ISCI and transferring the system between different states of cybersecurity. Among such probabilistic events we mean any operational perturbations (that can cause extreme situations) happening in ISCI under the influence of cyber-threats, as well as events concerning restoration and elimination of consequences of such cyber-threats. In this work, as methods of modelling, there have been used methods of system-oriented analysis based on theory of probability, theory of reliability and theory of queues. These methods enabled to describe analytically dependence of effectiveness indices of ISCI operation on abovementioned probabilistic processes.展开更多
This paper explores the convergence of Saudi Arabia’s Vision 2030 with the increasing dependence on the Internet for educational purposes. It sheds light on the potential cybersecurity risks and how parental percepti...This paper explores the convergence of Saudi Arabia’s Vision 2030 with the increasing dependence on the Internet for educational purposes. It sheds light on the potential cybersecurity risks and how parental perception impacts children’s willingness to adapt cybersecurity features. By instilling the significance of cybersecurity awareness in early stages, society can provide children with the necessary skills to navigate the digital realm responsibly. As we progress, ongoing research and collaborative endeavors will be pivotal in formulating effective strategies to shield the digital generation from the potential pitfalls of the virtual realm. Regular Internet usage is essential for various purposes such as communication, education, and leisure. The cohorts of Generation Z and Alpha were born during a period of exponential Internet growth, leading them to heavily engage with the Internet. Consequently, they are equally vulnerable to cybersecurity threats just like adults. Addressing potential security risks for today’s youth becomes the responsibility of parents as the primary line of defense. This research focuses on raising awareness about the imperative of ensuring children’s safety in the online sphere, particularly by their parents. The study is conducted within the specific context of Saudi Arabia, aiming to examine how Saudi parents’ perception of cybersecurity influences their children’s cyber safety. The study identifies critical factors, including attitudes towards cybersecurity, awareness of cybersecurity, and prevailing social norms regarding cybersecurity. These factors contribute to the development of parents’ intention to prioritize cybersecurity, which consequently affects their children’s behaviors in the digital realm. Utilizing a quantitative approach based on a questionnaire, the study employs a Structural Equation Modeling (SEM) framework to analyze the collected data. The study’s findings underscore that parents’ intent towards cybersecurity plays a significant role in shaping their children’s behavior concerning cyber safety.展开更多
文摘The digital transformation in Cameroon presents critical cybersecurity challenges that demand immediate attention and strategic intervention. This comprehensive analysis examines the evolving cybersecurity landscape in Cameroon from 2020 to 2023, during which cyber-attacks increased by 156% and financial losses from digital fraud exceeded $45 million. This research identifies significant vulnerabilities in Cameroon’s cybersecurity ecosystem through a rigorous assessment of national infrastructure, policy frameworks, and institutional capacities. Recent data indicates that while digital service adoption has grown exponentially, with internet penetration reaching 35.2% in 2023, cybersecurity measures have lagged significantly behind international standards. This analysis draws on comprehensive data from multiple sectors, including financial services, government institutions, and telecommunications, incorporating findings from the National Cybersecurity Assessment Program and the Digital Infrastructure Security Report. The research reveals that 73% of organizations lack dedicated security teams, while response times to cyber incidents average 72 hours—three times than the global standard. Based on these findings, this paper proposes evidence-based solutions for enhancing digital resilience, including policy modernization, capacity-building initiatives, and technical infrastructure development. The recommendations encompass short-term tactical responses, medium-term strategic improvements, and long-term structural changes, providing a comprehensive roadmap for strengthening Cameroon’s national cybersecurity frameworks.
文摘The NIST Cybersecurity Framework (NIST CSF) serves as a voluntary guideline aimed at helping organizations, tiny and medium-sized enterprises (SMEs), and critical infrastructure operators, effectively manage cyber risks. Although comprehensive, the complexity of the NIST CSF can be overwhelming, especially for those lacking extensive cybersecurity resources. Current implementation tools often cater to larger companies, neglecting the specific needs of SMEs, which can be vulnerable to cyber threats. To address this gap, our research proposes a user-friendly, open-source web platform designed to simplify the implementation of the NIST CSF. This platform enables organizations to assess their risk exposure and continuously monitor their cybersecurity maturity through tailored recommendations based on their unique profiles. Our methodology includes a literature review of existing tools and standards, followed by a description of the platform’s design and architecture. Initial tests with SMEs in Burkina Faso reveal a concerning cybersecurity maturity level, indicating the urgent need for improved strategies based on our findings. By offering an intuitive interface and cross-platform accessibility, this solution aims to empower organizations to enhance their cybersecurity resilience in an evolving threat landscape. The article concludes with discussions on the practical implications and future enhancements of the tool.
文摘The rapid and increasing growth in the volume and number of cyber threats from malware is not a real danger;the real threat lies in the obfuscation of these cyberattacks,as they constantly change their behavior,making detection more difficult.Numerous researchers and developers have devoted considerable attention to this topic;however,the research field has not yet been fully saturated with high-quality studies that address these problems.For this reason,this paper presents a novel multi-objective Markov-enhanced adaptive whale optimization(MOMEAWO)cybersecurity model to improve the classification of binary and multi-class malware threats through the proposed MOMEAWO approach.The proposed MOMEAWO cybersecurity model aims to provide an innovative solution for analyzing,detecting,and classifying the behavior of obfuscated malware within their respective families.The proposed model includes three classification types:Binary classification and multi-class classification(e.g.,four families and 16 malware families).To evaluate the performance of this model,we used a recently published dataset called the Canadian Institute for Cybersecurity Malware Memory Analysis(CIC-MalMem-2022)that contains balanced data.The results show near-perfect accuracy in binary classification and high accuracy in multi-class classification compared with related work using the same dataset.
文摘The concept of Supply Chain 4.0 represents a transformative phase in supply chain management through advanced digital technologies like IoT, AI, blockchain, and cyber-physical systems. While these innovations deliver operational improvements, the heightened interconnectivity introduces significant cybersecurity challenges, particularly within military logistics, where mission-critical operations and life-safety concerns are paramount. This paper examines these unique cybersecurity requirements, focusing on advanced persistent threats, supply chain poisoning, and data breaches that could compromise sensitive operations. The study proposes a hybrid cybersecurity framework tailored to military logistics, integrating resilience, redundancy, and cross-jurisdictional security measures. Real-world applicability is validated through simulations, offering strategies for securing supply chains while balancing security, efficiency, and flexibility.
文摘The European Standardization Organizations(ESOs),CEN,CENELEC and ETSI,joined forces with ENISA,the EU Agency for Cybersecurity,to host the 9th Cybersecurity Standardization Conference on March 20 in Brussels,Belgium.
基金supported and funded by the Deanship of Scientific Research at Imam Mohammad Ibn Saud Islamic University(IMSIU)(grant number IMSIU-DDRSP2501).
文摘The increasing reliance on digital infrastructure in modern healthcare systems has introduced significant cybersecurity challenges,particularly in safeguarding sensitive patient data and maintaining the integrity of medical services.As healthcare becomes more data-driven,cyberattacks targeting these systems continue to rise,necessitating the development of robust,domain-adapted Intrusion Detection Systems(IDS).However,current IDS solutions often lack access to domain-specific datasets that reflect realistic threat scenarios in healthcare.To address this gap,this study introduces HCKDDCUP,a synthetic dataset modeled on the widely used KDDCUP benchmark,augmented with healthcare-relevant attributes such as patient data,treatments,and diagnoses to better simulate the unique conditions of clinical environments.This research applies standard machine learning algorithms Random Forest(RF),Decision Tree(DT),and K-Nearest Neighbors(KNN)to both the KDDCUP and HCKDDCUP datasets.The methodology includes data preprocessing,feature selection,dimensionality reduction,and comparative performance evaluation.Experimental results show that the RF model performed best,achieving 98%accuracy on KDDCUP and 99%on HCKDDCUP,highlighting its effectiveness in detecting cyber intrusions within a healthcare-specific context.This work contributes a valuable resource for future research and underscores the need for IDS development tailored to sector-specific requirements.
文摘Small and Medium-sized Enterprises (SMEs) are considered the backbone of global economy, but they often face cyberthreats which threaten their financial stability and operational continuity. This work aims to offer a proactive cybersecurity approach to safeguard SMEs against these threats. Furthermore, to mitigate these risks, we propose a comprehensive framework of practical and scalable cybersecurity measurements/protocols specifically for SMEs. These measures encompass a spectrum of solutions, from technological fortifications to employee training initiatives and regulatory compliance strategies, in an effort to cultivate resilience and awareness among SMEs. Additionally, we introduce a specially designed a Java-based questionnaire software tool in order to provide an initial framework for essential cybersecurity measures and evaluation for SMEs. This tool covers crucial topics such as social engineering and phishing attempts, implementing antimalware and ransomware defense mechanisms, secure data management and backup strategies and methods for preventing insider threats. By incorporating globally recognized frameworks and standards like ISO/IEC 27001 and NIST guidelines, this questionnaire offers a roadmap for establishing and enhancing cybersecurity measures.
文摘This paper presents a novel blockchain-embedded cybersecurity framework for industrial solar power systems,integrating immutable machine learning(ML)with distributed ledger technology.Our contribution focused on three factors,Quantum-resistant feature engineering using theUNSW-NB15 dataset adapted for solar infrastructure anomalies.An enhanced Light Gradient Boosting Machine(LightGBM)classifier with blockchain-validated decision thresholds,and A cryptographic proof-of-threat(PoT)consensus mechanism for cyber attack verification.The proposed Immutable LightGBM model with majority voting and cryptographic feature encoding achieves 96.9% detection accuracy with 0.97 weighted average of precision,recall and F1-score,outperforming conventional intrusion detection systems(IDSs)by 12.7% in false positive reduction.The blockchain layer demonstrates a 2.4-s average block confirmation time with 256-bit SHA-3 hashing,enabling real-time threat logging in photovoltaic networks.Experimental results improve in attack traceability compared to centralized security systems,establishing new benchmarks for trustworthy anomaly detection in smart grid infrastructures.This study also compared traditional and hybrid ML based blockchian driven IDSs and attained better classification results.The proposed framework not only delivers a resilient,adaptable threat mitigation system(TMS)for Industry 4.0 solar powered infrastructure but also attains high explainability,scalability with tamper-proof logs,and remarkably exceptional ability of endurance to cyber attacks.
文摘This study investigates the critical intersection of cyberpsychology and cybersecurity policy development in small and medium-sized enterprises (SMEs). Through a mixed-methods approach incorporating surveys of 523 employees across 78 SMEs, qualitative interviews, and case studies, the research examines how psychological factors influence cybersecurity behaviors and policy effectiveness. Key findings reveal significant correlations between psychological factors and security outcomes, including the relationship between self-efficacy and policy compliance (r = 0.42, p β = 0.37, p < 0.001). The study identifies critical challenges in risk perception, policy complexity, and organizational culture affecting SME cybersecurity implementation. Results demonstrate that successful cybersecurity initiatives require the integration of psychological principles with technical solutions. The research provides a framework for developing human-centric security policies that address both behavioral and technical aspects of cybersecurity in resource-constrained environments.
文摘The increasing sophistication of cyberattacks,coupled with the limitations of rule-based detection systems,underscores the urgent need for proactive and intelligent cybersecurity solutions.Traditional intrusion detection systems often struggle with detecting early-stage threats,particularly in dynamic environments such as IoT,SDNs,and cloud infrastructures.These systems are hindered by high false positive rates,poor adaptability to evolving threats,and reliance on large labeled datasets.To address these challenges,this paper introduces CyberGuard-X,an AI-driven framework designed to identify attack precursors—subtle indicators of malicious intent—before full-scale intrusions occur.CyberGuard-X integrates anomaly detection,time-series analysis,and multi-stage classification within a scalable architecture.The model leverages deep learning techniques such as autoencoders,LSTM networks,and Transformer layers,supported by semi-supervised learning to enhance detection of zero-day and rare threats.Extensive experiments on benchmark datasets(CICIDS2017,CSE-CIC-IDS2018,and UNSW-NB15)demonstrate strong results,including 96.1%accuracy,94.7%precision,and 95.3%recall,while achieving a zero-day detection rate of 84.5%.With an inference time of 12.8 ms and 34.5%latency reduction,the model supports real-time deployment in resource-constrained environments.CyberGuard-X not only surpasses baseline models like LSTM and Random Forest but also enhances proactive threat mitigation across diverse network settings.
文摘Taking the cooperation between China and Pakistan as an example,this paper expounds on the current situation,governance concept,obstacles to cooperation,and differentiated policies of Western countries in the areas of cybersecurity,the role of new e-commerce platforms,and digital sovereignty of BRICS countries.It aims to promote inter-governmental cooperation through civil dialogue and lead information technology cooperation among developing countries through the BRICS mechanism,as well as to collaborate to establish guidelines for global cybersecurity,new e-commerce platforms,and digital sovereignty.
基金funded under the Horizon Europe AI4CYBER Projectwhich has received funding from the European Union’s Horizon Europe Research and Innovation Programme under grant agreement No.101070450.
文摘The growing sophistication of cyberthreats,among others the Distributed Denial of Service attacks,has exposed limitations in traditional rule-based Security Information and Event Management systems.While machine learning–based intrusion detection systems can capture complex network behaviours,their“black-box”nature often limits trust and actionable insight for security operators.This study introduces a novel approach that integrates Explainable Artificial Intelligence—xAI—with the Random Forest classifier to derive human-interpretable rules,thereby enhancing the detection of Distributed Denial of Service(DDoS)attacks.The proposed framework combines traditional static rule formulation with advanced xAI techniques—SHapley Additive exPlanations and Scoped Rules-to extract decision criteria from a fully trained model.The methodology was validated on two benchmark datasets,CICIDS2017 and WUSTL-IIOT-2021.Extracted rules were evaluated against conventional Security Information and Event Management Systems rules with metrics such as precision,recall,accuracy,balanced accuracy,and Matthews Correlation Coefficient.Experimental results demonstrate that xAI-derived rules consistently outperform traditional static rules.Notably,the most refined xAI-generated rule achieved near-perfect performance with significantly improved detection of DDoS traffic while maintaining high accuracy in classifying benign traffic across both datasets.
文摘With the rapid development of information technology, the deep integration of the financial sector and the internet has become a key driving force for economic growth. However, while this trend brings convenience, it also poses significant cybersecurity challenges to the financial sector. This study comprehensively analyzes the current state, challenges, and protective measures of cybersecurity in the financial sector, aiming to provide important references for financial institutions in formulating cybersecurity strategies and enhancing risk management.
基金supported in part by the 2024 Core General Education Course Construction Project of Beijing Union University,titled“Cybersecurity:Exploring the World of White Hat Hackers”the 2025 Educational Science Research Project of Beijing Union University(JK202514)+1 种基金the General Project of Science and Technology Program of Beijing Municipal Education Commission under Grant KM201911417011the Academic Research Projects of Beijing Union University(ZK30202407).
文摘Strengthening cybersecurity education for college students holds significant importance in achieving the strategic goal of building China into a cyber power.This article begins by discussing the significance and necessity of implementing cybersecurity education for university students.Drawing on disciplinary characteristics and student learning analysis,it presents a comprehensive construction process and countermeasures for a general cybersecurity education course,covering aspects such as teaching content development,teaching resource creation,and pedagogical approaches.The aim is to provide reference and guidance for other universities in developing general cybersecurity education courses.
基金2025 Foshan Social Science Planning Project,“Research on Pathways for Enhancing Cybersecurity Awareness Among Foshan Community Residents Empowered by Digital and Intelligent Technologies”(Project No.:2025-GJ091)。
文摘The proliferation of smart communities in Foshan has led to increasingly diverse and prevalent cybersecurity risks for residents.This trend has rendered traditional cybersecurity education models inadequate in addressing the challenges of the digital era.Guided by the theory of collaborative governance and the framework of digital transformation,this paper examines the multi-stakeholder collaborative mechanism involving the government,businesses,community organizations,universities,and residents.It subsequently proposes a series of implementation strategies such as digitizing educational content,intellectualizing platforms,contextualizing delivery methods,and refining management precision.Studies demonstrate that this model enables effective resource integration,improves educational precision,and boosts resident engagement.It represents a fundamental shift from unilateral dissemination to multi-party interaction and from decentralized management to collaborative synergy,offering a replicable“Foshan Model”for digital governance at the community level.
文摘In the wake of increased cybercrime against insufficient cybersecurity professionals, there is an urgent need to bridge the skill-gap. The demand for skilled and experienced (approximately 40,000 to 50,000) cybersecurity professionals in Kenya is soaring all-time high. This demand is against the available 1700 certified professionals. Therefore, this paper seeks to bring to fore interventions put in place to address the skill gap through curriculum interventions. In order to get a clear understanding, the paper sought to determine the status of cybersecurity skill gap in Kenya and what universities are doing to address the gap. The paper also sought to propose the way forward to close the skill gap. This is a seminal review paper in the field of cybersecurity in Kenya focusing on institutions of higher learning and the interventions to address the cybersecurity skill gap. This research is significant to the general institutions of higher learning in both private and public universities. Results show that the cybersecurity skill gap is very high in Kenya. Interventions being offered by universities include partnerships with private cybersecurity organizations, offering cybersecurity certification training hackathons, and degree programs. However, it was established that only 13.2% of registered universities that offer cybersecurity degree programs in Kenya. The paper therefore strongly recommends launch of cybersecurity programs at the levels of undergraduate and graduate in many universities. This can therefore be augmented with other interventions such as certifications, hackathons and partnerships. Further research can be conducted to establish factors affecting the launch of cybersecurity programs in institutions of higher learning in Kenya. A further research can also be conducted to determine the effect of supplementary cybersecurity trainings such as hackathons and certifications.
基金supported in part by the National Natural Sciences Foundation of China(62072111)。
文摘Estimating the global state of a networked system is an important problem in many application domains.The classical approach to tackling this problem is the periodic(observation)method,which is inefficient because it often observes states at a very high frequency.This inefficiency has motivated the idea of event-based method,which leverages the evolution dynamics in question and makes observations only when some rules are triggered(i.e.,only when certain conditions hold).This paper initiates the investigation of using the event-based method to estimate the equilibrium in the new application domain of cybersecurity,where equilibrium is an important metric that has no closed-form solutions.More specifically,the paper presents an event-based method for estimating cybersecurity equilibrium in the preventive and reactive cyber defense dynamics,which has been proven globally convergent.The presented study proves that the estimated equilibrium from our trigger rule i)indeed converges to the equilibrium of the dynamics and ii)is Zeno-free,which assures the usefulness of the event-based method.Numerical examples show that the event-based method can reduce 98%of the observation cost incurred by the periodic method.In order to use the event-based method in practice,this paper investigates how to bridge the gap between i)the continuous state in the dynamics model,which is dubbed probability-state because it measures the probability that a node is in the secure or compromised state,and ii)the discrete state that is often encountered in practice,dubbed sample-state because it is sampled from some nodes.This bridge may be of independent value because probability-state models have been widely used to approximate exponentially-many discrete state systems.
基金the Deanship of Scientific Research at Majmaah University for supporting this work under Project Number No-R-14xx-4x.
文摘Today,security is a major challenge linked with computer network companies that cannot defend against cyber-attacks.Numerous vulnerable factors increase security risks and cyber-attacks,including viruses,the internet,communications,and hackers.Internets of Things(IoT)devices are more effective,and the number of devices connected to the internet is constantly increasing,and governments and businesses are also using these technologies to perform business activities effectively.However,the increasing uses of technologies also increase risks,such as password attacks,social engineering,and phishing attacks.Humans play a major role in the field of cybersecurity.It is observed that more than 39%of security risks are related to the human factor,and 95%of successful cyber-attacks are caused by human error,with most of them being insider threats.The major human factor issue in cybersecurity is a lack of user awareness of cyber threats.This study focuses on the human factor by surveying the vulnerabilities and reducing the risk by focusing on human nature and reacting to different situations.This study highlighted that most of the participants are not experienced with cybersecurity threats and how to protect their personal information.Moreover,the lack of awareness of the top three vulnerabilities related to the human factor in cybersecurity,such as phishing attacks,passwords,attacks,and social engineering,are major problems that need to be addressed and reduced through proper awareness and training.
文摘This article is dedicated to the creation of the analytical model of quantitative estimation of cybersecurity of Information Systems of Critical Infrastructure (ISCI). The model takes into consideration the existence, in the discussed ISCI, of both the intelligent tools of detection, analysis and identification of threats and vulnerabilities and means for restauration and elimination of their consequences. The development of the model also takes into consideration probabilistic nature of flow of events happening in ISCI and transferring the system between different states of cybersecurity. Among such probabilistic events we mean any operational perturbations (that can cause extreme situations) happening in ISCI under the influence of cyber-threats, as well as events concerning restoration and elimination of consequences of such cyber-threats. In this work, as methods of modelling, there have been used methods of system-oriented analysis based on theory of probability, theory of reliability and theory of queues. These methods enabled to describe analytically dependence of effectiveness indices of ISCI operation on abovementioned probabilistic processes.
文摘This paper explores the convergence of Saudi Arabia’s Vision 2030 with the increasing dependence on the Internet for educational purposes. It sheds light on the potential cybersecurity risks and how parental perception impacts children’s willingness to adapt cybersecurity features. By instilling the significance of cybersecurity awareness in early stages, society can provide children with the necessary skills to navigate the digital realm responsibly. As we progress, ongoing research and collaborative endeavors will be pivotal in formulating effective strategies to shield the digital generation from the potential pitfalls of the virtual realm. Regular Internet usage is essential for various purposes such as communication, education, and leisure. The cohorts of Generation Z and Alpha were born during a period of exponential Internet growth, leading them to heavily engage with the Internet. Consequently, they are equally vulnerable to cybersecurity threats just like adults. Addressing potential security risks for today’s youth becomes the responsibility of parents as the primary line of defense. This research focuses on raising awareness about the imperative of ensuring children’s safety in the online sphere, particularly by their parents. The study is conducted within the specific context of Saudi Arabia, aiming to examine how Saudi parents’ perception of cybersecurity influences their children’s cyber safety. The study identifies critical factors, including attitudes towards cybersecurity, awareness of cybersecurity, and prevailing social norms regarding cybersecurity. These factors contribute to the development of parents’ intention to prioritize cybersecurity, which consequently affects their children’s behaviors in the digital realm. Utilizing a quantitative approach based on a questionnaire, the study employs a Structural Equation Modeling (SEM) framework to analyze the collected data. The study’s findings underscore that parents’ intent towards cybersecurity plays a significant role in shaping their children’s behavior concerning cyber safety.
