Benedict Djouboussi^1,*, Elie Fute Tagne^1,2

Journal of Cyber Security, Vol.8, pp. 171-187, 2026, DOI:10.32604/jcs.2026.079617 - 15 April 2026

Abstract The Distributed Network Protocol 3 (DNP3) is widely deployed in SCADA-based microgrids; however, it was not originally designed to meet the cybersecurity requirements of modern decentralized energy infrastructures. Although DNP3 Secure Authentication (DNP3-SA) introduces HMAC-based session-level protection, it does not ensure fragment-level integrity, leaving the protocol vulnerable to fragmentation disruption, replay attacks, and sequence manipulation. Such vulnerabilities can cause desynchronization between master and outstation devices, compromising the operational reliability of distributed energy resources. This paper proposes DNP3Chain, a blockchain-enabled framework that provides real-time fragment-level validation and enforces end-to-end message integrity in DNP3 communications. An OpenDNP3-based… More >

Zakaria S. M. Abdelhalim^*, Nahla Belal, Mohamed Seifeldin

Journal of Cyber Security, Vol.8, pp. 153-169, 2026, DOI:10.32604/jcs.2026.079097 - 06 April 2026

Abstract The rapid expansion of IoT and cloud services has increased the scale and complexity of modern networks, making intrusion detection challenging. Although deep learning-based Network Intrusion Detection Systems (NIDS) often report high accuracy, such metrics can be misleading on highly imbalanced datasets, where performance is dominated by majority classes and rare attacks remain poorly detected. This issue stems from global optimization strategies that encourage models to rely on dominant feature patterns, limiting their ability to capture the class-specific features required to identify infrequent attack types. To address this limitation, this work proposes a domain knowledge-guided… More >

Richard Mathenge^*, Catherine Mukunga, Ephantus Mwangi

Journal of Cyber Security, Vol.8, pp. 129-151, 2026, DOI:10.32604/jcs.2026.077183 - 11 March 2026

Abstract The rapid digitization of microfinance institutions (MFIs) has strengthened financial inclusion but has simultaneously increased exposure to phishing attacks and other cybersecurity threats driven by organizational, technical, and human vulnerabilities. Grounded in socio-technical systems theory, this systematic analysis evaluates AI-based mitigation strategies, with particular emphasis on gated recurrent unit (GRU) architectures. It compares them with Transformer and LSTM models. GRUs are prioritized due to their computational efficiency and suitability for low-resource environments typical of digital MFIs. Following PRISMA 2020 guidelines, 32 empirical studies published between January 2012 and April 2025 were analyzed from the Web… More >

Mostafa Mohamed Ahmed Mohamed Alsaedy^1,*, Haitham A. Ghalwash²

Journal of Cyber Security, Vol.8, pp. 111-127, 2026, DOI:10.32604/jcs.2026.077021 - 24 February 2026

Abstract Mobile payment applications processed trillions of dollars globally in 2024, making them extremely profitable targets for attackers exploiting Android manifest vulnerabilities. Current security solutions demonstrate critical weaknesses; previous hardware-attestation frameworks, such as SafetyNet, demonstrated susceptibility to evasion by sophisticated dynamic instrumentation tools. While the Google Play Integrity API improves upon this baseline, it adds noticeable latency overhead, and traditional code signing cannot detect runtime permission manipulations. This research introduces SM-AAPIV (Split Merkle Android Apps Permissions Integrity Verifier), a novel cryptographic framework that partitions Merkle tree verification across hardware-isolated segments using the Android Keystore, achieving 99.89%… More >

Kwabena Owusu-Mensah^*, Edward Danso Ansong , Kofi Sarpong Adu-Manu, Winfred Yaokumah

Journal of Cyber Security, Vol.8, pp. 33-92, 2026, DOI:10.32604/jcs.2026.074265 - 20 January 2026

Abstract The rapid growth of digital payment systems and remote financial services has led to a significant increase in Card-Not-Present (CNP) fraud, which is now the primary source of card-related losses worldwide. Traditional rule-based fraud detection methods are becoming insufficient due to several challenges, including data imbalance, concept drift, privacy concerns, and limited interpretability. In response to these issues, a systematic review of twenty-four CNP fraud detection frameworks developed between 2014 and 2025 was conducted. This review aimed to identify the technologies, strategies, and design considerations necessary for adaptive solutions that align with evolving regulatory standards.… More >

Fatemeh Ahmadi Abkenari^*, Melika Zandi, Shanmugapriya Gopalakrishnan

Journal of Cyber Security, Vol.8, pp. 93-109, 2026, DOI:10.32604/jcs.2026.074197 - 20 January 2026

Abstract Nowadays, cyberattacks are considered a significant threat not only to the reputation of organizations through the theft of customers’ data or reducing operational throughput, but also to their data ownership and the safety and security of their operations. In recent decades, machine learning techniques have been widely employed in cybersecurity research to detect various types of cyberattacks. In the domain of cybersecurity data, and especially in Trojan detection datasets, it is common for datasets to record multiple statistical measures for a single concept. We referred to them as SWMF features in this paper, which include… More >

Samuel Acheme^*, Glory Nosawaru Edegbe

Journal of Cyber Security, Vol.8, pp. 1-31, 2026, DOI:10.32604/jcs.2026.073923 - 07 January 2026

Abstract Federated learning (FL) enables collaborative model training across decentralized datasets, thus maintaining the privacy of training data. However, FL remains vulnerable to malicious actors, posing significant risks in privacy-sensitive domains like healthcare. Previous machine learning trust frameworks, while promising, often rely on resource-intensive blockchain ledgers, introducing computational overhead and metadata leakage risks. To address these limitations, this study presents a novel Decentralized Identity (DID) framework for mutual authentication that establishes verifiable trust among participants in FL without dependence on centralized authorities or high-cost blockchain ledgers. The proposed system leverages Decentralized Identifiers (DIDs) and Verifiable Credentials… More >

MD Hamid Borkot Tulla^1,*, MD Moniur Rahman Ratan², Rashid MD Mamunur³, Abdullah Hil Safi Sohan⁴, MD Matiur Rahman⁵

Journal of Cyber Security, Vol.7, pp. 675-691, 2025, DOI:10.32604/jcs.2025.074737 - 24 December 2025

Abstract Phishing is considered one of the most widespread cybercrimes due to the fact that it combines both technical and human vulnerabilities with the intention of stealing sensitive information. Traditional blacklist and heuristic-based defenses fail to detect such emerging attack patterns; hence, intelligent and transparent detection systems are needed. This paper proposes an explainable machine learning framework that integrates predictive performance with regulatory accountability. Four models were trained and tested on a balanced dataset of 10,000 URLs, comprising 5000 phishing and 5000 legitimate samples, each characterized by 48 lexical and content-based features: Decision Tree, XGBoost, Logistic… More >

Sapan Pandya^*

Journal of Cyber Security, Vol.7, pp. 637-651, 2025, DOI:10.32604/jcs.2025.073670 - 24 December 2025

Abstract Ransomware has evolved from opportunistic malware into a global economic weapon, crippling critical services and extracting billions in illicit revenue. While most research has centered on enterprise networks and healthcare systems, an equally vulnerable frontier is emerging in lottery and betting kiosks—self-service financial Internet of Things (IoT) devices that handle billions of dollars annually. These terminals operate unattended, rely on legacy operating systems, and interact with sensitive transactional data, making them prime ransomware targets. This paper introduces a Resilient Security Framework (RSF) for kiosks under ransomware threat conditions. RSF integrates three defensive layers: (1) prevention… More >

Mostafa Mohamed Ahmed Mohamed Alsaedy^1,*, Atef Zaki Ghalwash¹, Aliaa Abd Elhalim Yousif², Safaa Magdy Azzam¹

Journal of Cyber Security, Vol.7, pp. 653-674, 2025, DOI:10.32604/jcs.2025.073547 - 24 December 2025

Abstract Mobile financial applications and payment systems face significant security challenges from reverse engineering attacks. Attackers can decompile Android Package Kit (APK) files, modify permissions, and repackage applications with malicious capabilities. This work introduces E-AAPIV (Enhanced Android Apps Permissions Integrity Verifier), an advanced framework that uses Merkle Tree technology for real-time manifest integrity verification. The proposed system constructs cryptographic Merkle Tree from AndroidManifest.xml permission structures. It establishes secure client-server connections using Elliptic Curve Diffie-Hellman Protocol (ECDH-P384) key exchange. Root hashes are encrypted with Advanced Encryption Standard-256-Galois/Counter Mode (AES-256-GCM), integrated with hardware-backed Android Keystore for enhanced security. More >