Josh McNett¹, Jackie McNett^2,*

Journal of Cyber Security, Vol.7, pp. 279-306, 2025, DOI:10.32604/jcs.2025.067514 - 25 July 2025

Abstract This review explores the implementation and effectiveness of continuous evaluation programs in managing and mitigating insider threats within organizations. Continuous evaluation programs involve the ongoing assessment of individuals’ suitability for access to sensitive information and resources by monitoring their behavior, access patterns, and other indicators in real-time. The review was conducted using a comprehensive search across various academic and professional databases, including IEEE Xplore, SpringerLink, and Google Scholar and papers were selected from a time span of 2015–2023. The review outlines the importance of defining the scope and objectives of such programs, which should include… More >

Hossana Maghiri Sufficient^*, Abdulazeez Murtala Mohammed, Bashir Danjuma

Journal of Cyber Security, Vol.7, pp. 239-253, 2025, DOI:10.32604/jcs.2025.066312 - 14 July 2025

Abstract The rapid integration of artificial intelligence (AI) into ethical hacking practices has transformed vulnerability discovery and threat mitigation; however, it raises pressing ethical questions regarding responsibility, justice, and privacy. This paper presents a PRISMA-guided systematic review of twelve peer-reviewed studies published between 2015 and March 2024, supplemented by Braun and Clarke’s thematic analysis, to map four core challenges: (1) autonomy and human oversight, (2) algorithmic bias and mitigation strategies, (3) data privacy preservation mechanisms, and (4) limitations of General Data Protection Regulation (GDPR) and the European Union’s AI Act in addressing AI-specific risks, alongside the… More >

Qiang Xiong^*, Jianlong Zhang, Qianwen Song

Journal of Cyber Security, Vol.7, pp. 255-277, 2025, DOI:10.32604/jcs.2025.065625 - 14 July 2025

Abstract In the domain of information security outsourcing, the multi-stage game-theoretic decision-making process, intertwined with moral hazard and dynamic strategy adjustments, significantly impacts the long-term collaboration between the principal (outsourcing enterprise) and the contractor (Managed Security Service Provider—MSSP). This paper conducts a comprehensive analysis of these aspects within information security outsourcing partnerships. A multi-stage game model incorporating moral hazard is constructed to meticulously examine the strategic behaviors and expected revenue fluctuations of both parties across different cooperation stages. Through in-depth model derivation, the impacts of service fees, cooperation-stage progression, and long-term cooperation on expected revenues are… More >

Harri Renney^1,*, Isaac V Chenchiah², Maxim Nethercott¹, Rohini Paligadu¹, James Lang¹

Journal of Cyber Security, Vol.7, pp. 221-238, 2025, DOI:10.32604/jcs.2025.064958 - 14 July 2025

Abstract In recent years, the field of cybersecurity has expanded to encompass a deeper understanding of best practices, user behaviour, and the tactics, motivations, and targets of threat actors. At the same time, there is growing interest in how cyber data analytics can support informed decision-making at senior levels. Despite the broader advancements, the field still lacks a robust scientific foundation for accurately calculating cyber vulnerability risk. Consequently, vulnerabilities in hardware and software systems often remain unaddressed for extended periods, undermining the effectiveness of risk mitigation efforts. This paper seeks to address the gap in vulnerability… More >

Manzheng Yuan^1,2, Kai Yang^2,*

Journal of Cyber Security, Vol.7, pp. 197-219, 2025, DOI:10.32604/jcs.2025.066089 - 07 July 2025

Abstract Currently, network intrusion detection systems (NIDS) face significant challenges in feature redundancy and high computational complexity, which hinder the improvement of detection performance and significantly reduce operational efficiency. To address these issues, this paper proposes an innovative weighted feature selection method combining mutual information and Extreme Gradient Boosting (XGBoost). This method aims to leverage their strengths to identify crucial feature subsets for intrusion detection accurately. Specifically, it first calculates the mutual information scores between features and target variables to evaluate individual discriminatory capabilities of features and uses XGBoost to obtain feature importance scores reflecting their… More >

Issah Zabsonre Alhassan^1,2,*, Gaddafi Abdul-Salaam¹, Michael Asante¹, Yaw Marfo Missah¹, Alimatu Sadia Shirazu¹

Journal of Cyber Security, Vol.7, pp. 165-196, 2025, DOI:10.32604/jcs.2025.063529 - 07 July 2025

Abstract Pseudorandom number generators (PRNGs) are foundational to modern cryptography, yet existing approaches face critical trade-offs between cryptographic security, computational efficiency, and adaptability to emerging threats. Traditional PRNGs (e.g., Mersenne Twister, LCG) remain widely used in low-security applications despite vulnerabilities to predictability attacks, while machine learning (ML)-driven and chaos-based alternatives struggle to balance statistical robustness with practical deployability. This study systematically evaluates traditional, chaos-based, and ML-driven PRNGs to identify design principles for next-generation systems capable of meeting the demands of high-security environment like blockchain and IoT. Using a framework that quantifies cryptographic robustness (via NIST SP… More >

Naif Alsharabi^1,*, Akashdeep Bhardwaj^2,*

Journal of Cyber Security, Vol.7, pp. 135-163, 2025, DOI:10.32604/jcs.2025.064019 - 18 June 2025

Abstract In a world driven by unwavering moral principles rooted in ethics, the widespread exploitation of human beings stands universally condemned as abhorrent and intolerable. Traditional methods employed to identify, prevent, and seek justice for human trafficking have demonstrated limited effectiveness, leaving us confronted with harrowing instances of innocent children robbed of their childhood, women enduring unspeakable humiliation and sexual exploitation, and men trapped in servitude by unscrupulous oppressors on foreign shores. This paper focuses on human trafficking and introduces intelligent technologies including graph database solutions for deciphering unstructured relationships and entity nodes, enabling the comprehensive More >

Ananya Jha¹, Amaresh Jha^2,*

Journal of Cyber Security, Vol.7, pp. 109-134, 2025, DOI:10.32604/jcs.2025.064429 - 30 May 2025

Abstract This paper explores the methodologies employed in the study of mobile and social media phishing, aiming to enhance the understanding of these evolving threats and develop robust countermeasures. By synthesizing existing research, we identify key approaches, including surveys, controlled experiments, data mining, and machine learning, to gather and analyze data on phishing tactics. These methods enable us to uncover patterns in attacker behavior, pinpoint vulnerabilities in mobile and social platforms, and evaluate the effectiveness of current detection and prevention strategies. Our findings highlight the growing sophistication of phishing techniques, such as social engineering and deceptive More >

Kagiso Komane^1,*, Lucas Khoza², Fani Radebe¹

Journal of Cyber Security, Vol.7, pp. 79-108, 2025, DOI:10.32604/jcs.2025.059712 - 20 May 2025

Abstract Financial support, government support, cyber hygiene, and ongoing education and training as well as parental guidance and supervision are all essential components of cybersecurity awareness (CSA) identified in this study among the youth. It’s critical to realize that adequate funding is needed to effectively increase CSA, particularly among South African youth. Previous studies have demonstrated several ways to address inadequate CSA by utilizing various cybersecurity frameworks, ideas, and models. To increase CSA, this literature review seeks to emphasize the significance of integrating cybersecurity education throughout the entire school curriculum. This paper identified ethical issues, protection… More >

David Conway, Paolina Centonze^*

Journal of Cyber Security, Vol.7, pp. 71-78, 2025, DOI:10.32604/jcs.2025.063711 - 14 May 2025

Abstract Ransomware is a variant of malicious software that aims to encrypt data or whole systems to lock out the intended users. The attackers then demand a ransom for the decryption key to allow the intended users access to their data or system again. Ransomware attacks have the potential to be used against industries like healthcare and finance, as well as against the public sector, have threatened and forced the operations of key infrastructure used by millions to cease, and extorted millions and millions of dollars from victims. Automated methods have been designed and implemented to More >