Darlington Chigozie Okeke^*

Journal of Cyber Security, Vol.8, pp. 319-356, 2026, DOI:10.32604/jcs.2026.080477 - 08 June 2026

Abstract Background: The evolution of modern networked systems in complexity, volume, and diversity has markedly increased the cyber-attack area. Conventional signature-based intrusion detection systems (IDS) will no longer be adequate for identifying advanced threats. A data-driven, adaptive approach that can identify malicious network activity is provided by machine learning (ML) techniques. This review aims to study, compare, and analyze ML-based approaches in IDS and improve the security defense mechanism. Methods: This systematic review followed the PRISMA 2020 guidelines. ML-based IDS peer-reviewed papers were identified from five scientific databases. Abstracts, full texts, and titles were filtered using… More >

Darlington Chigozie Okeke^*

Journal of Cyber Security, Vol.8, pp. 281-317, 2026, DOI:10.32604/jcs.2026.079750 - 29 May 2026

Abstract Phishing has become the most common cybersecurity threat and increasingly exploits human factors rather than technical vulnerabilities. This study examined the relationships between cybersecurity awareness, training frequency, user cyber-hygiene behaviour, organisational culture, risk perception, and self-reported phishing vulnerability and the theoretical basis of this research is the Technology Threat Avoidance Theory (TTAT). A quantitative correlational design was used for data collection and analysis with Pearson correlation in structured questionnaires. The results indicated that the five independent variables have a significant positive relationship with phishing vulnerability. The increased awareness and regular training correlate with greater recognition… More >

Ali Lamjid^1,*, Khairul Akram Zainol Ariffin^1,*, Mohd Juzaiddin Ab Aziz², Nor Samsiah Sani³

Journal of Cyber Security, Vol.8, pp. 211-240, 2026, DOI:10.32604/jcs.2026.077850 - 25 May 2026

Abstract The convergence of Operational Technology (OT) and Information Technology (IT) within Critical Infrastructures gives rise to complex and heterogeneous network architectures in the Industrial Internet of Things (IIoT). Traditional Intrusion Detection Systems (IDS), designed for conventional IT environments, are suited for mitigating vulnerabilities inherent in these systems; however, they often fail to address vulnerabilities intrinsic to heterogeneous IIoT architectures, most notably adversarial threats. To address this challenge, this study undertakes a systematic review of 23 representative papers published between 2016 and 2025, analyzing the IIoT-based IDS approaches. Distinguishing itself from existing reviews, this work classifies More >

Haitian Du^*

Journal of Cyber Security, Vol.8, pp. 241-279, 2026, DOI:10.32604/jcs.2026.075976 - 25 May 2026

Abstract Modern cyberattacks evolve rapidly, overwhelming static and rule-based defenses. This paper proposes GenAI-Powered Autonomous Cyber Offense-Defense, a closed-loop framework in which large language models (LLMs) control both a red-team attacker and a blue-team defender. The agents operate in a simulated enterprise network, generate natural-language rationales for every action, and update defensive policies through a self-adaptive learning loop. We instantiate the framework with LLM-based agents that plan multi-stage attacks, detect anomalies, and autonomously execute containment and hardening actions. In experiments on a three-host virtualized testbed and a scalable multi-node emulation, the adaptive blue agent reduces the More >

Zheng Yang¹, Hua Zhu^1,*, Zhao Li², Gang Wang³, Meng Su¹

Journal of Cyber Security, Vol.8, pp. 189-210, 2026, DOI:10.32604/jcs.2026.078232 - 18 May 2026

Abstract The rapid integration of IoT technologies in modern power systems, while enhancing operational efficiency, has introduced critical cybersecurity vulnerabilities. The proliferation of interconnected terminal devices across diverse operational domains has escalated cybersecurity risks, particularly from sophisticated malware attacks targeting critical grid infrastructure. These threats manifest through Application Programming Interface (API) call hijacking, command injection in industrial control protocols, and evasion of conventional signature-based detection systems. To address these challenges, this paper proposes a novel malware detection framework specifically designed for power IoT ecosystems. First, a malware detection model based on long short-term memory network (LSTM)… More >

Benedict Djouboussi^1,*, Elie Fute Tagne^1,2

Journal of Cyber Security, Vol.8, pp. 171-187, 2026, DOI:10.32604/jcs.2026.079617 - 15 April 2026

Abstract The Distributed Network Protocol 3 (DNP3) is widely deployed in SCADA-based microgrids; however, it was not originally designed to meet the cybersecurity requirements of modern decentralized energy infrastructures. Although DNP3 Secure Authentication (DNP3-SA) introduces HMAC-based session-level protection, it does not ensure fragment-level integrity, leaving the protocol vulnerable to fragmentation disruption, replay attacks, and sequence manipulation. Such vulnerabilities can cause desynchronization between master and outstation devices, compromising the operational reliability of distributed energy resources. This paper proposes DNP3Chain, a blockchain-enabled framework that provides real-time fragment-level validation and enforces end-to-end message integrity in DNP3 communications. An OpenDNP3-based… More >

Zakaria S. M. Abdelhalim^*, Nahla Belal, Mohamed Seifeldin

Journal of Cyber Security, Vol.8, pp. 153-169, 2026, DOI:10.32604/jcs.2026.079097 - 06 April 2026

Abstract The rapid expansion of IoT and cloud services has increased the scale and complexity of modern networks, making intrusion detection challenging. Although deep learning-based Network Intrusion Detection Systems (NIDS) often report high accuracy, such metrics can be misleading on highly imbalanced datasets, where performance is dominated by majority classes and rare attacks remain poorly detected. This issue stems from global optimization strategies that encourage models to rely on dominant feature patterns, limiting their ability to capture the class-specific features required to identify infrequent attack types. To address this limitation, this work proposes a domain knowledge-guided… More >

Richard Mathenge^*, Catherine Mukunga, Ephantus Mwangi

Journal of Cyber Security, Vol.8, pp. 129-151, 2026, DOI:10.32604/jcs.2026.077183 - 11 March 2026

Abstract The rapid digitization of microfinance institutions (MFIs) has strengthened financial inclusion but has simultaneously increased exposure to phishing attacks and other cybersecurity threats driven by organizational, technical, and human vulnerabilities. Grounded in socio-technical systems theory, this systematic analysis evaluates AI-based mitigation strategies, with particular emphasis on gated recurrent unit (GRU) architectures. It compares them with Transformer and LSTM models. GRUs are prioritized due to their computational efficiency and suitability for low-resource environments typical of digital MFIs. Following PRISMA 2020 guidelines, 32 empirical studies published between January 2012 and April 2025 were analyzed from the Web… More >

Mostafa Mohamed Ahmed Mohamed Alsaedy^1,*, Haitham A. Ghalwash²

Journal of Cyber Security, Vol.8, pp. 111-127, 2026, DOI:10.32604/jcs.2026.077021 - 24 February 2026

Abstract Mobile payment applications processed trillions of dollars globally in 2024, making them extremely profitable targets for attackers exploiting Android manifest vulnerabilities. Current security solutions demonstrate critical weaknesses; previous hardware-attestation frameworks, such as SafetyNet, demonstrated susceptibility to evasion by sophisticated dynamic instrumentation tools. While the Google Play Integrity API improves upon this baseline, it adds noticeable latency overhead, and traditional code signing cannot detect runtime permission manipulations. This research introduces SM-AAPIV (Split Merkle Android Apps Permissions Integrity Verifier), a novel cryptographic framework that partitions Merkle tree verification across hardware-isolated segments using the Android Keystore, achieving 99.89%… More >

Kwabena Owusu-Mensah^*, Edward Danso Ansong , Kofi Sarpong Adu-Manu, Winfred Yaokumah

Journal of Cyber Security, Vol.8, pp. 33-92, 2026, DOI:10.32604/jcs.2026.074265 - 20 January 2026

Abstract The rapid growth of digital payment systems and remote financial services has led to a significant increase in Card-Not-Present (CNP) fraud, which is now the primary source of card-related losses worldwide. Traditional rule-based fraud detection methods are becoming insufficient due to several challenges, including data imbalance, concept drift, privacy concerns, and limited interpretability. In response to these issues, a systematic review of twenty-four CNP fraud detection frameworks developed between 2014 and 2025 was conducted. This review aimed to identify the technologies, strategies, and design considerations necessary for adaptive solutions that align with evolving regulatory standards.… More >