Journal of Cybersecurity and Information Management

The increasing sophistication of ransomware and zero-day attacks demands advanced intrusion detection systems. This paper proposes a hybrid deep learning model that combines Temporal Convolutional Networks (TCN) and Long Short-Term Memory (LSTM) networks, augmented with Principal Component Analysis (PCA) for feature selection. Evaluated on the UGRansome dataset, our hybrid TCN-LSTM-PCA model achieves superior performance compared to standalone LSTM, TCN-PCA, and LSTM-PCA baselines, attaining 98.82% accuracy (a 4.09 percentage-point improvement over LSTM-PCA) and 0.99 F1-score across all attack classes while maintaining computational efficiency at 13 seconds per epoch. The architecture’s effectiveness stems from its synergistic design: TCN layers capture local temporal patterns in network traffic, while LSTM modules model long-range attack sequences. PCA preprocessing reduces feature dimensionality by 83%, retaining seven critical indicators including Netflow Bytes and Protocol flags that collectively explain 92% of variance. Experimental results demonstrate exceptional robustness, with only 0.18% misclassification between attack categories and consistent performance across ransomware variants. This study sets a new state of the art in real-time threat detection, delivering an efficient hybrid architecture that satisfies practical deployment constraints while achieving 98.82% accuracy and 0.99 precision, thereby striking a strong accuracy–efficiency balance.

Phishing attacks remain a persistent and ever-evolving threat to both networked systems and their users' privacy. In response to this formidable challenge, our research delves into an innovative approach designed to enhance the precision of phishing Uniform Resource Locator (URL) detection within the dynamic and programmable realm of Software-Defined Networks (SDNs). By harnessing feature selection capabilities and adaptive machine learning techniques, our proposed framework aims to fortify security measures in SDNs against these malicious campaigns. Our methodology's core is the deliberate selection of discriminative features from the extensive network data attributes. This feature selection process is meticulously designed to identify the most relevant characteristics associated with phishing URLs, thereby enabling the extraction of invaluable insights for more precise detection. These carefully chosen features then serve as inputs for a dynamic machine-learning model, trained to adapt and evolve alongside the constantly changing landscape of phishing attacks. Within the SDN environment, our framework optimizes utilizing network resources and controller processing power. It achieves this by reducing the dimensionality of input data, resulting in improved detection accuracy and a decrease in false positives. The adaptive nature of our machine-learning model ensures rapid recognition of emerging phishing tactics, thereby reducing the risk of succumbing to novel and sophisticated attacks. To validate the effectiveness of our approach, we conducted extensive experiments and evaluations within an SDN testbed, utilizing real-world phishing URL datasets. The results consistently demonstrate that our framework surpasses conventional methods, achieving higher detection accuracy and adaptability to evolving threats. In summary, our research represents a significant stride in the ongoing battle against phishing attacks by leveraging the dynamic capabilities of SDNs. The synergy between feature selection and adaptive machine learning techniques empowers SDNs to sustain accurate and effective phishing URL detection, ultimately reinforcing network security and safeguarding user privacy in an ever-evolving threat landscape.

Phishing is one of the most dominant forms of cybercrime, with over half a billion incidents occurring annually. It remains one of the most insidious forms of fraud due to its effectiveness. Phishing attacks are on the rise with increasingly deceptive tactics, often leading unwitting victims to divulge personal information. Phishing frauds also involve website phishing, which mimics legitimate sites. Despite the best user training and practices, people still fall for these frauds. The methodology of detecting phishing attacks using the blacklisting approach was not very effective since these URLs are active for a limited period. Hence, Machine Learning methods were used for detecting the phishing attempt. Machine learning solutions are not adaptive to changes in the approach and are biased towards the developed solution. In addition, there is a need to develop a solution to this constantly evolving phishing attack. The proposed system is an attempt to use reinforcement-learning methodology as the solution to detect phishing. It has trained an adaptive intelligent learning system based on previous experiences using the Q-learning algorithm. The system focuses on dynamically selecting the relevant features and the classification model. The agent is trained to select optimal features and classification models dynamically based on Q-learning algorithm. In contrast to static methods, the proposed system continuously adapts its strategy of combinations feature subsets and classification models as defense against the rapidly evolving attacks. The system aims to supplement existing cybersecurity measures with an adaptable tool capable of countering sophisticated phishing schemes. The experimental analysis shows that the proposed methodology attained an accuracy of 99.25%, demonstrating its high performance in phishing detection.

Software development is inherently associated with a high degree of uncertainty, often arising from unforeseen activities during different phases of the SDLC. As software systems expand in scale and complexity, the likelihood of failures and project delays also increases. Such situations, which are usually not anticipated, are known as software risks. They arise due to different reasons, which affect activities like essentials of engineering, making, putting into usage, and test. These risks need to be identified and managed in the initial phase for delivering software-related products that are both excellent and can be relied upon. While it has been standard practice in assessing software risks to depend upon human skills and previous experiences, it has been observed they lead to issues in consistency and often are reported to be unreliable. The current study is an attempt to tackle this issue through usage of predictive models that have their roots in machine learning (ML).  Borrowing from existing data, software risks are identified and classified through five popular machine-learning tools. To improve correctness and make it more robust, selection techniques of selection with multiple features are implemented. Among the other models, the Support Vector Machine (SVM) exhibited the maximum performance, achieving a classification accuracy of approximately 80%, with a precision of 84%, recall of 80%, and an F1 score of 80%. In terms of performance, Mutual Information was found to be best in methods of applied feature selection. The study indicates the ability of ML based methods in predicting and managing software risks. Additionally, this research highlights the potential of computationally intelligent techniques to assist project managers in early risk identification, proactive decision-making and enhancing the overall success rate of s/w projects.

E-health institutions are prominent targets for cybercriminals due to their reliance on information technology systems and issues related to the users have been identified as the biggest security weakest. Hence, while cybersecurity culture (CSC) research emphasizes the necessity of the human factor, limited empirical work has been done in the context of e-health in Africa. Therefore, an empirical evaluation was conducted to identify how preparedness, responsibility, management, technology and environment influence cybersecurity in South African e-health institutions. This quantitative research studied e-health institutions in the Mpumalanga province of South Africa. Various methods were used to investigate the multiple linear regression effects of the main factors of CSC and the results show that although the preparedness (Beta = 0.281; p-value < 0.05) and environment (Beta = 0.500; p-value < 0.05) factors had the greatest influence, management, technology and environment had a positive effect on CSC. These factors contributed 48.2 % to the variance (R-Squared). The study seems to be the first empirical study that combines the human factor domain framework (HFD) with other theoretical frameworks to identify critical factors of CSC. Furthermore, the impact of technology on CSC was empirically tested. The study is significant as it identified key factors that contributed to the institution’s CSC and quantified their impact. These results can enable e-health institutions to make decisions based on evidence regarding their cybersecurity interventions, strategy and practices. However, the empirical evaluation was limited to one context, namely the Mpumalanga province in South Africa and at two hospitals selected based on easy access (convenience) and purposive sampling with criteria based on work experience and knowledge of CSC limited the number of participants eligible to participate.

The growing popularity of iOS devices and the increasing complexities of forensic investigation of these devices requires more research attention. Due to the complex encryption and closed nature of iPhones, it is inherently complicated to perform digital forensic investigations. While there are many extraction and analysis methods for iphone, the most comprehensive (but most complex) is the full physical acquisition. However, the likelihood of acquiring physical extraction of an iPhone is becoming more challenging as Apple improves on its mobile technology, with more emphasis on privacy and security. Factors such as the adoption of full file and disk encryption, and secure enclave technology poses serious challenge to forensic investigators. This paper explored alternatives, by extracting and analyzing valuable evidential artifacts using iTunes and iCloud, unique to the iOS environment. This research involved the forensic examination of an iPhone XR running on iOS 17.5, using Oxygen Forensic Device Extractor v2.13.1, with each step documented. The study uncovered several artifact locations and provided a brief description of each, and their usefulness in a forensics analysis. Some of these include user-generated content, system artifacts, application data, and cloud interactions, such as contacts, SMS data, call history, media files, database, browser data, application data and others, that could prove vital in solving a case. This study made valuable contribution to the body of knowledge by highlighting specific challenges faced in iOS forensics and recommending a methodical approach to examining and analyzing evidential artifacts using iTunes and iCloud. The paper also addressed the gap in available literature in iOS forensics.

The growth of Large Language Models (LLMs) applications has intensified the demand for efficient vector database solutions capable of handling high-dimensional semantic search operations. Contemporary information retrieval systems face significant challenges in processing complex queries across vast knowledge repositories while maintaining contextual accuracy and computational efficiency. This research investigates the optimization potential of vector search implementations in LLMs through comprehensive evaluation using MongoDB Atlas as the primary vector database platform. Traditional keyword-based retrieval methods fail to capture semantic relationships and contextual nuances essential for accurate information extraction in modern AI applications. Vector-based query optimization enables semantic similarity matching, allowing systems to access contextually relevant data or information even when exact keyword matches are absent. But it significantly improving response quality and user experience. The study addresses critical performance bottlenecks in production-scale vector search deployments, where query latency and retrieval accuracy directly impact system usability. Through systematic comparison of traditional text-embedding-ada-002 against the advanced text-embedding-3-small model, we demonstrate substantial performance enhancements across multiple evaluation metrics. Results establish text-embedding-3-small as superior for semantic search applications, while GPT-4o-mini demonstrates optimal faithfulness performance (0.9067) for accuracy-critical deployments.

The dramatically increasing use of web applications and the rapid development of cloud services and interactive websites that provide integrated online services, relying on user data entry and server response, have been the primary drivers of the increase in cyber-attacks and threats, most notably cross-site scripting (XSS). Cross-site scripting attacks exploit available security vulnerabilities to inject malicious code, leading to numerous risks such as malware distribution, session hijacking, and data theft. Most traditional defense methods, such as input validation and output encoding, are reasonably ineffective against advanced threats. The advances in machine learning and artificial intelligence models have provided more accurate detection and prevention capabilities for these threats with significant accuracy. This study reviews the types and mechanisms of XSS attacks, existing mitigation techniques, and detection methods based on machine and deep learning. It also highlights several previous studies and related work on detecting and preventing these attacks, compares these works' performance using evaluation metrics and several aspects, identifies research gaps, and outlines future directions for improving XSS detection methods.

Over the years, exciting new technologies such as the Internet of Things (IoT) have changed many aspects of our lives, including smart homes. Unfortunately, this technology is vulnerable to cyber attacks owing to the lack of physical boundaries to ensure safety, privacy, and security. Botnet attacks are among the prominent cybersecurity threats because they can compromise the entire network with cyber attacks, such as distributed denial-of-service (DDoS) attacks. Hence, the intelligent discovery of new unknown botnet attacks remains a challenge, particularly in IoT environments, owing to the complex nature of the signatures of unknown botnet attacks. Through a systematic literature review, we provide a comprehensive review of current studies to determine the trends and challenges in the discovery of unknown botnet attacks. This study implemented a lightweight intelligent data-driven methodology called CySecML to discover unknown botnet attacks. The CySecML methodology differs from existing methods because of its unique data preparation and feature selection methods, specifically aimed at mitigating cyber attacks. The effectiveness of this methodology is demonstrated using state-of-the-art botnet attack data sets, where the self-training machine-learning algorithm achieved the best results with an F1-score of 94%.

Intrusion detection has garnered significant attention as researchers strive to develop sophisticated models characterized by their high accuracy levels. However, the persistent challenge lies in creating reliable and effective intrusion detection systems capable of managing vast datasets under dynamic, real-time conditions. The effectiveness of such systems largely depends on the chosen detection methodologies, specifically the feature selection processes and the application of machine learning techniques. This paper offers a comprehensive review of feature selection methods employed in the realm of intrusion detection research. It examines various dimensionality reduction strategies, followed by a systematic classification of feature selection techniques to assess their impact on the training phase and subsequent detection efficacy. The focus was on the wrapper, filter feature selection methods, where the methods used were analysed, and their strengths and weaknesses were revealed. The identification and selection of the most pertinent features have been shown to significantly enhance the detection performance, not only in terms of accuracy but also in reducing computational demands, underscoring its critical importance in the architecture of intrusion detection systems.

Vehicular Ad-hoc Networks (VANETs) play a crucial role in intelligent transportation systems, facilitating communication between vehicles and infrastructure in urban environments. Clustering algorithms are essential for managing network topology and enhancing communication efficiency in VANETs. The complex nature of three-dimensional (3D) urban environments, coupled with varying traffic conditions and driver behaviors, presents significant challenges for VANET clustering algorithms. Understanding these interactions is vital for developing robust and efficient VANETs. This study investigates how vehicle generation patterns, driving dynamics, and 3D road geometries influence the performance of VANET clustering algorithms in urban settings, focusing on network connectivity and stability. A comprehensive simulation framework was developed, incorporating a Traffic Generator model, a Mobility Model, and a Model of Road Curvature. The methodology evaluated clustering algorithm performance across three traffic congestion levels (low, medium, high) and three driver aggression levels for each congestion scenario. Data analysis, correlation studies, and sensitivity analysis were conducted to assess the impact of these factors on clustering efficiency. The study revealed significant correlations between traffic congestion levels, driver aggression, and clustering performance. Higher congestion levels led to more frequent cluster reconfigurations, while increased driver aggression affected the predictability of vehicle movements, affecting cluster stability. The 3D nature of urban environments introduced additional challenges, particularly in areas with elevation changes. The findings underscore the need for adaptive clustering algorithms capable of responding to dynamic urban traffic conditions. The research provides valuable insights for optimizing VANET clustering strategies in 3D urban environments, contributing to the development of more efficient and reliable vehicular communication networks for future smart cities.

Due to the massive data and communication progress, the usage of Internet of Things (IoT) devices has developed significantly. The extensive use of IoT systems heightens the complex interactions among devices and increases the data traffic, generating numerous possibilities for cyber challengers. Therefore, identifying and alleviating cyber-attacks focusing on IoT systems has appeared as an essential obligation in the context of cybersecurity. Academics and enterprises are contemplating means of machine learning (ML) and deep learning (DL) for cyberattack prevention because ML and DL exhibit great potential in numerous domains. Various DL teachings are executed to extract several patterns from multiple annotated datasets. DL is a beneficial tool for identifying cyberattacks. Timely network data detection and segregation become more fundamental than alleviating cyberattacks. Therefore, this paper proposes a novel Brown Bear Optimization method with an Ensemble of Machine Learning-based Cyber Attack Detections (BBOA-EMLCADs) method for secure IoT environment. The main aim of the BBOA-EMLCAD method relies on the automatic classification of the cyber threats in the IoT environment. Initially, the brown bear optimization (BBO) method is utilized for feature selection (FS). Moreover, an ensemble of two ML approaches namely XGBoost and least square support vector machine (LSSVM) are employed for the automatic identification of the cyber-attacks. Lastly, the salp swarm algorithms (SSAs) is implemented for the optimal hyperparameter tuning of the two ML techniques. The simulation validation of the BBOA-EMLCAD approach is performed under the WSN-DS dataset. The comparison assessment of the BBOA-EMLCAD approach portrayed a superior accuracy value of 99.62% over existing models.

The Industrial Internet of Things (IIoT) is the incorporation of industrial processes with smart technology and interconnected devices to improve productivity and efficiency. The need for robust cybersecurity measures is crucial as the IIoT environment becomes vital to critical infrastructure in industries. Cybersecurity in IIoT is paramount to secure against possible threats, which ensures the integrity and resilience of industrial operations. Intrusion detection systems (IDSs) are instrumental in detecting anomalies, unauthorized access, or malicious activities. The incorporation of deep learning (DL) further reinforces the cybersecurity posture of the IIoT network. DL approach excels in analyzing complex and large datasets, which enables the detection of complex cyber threats by learning anomalies and patterns. Industrial processes can operate with heightened security, securing sensitive information, and critical infrastructure, and maintaining the reliability of a connected system in the industrial landscape by combining IIoT cybersecurity with innovative intrusion detection and DL technologies. Therefore, this article proposes an Integration of Coot Optimization Algorithm-based Feature Subset Search with Deep Learning for Cybersecurity (COAFSS-DLCS) technique on IIoT network. The objective is in the effectual recognition and classification of cyberattacks in the IIoT environment. Initially, the COAFSS-DLCS method uses min-max scalar to transform the input dataset into a suitable format. Furthermore, the COAFSS-DLCS employs the COAFSS approach for choosing an optimal feature subset. Additionally, the stacked long short-term memory autoencoder (SLSTM-AE) model is employed for classification. Moreover, the parameters of the SLSTM-AE classifier are fine-tuned using the Arithmetic Optimization Algorithm (AOA) for improved performance. A comprehensive empirical validation of the COAFSS-DLCS approach is performed under the UNSW_NB15 and UCI_SECOM datasets. The simulation outputs inferred the power of the COAFSS-DLCS over other methods.

Network security has become vulnerable to hacker threats owing to its advancement and easily accessible to computer and internet technology. Ransomware is the most commonly used malware in cyberattacks to mislead the victim user to expose private and sensitive data to hackers. Ransomware is malicious software that encodes the entire system or consumer’s files, creating it impossible, and later demands a payment fee from the victim’s computer in exchange for the decryption key. Ransomware attacks become highly popular and overwhelming for both individuals and organizations. Recently, deep learning (DL) and machine learning (ML) models are established to identify ransomware attacks in real-time and categorize them into various types. The system will be considered to examine the behaviors of malicious software and detect the particular kind of ransomware being utilized. This data will enhance the system’s accuracy and deliver appropriate data to cybersecurity professionals and victims. Therefore, this study proposes an accurate Ransomware Detection and classification using the Hybrid Metaheuristic Feature Selection with Deep Learning (RDC-HMFSDL) technique. The aim is in effectually detecting and classifying the ransomware attacks. Initially, the RDC-HMFSDL technique utilizes min-max model to transform the input data into a standard setting. Furthermore, the hybrid red deer sparrow search optimization (HRDSO) approach is used for the feature selection (FS). For ransomware attack detection, the long short-term memory autoencoder (LSTM-AE) approach is employed. Finally, the sine cosine algorithm (SCA) is used to optimally choose the parameter values of the LSTM-AE approach. The RDC-HMFSDL approach was tested on a benchmark dataset, achieving a superior accuracy of 99.88% compared to existing methods.

Digital text document serves as the essence of existing communication but still pose major safety concerns on their vulnerability to tampering. Digital text watermarking acts as a powerful tool to secure the reliability of textual data. Presenting a hidden layer of safety and accountability enables organizations and individuals to make sure of the truth behind each file and trust the written word. Watermarking detects tampering by checking the embedded signature for changes or distortions. The Watermark model is capable of mechanically repairing and classifying themselves once tampered with, enhancing document resilience. Watermarking is an effective mechanism to identify tampering attacks in digital documents. The specialized process of embedding imperceptible and strong watermarks in document creation or distribution detects alterations. This study proposes the Crayfish Optimization with a Watermarking Scheme for Automated Tampering Text Detection (CFOWS-ATTD) technique. The major purpose of the CFOWS-ATTD technique is to accomplish the security of English text using content authentication and tampering detection. In the CFOWS-ATTD technique, two-stage processes are involved. Moreover, the CFOWS-ATTD technique generates a watermark from the text document and performs extraction to verify text authenticity. Furthermore, the CFO approach optimally places the watermark to ensure it remains robust and imperceptible to tampering. The experimentation of the CFOWS-ATTD approach is performed under the ELST, ESST, EHMST, and EMST datasets. The results implied that the CFOWS-ATTD approach obtains optimum performance over other techniques.