Abstract: Cloud computing offers cost efficiency and scalability but introduces significant security concerns related to data control. Cryptography addresses these concerns by ensuring data confidentiality, integrity, authenticity, and availability . This research document provides an in-depth analysis of cryptographic techniques in cloud computing, including symmetric and asymmetric encryption, homomorphic encryption, and post-quantum cryptography. It critically evaluates the strengths and limitations of current approaches, particularly in key management and data-in-use protection, and explores future directions and a proof of concept to enhance cloud security.

Abstract: Commodity operating systems often lack sufficient security mechanisms to defend against sophisticated attacks, resulting in applications being vulnerable to attacks that compromises sensitive data and in turn involves in additional protection layers that increase software complexity and costs. To address these challenges, I introduce HBSP (Hypervisor-Based Software Protector), a lightweight and flexible solution that leverages Intel’s VT (Virtualization Technology) to provide enhanced security. HBSP operates entirely outside the host OS environment, using advanced memory-hiding techniques to protect sensitive data and application code from both the host OS and potential malicious actors. Unlike traditional approaches, HBSP requires no modifications to existing operating systems or applications. Its dynamic concealment of the hypervisor makes it harder for attackers to bypass protection mechanisms. Performance evaluations show minimal overhead (0.25% impact on application performance), making HBSP suitable for real-time and performance-critical applications. Moreover, it is extensible across various hardware virtualization platforms, ensuring broad applicability across diverse environments. HBSP offers a scalable, practical solution for improving software security without significant infrastructure changes or performance trade-offs.

Abstract: This paper aims to introduce a standardized test methodology for drone detection, tracking and identification systems. It is the aim that this standardized test methodology for assessing the performance of counter-drone systems will lead to a much better understanding of the capabilities of these solutions. This is urgently needed, as there is an increase in drone threats and there are no cohesive policies to evaluate the performance of these systems and hence mitigate and manage the threat. The presented methodology has been developed within the framework of the project COURAGEOUS funded by European Union’s Internal Security Fund Police. This standardized test methodology is based upon a series of standard user-defined scenarios representing a wide set of use cases. At this moment, these standard scenarios are geared towards civil security end users. However, the proposed standard methodology provides an open architecture where the standard scenarios can modularly be extended, providing the standard users the possibility to easily add new scenarios. For each of these scenarios, operational needs and functional performance requirements are provided. Using this information, an integral test methodology is presented that allows for a fair qualitative and quantitative comparison between different counter-drone systems. The standard test methodology concentrates on the qualitative and quantitative evaluation of counter-drone systems. This test methodology was validated during three user-scripted validation trials.

Abstract: Identity and Access Management (IAM) plays a critical role in securing digital assets and ensuring that only authorized users can access sensitive systems and data. This study explores two key aspects of IAM: authentication methods and access control models. The importance of multi-factor authentication (MFA) and single sign-on (SSO) in enhancing security is discussed, with MFA providing an added layer of protection by requiring users to provide multiple forms of verification, while SSO streamlines the authentication process by allowing users to access multiple systems with a single set of credentials. The research also examines access control models, focusing on role-based access control (RBAC) and the principle of least privilege (PoLP). RBAC allows organizations to assign permissions based on users' roles, ensuring that employees only have access to the data necessary for their tasks, while PoLP ensures that users and systems are granted the minimum level of access required for operations. The integration of these IAM strategies is essential for enhancing security, reducing risk, and ensuring compliance in today's increasingly complex digital environments. The paper also emphasizes the ongoing evolution of IAM solutions in response to emerging cybersecurity threats.

Abstract: This study explores the investigation of security concerns surrounding online banking, the prevailing fraud factors that affect banks and customers and aim to discuss effective precautionary steps towards preventing fraudulent activities. Employing a qualitative research approach, data was collected through online interviews during the pandemic lockdown and restrictions. Findings reveal that while online banking has transformed financial transactions by offering unprecedented convenience and efficiency, it has simultaneously exposed both banks and customers to significant fraud risks. The study discusses user perceptions of online security, the impact of fraud on reputation and customer trust and recommends integrated fraud detection, prevention, and resolution measures. These insights provide a critical contribution to the ongoing development of robust online banking security protocols.

Abstract: This paper addresses the critical challenge of evaluating the quality of Cyber Threat Intelligence (CTI) products, particularly focusing on their relevance and actionability. As organizations increasingly rely on CTI to make cybersecurity decisions, the absence of CTI quality metrics challenges the assessment of intelligence quality. To address this gap, the article introduces two innovative metrics. Relevance (Re) and Actionability (Ac), which are designed to evaluate CTI products in relation to organizational information needs and defense mechanisms. Using probabilistic algorithms and data structures, these metrics provide a scalable approach for handling large numbers of unstructured CTI products. Experimental findings demonstrate the effectiveness of metrics in filtering and prioritizing CTI products, offering organizations a tool to prioritize their cybersecurity resources. In addition, the study has identified certain limitations, which opens avenues for future research, including real-time integration of CTI into organizational defense mechanisms. This work significantly contributes to standardizing the quality evaluation of CTI products and enhancing the cybersecurity posture of organizations.

Abstract: We are living in the era of IoT systems where this technology supports our daily life in various aspects, whether it is our daily used Apple watches, our smart home systems, or our laptops. The goal is to make our everyday activities more convenient and more accessible by means of connectivity anytime, anywhere. The growth of IoT-based systems booms in the post-2020s with advanced network technologies like 5G and Edge Computing. The IoT-based systems are comparatively cost-effective and convenient to apply, especially in remote operations where manual intervention is impossible. Like other technologies, IoT applications also come with flaws and concerns. One of the main severe concerns nowadays is privacy and security issues related to IoT systems. Knowingly or unknowingly, we are being monitored by smart sensors or edge devices almost every moment, and our personal and professional sensitive information is being exposed to untrusted third parties like Google or Amazon. This is becoming a serious concern with the rapid expansion of IoT-based systems. In this survey paper, we have tried to categorically list and present the state-of-the-art techniques for privacy preservation in IoT-based systems in various application fields. Our work is a summary based on the 39 papers and two online reports that we chose to analyze to understand the current situation, privacy attacks, how to handle the sensitive data of the clients without breaching privacy and future directives in this fast-growing IoT-based systems.

Abstract: The increasing adoption of Bitcoin as a digital asset has led to significant interest in accurately predicting its price movements. However, the highly volatile and speculative nature of Bitcoin presents substantial challenges for traditional financial models, which often struggle to capture the complex and nonlinear patterns that influence its price fluctuations. This study proposes a novel approach to enhancing financial predictions related to Bitcoin prices by leveraging the power of big data analytics and deep learning techniques. The integration of large-scale historical market data, social sentiment analysis, blockchain transaction metrics, and macroeconomic indicators allows for a more comprehensive understanding of Bitcoin’s market behavior.To achieve this, deep learning architectures such as Long Short-Term Memory (LSTM) networks and Transformer-based models are employed due to their superior ability to capture long-range dependencies and dynamic trends in time-series data. These models are trained on high-frequency trading data, order book information, real-time market indicators, and sentiment data derived from news sources and social media platforms. By utilizing a data-driven approach, the proposed model aims to improve the robustness and accuracy of Bitcoin price predictions.Extensive experiments and comparative analyses are conducted to evaluate the effectiveness of the deep learning-based framework against traditional statistical models and classical machine learning techniques. The results demonstrate that the proposed approach significantly outperforms conventional methods in terms of predictive accuracy, stability, and generalization capabilities. The findings highlight the potential of deep learning and big data analytics in enhancing cryptocurrency market predictions and risk assessment strategies.The insights derived from this study provide valuable implications for traders, investors, and policymakers seeking to develop more informed trading strategies and risk management frameworks. By harnessing the power of deep learning and big data, this research contributes to the growing field of financial technology and underscores the importance of advanced predictive models in navigating the rapidly evolving cryptocurrency market.

Abstract: The increasing reliance on web services has led to a rise in cybersecurity threats, particularly Cross-Site Scripting (XSS) attacks, which target client-side layers of web applications by injecting malicious scripts. Traditional Web Application Firewalls (WAFs) struggle to detect highly obfuscated and complex attacks, as their rules require manual updates. This paper presents a novel generative AI framework that leverages Large Language Models (LLMs) to enhance XSS mitigation. The framework achieves two primary objectives: (1) generating sophisticated and syntactically validated XSS payloads using in-context learning, and (2) automating defense mechanisms by testing these attacks against a vulnerable application secured by a WAF, classifying bypassing attacks, and generating effective WAF security rules. Experimental results using GPT-4o demonstrate the framework's effectiveness generating 264 XSS payloads, 83% of which were validated, with 80% bypassing ModSecurity WAF equipped with an industry standard security rule set developed by the Open Web Application Security Project (OWASP) to protect against web vulnerabilities. Through rule generation, 86% of previously successful attacks were blocked using only 15 new rules. In comparison, Google Gemini Pro achieved a lower bypass rate of 63%, highlighting performance differences across LLMs.

Abstract: The increase of internet on websites has intensified the risks to user information security, with web attacks becoming more sophisticated and widespread. Except for known attacks, unknown (zero-day) attacks have become critical. Since traditional security methods often fail to mitigate new attack patterns, jeopardizing user data. Also, reducing human intervention in web security can minimize errors and enhance reliability. This paper presents an intelligent solution for detecting unknown web attacks using a one-class ensemble algorithm including LSTM autoencoder, GRU autoencoder, and stacked autoencoder. Our approach tokenizes normal web requests to create unique patterns, maps tokenized elements to numerical sequences, and use the ensemble model to identify anomalous behavior. This methodology enables efficient detection of zero-day attacks while addressing common challenges such as high memory usage, extensive time consumption, and high false positive rates. The proposed model was evaluated on key metrics, showing superior performance: 97.58% accuracy, 97.52% recall, 99.76% specificity, and 99.99% precision, with an exceptionally low false positive rate of 0.2%. The training phase took only 20 seconds, and the testing phase completed in 5 seconds, showcasing the model’s efficiency. These results highlight the potential of our approach to enhance web security by providing a fast, accurate, and reliable method for detecting web attacks.

Abstract:

This research presents a novel system for monitoring antibiotic consumption, address-ing the critical need for transparency and accuracy in data management within healthcare settings. The objective is to enhance the monitoring process while ensuring robust security measures. The system’s user interface was developed using HyperText Markup Language (HTML) and Cascading Style Sheets (CSS), with Hypertext Prepro-cessor (PHP) managing database interactions and overall functionality. Security pro-tocols implemented include Transport Layer Security (TLS) 1.3 and 1.2 with Forward Secrecy (FS) to guarantee secure communications. A validation mechanism enforces the use of Hypertext Transfer Protocol Secure (HTTPS) across all URLs, complemented by a 256-bit Elliptic Curve Cryptography (ECC) Secure Sockets Layer (SSL) certificate. The effectiveness of these security measures was evaluated through tests simulating unauthorized access, Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), and SQL injection attacks, demonstrating the system’s resilience against various cyber threats. Furthermore, integrating machine learning techniques in Python is proposed to enhance the detection capabilities against SQL injection, thereby fortifying system security. Ultimately, this system aims to optimize hospital resource management, en-suring accurate monitoring of antibiotic consumption and contributing to sustainable healthcare practices.

Abstract: Traditional Command and Control (C2) frameworks struggle with evasion, automation, and resilience against modern detection techniques. This paper introduces Covert C2 (C3), a novel C2 framework designed to enhance operational security and minimize detection. C3 employs a decentralized architecture, enabling independent victim communication with the C2 server for covert persistence. Its adaptable design supports diverse post-exploitation and lateral movement techniques for optimized results across various environments. Through optimized performance and the use of the Native Messaging API, C3 agents achieve a demonstrably low detection rate against prevalent Endpoint Detection and Response (EDR) solutions. A proof-of-concept implementation demonstrates C3’s effectiveness in real-world adversarial simulations, specifically in direct code execution for privilege escalation and lateral movement. Our findings indicate that integrating novel techniques, such as the Native Messaging API, and a decentralized architecture significantly improves the stealth, efficiency, and reliability of offensive operations. The paper further analyzes C3’s post-exploitation behavior, explores relevant defense strategies, and compares it with existing C2 solutions, offering practical insights for enhancing network security.

Abstract:

Virtual Reality (VR)/Metaverse is transforming into a ubiquitous technology by leveraging smart devices to provide highly immersive experiences at an affordable price. Cryptographically securing such augmented reality schemes is of paramount importance. Securely transferring the same secret key, i.e., obfuscated, between several parties is the main issue with symmetric cryptography, the workhorse of modern cryptography because of its ease of use and quick speed. Typically, asymmetric cryptography establishes a shared secret between parties, after which the switch to symmetric encryption can be made. However, several SoTA (State-of-The-Art) security research schemes lack flexibility and scalability for industrial Internet of Things (IoT)-sized applications. In this paper, we present the full architecture of the PRIVocular framework. PRIVocular (i.e., PRIV(acy)-ocular) is a VR-ready hardware-software integrated system that is capable of visually transmitting user data over three versatile modes of encapsulation, encrypted –without loss of generality– using an asymmetric-key cryptosystem. These operation modes can be Optical Characters-based or QR-tag-based. Encryption and decryption primarily depend on each mode’s success ratio of correct encoding-decoding. We investigate the most efficient means of ocular (encrypted) data transfer by considering several designs and contributing to each framework component. Our pre-prototyped framework can provide such privacy preservation (namely virtual proof of privacy (VPP)) and visually secure data transfer promptly (<1000 msec), as well as the physical distance of the smart glasses (∼50 cm).

Abstract: The rapid advancement of technology has been matched by a significant rise in cybercrime, posing substantial challenges for digital forensics investigators who must handle increasingly complex cases and navigate vast volumes of evidence. While current research on intent recognition has largely focused on cybersecurity measures for preventing attacks, there has been a noticeable gap in the integration of legal intent analysis with technical digital forensics. This paper addresses this gap by presenting an innovative model that combines legal and technical perspectives through a formal model. The model consists of three core components—Evidence Analysis, Intent Recognition, and a Criminal Repository—that systematically process digital evidence, reconstruct crime scenes, identify criminal intent, and offer recommendations for the conviction process. Using formal methods, the model rigorously defines key concepts such as crime, intent, and intent types, ensuring its robustness and reliability. By stimulating the model using phishing attack scenarios, we validate the model’s capability, demonstrating its ability to identify various types of intent and manage complex cases. Looking forward, we suggest implementing the model by incorporating advanced AI approaches, particularly Agentic AI, or combining logic-based methods with explainable AI. This advancement would help address huge volume-related challenges of digital forensics and provide a powerful tool for modern investigative practices.

Abstract:

The proliferation of Internet of Things (IoT) devices has introduced new challenges for digital forensic investigators due to their diverse architectures, communication protocols, and security vulnerabilities. This research paper presents a case study focusing on the forensic investigation of an IoT device, specifically a Raspberry Pi configured with Kali Linux as a hacker machine. The study aims to highlight differences and challenges in investigating weaponised IoT as well as establish a comprehensive methodology for analysing IoT devices involved in cyber incidents. The investigation begins with the acquisition of digital evidence from the Raspberry Pi device, including volatile memory and disc images. Various forensic tools and utilities are utilised to extract and analyse data, such as Exterro FTK and Magnet AXIOM, as well as open-source tools like Volatility, Wireshark, and Autopsy. The analysis involves examining system artefacts, logfiles, installed applications, and network connections to reconstruct the device's activity and identify potential evidence proving that the user perpetrated security breaches or malicious activities. The research results help improve IoT forensics by showing the best ways to look at IoT devices, especially those that are set up to be hacker machines. The case study demonstrates how the research results are helping to improve IoT forensic capabilities by showing the best ways to look at IoT devices, especially those that have been set up as hacker machines. The case study shows how forensic methods can be applied in IoT settings. It helps in creating guidelines, standards, and training for those who work as IoT forensic investigators. In the end, improving forensic readiness in IoT deployments is needed to keep essentials safe from cyber threats, keep digital evidence safe, and keep IoT ecosystems running smoothly, which protects the integrity of IoT ecosystems.

Abstract:

The increasing connectivity of vehicular networks has introduced significant security challenges, particularly in safeguarding the Controller Area Network (CAN) from cyberattacks. While the CAN protocol enables efficient and low-latency data communication, its lack of built-in security mechanisms leaves it vulnerable to various attacks. Existing intrusion detection systems (IDSs) often rely on large, static datasets and centralized training, limiting their adaptability to dynamic attack scenarios and raising concerns about data privacy. To address these limitations, this work introduces PFMeta-IDS, a personalized federated meta-learning intrusion detection system. In PFMeta-IDS, the FedSWR algorithm employs similarity-weighted aggregation to balance personalization and generalization. The LDwCBN network enhances computational efficiency through the model lightweight method, ensuring suitability for resource-constrained environments. Evaluated on the Car-Hacking dataset, PFMeta-IDS achieves F1-scores of 0.98 for DoS attacks, 0.94 for Fuzzy attacks, 0,98 for Gear Spoofing attacks, and 1.00 for RPM Spoofing attacks. These results outperform or match state-of-the-art methods. Notably, these results were achieved in local clients with low training data volumes, showcasing the system’s ability to adapt quickly while preserving data privacy. The robustness and efficiency of PFMeta-IDS make it a scalable solution for vehicular network security.

Abstract: Hackers usually launch cyberattacks through several stepping-stone hosts to reduce the chance of being detected. With stepping-stone intrusion (SSI), the attacker’s identity is hidden behind a long interactive connection chain of stepping-stones, and thus very difficult to reveal. Many algorithms to detect SSI have been proposed since 1995. Most of these known detection algorithms for SSI only worked for network traffic without intruders’ session manipulation. These known SSID algorithms are either weak to resist intruders’ chaff-perturbation manipulation or having very limited capability in resisting attacker’s session manipulation. This paper proposes an innovative SSID algorithm resistant to intruders’ chaff-perturbation through matching TCP packets by using crossover of packets. Our proposed SSID algorithm is verified by well-designed network experiments. Our experimental results show that the proposed SSID algorithm works effectively in detecting network intrusion as well as resisting intruders’ chaff-perturbation.

Abstract: The rapid expansion of 5G networks and the Internet of Things (IoT) has revolutionized data analytics, particularly in the financial industry. The convergence of these technologies promises enhanced connectivity, real-time insights, and unprecedented data processing capabilities. However, as the volume and sensitivity of data exchanged between IoT devices grow, the need for privacy-preserving techniques becomes paramount. This paper explores privacy-preserving data analytics in the context of 5G-enabled IoT within the financial sector, addressing key challenges and solutions. It discusses the vulnerabilities inherent in real-time financial data streams and proposes novel privacy-preserving methodologies, such as homomorphic encryption, federated learning, and differential privacy, to safeguard sensitive information. Furthermore, the paper examines regulatory compliance issues, the trade-off between data utility and privacy, and the role of edge computing in mitigating privacy risks. The findings suggest that leveraging advanced privacy-preserving technologies in 5G-enabled IoT ecosystems can significantly enhance data security, maintain trust, and foster innovation in financial services while adhering to stringent privacy regulations.

Abstract: The progress in automotive technology, communication protocols, and embedded systems has propelled the development of the Internet of Vehicles (IoV). In this system, each vehicle functions as a sophisticated sensing platform that collects environmental and vehicular data. This data assists drivers and infrastructure engineers in improving navigation safety, pollution control, and traffic management. Digital artefacts stored within vehicles can serve as critical evidence in road crime investigations. Given the interconnected and autonomous nature of intelligent vehicles, effective identification of road crimes and the secure collection and preservation of evidence from these vehicles are essential for the successful implementation of the IoV ecosystem. Traditional digital forensics has primarily focused on in-vehicle investigations. This paper addresses the challenges of extending artefact identification to an IoV framework and introduces the Collaborative Forensic Platform for Electronic Artefacts (CFPEA). The CFPEA framework implents a collaborative forensic-by-design mechanism that is designed to securely collect, store, and share artefacts from the IoV environment. It enables individuals and groups to manage artefacts collected by their intelligent vehicles and stores them in a non-proprietary format. This approach allows crime investigators and law enforcement agencies to gain access to real-time and highly relevant road crime artefacts that have been previously unknown to them or out of their reach, while enabling vehicle owners to monetise the use of their sensed artefacts. The CFPEA framework assists in identifying pertinent roadside units and evaluating their datasets, enabling the autonomous extraction of evidence for ongoing investigations. Leveraging CFPEA for artefact collection in road crime cases offers significant benefits for solving crimes and conducting thorough investigations.

Abstract: Vector map data is of great value and widely used in different fields. The issues for its data security have become increasingly urgent in the modern information age. Encryption technology converts the plaintext data into ciphertexts, making the data unreadable to unauthorized users, thus, plays a vital role in safeguarding sensitive information in various scenarios. Although several encryption algorithms for vector maps have been developed, most of the existing methods lack some very important security related properties, such as the disaster tolerance property, probabilistic property, diffusion property and the robustness to data RST (Rotation, Scaling and Translation) transformations, which greatly affects the security of the encryption algorithms. In this paper, a novel vector map encryption algorithm based on k,n-threshold secret sharing is proposed, which encrypts one map into n map shares and reconstructs the plaintext map by collecting at least k shares, thus improving the algorithm’s security and achieving the disaster tolerance property. Moreover, random numbers and cipher-feedback mode are cooperated into the encryption process in the proposed method to achieve probabilistic and diffusion properties. In addition, quantized polar coordinate is defined and original map coordinates are transformed into quantized polar coordinates before encryption and decryption process to achieve robustness to data RST transformations. Experiments on map data of different types (including points, polylines, and polygons) demonstrate the effectiveness and superiority of the proposed method.