• Hybrid digital twins secure IIoT while preserving data privacy • Continual learning adapts models to new threats with low data needs • Hardware-in-the-loop validates detection under realistic conditions • Achieves 97% accuracy with 20 × less training data than full retraining • Scalable framework for resilient anomaly detection in Industry 4.0 The Industrial Internet of Things (IIoT) is increasingly exposed to cyber threats due to its tight integration of operational technology and digital connectivity. Traditional intrusion detection systems (IDSs) often struggle with adaptability, false positives, and operational scalability in dynamic, non-stationary environments. This paper proposes a cyber threat detection framework that integrates hybrid digital twins (DTs) with continual learning to enable reliable and adaptive intrusion detection in realistic IIoT settings. The hybrid DTs act as local mirrors of IIoT devices, preserving sensitive data close to the source while supporting controlled validation of firmware updates and configuration changes. The continual learning mechanism enables the detection model to incrementally adapt to evolving traffic patterns and emerging attacks, mitigating catastrophic forgetting without requiring repeated offline retraining. Experimental validation on benchmark datasets and real IIoT traffic shows that the proposed DT-enabled framework supports stable detection performance over time under bounded memory and incremental update constraints, reflecting realistic deployment conditions. The proposed architecture highlights a practical trade-off between offline optimality and online adaptability, offering a robust, scalable solution for securing IIoT infrastructure that balances continuous operation, reliability, and controlled adaptation.

The increasing sophistication and frequency of cyber threats have rendered conventional protection strategies inadequate. Artificial Intelligence (AI) is becoming central to modern cybersecurity, strengthening capabilities in vulnerability assessment, malware detection, phishing prevention, intrusion detection, and deception technologies. Simultaneously, quantum computing introduces both challenges to classical cryptography and opportunities for new forms of quantum-enhanced defenses. This review integrates advances in AI, quantum methods, and ethical governance to provide an integrated perspective on the future of secure digital systems. It evaluates state-of-the-art AI models, including explainable frameworks and quantum-inspired approaches, such as Quantum Convolutional Neural Networks and Quantum Support Vector Machines, along with recent progress in post-quantum cryptography. Ethical concerns, particularly bias, transparency, privacy, and accountability, are examined as essential foundations for trustworthy cybersecurity design in system-on-chip and embedded AI environments. In addition to technical developments, this study considers regulatory frameworks, governance structures, and societal expectations, highlighting the need for responsible and adaptive approaches. A comparative SWOT analysis outlines the strengths, limitations, and areas for cross-domain integration. Finally, a roadmap of future research directions is presented, aligning AI-driven defenses, quantum resilience, and ethical safeguards into flexible and reliable cybersecurity architectures. By linking the technological, ethical, and policy dimensions, this review offers a consolidated foundation to guide the evolution of cybersecurity in a globally connected era.

The rapid evolution of Domain Generation Algorithm (DGA)-driven attacks and obfuscated DNS traffic exposes fundamental weaknesses in conventional machine learning-based threat detection systems, particularly under adversarial manipulation. This study introduces FGM-GAN, a hybrid adversarial learning framework that synergistically combines gradient-based Fast Gradient Method (FGM) perturbations with adaptive Generative Adversarial Network (GAN)-based perturbations to improve both robustness and interpretability of deep neural networks for DNS threat classification. Unlike existing adversarial defenses that rely on model-specific perturbations, FGM-GAN explicitly learns class-conditional adversarial distributions for benign, phishing, and malware domains. This design enables the generation of realistic, feature-aligned perturbations that exhibit strong cross-model transferability. Experiments were conducted on the 32-feature CIC-BELL-DNS-2021 dataset (approximately 7000 labeled samples) using 5-fold cross-validation, hybrid perturbations with and , and evaluated against baseline DNN, SVM, Random Forest, KNN, and Decision Tree classifiers using accuracy and robustness metrics. Comprehensive evaluation demonstrates that FGM-GAN consistently improves robustness across diverse adversarial attacks (FGM, PGD, MIM, C&W) while maintaining stable performance across folds. Ablation studies and reduced-capacity variants confirm that gains arise from the hybrid adversarial mechanism rather than over-parameterization or hyperparameter tuning, and statistical significance tests verify the reproducibility of results. To enhance transparency and operational trust, the framework integrates multi-level explainable AI analyses spanning feature, neuron, and layer representations. These analyses consistently identify a compact set of high-impact DNS features and reveal structured adversarial propagation patterns, showing that robustness emerges from semantically meaningful representation learning. Collectively, these findings position FGM-GAN as a scalable and interpretable adversarial learning solution that jointly addresses robustness, transferability, and explainability in real-world DNS-based cybersecurity environments. • FGM-GAN hybrid improves neural network robustness against adversarial attacks • GANs produce realistic, class-specific adversarial perturbations for DNS data • Adversarial transferability validated across KNN, SVM, Decision Trees, RF • Gradient-XAI interprets feature, neuron, and layer-level model vulnerabilities • Combines robustness and explainability for actionable cyber threat intelligence

Reactive cyber deception: Stealth-based adaptive redirection to on-demand honeypots with AI-driven data generation

NETWATCH is a real-time Network Intrusion Detection System (NIDS) designed to detect unknown and zero-day cyber-attacks. The system captures live network traffic and converts raw packet data into useful features for analysis. An Isolation Forest model detects unusual activities by learning normal network behavior, while a Long Short-Term Memory (LSTM) Autoencoder analyzes traffic patterns over time and identifies deviations based on reconstruction error. A hybrid decision method combines results of both models to improve accuracy and reduce false alarms. When an anomaly is detected, the system further classifies it into attack types such as DoS/DDoS, port scanning, brute force, and web attacks. All results are stored in a MySQL database and displayed on a real- time dashboard for easy monitoring. This hybrid approach effectively detects new and unseen cyber threats

The rapid growth of digital systems and internet-based services has significantly increased the risk of cyber threats, making vulnerability assessment a crucial aspect of cybersecurity. This review paper examines various vulnerability scanner tools and techniques used to identify security weaknesses in networks and applications. It analyzes widely used tools such as Nessus, OpenVAS, and Nikto, focusing on their working mechanisms, features, advantages, and limitations. The paper also discusses different types of scanning approaches, including network-based, host-based, and web application scanning. Furthermore, key challenges such as false positives, performance overhead, and limited vulnerability coverage are highlighted. Based on the analysis of existing studies, the paper provides insights into current trends and suggests future improvements, including the integration of artificial intelligence and automated security solutions. This review aims to assist researchers and practitioners in understanding and selecting appropriate vulnerability scanning tools for enhancing system security.

The growing reliance on internet-based services and the increasing sophistication of cyber threats have made network security a crucial concern in modern day computing. These attacks can disrupt operations, result in financial losses, damage reputations, and undermine trust in digital services. Distributed denial of service (DDoS) attacks has emerged as a critical challenge for cloud computing, impacting service availability and raising concerns among providers. Despite cloud computing's scalable and flexible architecture, its vulnerabilities make it an attractive target for attackers. This paper presents a comprehensive survey of DDoS attacks in cloud environments, focusing on detection mechanisms leveraging Synthetic Minority Oversampling Technique (SMOTE). The paper focuses on the analysis of cloud computing characteristics exploited by attackers, and a discussion of effective anomaly detection approaches. Solutions based on SMOTE, encompassing detection parameters, metrics and features were reviewed for their ability to enhance security with high accuracy and low computational costs. The results present 39 different feature selection as depicted in table 2. It recommends that different feature selection and resampling techniques be studied toward developing a faster system for identifying imbalance data for DDoS attack detection.

This study introduces a framework for cyber threat intelligence aimed at enhancing Türkiye’s proactive cybersecurity capabilities, specifically addressing security vulnerabilities. A geographic analysis involving 11,911 malicious IP addresses and 6,927 malicious URLs from the National Cyber Incident Response Center (TR-CERT) facilitated the formation of intelligence-driven geographic blocking firewall policies, thus reinforcing proactive network defense strategies. The research correlated threat indicators from TR-CERT with exploit intelligence from the open-source Exploit-DB platform, establishing connections between Indicators of Compromise (IoCs) and security vulnerabilities. Risk calibration maps were developed to match these vulnerabilities with the Open Web Application Security Project (OWASP) Top 10 risk categories and validated against the National Vulnerability Database (NVD). This prioritization took into account vulnerability prevalence, Common Vulnerability Scoring System (CVSS) scores, exploitability levels, and potential impact. In addition, a dynamic risk scoring model based on Monte Carlo simulation was also used to estimate vulnerability risks, with exploitability serving as the probability parameter and CVSS scores as the impact parameter. The findings underscore that integrating exploit-focused vulnerability intelligence into national cyber threat intelligence processes can significantly enhance the development of more effective and intelligence-driven cyber defense architectures in rapidly evolving threat environments.

ABSTRACT Enterprise systems in Industry 4.0 increasingly rely on digital twins and metaverse integration for real-time monitoring, control, and decision-making. However, these systems remain vulnerable to evolving cyber threats, and traditional attention-based models used in intrusion detection suffer from high computational complexity (O(n 2)). To address this, we propose a sparse attention-based transformer model that used entropy for the calculation of attention. The model combines categorical embeddings with continuous features and applies entropy-guided sparse attention to reduce complexity and enhance feature relevance. Using the CIC-DDoS2019 dataset, the model achieves 95.24% precision and high AUC scores (0.99) while using significantly fewer trainable parameters.

The rapid growth of cloud computing has significantly transformed the way digital data is stored, managed, and accessed, enabling efficient sharing of information across distributed environments; however, this advancement introduces serious concerns related to data security, privacy, and trust, particularly when sensitive information is involved. Many cloud-based systems rely on centralized architectures, which increase the risk of single points of failure, unauthorized access, data tampering, and limited transparency in tracking data activities. These systems often depend on basic encryption techniques without strong auditing or verification mechanisms, making them vulnerable to insider misuse and external cyber threats, while the absence of immutable records reduces accountability and weakens user confidence. Such limitations highlight the need for a secure and transparent data-sharing framework that ensures confidentiality, integrity, and traceability of data transactions. To address these challenges, the proposed system introduces a secure cloud data sharing model developed using the Django framework, integrating Elliptic Curve Cryptography (ECC), blockchain technology, and the InterPlanetary File System (IPFS) to enhance data protection and decentralization. In this approach, ECC is used to generate cryptographic keys and encrypt user files before storage, ensuring that only authorized users can decrypt the data using the corresponding private key. The encrypted files are stored using IPFS for distributed and content-addressable storage, while file metadata such as username, filename, and timestamp is recorded on the blockchain through smart contracts using Web3, providing a decentralized and tamper-resistant record of all transactions. The system also supports user registration, authentication, secure file upload, and controlled file download functionalities, ensuring secure access and traceability. During file access, encrypted data is retrieved from IPFS and decrypted using ECC to maintain end-to-end security. By combining cryptographic encryption, decentralized storage, and blockchain-based verification, the proposed system enhances data confidentiality, prevents unauthorized modifications, and establishes a reliable and transparent framework for secure cloud data sharing.

The swift digitization of global infrastructure has resulted in a rise in challenges, as advanced cyberthreats increasingly target crucial and sensitive systems.To address this issue, CyberShield proposes a hybrid machine learning framework designed to predict and prevent cyberattacks before they occur. In order to detect complex network anomalies in real time, the framework combines Random Forest (RF) for ensemble-based feature evaluation with Multi-Layer Perceptron (MLP) for deep neural pattern recognition. The well-known benchmark datasets CICIDS2017 and UNSW-NB15, which provide realistic network traffic patterns and a variety of representations of modern attack behaviors, are used to train and validate the system. The hybrid architecture improves detection accuracy, lowers false positives, and exhibits strong adaptability to unseen attack patterns by combining these complementary techniques. According to experimental findings, CyberShield .The hybrid architecture improves detection accuracy, lowers false positives, and exhibits strong adaptability to hitherto unseen attack patterns by combining these complementary techniques, CyberShield outperforms individual models and traditional intrusion detection techniques, achieving detection accuracy of over 95%.This research highlights the importance of predictive learning methods in developing proactive cybersecurity measures and demonstrates their application in safeguarding digital infrastructures against evolving cyber threats.

This paper presents an AI Security Framework designed to provide a practical and effective solution for securing AI-based systems. The proposed framework focuses on protecting sensitive data, securing AI models, and ensuring compliance with privacy regulations. It includes key components such as secure data handling, threat detection, access control, continuous monitoring, and real-time alerts. The system also supports safe integration of LLMs while reducing risks such as adversarial attacks and unauthorised access. The main goal of this framework is to offer a simple, scalable, and reliable approach to AI security. It helps organisations use AI technologies safely while maintaining strong protection against modern cyber threats.

The online services have grown incredibly fast, and with such growth, also increases the fraudulent online services, such as phishing websites, email spoofing, internet domain, and over-the-phone frauds. These attacks take advantage of the vulnerability in the structure of Uniform Resource Locators (URLs), identity formats of the sender, domain registration system and numbering system in telecommunications. Such dynamic and emerging attacks are not usually that easily detected using traditional rule-based security mechanisms, which make use of fixed signatures and fixed patterns. The study suggests an Artificial Intelligence (AI)-based system to identify fraudulent web platforms based on structural analysis and behavioral analysis of phone numbers, email address, and URLs. The system combines telecommunication metadata analysis to detect suspicious phone numbers, Domain Name System (DNS) and Mail Exchange (MX) record authentication to determine sender integrity and a Random Forest machine learning classifier to profile URL and email-based threats. An interface based in a Flask allows meeting the task of real-time threat scanning and prediction. The model uses data preprocessing, feature engineering, model training, heuristic evaluation, and deployment. Results of trials performed on sample phishing data show high accuracy, precision, recall and F1-score, which are indicators of strong detection results. The framework is designed to be flexible to adapt to the new categories of cyber threats. The results indicate that the suggested system may be effectively used to reinforce traditional cybersecurity defenses through aid of the strengths revealed in automated detection and minimization of the use of rule-based approaches that are considered to be quite static.

Cloud computing has emerged as a fundamental technology for delivering scalable, flexible, and costefficient services, with REST (Representational State Transfer) APIs acting as the primary communication interface between clients and cloud platforms. Despite their advantages, REST APIs are increasingly targeted by cyber threats such as unauthorized access, data breaches, injection attacks, and denial-of-service attacks. These vulnerabilities are often caused by improper implementation of security mechanisms, lack of standardization, and the dynamic nature of cloud environments. This paper focuses on evaluating and checking the security properties of cloud service REST APIs to ensure secure data exchange and reliable system performance. The key security properties analyzed include authentication, authorization, confidentiality, integrity, and availability. The study reviews existing systems and identifies critical limitations such as weak authentication methods, insufficient monitoring, and lack of automated security testing. To overcome these challenges, a comprehensive security framework is proposed that integrates modern security techniques such as OAuth 2.0, JSON Web Tokens (JWT), HTTPS/TLS encryption, API gateways, and automated vulnerability assessment tools. Additionally, machine learning-based anomaly detection is incorporated to identify suspicious activities and potential threats in real time. This multi-layered approach enhances the overall security posture of REST APIs in cloud environments.

The Dark Web is a hidden portion of the internet accessible only via specialized software like Tor, offering anonymity for both legal privacy needs and illegal activities such as drug sales and hacking forums. It serves as an anonymous haven for cyber threats including malware trading, hacking forums, and illicit marketplaces, complicating textual classification amid noisy, voluminous data. Existing methods integrate Latent Dirichlet Allocation (LDA) topic modeling weights with TextCNN, preprocessing Dark Web texts to derive class-specific keywords, slashing vector dimensions by approximately 300- fold for superior accuracy on DUTA-10k (25 classes) and CoDA (10 classes) over SVM, Naive Bayes, and prior benchmarks. Despite outperforming baselines, limitations persist: dependency on static datasets neglects dynamic content shifts; variable keyword tuning arises from class overlaps; real-time processing is absent; and separate components obscure neural interpretability. This paper proposes a unified deep learning architecture embedding topic modeling directly into TextCNN for real-time classification, dynamically pruning irrelevant terms while exposing neural influences via integrated keyword analysis. Key benefits include rapid threat detection for operational cybersecurity, enhanced explainability bridging probabilistic weights and deep features, reduced hyperparameter sensitivity for robust generalization, and scalable deployment across evolving Dark Web landscapes, advancing automated intelligence gathering. Key Words: Dark Web, Latent Dirichlet Allocation (LDA), real-time classification, generalization, TextCNN, operational cybersecurity.

The rapid diffusion of industry 4.0 technologies has substantially transformed the maritime transportation sectors by enabling data-driven operations, enhanced connectivity, and more intelligent decision-making processes. Digital technologies such as the Internet of Things (IoT), simulation systems, and advanced data analytics are increasingly reshaping operational structures in maritime logistics, positioning technological transformation as a strategic priority for firms. However, the weighting and prioritization of components emerging with industry 4.0 technologies remain an underexplored area in the literature. The primary motivation of this study is to determine the weights of these industry 4.0 components using the Bayesian Best Worst Method (BWM) and to reveal their corresponding credal ranking levels. In this context, the present study aims to evaluate and prioritize the critical industry 4.0 components influencing technological transformation processes using the Bayesian BWM. Bayesian BWM is preferred over alternative Multi Criteria Decision Making (MCDM) approaches due to its ability to explicitly model uncertainty within a probabilistic framework, generate more consistent weighting results, and flexibly incorporate decision-makers’ judgments. The findings reveal that safety and security (0.2945) constitute the most influential main component, underscoring the necessity of robust digital infrastructures and reliable systems within highly digitalized operational environments. Among the sub-components, data privacy (0.1301) demonstrates the highest global weight, highlighting the growing importance of safeguarding sensitive information in data-intensive digital systems. The results further indicate that autonomous operation and coordination play significant roles in facilitating efficient digital operations, particularly through real-time equipment monitoring and IoT-based operational visibility. Moreover, sustainability (0.1968) emerges as the second most important component, suggesting that organizations increasingly assess technological investments not only in terms of operational efficiency but also with respect to long-term resilience. Within this dimension, continuous training (0.0614) is identified as the most influential component, indicating that the success of digital transformation depends not only on technological infrastructure but also on the development of human capabilities. With the increasing digitalization of the maritime industry, protection against cyber threats has become essential for ensuring operational continuity and safeguarding data integrity. In this regard, adopting proactive cybersecurity strategies and continuously monitoring and updating systems are of critical importance. In the digital transformation of maritime transportation, integrating sustainability considerations is essential to ensure long-term operational efficiency and environmental responsibility. These practical implications are particularly relevant for policymakers, port authorities, and shipping companies seeking to enhance both digital capabilities and sustainable performance.

ABSTRACT Underwater wireless sensor networks (UWSNs) have been used increasingly for critical tasks such as environment surveillance and underwater exploration. Nevertheless, their peculiar working environment, which entails their use of acoustic communication, high message latency, low bandwidth, mobility, stringent energy resources, and noisy communication channels, renders them susceptible to complex cyber threats including Sybil, Denial of Service (DoS), and traffic analysis attacks. This reality is a major drawback to the use of traditional intrusion detection systems used in other wireless communication networks. This manuscript addresses these issues through the presentation of an optimized cyberattack detection framework in UWSNs using an equivariant quantum convolutional neural network integrated with flamingo jellyfish search optimization (CD‐UWSN‐EQCNN‐FJSO). In this approach, network traffic data from the NSL‐KDD dataset are normalized using Bayesian boundary trend filtering (BBTF) to handle noise and uncertainty. Bitterling fish optimization (BFO) is then applied for feature selection, with further statistical feature extraction made by the double probability integral transform (DPIT). Here, the designed equivariant quantum convolutional neural network (EQCNN) is well leverage equivariance properties to perform robust detection under dynamic underwater network conditions, while the flamingo jellyfish search optimization (FJFO) approach dynamically fine‐tunes the weights within the network for improved detection accuracy and lower false alarm rates. The experimental results indicate that the proposed CD‐UWSNs‐EQCNN‐FJSO approach is able to provide much 27.15%, 26.09%, and 28.10% higher accuracy and 29.03%, 25.23%, and 29.1% higher recall capabilities, as well as much lower rates of 20.09%, 22.24%, and 20.01% lower false positive rate than other UWSN‐based cyber security solutions available in the existing methods.

Retraction Note: Cyber-XAI-Block: an end-to-end cyber threat detection & fl-based risk assessment framework for iot enabled smart organization using xai and blockchain technologies

Abstract: Cybersecurity threats have grown more complex and frequent, creating serious risks for organizations, critical infrastructure, and individuals worldwide. Traditional signature-based security tools can no longer effectively identify and deal with advanced, evasive, and quickly changing cyber-attacks, such as zero-day exploits, ransomware, and multi-stage intrusion campaigns. As a result, there is a strong need for real-time cyber threat detection and response systems that adjust dynamically and offer timely, actionable information to security operations teams. This paper provides a detailed review of modern methods that combine machine learning (ML) and open-source intelligence (OSINT) gathered through automated web data scraping. Machine learning offers powerful analysis for spotting both known and unknown threats by recognizing patterns and detecting anomalies in various telemetry data, including network traffic, system logs, and endpoint activities. OSINT enhances these systems by supplying external insights into new vulnerabilities, threat actor tactics, techniques, and procedures (TTPs), as well as real-time cyber threat intelligence shared across open channels like social media, security forums, paste sites, and the dark web[1][2][3].By combining ML-based internal monitoring with continuously updated OSINT feeds, advanced systems improve threat classification accuracy, lower false alarms, and provide contextual information that aids proactive responses. This review looks into the key architectures, machine learning algorithms, and natural language processing techniques for analyzing OSINT, along with illustrative case studies in IoT, finance, and healthcare. It also highlights existing challenges, such as managing data quality, ensuring model robustness, and addressing privacy and compliance issues. It outlines future research directions, focusing on federated learning, explainability, and blockchain-enabled threat intelligence sharing. This paper aims to be a valuable resource for researchers and practitioners seeking more effective, adaptable, and integrated cyber security defence frameworks that can tackle the increasingly sophisticated threat landscape.

The Straits of Malacca and Singapore are among the most strategically important maritime chokepoints in the global trading system. Although conventional threats such as piracy have been managed through regional cooperation, the rapid digitalisation of ports, vessel traffic systems, and naval command infrastructures has created new hybrid cyber-physical vulnerabilities. Despite recurring cyber incidents between 2020 and 2025, no institutionalised real-time cross-border Cyber Threat Intelligence (CTI) mechanism has emerged among Indonesia, Malaysia, and Singapore. This study examines the puzzle of institutional inertia under growing threat interdependence and its implications for SDG 9, Target 9.1 on resilient infrastructure, and SDG 17, Targets 17.16 and 17.17 on knowledge-sharing and effective public-private partnerships. Drawing on 18 semi-structured interviews and qualitative analysis of policy documents from 2020 to 2025, the study identifies three governance bottlenecks: legal-institutional ambiguity, sovereignty-related political constraints, and technical-operational interoperability gaps. Building on Regional Security Complex Theory and regime complexity scholarship, the article theorises Cooperative Sovereignty as a middle-ground governance modality between supranational integration and sovereignty-maximising bilateralism. It proposes the Malacca Cyber Intelligence Node (MCIN) as a federated, sovereignty-compatible mechanism for structured cyber threat signalling while preserving national control over data. The study contributes to governance scholarship and offers actionable pathways for strengthening maritime cyber resilience in sovereignty-sensitive regions.