Secure cyber-physical systems: Identification and mitigation strategies for Markovian chain-based FDI attacks.

Implementation of an RL-based cyberattack detector using VaR thresholding approach.

The Windows-APT Dataset 2025 represents a significant advancement in cybersecurity research, addressing critical gaps in the understanding of advanced persistent threat (APT) tactics against Windows systems. Existing datasets largely focus on network data, often overlooking the detailed tactics, techniques, and procedures (TTPs) used by sophisticated threat actors. To bridge this gap, we developed a comprehensive dataset of 36 APT-inspired scenarios derived from threat actor profiles documented in the MITRE ATT&CK framework. Scenario selection mirrors MITRE ATT&CK group entries reported as China-attributed; we do not assert attribution and focus strictly on reproducing reported TTPs for research. Leveraging the MITRE Caldera framework for adversary emulation, we generated extensive system and network event logs, collected via Wazuh, and systematically mapped them to the MITRE ATT&CK framework. This dataset provides a valuable asset for machine learning model training, intrusion detection system evaluation, and the enhancement of APT dynamics studies. By providing a detailed view of APT activities in Windows environments, it enables stronger threat detection, informs defensive strategies, and facilitates development of effective countermeasures against emerging cyber threats. The dataset package contains 19 CSV files (including 16 per-period logs, one combined log, and two supplementary CSVs for manifest and validation), along with configuration files to support exact replication.

The global maritime industry, a critical pillar of international trade, continues to face persistent challenges in ensuring the integrity, security, and transparency of containerized cargo data, particularly during ocean transport. Traditional container tracking systems at sea often lack the reliability and resilience required to prevent data tampering, cyber threats, and operational inefficiencies. As supply chains become more complex and interconnected, the demand for robust, end-to-end data security solutions becomes more pressing. A promising technological advancement in this area is the convergence of smart containers, equipped with Internet of Things (IoT) sensors for real-time condition monitoring, and blockchain technology (BCT) for secure data validation. These IoT devices facilitate continuous tracking of critical parameters such as location, temperature, humidity, tilt, and the like. However, the data they generate remains vulnerable to cyberattacks, signal disruptions, and unauthorized alterations. Blockchain’s decentralized and tamper-evident architecture addresses these vulnerabilities by enabling secure data immutability, transparent audit trails, and enhanced stakeholder trust. Despite its potential, the practical integration of blockchain with smart container systems in maritime logistics remains largely underexplored. To bridge this gap, this paper proposes a blockchain-enabled smart container monitoring system that combines container real-time data with secure physical tracking. Furthermore, to ensure scalability and efficient in data storage, hybrid on/off-chain architecture is introduced, balancing blockchain integrity with performance and resource optimization.

This paper focuses on improving the cybersecurity of Supervisory Control and Data Acquisition (SCADA) systems, which play a critical role in managing industrial and critical infrastructure processes. Due to increasing connectivity and the integration of legacy systems with modern networks, SCADA systems have become attractive targets for cyberattacks, particularly Denial of Service (DoS) attacks. The study analyzes common cybersecurity measures used to protect SCADA systems, including network segmentation, firewalls, strong authentication mechanisms, intrusion detection and prevention systems (IDS/IPS), and secure communication protocols. Special attention is given to the operational principles and impacts of DoS attacks on SCADA environments. A simulation-based approach is employed to demonstrate a DoS attack against a SCADA system deployed in a virtual environment. Network traffic analysis is performed using the Wireshark tool to detect abnormal packet flows, while the Snort IDS/IPS is configured to identify and block malicious traffic in real time. The results show that the implemented IDS/IPS mechanisms effectively detect, mitigate, and prevent DoS attacks, significantly reducing their impact on system availability and resource consumption. The findings highlight the importance of layered security approaches and real-time monitoring tools in enhancing the resilience of SCADA systems against cyber threats. Keywords: SCADA systems, cybersecurity, Denial of Service (DoS), IDS/IPS, Wireshark, Snort, network security, critical infrastructure.

This article examines the integration of digital forensics, archival theory, and technology, focusing on the management, preservation, and authenticity of digital documents. It draws on Buckland and Rondinelli’s concept of information-as-thing to discuss how data, texts, documents, objects, and events can be treated as digital evidence, considering aspects of authenticity, reliability, and trustworthiness. The study addresses practical challenges in digital forensics, such as rapid technological evolution, format diversity, digital vulnerabilities (ransomware, deepfakes, and the use of Artificial Intelligence in content manipulation and detection), and the complexity of collecting and preserving evidence across devices and cloud-based platforms. It highlights models such as Digital Records Forensics (DRF) and the Preservation Chain (CoP), which combine archival science, law, and digital forensics to ensure the integrity and legal validity of digital records. Brazilian legislation on cybercrimes—including the Civil Rights Framework for the Internet, the General Data Protection Law (LGPD), the Carolina Dieckmann Law, and regulations related to electronic fraud, crypto-assets, and the protection of children and adolescents—is presented, emphasizing its relevance to forensic practice. Institutional initiatives, such as the Chegando Junto Project and the work of the Public Prosecutor’s Office of Minas Gerais (MPMG), illustrate the importance of public policies and educational actions to prevent digital fraud, in partnership with international organizations such as the Global Anti-Scam Alliance (GASA). As this is a conceptual and exploratory study, its conclusions lack empirical generalizability, indicating the need for future research on the practical application of the DRF/CoP model. The article concludes that integrating archival science, digital forensics, and technology—combined with continuous professional development and institutional action—is essential to ensure the trustworthiness of digital evidence, strengthen the social role of institutions, and protect society against emerging cyber threats. Key words: digital forensics; archival science; cybersecurity; public policies; digital evidence.

Cybersecurity is an urgent concern for small and medium enterprises (SMEs) in Uganda, driven by the rapid digital transformation of businesses and increasing dependence on online platforms. This study explores Ugandan SMEs' cybersecurity challenges, highlighting prevalent cyber threats, risk exposure, and a cyber maturity typology to mitigate cybercrime effectively. Using a qualitative, descriptive research design based on secondary data and a literature review, the study examines how Digital, Blended, and Traditional Business Models influence SMEs' cybersecurity preparedness. A key contribution of this research is the development of a context-sensitive typology of SME cyber maturity, which categorises businesses as Traditional, Transitioning, Digitally Enabled, and Digitally Mature, aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework but adapted to Uganda's unique environment. The study identifies ongoing issues such as data breaches, financial fraud, and weak digital infrastructure, as well as gaps in policy enforcement and the disconnect between cybersecurity regulations and SME operators' literacy levels, as key cybersecurity threats. Informal responses to cybercrime, including vigilante actions, are also highlighted. This study provides a maturity typology for SMEs that guides policymakers and business owners in improving cybersecurity practices in Ugandan SMEs. The study calls for multi-stakeholder collaboration, stronger regulatory enforcement, and scalable awareness programs to build a more resilient SME sector. Overall, this study contributes to the discourse on SME cybersecurity by proposing literacy-sensitive interventions tailored to the needs of Uganda and offering a foundation for future research into the effectiveness of Uganda's cybersecurity frameworks.

Cybersecurity of linear accelerators in radiation oncology beyond ransomware.

Current Unmanned Aerial Vehicle (UAV) swarm designs prioritize physical reliability over network security, leaving systems vulnerable to increasingly sophisticated cyber threats in complex environments. Existing defense methods are mostly limited to peripheral network security technologies, such as encryption, authentication, and firewalls. Consequently, they lack deep integration at the formation architecture level. This separation results in a disconnect between system reliability design and security protection mechanisms, making it difficult to effectively deal with high-level security threats such as internal backdoor vulnerabilities. To this end, this paper proposes an endogenous security architecture for UAV swarm based on dynamic heterogeneous redundancy (DHR) and cooperative supervision. Firstly, a theoretical model of DHR system for UAV swarm was constructed, and discrete nodes are abstracted as dynamic heterogeneous resource pools. Through the formal definition of the heterogeneous executor space, redundancy adjudication mechanism, and dynamic scheduling method, we demonstrate how this architecture suppresses common mode failures by introducing internal and external uncertainties, thereby realizing the coordination and unification of safety and security. Secondly, a distributed security control strategy based on cooperative supervision is proposed, which uses cross-validation between neighbors to replace the centralized adjudication of traditional DHR, solves the problem of anomaly detection in a decentralized environment, and combines reactive cleaning and periodic disturbance scheduling to give the system the ability to self-heal against unknown threats. Simulations in various attack scenarios demonstrate the proposed method’s superiority over traditional architectures. Especially in the simulated dormant multi-mode Advanced Persistent Threat (APT) scenario, the system can still maintain availability of more than 81%, which effectively verifies the key role of the coordination mechanism of heterogeneity, redundancy and dynamics in enhancing the safety and security of UAV swarms.

The rapid growth of Internet of Medical Things (IoMT) devices has revolutionized diagnostics and patient care within smart healthcare networks. However, this progress has also expanded the attack surface due to the heterogeneity and interconnectivity of medical devices. To overcome the limitations of traditional batch-trained security models, this study proposes an adaptive online intrusion detection framework designed for real-time operation in dynamic healthcare environments. The system combines Leveraging Bagging with Hoeffding Tree classifiers for incremental learning while integrating the Page–Hinkley test to detect and adapt to concept drift in evolving attack patterns. A modular and scalable network architecture supports centralized monitoring and ensures seamless interoperability across various IoMT protocols. Implemented within a low-latency, high-throughput stream-processing pipeline, the framework meets the stringent clinical requirements for responsiveness and reliability. To simulate streaming conditions, we evaluated the model using the CICIoMT2024 dataset, presenting one instance at a time in random order to reflect dynamic, real-time traffic in IoMT networks. Experimental results demonstrate exceptional performance, achieving accuracies of 0.9963 for binary classification, 0.9949 for six-class detection, and 0.9860 for nineteen-class categorization. These results underscore the framework’s practical efficacy in protecting modern healthcare infrastructures from evolving cyber threats.

MCP-Orchestrated Agentic AI Framework for Autonomous Cyber Threat Detection and Digital Forensics

Risk assessment and underwriting practices in general term insurance in the Mumbai region play a vital role in the life insurance industry by evaluating policyholder risk and determining appropriate premium rates. General term insurance offers financial protection to families in the event of the insured’s untimely death, providing coverage for a fixed term, usually from five years up to age 85. Its affordability and substantial death benefits make it suitable for diverse demographic groups, including young professionals and retirees. The risk assessment process involves analyzing factors such as age, health condition, occupation, lifestyle habits, and medical history. Based on this evaluation, underwriters classify applicants into different risk categories that directly influence premium calculations and policy approval decisions. In recent years, insurers in Mumbai have increasingly adopted advanced technologies such as data analytics and artificial intelligence to improve accuracy, speed, and personalization in underwriting. Despite these advancements, the sector faces challenges including regulatory changes, technological disruptions, competitive pressures, and emerging risks such as climate change and cyber threats. Ensuring data privacy and regulatory compliance remains crucial as insurers depend heavily on personal data for risk evaluation and decision-making.

This paper examines the complexities of cyberspace security governance. By using illustrative examples from the United States, the article explores how uncertainty, challenges in attribution, and the multiplicity of actors in cyberspace, when interacting with overlapping responsibilities among security and defense agencies, may create conditions associated with gray security governance, in which institutional and operational boundaries become less clearly defined. It is also argued that the current ambiguous form of cyber governance has allowed states to pursue strategic objectives in cyberspace without crossing the threshold of traditional conflict, which might enhance the difficulty in identifying and responding to cyber threats. Examples throughout the analysis will elucidate these challenges, highlighting that such governance dilemmas are globally present. The paper concludes with potential recommendations for a research and policy agenda to address the complexity of gray governance in cyberspace and how to overcome it.

Bridge monitoring has undergone a significant transformation with the integration of advanced technologies, including structural health monitoring systems, Internet of Things sensors, unmanned aerial vehicles, artificial intelligence, and cloud computing. These technologies enable continuous real-time data acquisition, processing, and early detection of structural degradation. However, their deployment also introduces a range of emerging risks that require careful consideration. This paper presents descriptive risk listings and proposes a comprehensive risk-governance framework for advanced bridge monitoring using the SWOT analysis. The framework integrates a unified risk taxonomy and assessment that links sensor and AI performance with cyber threat modeling and data governance requirements. The application of two real deployments, the Jindo Bridge SHM program and the Stava Bridge digital-twin implementation, shows how the framework converts heterogeneous measurements for improving bridge lifecycle management with the implementation of advanced monitoring technologies. Compared with prior studies that primarily catalog risks, the contribution of the paper is an interdisciplinary, operationalizable method that couples reliability, security, and governance into a single process, thereby ensuring that advanced technologies enhance, rather than erode, the safety and resilience of bridge infrastructure.

Intrusion Detection Systems (IDS) deal with issues concerning the ever-escalating level of sophistication observed within cyber threats. Nonetheless, IDS performance is deteriorated by class imbalance and excessively high-dimensional features, which cause biased classifier training towards major traffic patterns. Thus, this research introduces an innovative hybrid clustering IDS approach that utilizes MiniBatchKMeans clustering and ensemble machine learning strategies to mitigate these challenges. The suggested IDS approach utilizes the Synthetic Minority Over-sampling Technique for addressing class imbalance problems, Fast Correlation-Based Filter for reducing high-dimensional features, and Hyperopt Tree-structured Parzen Estimator for optimizing clustering and machine classifiers' parameters. Four supervised machine classifiers — Decision Tree classifier, Random Forest classifier, Extra Trees classifier, and XGBoost classifier— were trained and validated on the NSL-KDD IDS dataset. Additionally, experimental analysis indicated a superior detection accuracy for all classifiers, for which the best-optimized XGBoost classifier and best-optimized Random Forest classifier provided 99.57% and 99.51% accuracy, respectively. The proposed clustering-optimized machine IDS approach provided substantial improvements for identifying minority class attacks, along with sustainability and high generalization capabilities. The obtained outcomes support the research premise concerning the efficacy of cluster-aware sampling and ensemble optimizations for designing more balanced, accurate, and adaptive IDS systems for effectively protecting against ever-escalating real-life threats within the cyberworld.

The steady growth in India’s e-commerce sector is expected to reach above USD 363 billion by 2030. This development highlights the industry’s substantial influence on the digital economy. However, this escalation has led to shortcomings, including cyber and security threats such as data breaches, payment fraud, and product liability. They undermine consumers' trust, reputation and financial status of the E-commerce platform. This paper critically examines the prevalent cybersecurity threats targeting e-commerce platforms. It analyses the efficient working of current legal frameworks, compliance by platforms and legal accountability for the resulting harm utilising safe harbour principles. The Research study employed is a qualitative doctrinal and case law-based analysis. Preliminary findings indicate weak enforcement due to fragmented regulation, inadequate penalties, vague definitions, and uncertain legal accountability resulting from the erosion of conditional immunity under Section 79. Geographically confined to the Indian Context, this paper seeks to make a practical contribution by proposing reform recommendations which aim to clarify liability, compliance mandates, enhance grievance redressal mechanisms, foster consumer trust, and improve cybersecurity resilience within the e-commerce ecosystem. Keywords: Cyber Law, Cybersecurity Challenges, Data Privacy, Digital Consumer Rights, E-Commerce Regulation

Intrusion detection systems (IDS) are becoming essential for protecting network infrastructures due to the quick growth of cyber threats. Class imbalance makes it difficult for conventional machine learning-based IDS models to detect uncommon attack types, which results in a significant number of false negatives. Recent developments in Deep Learning (DL), particularly hybrid architectures and adaptive sampling techniques, offer promising solutions to improve intrusion detection accuracy. This article aims to enhance network intrusion detection by integrating DL models with advanced resampling techniques to address class imbalance and improve feature extraction. Two hybrid models are explored: Hybrid of Autoencoder-CNN and Transformer-DNN (HACTD-Net), and 1D-TCN-ResNet-BiGRU-Multi-Head Attention (TRBM-Net), each leveraging different approaches for feature learning and class balancing. The HACTD-Net models employ ADASYN-SMOTE and ENN to improve minority-class representation. The TRBM-Net model integrates Borderline SMOTE-OSS hybrid sampling to generate synthetic attack samples while filtering noise. We evaluate these representations using the CICIDS2017 and NF-BoT-IoT-v2 datasets, assessing their performance in terms of accuracy, precision, recall, and F1-score. The HACTD-Net models attained 99.88% accuracy in classification, demonstrating robust performance against various network attacks. The TRBM-Net model, incorporating a multi-head self-attention mechanism, achieved 99.72% accuracy, effectively enhancing minority-class detection while reducing false alarms. This study demonstrates that hybrid deep learning models combined with optimized resampling techniques significantly improve IDS performance. The integration of contextual and spatial feature extraction with balanced training data enhances detection rates, particularly for rare attack types. These results provide a basis for developing real-time, adaptive IDS solutions for modern network security challenges.

As a result of the increased use of interconnected technologies in healthcare systems, there has been a rapid transformation of healthcare organizations and an increase in reliance on these technologies, thus changing how hospitals operate. Hospitals now utilize many technologies that are interconnected through a number of electronic health record (EHR) systems, Internet of Medical Things (IoMT) devices, telehealth platforms, and cloud-based systems. While technology allows hospitals to provide better care and operate more efficiently, it has resulted in increased exposure to various types of cyber threats. Cyber threats directed at healthcare organizations include ransomware, phishing attacks, insider threats, and the exploitation of medical devices, and there are numerous case studies linking cyber incidents and the operational disruption they cause to the risks associated with the safety of patients. This article reviews the current state of cybersecurity in health care organizations with an emphasis on the legal obligations created by major regulatory frameworks—including HIPAA, HITECH, the GDPR, the NIS2 Directive, and cybersecurity guidance for medical devices—because of the increased reliance on these technologies. This article also discusses the intersection of various legal frameworks including data protection laws, the regulation of critical infrastructure, tort liability, and corporate governance; evaluates civil liability risk created through the use of technology, exposure to civil penalties for violations of regulations, notification of affected parties when a breach occurs, and third-party liability for cloud and vendor environments; and discusses ethical issues related to confidentiality, professional duties, and the effects of decisions made in response to ransomware attacks. The findings demonstrate that cybersecurity in hospitals has evolved from a technical IT function into a comprehensive legal and governance responsibility requiring board-level oversight, structured risk management frameworks, continuous compliance documentation, and workforce training. Strengthening institutional resilience requires integrating cybersecurity into enterprise risk management and aligning regulatory compliance with patient safety imperatives.

ABSTRACT This study presents a centralized network security solution that utilizes the Internet of Things (IoT) ecosystem’s Raspberry Pi 4 (RPI4). The system delivers complete cyber threat detection and mitigation capabilities by combining Nmap scanning, file upload for malware detection, password management, and honeypot capability. Taking preventative action, it fortifies network security in a variety of settings, keeping pace with the rapidly changing IoT device market and cybersecurity needs. Because of its scalability and affordability, RPI4 is the best option for enterprises looking to implement strong network protection tactics in their IoT networks.

Abstract The integration of the Cognitive Internet of Things (CIoT) into Cyber-Physical Systems (CPSs) is driving the development of the next generation of intelligent, adaptive, and autonomous infrastructures. CIoT extends traditional IoT by embedding cognitive capabilities, such as data prediction, pattern identification, and decision-making, into networked devices, enabling CPS to dynamically adapt to changing operational environments. A serious utilisation of this transformation is efficient spectrum allocation, which is becoming increasingly complex in highly dynamic and heterogeneous CIoT environments. Due to the exponential growth of connected devices and data-intensive applications, traditional static spectrum management methods are no longer viable. Therefore, the futuristic architecture of CIoT-enabled CPS incorporates cognitive radio technology to adapt to the radio frequency environment. The dynamic spectrum access (DSA) ability allows CPS components to recognise underutilised frequency bands, allocate spectrum resources in real time, optimising communication efficiency and reducing interference. This cognitive spectrum-aware approach enhances the network performance and reinforces the dependability of CPSs against cyber threats. Following this approach, this study presents a simulation-based evaluation of a proactive spectrum-allocation framework for CIoT-enabled CPS, incorporating dynamic parameters such as mobility, interference, and energy constraints into the decision-making state vector. Using reinforcement learning, the system anticipates spectrum demand and optimises channel selection. The simulation results demonstrate that the CIoT model significantly outperforms the random baseline of reducing latency, minimising collisions, and improving spectrum utilisation. Outcomes validate the effectiveness of intelligent, context-aware resource management for enhancing communication reliability and efficiency in CPS environments.