Cyber Threats Research Articles

Creating a Scalable Model for Integrating Cybersecurity Best Practices in Early-Stage Tech Startups

Early-stage tech startups face unique challenges in implementing robust cybersecurity measures due to limited resources, lack of awareness, and competing priorities. These vulnerabilities expose startups to potential cyber threats, which can disrupt operations, tarnish reputations, and erode investor confidence. This study proposes a scalable model for integrating cybersecurity best practices tailored to the unique needs of early-stage tech startups. By leveraging a combination of proactive risk assessment, cost-effective technologies, and a phased implementation strategy, the model aims to bridge the gap between cybersecurity demands and startup constraints. The model is built on three pillars: (1) Risk Prioritization, which involves identifying critical assets and assessing their vulnerability to cyber threats; (2) Cost-Efficiency, focusing on leveraging open-source tools, cloud-based security solutions, and managed services to optimize cybersecurity investments; and (3) Scalability, which ensures that the cybersecurity framework evolves alongside the startup's growth and increasing complexity. A key component of this approach is the emphasis on cybersecurity awareness and training for startup teams, fostering a security-first culture from inception. The model integrates automated monitoring and real-time threat detection to minimize the operational burden of cybersecurity management. Additionally, partnerships with cybersecurity advisory firms and incubators are recommended to provide startups with access to expertise and resources without the need for in-house specialists. The effectiveness of the proposed model is evaluated through case studies of startups that have successfully adopted cybersecurity frameworks early in their lifecycle. Results demonstrate improved resilience against cyber threats, reduced recovery costs, and enhanced stakeholder trust. This study contributes to the broader discourse on cybersecurity by addressing a critical gap in existing practices—scaling security measures for resource-constrained startups. Future research directions include refining the model with machine learning techniques to predict and mitigate emerging threats.

A Novel ML-based Framework for Securing Communication in IoT Devices

Machine Learning Techniques for Reliable & Secure Communication in IoT Devices is an emerging research area that focuses on enhancing the communication protocols and security measures of Internet of Things (IoT) devices using machine learning (ML) approaches. IoT devices are widely used in various sectors such as healthcare, smart cities, agriculture, and industrial automation, where reliable and secure communication is crucial. Machine Learning (ML) techniques provide an effective approach to address these challenges by enhancing security, optimizing network performance, and mitigating cyber threats. The integration of ML into IoT security enables real-time anomaly detection, threat mitigation, encryption-based secure communication, unauthorized access can be detected, and threats can be mitigated in real-time basis as many security models fail to scale effectively with growing IoT networks.

Stacking ensemble classifier for phishing detection: A cyber security model with efficient feature descriptor

Given the dynamic nature of cyber threats, phishing attack detection is still a significant difficulty in the field of cyber security. This paper suggested a novel method for detecting the phishing attack through the ensemble classifier coupled with an efficient feature descriptor, involves preprocessing, extraction of features, and classification steps. At first, the input data has been preprocessed using the proposed normalization techniques to ensure standardized and consistent data representation. Subsequently, features like improved entropy, statistical attributes and mutual information are obtained from the preprocessed data, capturing the characteristics of phishing attempts. These extracted features serve as inputs to a stacked ensemble classifier made up of Support Vector Machine (SVM), Neural Network (NN) Random Forest (RF) and improved Long Short-Term Memory (LSTM), where the outputs of SVM, NN and RF classifiers are combined and fed into an improved LSTM classifier. The improved LSTM model leverages temporal dependencies to provide the final classification output, distinguishing between “attack” and “non-attack” instances. Through experimentation on benchmark datasets, the proposed approach demonstrates superior performance with respect to precision, F-measure, and recall, showcasing its efficacy in phishing detection. This research contributes to advancing cybersecurity by providing a resilient and comprehensive solution for detecting the phishing threats in digital environments.

Mitigating Cyber Threats in the Retail Industry: A Blockchain-Based Approach for Secure Transactions and Data Privacy

The retail industry has become an increasingly attractive target for cyber threats due to its extensive use of digital transactions and sensitive customer data. The rise in cyber fraud, identity theft, and payment breaches necessitates innovative security solutions. This paper explores blockchain technology as a robust approach to mitigating cyber threats in the retail sector. By leveraging decentralization, immutability, and cryptographic security, blockchain ensures secure transactions and enhanced data privacy. This study discusses various applications of blockchain in retail cybersecurity, highlights key challenges, and proposes solutions for seamless adoption.

Transfer learning for securing electric vehicle charging infrastructure from cyber-physical attacks

Electric Vehicle Charging Station (EVCS) security is a growing concern in today’s connected world due to the growing complexity and frequency of cyber threats. Traditional Intrusion Detection Systems (IDS) for EV chargers struggle to detect novel or unexpected attacks due to their usage of predetermined signatures and limited detection capabilities. Existing EV charging station security systems are unable to identify many known and undiscovered threats since they primarily rely on feature selection and categorization accuracy. It is common for these systems to be constructed using conventional machine learning algorithms. So many common signs of attacks are ignored. This paper proposes a Transfer learning (TL) framework for cyber-physical attack detection in EVCS in order to overcome these difficulties and improve both accuracy and scalability. The weights preserved from the Deep Neural Network (DNN) model after implementing data normalization and min-max scaling techniques utilized for training are used to initialize a new model termed Transfer Learning. The study also provides a comparison with different DL models such as Long Short-Term Memory (LSTM), Recurrent Neural Networks (RNN), Long Short-Term Memory-Recurrent Neural Networks (LSTM-RNN), and Gated Recurrent Unit (GRU). The CICEVSE2024 (EVSE-A and EVSE-B) datasets are used to assess the framework, where one dataset is used to train and store weights, and the second is used to evaluate the learned patterns using transfer learning. Several evaluation matrices are used to evaluate the suggested model. The experimental results demonstrate that the TL model attained 93% accuracy. Consequently, the pre-train TL model provides a high degree of symmetry between EVCS security and the detection of malicious attacks.

AI-Driven Threat Intelligence and Automated Incident Response: Enhancing Cyber Resilience through Predictive Analytics

Cybersecurity is a critical concern for organizations as the complexity and volume of cyber threats continue to grow. Traditional methods of threat detection and incident response, such as signature-based detection and rule-based systems, are increasingly ineffective against sophisticated and evolving attacks. This study explores the integration of Artificial Intelligence (AI) and Machine Learning (ML) in enhancing threat intelligence and automating incident response. By leveraging predictive analytics, anomaly detection, and real-time data processing, AI-driven systems offer significant improvements in both the detection and mitigation of cyber threats. The research evaluates the effectiveness of an AI-powered threat intelligence system across various attack types, including phishing, ransomware, DDoS attacks, Advanced Persistent Threats (APTs), and malware variants. Results show that the AI system achieves a 94.44% detection rate for phishing attacks, with significant improvements in response times and mitigation accuracy. Predictive analytics further enhances cyber resilience by forecasting potential threats with 90% accuracy, allowing for proactive defense strategies. Despite the positive results, the study acknowledges limitations such as dataset diversity, model biases, and scalability issues. The findings suggest that AI, when integrated with human expertise, can revolutionize cybersecurity by providing faster, more accurate, and scalable solutions. Future research should focus on improving the explainability of AI models, addressing ethical concerns, and exploring the scalability of AI-driven solutions in large-scale networks. The study advocates for the adoption of predictive analytics as a core element in cybersecurity practices to build more resilient systems capable of combating the increasing threat landscape.

CARIOCA: prioritizing the use of IoC by threats assessment shared on the MISP platform

As the use of information systems exponentially increases, every organization is exposed to cyber-attacks. To detect and mitigate the damage caused by such attacks, organizations need to share information extracted from the analysis of known ones. Intrusion detection (IDS) and intrusion prevention (IPS) systems use information on known threats to detect and prevent attack re-execution. Given the large amount of information usually available for known attacks, restricting such amount only to really valuable information is necessary to allow protection systems to work more efficiently. One of the main challenges in cyber threat intelligence (CTI) is to filter relevant information and eliminate obsolete data. The recently published RFC 9424 emphasizes the need to produce such systems. In this work, a methodology named comprehensive assessment and rating of IoCs via CADE algorithm (CARIOCA) is proposed, which aims to analyze data contained in the CTI platform to select a subset of indicators of compromise (IoCs) considered most relevant for protection systems. Through CARIOCA, IoCs evaluation based on three level scorings is proposed, considering sources’ reliability, IoCs freshness, and CTI reports quality using a new algorithm, named category attribute density evaluation (CADE). The state-of-the-art considers the qualities of an IoC or the estimated reliability of the CTI source to select relevant IoCs. By combining three scores, CARIOCA can comprehensively assess IoCs relevance. The results obtained in the experiments support CARIOCA’s effectiveness in selecting the most relevant subset of IoCs for IDS/IPS.

Human–AI Enhancement of Cyber Threat Intelligence

This study proposes a human-AI collaboration to model the landscape of cyber threat intelligence (CTI) and use it to detect suspicious communication indicating impending cybersecurity incidents. We show how the collaboration between cybersecurity experts and AI-based text-classification methods develops an understanding of professional hackers and helps detect cybersecurity threats more accurately. The human-AI collaboration rests on a Reciprocal Human–Machine Learning (RHML) model, in which a human expert and a machine interact repeatedly over time and simultaneously continually learn to detect professional hackers. Two cybersecurity experts employed qualitative data analysis and worked with RHML software assistance to classify 6651 messages from an online hackers’ forum. We discovered an improvement, over time, of both the detection accuracy and the experts’ understanding of the threat landscape as represented by their concept maps. In particular, the concept map refers to the hacker’s capabilities, intent, and behaviour to define the threat landscape needed for professional detection, in contrast to amateur hackers. We believe this approach may ultimately lead to a more robust and proactive cybersecurity posture and translate into operational advantages in the field of CTI.

Risks and Cybersecurity of Banking Business Entities in Russia

The article is devoted to the study of the problems of identifying and analyzing systemic, credit, inflation and other risks, including the regulation of cyber threats and the confrontation of Russian banking business entities with new challenges of the information war. The quantitative assessment of the dynamics of the number of banking business entities made it possible to identify trends in their reduction in 2024, which aff ects the narrowing of the boundaries of bank financing. The analysis of the net profit of the largest federal banks in Russia conducted in the article indicates a strong differentiation of income of credit and financial institutions depending on the volume of transactions, the number of banking services and services, the availability and growth of bank branches, etc. The article examines the dynamics of assets of credit institutions in the Russian banking sector, and also reveals the pattern of formation of the loan portfolio of banks, the structure of which is dominated by loans from legal entities. The article defines the role of Kaspersky Lab JSC in the system of ensuring cybersecurity of banking business entities. In this regard, the author conducted a more detailed analysis of the financial activities of Kaspersky Lab JSC, as well as the calculation of its performance indicators adjusted for inflation risk. The author presents an assessment of threats to internal and external economic security in the Russian banking business, providing an idea of choosing a package of cybersecurity services. As a result of the research, the article presents recommendations on protecting banking business entities from internal and external threats to economic security, including measures to encrypt and ensure cryptographic protection of databases.

Enhancing Cybersecurity Resilience in Government and Public Infrastructure: AI-Driven Threat Detection and Response Systems

Government and public infrastructure are prime targets for cyber threats due to their critical role in national security and public safety. The increasing sophistication of cyber-attacks necessitates the adoption of advanced cybersecurity measures. This research explores the integration of Artificial Intelligence (AI)-driven threat detection and response systems to enhance cybersecurity resilience in government and public infrastructure. It highlights AI's role in real-time threat intelligence, anomaly detection, and automated mitigation strategies. The study further discusses challenges, potential solutions, and future research directions in AI-driven cybersecurity frameworks.

Enhancing Proactive Cyber Defense: A Theoretical Framework for AI-Driven Predictive Cyber Threat Intelligence

The rapid evolution of cyber threats and the dynamic nature of the threat landscape have necessitated the development of proactive and predictive defense mechanisms. This research proposes an AI-driven framework for predictive cyber threat intelligence aimed at enhancing organizational cybersecurity by identifying and mitigating threats before they materialize. The framework integrates diverse data sources, including network logs, endpoint data, and threat intelligence feeds, to generate actionable insights using advanced machine learning algorithms such as anomaly detection, pattern recognition, and predictive analytics. A continuous feedback loop ensures the adaptability of the framework through model retraining, anomaly adjustment, and performance monitoring. By leveraging supervised and unsupervised learning models, the framework addresses both known and unknown threats, providing scalable, real-time threat detection and risk assessment capabilities. This approach shifts the cybersecurity paradigm from reactive to proactive, enabling organizations to anticipate and counteract sophisticated cyber-attacks effectively. The proposed system’s application is demonstrated through practical scenarios, highlighting its potential to transform decision-making in high-stakes cybersecurity environments.

Securing AI in Global Health Research: A Framework for Cross-Border Data Collaboration

Artificial intelligence (AI) is transforming global health research by enabling advanced data analytics for disease modeling, clinical trials, and personalized medicine. However, cross-border data sharing introduces significant challenges related to security, ethics, and regulatory compliance, particularly concerning patient privacy, cybersecurity threats, and adherence to standards such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and emerging AI regulations. The increasing sophistication of cyber threats, coupled with inconsistent legal frameworks, underscores the urgent need for robust security measures. This paper explores AI-enhanced security frameworks designed to facilitate secure and ethical global data collaboration while preserving data integrity, patient confidentiality, and equitable access to healthcare advancements. We propose a novel security model that integrates federated learning, blockchain technology, and AI-driven threat detection to mitigate risks associated with cross-border health data exchange. These technologies enable decentralized data processing, enhance security through immutable ledgers, and proactively identify cybersecurity threats in real time. Our approach is particularly relevant to rare disease research, drug development, and pandemic preparedness, where seamless yet secure international data sharing is crucial for advancing medical science while safeguarding sensitive patient information.

ETHICAL HACKING: STRENGTHENING CYBER DEFENSES AGAINST ATTACKS

In the rapidly evolving digital landscape, cyber threats are becoming increasingly sophisticated, posing significant risks to organizations worldwide. Ethical hacking has emerged as a proactive strategy to identify and mitigate vulnerabilities before malicious actors can exploit them. This paper explores the role of ethical hacking in strengthening cyber defences against attacking resilient cybersecurity infrastructures.

A WEB-BASED INTERACTIVE REMEDY CONSOLE WITH HONEYPOT SERVER

With the evolution of cyber threats, traditional security mechanisms such as firewalls and intrusion detection systems (IDS) have become insufficient in proactively mitigating attacks. This paper introduces a Web-Based Interactive Remedy Console integrated with a Honeypot Server designed to attract, log, and analyze malicious activities in real-time. The system provides cybersecurity professionals with an interactive platform for analyzing attack trends, identifying vulnerabilities, and implementing countermeasures. This research explores system architecture, implementation methodologies, and the efficiency of honeypot-based security analytics. Keywords-- Cybersecurity, Honeypot Server, Web-Based Security Console, Intrusion Detection, Threat Intelligence

CYBER SECURITY

Cybersecurity is a critical and rapidly evolving field within the IT industry, focused on protecting organizations from data breaches, hacking, and unauthorized access. As technology advances, so do the complexities and frequency of cyber threats, resulting in an increasing need for skilled cybersecurity professionals. Research from the Enterprise Strategy Group highlights a growing skills gap, with 46% of organizations reporting a "problematic shortage" of cybersecurity talent in 2016, up from 28% in 2015. Cybersecurity is no longer a concern limited to government agencies; it is a critical issue across various sectors, especially those safeguarding proprietary and personal information. The rise of digital platforms has transformed how people interact online, engage in e-commerce, and participate in social media. Public awareness of cybersecurity risks has grown as people increasingly rely on digital platforms for activities like banking and shopping. This paper will explore how emerging technologies and trends in cybersecurity are evolving to address these challenges, adapting to the rapid pace of technological change. KEYWORDS: Cyber-security, cyber-crime, Technology, hacking, android apps.

An Enhanced Data Privacy and Security Mitigation Technique: A Novel Federated Deep Learning (FDL) Model for Intrusion detection and Classification System For Cyber -Physical Systems in Internet of things (IoTs)

The Internet of Things (IoT) has faced difficulties in its adoption because of security and data privacy issues that exist in the modern technological environment. Modern cybersecurity systems face multiple problems due to the fast-paced development of cyber threats. The research examines the issue where modern breach methods surpass traditional defense systems. Through federated learning, multiple clients train global models together by sharing machine learning without having to exchange actual data. The document emphasized that security functions as a vital component throughout End-to-End data security configurations. FL operates as an autonomous framework that provides improved data security through decentralized IDS training mechanisms implemented across separate connected devices. This paper analyzes Federated Learning methods and Virtual security protocols which demonstrate their vital role in modern networking infrastructure for establishing secure data transfer on unsecured internet networks. The paper explores the new difficulties that confront Machine Learning model implementations. These techniques help analyze large datasets from IoT devices that connect to the internet due to their effectiveness in processing internet-based application data. A Federated CNN model will serve as an effective system in the future to detect cyber threat identification.

AI-Powered Threat Intelligence in Chips Manufacturing: Enhancing Security Against Industrial Espionage and Cyberattacks

Chips manufacturing facilities are prime targets for industrial espionage and cyberattacks due to the sensitive nature of semiconductor designs and fabrication processes. This study explores the role of AI-powered threat intelligence in safeguarding semiconductor supply chains, detecting cyber threats, and mitigating risks associated with industrial espionage. By leveraging machine learning, deep learning, and AI-driven anomaly detection, the research aims to enhance security resilience in chips manufacturing. The paper also discusses challenges, ethical considerations, and future research directions for AI-based security frameworks in semiconductor industries.

Quantum Machine Learning for Secure Financial Forecasting: Mitigating Data Breaches and Adversarial Exploits

Quantum Machine Learning (QML) offers a transformative approach to financial forecasting by enhancing predictive accuracy and cybersecurity resilience. This study evaluates QML’s effectiveness using financial market data from Yahoo Finance, comparing Quantum Long Short-Term Memory (QLSTM) to classical LSTM and ARIMA models. Security vulnerabilities were assessed using the IEEE DataPort adversarial attack dataset, while encryption performance was analyzed using Quantum Key Distribution (QKD) data from NIST. Experimental results demonstrate that QLSTM outperforms classical models, achieving lower RMSE (1.82), MAE (1.45), and MSE (3.31), indicating superior forecasting precision. Quantum Support Vector Machines (QSVM) exhibit increased adversarial robustness, limiting accuracy degradation to 11.67% under FGSM attacks and 15.60% under PGD attacks, whereas classical models suffer losses exceeding 24%. QKD provides a substantial security advantage over RSA-4096, achieving a 5.87 bps secure key rate and demonstrating over 100 years of resistance to quantum attacks, reinforcing its role as a next-generation cybersecurity mechanism for financial institutions. Despite these advantages, the adoption of QML in financial forecasting faces challenges related to high computational costs, hardware limitations, and integration complexities. Quantum security frameworks require significant infrastructure investments to ensure scalability and reliability. Financial institutions must prioritize QML investment, integrate quantum security mechanisms, and collaborate with regulatory bodies to establish standardized guidelines for secure financial applications. This study contributes to the growing field of quantum-enhanced financial analytics, highlighting its potential to mitigate cyber threats and improve financial forecasting reliability while addressing existing implementation barriers.

Real-time multi-class threat detection and adaptive deception in Kubernetes environments

Kubernetes has emerged as the backbone of modern cloud-native environments, enabling efficient orchestration of containerized applications. However, its dynamic nature exposes it to sophisticated cyber threats, including privilege escalation, reconnaissance, and denial-of-service attacks. This paper presents a novel framework that combines real-time multi-class threat detection with adaptive deception to enhance Kubernetes security. The framework integrates KServe for scalable machine learning-based threat classification, CICFlowMeter for feature extraction, and KubeDeceive for dynamic deployment of decoys, all governed by the MAPE-K loop for continuous adaptation. Evaluations demonstrate high detection accuracy (up to 91%), efficient resource utilization, and effective attacker engagement, with decoy success rates reaching 93%. The results underscore the framework’s ability to proactively mitigate threats, maintain system resilience, and provide actionable intelligence. This unified approach represents a scalable and adaptable defense mechanism for Kubernetes environments, catering to the needs of dynamic and resource-intensive cloud infrastructures.

CYBERVIDYA: Rag Infused Cyber Solutions

As cyber threats grow more sophisticated, the need for intelligent, adaptive security solutions has never been greater. CyberVidya: RAG-Infused Cyber Solutions offers a groundbreaking approach by integrating large language models (LLMs) with retrieval-augmented generation (RAG) to provide precise, real-time cybersecurity insights. Unlike traditional models that rely on static knowledge, CyberVidya continuously retrieves and processes information from a dynamic, indexed database of academic papers, ethical books, PDFs, and real-world case studies. What sets CyberVidya apart is its Non-Parametric Knowledge Retrieval, which ensures that responses are contextually accurate and directly sourced from trusted materials. Its multidimensional query-optimized retrievers work alongside advanced LLMs—GPT-2, Mistral-7B, and Llama 3.2-3B—to generate reliable, actionable insights. By incorporating document embedding and Dense Passage Retrieval (DPR), CyberVidya enhances accuracy while adapting to the ever-changing cybersecurity landscape without the need for retraining. The results speak for themselves. CyberVidya consistently outperforms industry-leading models, achieving 92.86% relevance, 85.81% similarity, and 95.06% correctness in educational queries. For scenario-based cybersecurity challenges, it maintains high performance with 92.89% relevance, 89.56% similarity, and 93.94% correctness. Comparative studies further highlight that RAG-based models surpass traditional LLMs in understanding complex cybersecurity concepts such as tactics, techniques, and procedures (TTPs) With its ability to provide accurate, real-time cybersecurity guidance, CyberVidya stands as a powerful tool for individuals, enterprises, and educators, bridging the gap between static knowledge and dynamic problem-solving.