Virtual Machine (VM) hardening is essential for mission-critical cloud infrastructures, where any security breach can result in cascading failures and operational disruption. Existing solutions remain constrained by fragmented defense strategies, limited cost awareness, and insufficient analytical guarantees. To overcome these limitations, we present VirtSec+, an entropy-aware framework that jointly models threat probability, impact severity, entropy-based exposure, and defense cost within a unified optimization formulation. VirtSec+ uses information-theoretic entropy to quantify and minimize adversarial uncertainty while dynamically allocating hardening controls to achieve risk-aware cost efficiency. The framework employs entropy-gradient updates with budget-aware activation and a convex optimization routine that ensures provable convergence with bounded runtime overhead. Extensive evaluations across representative cloud data center scenarios show that VirtSec+ reduces residual risk by up to 52%, accelerates adaptation latency by 28%, and improves resource efficiency by 2.3× over state-of-the-art baselines. All improvements are statistically significant at p<0 .01 . VirtSec+ establishes a resilient, adaptive, and mathematically grounded foundation for VM hardening in mission-critical cloud environments by integrating entropy minimization with rigorously validated cost–security optimization.

Elliptic Curve Cryptography (ECC) underpins the security of most blockchain systems, yet its practical implementations face numerous vulnerabilities. In this systematic literature review (SLR), we catalog and analyze attacks on ECC in the context of blockchain security, including side-channel attacks, nonce/PRNG failures, cryptanalysis, and implementation flaws, and we survey proposed countermeasures. We follow rigorous SLR methodology with defined inclusion/exclusion criteria, search strategies across databases such as IEEE Xplore, ACM, Scopus, Web of Science, and clear data synthesis, ensuring replicability. Emphasizing empirical case studies and real-world exploits, we discuss instances where ECC weaknesses led to blockchain breaches including biased elliptic curve digital signature algorithm nonces exposing Bitcoin/Ethereum private keys, smartphone power analysis revealing wallet keys, and Trezor hardware-wallet key extraction via single-trace side-channel analysis (SCA). We tabulate known attack vectors versus affected systems, and similarly compare countermeasure techniques such as hybrid classical/quantum schemes, threshold signatures, and zero-knowledge proofs, along with implementation trade-offs. We evaluate advances such as Curve25519/EdDSA and ARM SVE2 to mitigate side-channel leakage. Our findings highlight that practical security of blockchain cryptosystems depends on correct ECC implementation and emerging cryptographic upgrades, not merely on the mathematical hardness of elliptic curve discrete logarithm problem.

Securing sensitive visual data, such as medical images, classified surveillance or reconnaissance data, and personal multimedia, requires specialized encryption systems in the age of pervasive digital communication and cloud computing environments. Digital images exhibit high redundancy (repetitive information) and significant spatial correlations (where neighboring pixels have similar values), rendering typical encryption methods less effective. Traditional encryption methods, such as the Advanced Encryption Standard (AES), are becoming less effective as cloud computing continues to evolve. This study introduces a new image encryption system that blends feedback DNA cryptography, which uses DNA encoding for secure data transfer, with AES and a hybrid sine-skew tent map to enhance security. DNA cryptography is a novel approach that helps protect data during transmission and storage. Here, a 256-bit elliptic curve cryptography (ECC) key serves as the AES key. We investigated the performance and security metrics of the proposed framework. The results show that the ciphertext achieves a Shannon entropy of ≈ 8.0, an exceptionally low pixel correlation (almost zero in all directions), and an exceptional average differential attack resistance (NPCR ≈ 99.6072%, UACI ≈ 33.4467%), outperforming other existing techniques.

The rising rate of cyberattacks and dearth of skilled cybersecurity professionals require innovative solutions beyond traditional security measures. Large Language Models (LLMs), famed for their natural language processing abilities, present a viable way to improve cybersecurity defenses. However, despite LLMs’ exploration in various security applications, systematic research aligning LLMs’ contributions with established cybersecurity frameworks is lacking. To bridge this gap, this paper presents a systematic literature review aligned with the NIST Cybersecurity Framework (CSF 2.0) to gain a clear understanding of LLMs’ multifaceted contributions and uncover their overlooked potential, particularly in areas such as Awareness and Training within the NIST CSF 2.0 Protect function. Consequently, given the accessibility and privacy benefits of open source LLMs (OSLLMs), we have developed a benchmarking methodology using Multiple-Choice Question Answering (MCQA) to evaluate 21 state-of-the-art OSLLMs across two publicly available datasets. Our findings revealed that while larger models generally outdid smaller ones, medium-sized models achieved competitive results in specific cybersecurity areas, contesting the claim that model size alone dictates efficacy. These insights motivated a further investigation using optimized prompt engineering workflows through the DSPy framework. Our results reveal that advanced prompting techniques significantly boost the performance of smaller models, narrowing the performance gap with larger ones and broadening deployment possibilities. Furthermore, we introduced structural modifications and novel exit options to address position and forced-choice biases in standard MCQA datasets, further enhancing the reliability of OSLLM evaluations. Overall, the results of this study not only strengthen our understanding of OSLLMs’ aptitude in cybersecurity but also emphasize the impact of advanced prompt engineering and unbiased datasets in enhancing the capabilities of OSLLMs in cybersecurity.

The rapid expansion of Internet of Things (IoT) devices and the evolution of cyberthreats make the detection of denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks a critical need for the security of modern computing systems. Edge devices, characterized by their limited computing resources, present unique challenges for implementing effective security solutions, requiring optimized approaches that combine detection efficiency with computational solutions. This work presents an Edge-Oriented DoS/DDoS Intrusion Detection and Monitoring Platform, a novel anomaly detection system based on temporal analysis, specifically designed to operate on resource-constrained edge devices. The proposed approach systematically integrates four complementary temporal analysis techniques: Shannon entropy, ARIMA (AutoRegressive Integrated Moving Average), Hölder’s local exponent, and moving means, used for smoothing and trend identification. This multidimensional combination enables robust modeling of normal network traffic behavior and effective detection of statistical deviations that characterize malicious activity. Experimental validation was performed using the datasets (CIC-IDS-2017, CSE-CIC-IDS2018, CIC-IDS-2023) with a specific focus on application-layer attacks, notably DoS and DDoS attacks, such as Slowloris and SlowHTTPTest, which pose threats due to their ability to mimic their own traffic. The experimental methodology included 99% confidence intervals, ensuring statistical rigor. A significant methodological contribution was the implementation of cross-dataset cross-validation to assess temporal transferability, demonstrating the models’ ability to maintain adequate performance when applied to missing data across different periods. The experimental results demonstrate the high performance of the proposed approach, with Configuration 5 (combination of mobile media and Shannon entropy) achieving 99.9% accuracy in temporal cross-validation. Validation on a real device (Raspberry Pi 3b+) confirmed the solution’s computational prediction, demonstrating real-time detection capability without significantly compromising the device’s computational resources.

Healthcare supply chains and IoMT-driven clinical monitoring increasingly rely on real-time data exchange, yet remain vulnerable to adversarial attacks, counterfeit drug distribution, and privacy violations. Traditional federated learning improves data confidentiality but struggles with malicious nodes, spoofing, and unreliable participation. To address these gaps, this work proposes the Adaptive Trust-Driven Blockchain Federated Learning (ATB-FL) framework, which unifies behaviour-based trust evaluation, blockchain authentication, and incentive–penalty mechanisms into a scalable security architecture. The framework ensures tamper-resistant traceability, dynamic participant validation, and regulatory compliance while preserving data locality. Experiments conducted on the CIC-IoMT 2024 dataset demonstrate that ATB-FL improves diagnostic accuracy to 95.1%, reduces misclassification below 5%, and enhances blockchain throughput by more than 30% compared with conventional baselines. Practical evaluations, including vaccine cold-chain monitoring and remote diagnostics, further validate its applicability. These findings position ATB-FL as a trustworthy foundation for next-generation secure and privacy-preserving healthcare ecosystems.

Multi-party private set intersection enables participants to jointly compute the intersection of their datasets without disclosing any private information. However, existing approaches often suffer from high computational and communication overhead. To address this, we propose the Zero Masking Method, which enables each participant to generate a Zero Function with a special cancellation property. By integrating this method with garbled bloom filter, we design the ZMPSI protocol, which requires only a small number of public-key operations and communication rounds, thereby improving overall efficiency. We further formally prove security against up to t–2 colluding participants in the semi-honest model for both the Zero Masking Method and the ZMPSI protocol. Experiments show that, with 10 participants and a dataset size of 2 16 , the total execution time of ZMPSI is only 141 seconds, and the communication overhead is 119.57 KB for each client and 18.53 KB for server.

AbstractWe propose a novel dual-stream neural architecture for secure end-to-end communication that integrates self-supervised adversarial detection with game-theoretic defense strategies. The increasing sophistication of adversarial attacks necessitates adaptive security mechanisms that can dynamically respond to evolving threats while maintaining computational efficiency. Our framework addresses this challenge by combining a transformer-based contrastive learning module for real-time perturbation detection with a zero-sum Markov game formulation to optimize defense policies under Nash equilibrium. The self-supervised stream extracts invariant features from communication signals and computes threat probabilities, while the game-theoretic stream dynamically adjusts encryption parameters and defense actions based on adversarial behavior. The two streams are jointly optimized to achieve provable robustness against both known and unknown attack patterns. Furthermore, the system interfaces seamlessly with conventional intrusion detection and encryption modules, replacing rule-based heuristics with data-driven adaptive strategies. Experimental validation demonstrates significant improvements in detection accuracy and resilience compared to existing methods. The key innovation lies in the unification of self-supervision and game theory within a single end-to-end trainable framework, enabling scalable and adaptive security for modern communication networks. This approach not only enhances real-time threat mitigation but also provides theoretical guarantees on defense optimality under adversarial dynamics.

Digital Twin (DT) technology has rapidly evolved, finding applications in critical sectors such as healthcare, manufacturing, and smart cities. However, its integration with legacy systems and IoT devices exposes significant cybersecurity vulnerabilities, including unauthorized data access, malicious tampering, and system intrusions. Traditional security solutions often fail to address these multifaceted challenges effectively. This paper introduces the Multi-Layer Encryption Validation and Execution System (MLEVES), a pioneering security framework designed to protect DT systems against advanced cyber threats. It employs a strong combination of multi layer encryption, dynamic validation processes, and secure execution mechanisms to ensure the integrity, confidentiality, and reliability of data operations. It is particularly adept at countering threats such as privilege escalation, rogue device infiltration, and data extraction by creating multiple layers of defense that complement each other. The proposed system is meticulously evaluated for its effectiveness in mitigating these threats and its ability to seamlessly integrate into existing DT architectures. Through theoretical analysis and practical applications, this paper highlights the transformative potential of MLEVES to strengthen the security side of Digital Twin ecosystems. The adaptability of MLEVES across diverse sectors further underscores its importance as a critical component in the advancement of secure digital infrastructures.

In digital forensics, proper evidence management is crucial for police investigations due to its volatility and improper handling technique. However, to present and utilize the captured digital forensic images, which are typically concrete and admissible in court and a trial, is very challenging. In addition, centralized evidence-gathering, classification, and archiving techniques diminish the credibility of digital evidence. To address these issues, this work proposed a blockchain-based classified digital forensic sensitive image management framework. The framework includes a rapidly expanding polygon chain, Interplanetary File System (IPFS), and a deep learning model that performs with more than 98% accuracy. This framework preserves sensitive forensic images in the fully decentralized blockchain. Our system uses metamask wallet-based authentication to guard against unauthorized users. We use IPFS to produce the image hash to encrypt and save the forensic image in the blockchain. A voting method based on smart contracts is suggested for accessing the preserved image. We implemented the framework, which offers promising performances in response time, evidence insertion time, evidence access time, communication overhead, and effective forensic image categorization.

Modern technologies of computing cloud are showing great promise, but at the same time create new security challenges that hinder full acceptance. Given that most of these services often use cloud networks as channels for communication, securing data transmission is crucial. This paper proposes a hybrid encryption algorithm, the proposed two-layered PRC6 cipher, developed to achieve high security in cloud computing environments with minimal resource constraints. The PRC6 cipher incorporates enhancements from Cha-cha into an extension of the RC6 cipher. PRC6 implements double encryption. At the first level, the plain text is divided into four equal parts, each encrypted by processes derived from RC6, which include shifting, summation, modulo arithmetic, and XOR with a generated key. The second level incorporates a Quarter round function, among others, to further obscure the encoded message. PRC6 is implemented in a parallel computing model to significantly reduce overall computation time, especially important for lightweight applications. Experimental results show that the algorithm can achieve a high level of security for cloud workloads in only a few encryption rounds. Performance evaluations against popular encryption standards also indicate that PRC6 offers promising security benefits when computational resources are limited. This hybrid approach presents a viable solution for strengthening data protection in modern cloud systems.

A document by K. Ramesh. Click on the document to view its contents.

Ransomware is a menace to the vibrant digital ecosystem. The exponential growth in ransomware attacks, its detrimental impacts, and the ever-changing methods adopted by threat actor groups demands a focused understanding of the evolution of ransomware. This would help the organizations devise novel defensive frameworks and security controls against the modern ransomware. In this work, the impacts and evolution of ransomware through different phases up to its current form are detailed. Further, based on the study and analysis of the most prevalent modern ransomware variants, their most used tactics, techniques and procedures (TTPs) are identified as per the MITRE ATT&CK model. This acts as a platform to propose a generic attack model for ‘modern ransomware’. Building on the existing MITRE mitigation, D3FEND-based approaches and considering the resource and budget constraints of organizations, a simplified three-tier defensive model that is cost-effective and implementable is put forward. Thus, this work aims to open avenues for understanding the TTPs, and attack methodology of ‘modern ransomware’, thereby developing feasible and implementable defensive security controls.