Journal of Cyber Security in Computer System

Predictive Investigation: A Refined Approach for Evidence Detection and Acquisition

Parin Shah — 2026-01-23

In today’s digital era, cybercrime has evolved from a niche threat into a global crisis. Sophisticated attacks like ransomware, data breaches, identity theft and financial fraud affect everyone, from large corporations to individual citizens, causing billions in damages and eroding trust in digital infrastructure. Presently to investigate cybercrimes, usually there is a catch-up and struggling with the sheer volume and complexity of digital evidence. This research aims to change that. Instead of just reacting to crimes that have already happened, the primary aim is to predict them before they happen. According to earlier tests and results on predictive analytics and time-series analysis on the digital forensic investigation dataset (DFID), several models were found to be successful. Amongst the other models, one model stood out called ‘random forest,’ which is a supervised learning model, spotting potential threats with 95% accuracy, 94% precision, and 96% recall. It was also found that the most important digital clues are the timing between computer actions, the IP addresses involved, and file hashes. While 95% accuracy is a strong benchmark, it can be improved. This study propose a model, i.e. RNN or another model that would be efficient enough to surpass the 95% accuracy benchmark set by random forest according to earlier studies.

Enhancing Security in Distributed Microservices through Zero-trust Architectures Using Spring Cloud and Kubernetes

Sourabh Jhawar — 2026-02-24

The increasing adoption of distributed microservices architectures, orchestrated via cloud-native platforms such as Spring Cloud and Kubernetes, has introduced significant complexities in securing dynamic and ephemeral service environments. Traditional perimeter-based security models are inadequate for addressing the expanded attack surface, inter-service communication vulnerabilities, and the absence of inherent trust boundaries inherent in such distributed systems. This research addresses a critical gap in the practical operationalization of zero-trust security principles tailored specifically to these cloud-native microservices contexts. The study aims to develop and validate a comprehensive zero-trust security framework that incorporates dynamic authentication, fine-grained authorization, continuous monitoring, and secure service-to-service communication within Spring Cloud and Kubernetes environments. Employing a qualitative methodology comprising a systematic literature review and semi-structured expert interviews with domain professionals, the research synthesizes theoretical constructs and empirical insights to ensure both conceptual rigor and practical feasibility. Findings reveal that identity-centric security forms the foundation of effective zero-trust implementations, while native platform security mechanisms require augmentation through automation and continuous observability to overcome operational complexities. The proposed framework addresses critical security challenges and provides actionable guidance for practitioners managing distributed microservices security postures. Consequently, this study contributes a validated, integrative model that advances the understanding and application of zero-trust architectures in contemporary cloud-native microservices deployments, bridging theoretical innovation with industry-relevant solutions.

Machine Learning-based Detection of Advanced Persistent Threat Attacks Using Network Traffic Analysis

P. Balaganesh — 2026-03-30

Complicated cyber threats known as advanced persistent threats target big organizations and vital systems. These attacks differ from regular ones because they unfold in phases, stay hidden, and then slowly steal information. Because such intrusions change often and look like normal activity, older security tools that rely on fixed patterns fail to catch them. Instead of using outdated methods, this work explores a new way of applying machine learning to examine how data moves across networks, studying both numbers and behaviours to spot danger. Flow patterns like timing gaps, data size shifts, and uneven sessions help map how advanced threats behave. Instead of relying on old methods, machine learning tools, random forest, SVM, and XG boost are tested against standard attack records. Results show fewer mistakes in spotting intrusions, catching more real attacks than usual setups. Built to grow with network demands, the system adapts easily, fitting large business environments while cutting down how long hidden threats stay active.

System-wide Anonymity via Kernel-level Proxying: A Defence-in-Depth Framework for High-risk Security Operations

Baskar G. — 2026-04-07

Security-oriented Linux distributions often focus more on user experience than on strong security, which can lead to risks in terms of being traced back during offensive activities. This study introduces a reinforced BlackArch Linux system that uses kernel-level iptables rules known as Kalitorify to ensure that all outgoing traffic goes through Tor in a fail-closed setup. DNS requests are redirected to port 5353, ICMP packets are dropped without any response, and any compromised processes are confined using Firejail namespaces and VirtualBox isolation. Cyber teams in the US military use similar kernel-level strengthening methods to prevent being identified during operations. This project takes those advanced tactics and applies them to environments used for penetration testing. It offers features like long-term storage and built-in Wi-Fi drivers that are not available in other privacy-focused distributions such as Tails, Whonix, or Qubes. Controlled tests show that this setup does not leak real IP addresses when compared to proxy chains, and features like MAC address randomization, turning off IPv6, and limiting kernel memory help reduce the chances of being recognized as a specific system. This setup gives professionals a reliable platform where mistakes during use would not expose their identity, effectively connecting the general anonymity tools with more secure, offensive toolchains suitable for high-pressure field operations.

Genetic Algorithm-based Fuzzy Soft Computing in Cybersecurity: A Review

Subhasini Shukla — 2026-04-07

With the rapid digitization of personal, financial, healthcare, and governmental infrastructures, cybersecurity has emerged as a critical global priority. As cyber threats become increasingly sophisticated, dynamic, and unpredictable, traditional intrusion detection systems (IDS) face significant limitations. Most conventional IDS models rely on fixed rule-based mechanisms and binary machine learning classifiers that categorize activities strictly as either legitimate or malicious. This rigid decision-making approach often fails to effectively address the uncertainty, ambiguity, and incomplete information commonly present in real-world network traffic. As a result, such systems tend to generate high false positive rates and struggle to detect novel or evolving attack patterns. Although several anomaly detection techniques have been introduced, many lack adaptability and the capability to manage imprecise data efficiently. To overcome these challenges, this study proposes a genetic algorithm-based fuzzy soft computing approach for cybersecurity. By integrating fuzzy logic’s strength in handling uncertainty with the optimization capability of genetic algorithms, the proposed framework aims to improve detection accuracy, minimize false alarms, and enhance adaptability. This research contributes toward developing a more intelligent, flexible, and robust intrusion detection system suitable for securing modern digital environments against continuously evolving cyber threats.