SACM - United Kingdom
Permanent URI for this collectionhttps://drepo.sdl.edu.sa/handle/20.500.14154/9667
Browse
35 results
Search Results
Item Restricted Analysing Large-Scale Attacks in IoT Environments using ML/DL(Saudi Digital Library, 2025) Bokhari, Mohammed Ibrahim K; Neetesh, SexenaThe fine-grained classification of malicious network traffic presents a significant and persistent challenge in cybersecurity, primarily due to the extreme class imbalance inherent in real-world network data. Conventional machine learning approaches, which apply a single, unitary model to the problem, have demonstrated limited success, often failing to effectively identify rare but critical minority attack classes. This dissertation argues that the conventional model paradigm is fundamentally flawed for this problem space and proposes a hierarchical, multi-stage classification framework as a more robust alternative. This research presents a comprehensive, multi-faceted investigation into this problem, using the 34-class CICIoT2023 dataset as a benchmark. The study was conducted across four distinct experimental paths, comparing two ensemble methods (XGBoost and Random Forest) and two class-handling strategies (a "Grouped" approach that manually merges similar classes and an "Ungrouped" approach that tackles all 34 classes directly). Within this structure, we designed and implemented a 4-tier hierarchical framework that employs a "divide and conquer" strategy, using an initial classifier to handle majority traffic and a class-level routing mechanism to delegate ambiguous samples to specialised recovery tiers. An adaptive resampling strategy was deployed within these tiers, concentrating aggressive SMOTE only where required. The empirical results provide a holistic validation of the proposed architecture. The optimal configuration—an Ungrouped, XGBoost-led hierarchical framework—achieved a final accuracy of 0.9228 and Macro-F1 score of 0.7948, a substantial improvement over all other experimental paths and conventional baselines. More significantly, this approach demonstrated a more than 800% increase in the F1-score for some of the under-represented minority classes. The analysis also revealed a key architectural principle: classifier performance is role-dependent, with different ensemble methods excelling in different roles within the hierarchy, highlighting the importance of managing the bias-variance trade-off at a systemic level. Finally, this work provides a rigorous, data-centric analysis that distinguishes between model limitations and the inherent limitations of the dataset, identifying a "dataset-induced ceiling" on performance for 5 of the 34 classes. The primary contribution of this dissertation is, therefore, a methodologically robust and architecturally novel framework, validated through a comprehensive, multi-path experimental design. The principles of hierarchical decomposition and adaptive resource allocation are domain-agnostic and offer a promising direction for future research into extreme imbalance problems.13 0Item Restricted Leveraging AI Technologies for Advanced IoT Vulnerability Detection(Saudi Digital Library, 2025) Bin Hulayyil, Sarah Hamad N; Shancang, LiThe rapid integration of IoT into smart homes has expanded the attack surface, exposing these environments to increasingly sophisticated cyber and physical threats. Existing security approaches are limited by restricted computational capacity, insufficient transparency in decision-making, poor adaptability to emerging zero-day vulnerabilities, and limited support for end-users. This thesis addresses these gaps by designing, developing, and evaluating a series of lightweight, interpretable, and scalable intrusion detection frameworks tailored to resource-constrained IoT ecosystems. The work follows an experimental, data-driven methodology that combines a critical analysis of current detection techniques with the design, implementation, and evaluation of multiple AI-based models. These include CNNs, domain-adapted large language model architectures such as CyBERT, and multimodal networks that integrate cyber and physical data sources. The models are trained and validated on real-world IoT datasets to assess accuracy, computational efficiency, robustness, and suitability for deployment in IoT ecosystems. The thesis first introduces an explainable detection framework for identifying Ripple20 vulnerabilities, employing feature engineering and interpretable machine learning to improve transparency and user trust. It then advances a featureless detection approach based on large language model architectures, demonstrating that domain-specific models operating on raw byte-level inputs can accurately detect unseen attacks without reliance on handcrafted features. To support practical deployment, an accessible detection interface is developed, enabling both expert and non-expert users to analyse network traffic and receive mitigation guidance. Finally, a multimodal intrusion detection framework is proposed that fuses network traffic with video data, enhancing situational awareness and improving detection performance in cyber-physical settings. Collectively, these contributions address the core challenges of explainability, scalability, lightweight operation, usability, and multimodal analysis, thus extending the understanding of how advanced deep learning and language-based models can be applied to IoT security and outline directions for future research on deployable, user-centred intrusion detection in smart home environments.9 0Item Restricted Between a Chat and a Hard Place: Technical Compliance Measures and Intermediary Liability in End-to-End Encrypted Messaging Platforms under the Online Safety Act(Saudi Digital Library, 2025) AlEid, Haneen; Lachlan, UrqhartThis study investigates the complex interplay between content moderation, platform liability, and end-to-end encryption (E2EE) within the legal context of the United Kingdom’s Online Safety Act 2023. It critically assesses how the Act approaches intermediary liability for E2EE-enabled platforms such as WhatsApp, Signal, and Telegram, with particular attention to the feasibility, effectiveness, and proportionality of proposed technical measures for moderating encrypted communications. The research further explores the evolving regulatory mandate of Ofcom and identifies pathways to reconcile public safety objectives with the safeguarding of user privacy. By integrating legal analysis with a technical understanding of encryption and platform architecture, the study seeks to advance a rights-respecting and technically grounded model of platform accountability. It argues that aligning regulatory frameworks with realistic technological capabilities is not only essential for effective governance but also vital for maintaining public trust in digital communication systems.8 0Item Restricted Exploring the use of LLMs to analyse/summarise security logs(Saudi Digital Library, 2025) Algoblan, Faisal; William, SeymourSecurity and system logs are key to modern cybersecurity and IT operations. However, their scale and complexity put a lot of pressure on analysts. Large language models (LLMs) offer new ways to summarise and interpret logs, but their use raises questions about trust, risk, and governance. This project set out to explore how practitioners perceive the role of LLMs in operational security and what safeguards they believe are necessary for safe adoption. Eight semi-structured interviews were carried out with professionals who had experience in log analysis, including SOC Manager and analysts, IT administrators, and students with relevant backgrounds. The transcripts were analysed using Braun and Clarke’s thematic analysis [5], resulting in four themes: Workflow Integration and Guardrails; Trust, Verification, and Evidence; Privacy and Data Governance; and Adoption and Organisational Readiness. Findings show that practitioners see value in combining LLMs with existing tools like SIEM platforms, alert triage workflows, and ticketing systems. They stressed that human oversight is vital. Prompts must be carefully structured, and outputs need supporting evidence before they can be trusted. Privacy concerns were significant, with requests for local hosting, strict access controls, data minimization, and clear audit policies. Adoption relied on training, cultural readiness, and a clear return on investment. The study contributes by offering a practitioner-centred view of LLM use in cybersecurity, filling a gap in the literature that has mainly focused on technical benchmarks. It concludes that LLMs can support efficiency and improve understanding in log analysis, but only when integrated into workflows that enforce verification, protect privacy, and ensure clear accountability.11 0Item Restricted Emerging Cybersecurity Risks and the Effectiveness of Risk Management Frameworks in Saudi Arabia(Saudi Digital Library, 2025) Abdulaziz, Mohammed; Adamos, VasileiosCybersecurity, Risk Management, Saudi Arabia, NIST CSF, ISO 27005, SAMA, UK NCSC, Risk Frameworks, Emerging Threats, Financial Sector54 0Item Restricted Optimizing Hate Text Detection using Custom NLP Techniques and an Adapted DeBERTa-based Machine Learning Model(Saudi Digital Library, 2025) Aljabbar, Abdullah; AlYamani, AbdulghaniThe rapid expansion of social media has transformed online communication, providing platforms for public debate and community engagement. However, this openness has also facilitated the spread of harmful content, particularly hate speech, which poses significant risks to individual well-being, social cohesion, and digital trust. Detecting such content remains a major challenge due to the subtle, context-dependent, and evolving nature of hateful expressions. Traditional machine learning models, though useful as early baselines, often fail to capture linguistic nuance and contextual depth. Recent advances in natural language processing (NLP), particularly Transformer-based architectures, have significantly improved text classification tasks by enabling context-sensitive embeddings. This research investigates the effectiveness of DeBERTa (Decoding-enhanced BERT with Disentangled Attention) for hate speech detection. The study employs a systematic methodology consisting of four stages: data preparation and preprocessing, exploratory data analysis, model development, and evaluation. A curated dataset of 2,041 social media posts, derived from a larger corpus, was pre-processed to remove noise, normalise text, and correct class imbalance. The DeBERTa-v3-large model was fine-tuned using cross-entropy loss and AdamW optimisation. Performance was assessed with accuracy, precision, recall, F1-score, ROC, and PR curves, while error analysis and confusion matrices were used to identify common misclassifications. The findings demonstrate that DeBERTa can effectively capture indirect meaning and grammar connections. Additionally, outperforming traditional approaches and offering robust classification of hate and non- hate content. The study contributes to both NLP research and the wider cybersecurity domain by supporting the development of more reliable automated moderation tools that promote safer digital environments.14 0Item Restricted Resilience of Saudi Financial Institutions Against AI-Driven Cyber Threats(Saudi Digital Library, 2025) ALshammar, Rushud; Adamos, VasileiosArtificial intelligence (AI) is increasingly exploited by cybercriminals, creating advanced threats that challenge the security of financial institutions. Saudi banks, central to Vision 2030’s digital transformation, face heightened risks from AI-driven attacks such as phishing, fraud detection evasion, and adversarial machine learning. The aim of this research was to evaluate the resilience of six major Saudi banks (NCB, Al Rajhi, SABB, Riyad Bank, BSF, and ANB)against AI-enabled cyber threats, with a focus on identifying gaps in current frameworks, assessing employee awareness, and recommending improvements. A quantitative, cross-sectional survey was employed, gathering data from banking professionals across cybersecurity, compliance, and risk management roles. The findings show that while AI-driven threats are widely recognised, frameworks are inconsistently applied, AI-powered defences are rare, and employee training lacks AI-specific content. These shortcomings reduce institutional agility and leave human awareness as the weakest layer of defence. The study is limited by its reliance on survey data, which restricts depth of institution-specific insights. It recommends mandatory AI-focused training, adoption of automated defence systems, and contextualised national frameworks. Future research should include longitudinal studies, case-specific analyses, and simulation-based testing to strengthen resilience in evolving threat environments.49 0Item Restricted An NLP-Driven Framework for Business Email Compromise Detection and Authorship Verifcation(Saudi Digital Library, 2025) Almutairi, Amirah; AlHashimy, Nawfal; Kang, BooJoongBusiness Email Compromise (BEC) presents a critical cybersecurity threat, leveraging linguistic impersonation and social engineering rather than traditional malicious payloads. These attacks routinely evade conventional flters by mimicking legitimate communication styles and exploiting trusted identities. This thesis explores content-based detection strategies for BEC using a sequence of natural language processing (NLP) models. First, it proposes a transformer-based classifer to detect semantic indicators of deception in email body text. Second, it develops a Siamese authorship verifcation (AV) model that captures stylistic consistency, even under adversarial mimicry. These components are unifed within a multi-task learning (MTL) framework that simultaneously optimizes for BEC detection and AV by sharing underlying representations while preserving task-specifc objectives. To support empirical evaluation, a structured taxonomy of BEC fraud is introduced, and a synthetic email dataset is generated through prompt-guided language model fne-tuning and human validation. Experiments on combined real and synthetic corpora demonstrate that the MTL model achieves up to 97% F1-score in BEC detection and 93% in AV, outperforming transfer learning baseline while reducing false positives and computational overhead. This work contributes a principled, modular, and extensible framework for enhancing email security through joint semantic and stylistic analysis, addressing gaps in current defenses against sophisticated impersonation attacks.12 0Item Restricted Analysing Cybersecurity Risk Assessment Model for Healthcare Systems in Saudi Arabia(Saudi Digital Library, 2025-05) Alghamdi, Abdulmonem; Vasileios, AdamosThis study analyses the Saudi Arabian's cybersecurity issues in healthcare systems and assesses the usefulness of international risk assessment models in some frameworks such as ISO/IEC 27001 and NIST. It identifies major threats like ransomware, phishing, data breaches, and insider risks based on survey responses from medical professionals like medical staff, cybersecurity specialists and administrative managers. Variety of medical institutions members with difference in beds capability, number of branches and financial situation that guarantees the national-wide needs study. Findings point to critical weaknesses in the current models, especially their incompatibility with local regulations and organisational cultures and special needs. Consequently, the study emphasises the necessity of a tailored cybersecurity risk assessment model that is particular to the Saudi healthcare environment. The research highlights key elements and offers suggestions to improve cybersecurity resilience in accordance with national policies and Vision 2030 objectives, even though it does not fully implement a model.53 0Item Restricted Detecting Supply Chain Threats(Saudi Digital Library, 2025) Akash Aravindan Paul Rajan; Nor Iman Binti Abdul Rashid; Ayham Al-Kilani; Alexandru-Aurel Constantin; Ashley Doel; Dr Erisa Karafili; Marwan Mousa Altamimi; Dr Erisa KarafiliThis study investigates the detection of supply chain threats in open-source software by developing an innovative system that integrates scraping techniques and artificial intelligence (AI) for intent analysis. The project aims to address critical vulnerabilities by analysing git commit messages and corresponding code changes, ensuring enhanced transparency and security in the software supply chain. The proposed system comprises a GitHub scraper that retrieves structured data using GraphQL and REST APIs, over- coming API rate limitations for efficient data collection. The collected data is processed by an AI model, ”Baymax,” which employs large language models (LLMs) to evaluate the alignment between commit messages and code changes. The system is designed with scalability and modularity to accommodate repositories of varying sizes and com- plexities. The project was implemented using Agile Scrum methodologies, employing iterative development practices with tasks prioritised through the MoSCoW framework. Collaboration within the development team was structured through specialised roles, and progress was monitored via sprints, stand-ups, and retrospectives. The results indicate that the system effectively enhances the integrity of open-source software by identi- fying discrepancies indicative of potentially malicious changes. Future work includes expanding platform compatibility, improving system performance, and incorporating user feedback to improve accuracy. This research contributes to the growing field of software supply chain security, with implications for broader applications in software development and beyond.16 0