Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Subject: search.filters.subject.Cybersecurity

Search Results

Now showing 1 - 10 of 66
  • No Thumbnail Available
    ItemRestricted
    CRITICAL IDEOLOGIES OF CYBER DIPLOMACY FRAMEWORK FOR MANAGING FOREIGN AFFAIRS: A SAUDI ARABIAN CONTEXT
    (Saudi Digital Library, 2025) Alfaqih, Faisal Ibrahim; Mbaziira, Alex V
    The rapid advancement of technology has facilitated globalization and interconnectedness, but it has also increased vulnerabilities to cyber threats, affecting businesses, governments, and international relations. Despite significant investments in cybersecurity, Saudi Arabia faces persistent cyber risks, particularly in critical sectors such as energy, finance, and defense, exacerbated by geopolitical tensions and state-sponsored cyberattacks. This study addresses the gap in Saudi Arabia’s foreign affairs strategy by examining the role of cyber diplomacy in enhancing cybersecurity governance and international cooperation. The purpose of this qualitative case study is to explore the relevance, challenges, and priority areas for implementing cyber diplomacy in Saudi Arabia. Guided by security theory, the research answers three key questions: (1) What is cyber diplomacy's relevance in promoting national interests? (2) What challenges hinder its establishment across partner states? (3) What are the priority areas for developing cyber diplomacy in Saudi Arabia? Interviews with 12 cybersecurity professionals from the Ministry of Foreign Affairs (MOFA) and private sectors were analyzed thematically. Findings reveal that cyber diplomacy is crucial for protecting critical infrastructure, fostering economic stability, and enhancing Saudi Arabia’s global influence. However, trust deficits, legal barriers, and geopolitical tensions pose significant challenges. Key recommendations include establishing a National Cyber Diplomacy Strategy, enhancing capacity-building programs, and fostering public-private partnerships. The study concludes that cyber diplomacy is essential for Saudi Arabia’s national security and recommends a multi-stakeholder approach to strengthen cyber resilience and international cooperation. Future research should expand to comparative studies with other Gulf Cooperation Council (GCC) nations to develop regional cyber norms.
    7 0
  • No Thumbnail Available
    ItemRestricted
    FROM DISCLOSURE TO EXPLOITATION
    (Saudi Digital Library, 2025) Alsadi, Arwa Abdulkarim; Hernández, Gañán; van, Eeten
    The rapid growth of Internet-of-Things (IoT) devices, such as smart cameras, home routers, and smart thermostats, has transformed the digital landscape while also introducing new cybersecurity risks. IoT systems are often targeted by attackers due to outdated software, long device lifespans, and fragmented security practices. Although many IoT vulnerabilities are discovered and disclosed, only a small fraction are actually exploited in the wild. This raises important questions about which vulnerabilities are targeted, why attackers choose them, and how long they remain in use. This dissertation investigates how IoT vulnerabilities are selected for exploitation in practice, with a particular focus on attacker behavior, exploit development, and vulnerability characteristics. It systematically examines the interplay between these factors to understand how they collectively shape exploitation trends in IoT ecosystems. To answer the central research question on \textit{What factors shape the exploitation in IoT vulnerabilities, from target selection to exploit development and prediction?}, this dissertation presents four peer-reviewed studies. Chapter 2 provides a longitudinal analysis of over 17,000 IoT malware samples, revealing that only a handful of IoT vulnerabilities are targeted and often exploited for years after their disclosure. The average time-to-exploit a vulnerability after disclosure was found to be 29 months, far longer than in traditional IT systems. This temporal persistence highlights the enduring value of certain vulnerabilities within the attacker ecosystem. Chapter 3 examines factors influencing exploitation frequency in IoT vulnerabilities. It finds that attackers prefer vulnerabilities that are easy to exploit, affect widely deployed devices, and are difficult to patch. Technical severity scores, like CVSS, were less predictive than contextual factors such as device type and patch complexity. Chapter 4 addresses the limitations of existing prediction systems, such as the Exploit Prediction Scoring System (EPSS), in assessing IoT-specific risk. By incorporating attacker community discussions from underground forums into a new predictive model, the study significantly improves accuracy and highlights the importance of behavioral and vendor-related features in anticipating exploitation for IoT devices. Finally, Chapter 5 shifts focus to the human element through interviews with 16 Proof-of-Concept (PoC) exploit developers. It finds that disclosure decisions are shaped by individual motivations, ethical considerations, and vendor interactions. PoCs developers play a key role in making vulnerabilities exploitable and often act as gatekeepers in the vulnerability ecosystem. This qualitative study examines the socio-technical dynamics influencing PoC developers’ decisions to publish exploits, and how these choices can shape target selection and enable the weaponization of vulnerabilities. Collectively, these findings show that targeting in IoT is not random but follows strategic patterns driven by cost, opportunity, and long-term exploit value. The dissertation argues that current governance mechanisms—market incentives, disclosure systems, and risk models, are misaligned with real-world exploitation practices and therefore fall short in addressing the distinct dynamics of IoT security. To address these gaps, it proposes a hybrid governance model that combines regulatory oversight, community collaboration, and market-based tools to more effectively manage the lifecycle of IoT vulnerability and exploitation.
    2 0
  • No Thumbnail Available
    ItemRestricted
    Investigating the Factors that Affect the Adoption of Cybersecurity Data Visualization Applications Within Organizational Context: An Application of the T-O-E Framework
    (Saudi Digital Library, 2025) Aljasir, Afnan; Chinazunwa, Uwaoma
    Cybersecurity visualization (VizSec) tools have emerged as critical enablers for organizations to detect, interpret, and respond to increasingly complex cyber threats. Despite their potential, the adoption and effective use of these tools remain inconsistent across industries. This dissertation examines the determinants of VizSec adoption through the application of the Technology-Organization-Environment (TOE) framework; and the effect of its adoption on organizational performance thereafter. Mixed-method approach was used in this study to provide an in-depth understanding of quantitative and qualitative results. During the quantitative step, a survey of 230 cybersecurity professionals and decision-makers in various industries was used to gather data and analyzed using Partial Least Squares Structural Equation Modeling (PLS-SEM). The qualitative stage was based on 14 semi-structured interviews, conducted with the help of the six-phase thematic analysis of Braun and Clarke, in order to render the lived experiences and the practical knowledge of the participants. The results show that the most powerful drivers of adoption are technological determinants, especially ease of use, lesser complexity, and compatibility with the already existing infrastructure. Influencing factors include organizational aspects, comprising of top management support, financial and human resources, as well as the organizational ability to learn, without which the value of VizSec is constrained due to the lack of skilled professionals. Environmental factors were considered key determinants, whereas competitive pressure had a small influence. Notably, the research proved the mediating effects of Security Data Visualization (SDV) between factors of the TOE and organizational performance. Adoption of VizSec was found to have a high level of customer satisfaction, financial performance, innovation and agility within the organization. Theoretically, this research contributes by generalizing the use of the TOE framework in the space of cybersecurity visualization and introduces SDV as a mediating construct to redefine organizational and environmental variables in this sense. In practice, the study provides a roadmap on how organisations can get the best out of VizSec through strategic investments, enhancing compliance, developing skilled human capital, and establishing vendor relationships.
    11 0
  • No Thumbnail Available
    ItemRestricted
    An Investigation on Improving the Security of Remote Work to Secure Communication and Enhance Efficiency
    (Saudi Digital Library, 2025) ALBATEL, Yousef; AlDoghman, Firas
    The rapid adoption of remote working has transformed organisational operations, particularly following the COVID-19 pandemic. While remote work offers significant benefits such as flexibility, reduced operational costs, and improved employee productivity, it has also introduced substantial challenges related to the security of communication systems. Remote workers increasingly rely on personal devices, unsecured networks, and digital collaboration tools, making organisational data and communication channels vulnerable to cyber threats such as phishing, malware, and data breaches. This research investigates the security challenges affecting communication in remote working environments and examines strategies that can be adopted to enhance both security and efficiency. Guided by the Technology Acceptance Model (TAM), the study explores how perceived usefulness and ease of use influence the adoption of security technologies in remote work settings. A comprehensive review of existing literature is conducted to identify key cybersecurity risks and evaluate mitigation strategies, including encryption, virtual private networks (VPNs), zero-trust architecture, identity and access management, and employee cybersecurity awareness training. The findings highlight that although effective security solutions exist, their adoption is often hindered by high implementation costs, performance limitations, and insufficient technical skills among employees. The study concludes that organisations must adopt a holistic approach combining technological solutions, organisational policies, and employee training to secure communication channels and enhance the overall efficiency of remote working. The research contributes to both academic literature and professional practice by providing insights into improving secure communication within modern remote work environments.
    10 0
  • No Thumbnail Available
    ItemRestricted
    Between a Chat and a Hard Place: Technical Compliance Measures and Intermediary Liability in End-to-End Encrypted Messaging Platforms under the Online Safety Act
    (Saudi Digital Library, 2025) AlEid, Haneen; Lachlan, Urqhart
    This study investigates the complex interplay between content moderation, platform liability, and end-to-end encryption (E2EE) within the legal context of the United Kingdom’s Online Safety Act 2023. It critically assesses how the Act approaches intermediary liability for E2EE-enabled platforms such as WhatsApp, Signal, and Telegram, with particular attention to the feasibility, effectiveness, and proportionality of proposed technical measures for moderating encrypted communications. The research further explores the evolving regulatory mandate of Ofcom and identifies pathways to reconcile public safety objectives with the safeguarding of user privacy. By integrating legal analysis with a technical understanding of encryption and platform architecture, the study seeks to advance a rights-respecting and technically grounded model of platform accountability. It argues that aligning regulatory frameworks with realistic technological capabilities is not only essential for effective governance but also vital for maintaining public trust in digital communication systems.
    8 0
  • No Thumbnail Available
    ItemRestricted
    Exploring the use of LLMs to analyse/summarise security logs
    (Saudi Digital Library, 2025) Algoblan, Faisal; William, Seymour
    Security and system logs are key to modern cybersecurity and IT operations. However, their scale and complexity put a lot of pressure on analysts. Large language models (LLMs) offer new ways to summarise and interpret logs, but their use raises questions about trust, risk, and governance. This project set out to explore how practitioners perceive the role of LLMs in operational security and what safeguards they believe are necessary for safe adoption. Eight semi-structured interviews were carried out with professionals who had experience in log analysis, including SOC Manager and analysts, IT administrators, and students with relevant backgrounds. The transcripts were analysed using Braun and Clarke’s thematic analysis [5], resulting in four themes: Workflow Integration and Guardrails; Trust, Verification, and Evidence; Privacy and Data Governance; and Adoption and Organisational Readiness. Findings show that practitioners see value in combining LLMs with existing tools like SIEM platforms, alert triage workflows, and ticketing systems. They stressed that human oversight is vital. Prompts must be carefully structured, and outputs need supporting evidence before they can be trusted. Privacy concerns were significant, with requests for local hosting, strict access controls, data minimization, and clear audit policies. Adoption relied on training, cultural readiness, and a clear return on investment. The study contributes by offering a practitioner-centred view of LLM use in cybersecurity, filling a gap in the literature that has mainly focused on technical benchmarks. It concludes that LLMs can support efficiency and improve understanding in log analysis, but only when integrated into workflows that enforce verification, protect privacy, and ensure clear accountability.
    10 0
  • No Thumbnail Available
    ItemRestricted
    Emerging Cybersecurity Risks and the Effectiveness of Risk Management Frameworks in Saudi Arabia
    (Saudi Digital Library, 2025) Abdulaziz, Mohammed; Adamos, Vasileios
    Cybersecurity, Risk Management, Saudi Arabia, NIST CSF, ISO 27005, SAMA, UK NCSC, Risk Frameworks, Emerging Threats, Financial Sector
    53 0
  • No Thumbnail Available
    ItemRestricted
    Optimizing Hate Text Detection using Custom NLP Techniques and an Adapted DeBERTa-based Machine Learning Model
    (Saudi Digital Library, 2025) Aljabbar, Abdullah; AlYamani, Abdulghani
    The rapid expansion of social media has transformed online communication, providing platforms for public debate and community engagement. However, this openness has also facilitated the spread of harmful content, particularly hate speech, which poses significant risks to individual well-being, social cohesion, and digital trust. Detecting such content remains a major challenge due to the subtle, context-dependent, and evolving nature of hateful expressions. Traditional machine learning models, though useful as early baselines, often fail to capture linguistic nuance and contextual depth. Recent advances in natural language processing (NLP), particularly Transformer-based architectures, have significantly improved text classification tasks by enabling context-sensitive embeddings. This research investigates the effectiveness of DeBERTa (Decoding-enhanced BERT with Disentangled Attention) for hate speech detection. The study employs a systematic methodology consisting of four stages: data preparation and preprocessing, exploratory data analysis, model development, and evaluation. A curated dataset of 2,041 social media posts, derived from a larger corpus, was pre-processed to remove noise, normalise text, and correct class imbalance. The DeBERTa-v3-large model was fine-tuned using cross-entropy loss and AdamW optimisation. Performance was assessed with accuracy, precision, recall, F1-score, ROC, and PR curves, while error analysis and confusion matrices were used to identify common misclassifications. The findings demonstrate that DeBERTa can effectively capture indirect meaning and grammar connections. Additionally, outperforming traditional approaches and offering robust classification of hate and non- hate content. The study contributes to both NLP research and the wider cybersecurity domain by supporting the development of more reliable automated moderation tools that promote safer digital environments.
    14 0
  • No Thumbnail Available
    ItemRestricted
    Resilience of Saudi Financial Institutions Against AI-Driven Cyber Threats
    (Saudi Digital Library, 2025) ALshammar, Rushud; Adamos, Vasileios
    Artificial intelligence (AI) is increasingly exploited by cybercriminals, creating advanced threats that challenge the security of financial institutions. Saudi banks, central to Vision 2030’s digital transformation, face heightened risks from AI-driven attacks such as phishing, fraud detection evasion, and adversarial machine learning. The aim of this research was to evaluate the resilience of six major Saudi banks (NCB, Al Rajhi, SABB, Riyad Bank, BSF, and ANB)against AI-enabled cyber threats, with a focus on identifying gaps in current frameworks, assessing employee awareness, and recommending improvements. A quantitative, cross-sectional survey was employed, gathering data from banking professionals across cybersecurity, compliance, and risk management roles. The findings show that while AI-driven threats are widely recognised, frameworks are inconsistently applied, AI-powered defences are rare, and employee training lacks AI-specific content. These shortcomings reduce institutional agility and leave human awareness as the weakest layer of defence. The study is limited by its reliance on survey data, which restricts depth of institution-specific insights. It recommends mandatory AI-focused training, adoption of automated defence systems, and contextualised national frameworks. Future research should include longitudinal studies, case-specific analyses, and simulation-based testing to strengthen resilience in evolving threat environments.
    38 0
  • No Thumbnail Available
    ItemRestricted
    An NLP-Driven Framework for Business Email Compromise Detection and Authorship Verifcation
    (Saudi Digital Library, 2025) Almutairi, Amirah; AlHashimy, Nawfal; Kang, BooJoong
    Business Email Compromise (BEC) presents a critical cybersecurity threat, leveraging linguistic impersonation and social engineering rather than traditional malicious payloads. These attacks routinely evade conventional flters by mimicking legitimate communication styles and exploiting trusted identities. This thesis explores content-based detection strategies for BEC using a sequence of natural language processing (NLP) models. First, it proposes a transformer-based classifer to detect semantic indicators of deception in email body text. Second, it develops a Siamese authorship verifcation (AV) model that captures stylistic consistency, even under adversarial mimicry. These components are unifed within a multi-task learning (MTL) framework that simultaneously optimizes for BEC detection and AV by sharing underlying representations while preserving task-specifc objectives. To support empirical evaluation, a structured taxonomy of BEC fraud is introduced, and a synthetic email dataset is generated through prompt-guided language model fne-tuning and human validation. Experiments on combined real and synthetic corpora demonstrate that the MTL model achieves up to 97% F1-score in BEC detection and 93% in AV, outperforming transfer learning baseline while reducing false positives and computational overhead. This work contributes a principled, modular, and extensible framework for enhancing email security through joint semantic and stylistic analysis, addressing gaps in current defenses against sophisticated impersonation attacks.
    12 0

Copyright owned by the Saudi Digital Library (SDL) © 2026