Al-Noor Journal for Information Technology and Cybersecurity

The increasing sophistication and dynamism of cyber threats demand security systems that can adapt rapidly to new and evolving attack patterns. Meta-learning, or "learning to learn," offers a promising paradigm for enhancing the adaptability and generalization of machine learning models in cybersecurity contexts. This survey presents a review of recent research on meta-learning approaches applied to cyber threat detection and response, with a particular focus on intrusion detection systems, malware classification, phishing detection, anomaly detection, and adversarial defense. We categorize existing methods into optimization-based, metric-based, and model-based meta-learning, and examine their strengths in few-shot learning, task generalization, and robustness under domain shifts. Furthermore, we identify key challenges, including the lack of standardized benchmarks, computational overhead, explainability limitations, and vulnerability to adversarial attacks. By synthesizing recent advances and outlining open research questions, this paper aims to guide future developments in adaptive, intelligent cybersecurity systems by using meta-learning to enhance the attack detection or even to protect the systems.

In recent years, network technologies have grown more widely used. The network has security issues that need to be fixed, despite the fact that it is advantageous for people to live and work there. Among these problems are cyberattacks. As more devices connect to the internet, hackers' attack surface expands. Attack graphs are one of the many techniques that have been put forth recently to identify and forecast attacks. Predicting the attack and its next move within the network is the main objective of creating the attack graph. However, there are a few problems with the attack graphs that are currently in use. The primary problem with attack graph construction is scalability. In order to minimise the level of complexity of the attack graph, the present research suggests employing personal agents to shorten the reachability time when calculating between the nodes and the critical path preserving graph reduction technique to eliminate superfluous edges. The results demonstrate that the suggested performance outperforms the attack graph that is currently in use. The attack graph complexity and generation time were decreased by the suggested attack graph.

The evolution of computer science over the last quarter of a century calls for detailed scrutiny if we are to successfully identify the shifts in focus and emerging areas of research that the analysis aims to capture. Taking advantage of Artificial Intelligence, and in particular topic modeling, we analyze the evolution of computer science research between 2000 and 2025, examining the arXiv database, which contains roughly 2.5 million preprints, about 40% of which belong to computer science (cs.* categories). Contextualized Topic Modeling (CTM) is correlation-based topic modeling. Using a more advanced correlation-based technique called Correlation Explanation (CorEx), we differentiated key topics, evaluated the shifts over set periods, and observed the rise and fall of topics such as deep learning, NLP, and quantum computing [5]. Thus, looking at our results and the six tables that overview the topics and the models, trends in subfields and performance indicators, and the eleven graphs that detailed distributions of topic trends along those lines, subfield trends to coherence, and interdisciplinary honing, which complement this analysis, it becomes completely evident from our results: there is greater, situational dependence of AI subfields; there is an overall decline in traditional methods; and there is a burgeoning up trend in new fields. That is important for researchers, policy makers, and industry to recognize and understand the drivers of the future of computer science. However, we want to be clear that this analysis was conducted on abstracts and not full text documents that may have additional insights through citations or methods sections. Regardless, the results hold practical value by helping with strategic research planning, i.e. funding priorities and industry innovation in new AI subfields. The way that the data is compiled from arXiv's open access allows researchers to reproduce the findings related to open science practices and enables other researchers to repurpose or lend rigor to our studies.

This study combines block and hybrid encryption techniques with steganography to defend textual content documents and conceal them in inner photos, supplying two-layer security in opposition to cyberattacks. The proposed method integrates Advanced Encryption Standard (AES), Rivest–Shamir–Adleman (RSA), and Least Significant Bit (LSB) embedding to acquire robust cryptographic safety and imperceptible data hiding. Experimental outcomes reveal that the system achieves a 100% image matching charge with an encryption satisfaction of 99.6%, indicating high compatibility between encryption and steganography methods. Histogram analysis confirms uniform pixel intensity distribution without an observable distinction between natural and stego images. Peak Signal-to-Noise Ratio (PSNR) values reached up to 100.53 dB for medium-sized pics, displaying minimal distortion. NPCR consequences for encrypted snapshots were 99.60%, confirming sturdy sensitivity to pixel modifications, at the same time as NPCR for stego pix remained close to 0.003%, proving imperceptibility. UACI values for encrypted pix ranged between 34.20% and 46.89%, validating exceptional encryption, at the same time as UACI for stego snapshots remained negligible, confirming concealment performance. These results highlight the originality of the proposed hybrid version in combining AES, RSA, and LSB to concurrently attain high-speed encryption, stable key control, and undetectable information hiding.

Phishing is still a prevalent cybercrime, and attackers keep improving their URL obfuscation schemes that complicate the conventional detection systems based on fragile and manually constructed lexical characteristics. In response to this, this paper presents a competent phishing URL detector model using ELMo (Embeddings from Language Models) to produce deep contextual representations of words in raw URLs, both syntactic and semantic tie, even in homoglyph substitutions and randomly generated strings. The data processing methodology includes a transformation of the tokenized URLs of the PhiUSIIL data into contextual embeddings of 1024 dimensions, followed by the training of a sequential Dense Neural Network (DNN) classifier. Upon assessment on the PhiUSIIL benchmark, the proposed ELMo-based system was revealed to have high performance measures, such as Accuracy of 0.95, Precision of 0.94, Recall of 0.96, and an F1-score of 0.95, which is more robust and generalized as opposed to baseline approaches. The findings substantiate the usefulness of the contextualized embeddings to reduce critical false negatives and emphasize the practicality of the model in practice.

The proliferation of educational technologies has created unprecedented opportunities for data-driven insights in learning environments, yet the heterogeneous nature of educational data sources presents significant harmonization challenges. This study investigates the application of supervised learning techniques for dynamic data harmonization across diverse technology-rich educational platforms. Through a mixed-methods approach involving 847 students across three institutional settings, we developed and evaluated a novel framework combining ensemble learning algorithms with adaptive feature engineering to reconcile disparate data formats, temporal inconsistencies, and semantic variations inherent in modern educational ecosystems. Our findings demonstrate that supervised learning approaches achieve 87.3% accuracy in automated data harmonization tasks, reducing manual preprocessing time by 74% while maintaining data integrity across multiple educational platforms. The research contributes to educational data mining literature by providing empirical evidence for scalable harmonization solutions and offers practical implications for institutions seeking to implement comprehensive learning analytics systems.

In sensitive environments like healthcare, the robustness of deep learning models is of utmost importance due to the potential life-threatening consequences of false predictions. While adversarial training is a widely-used approach to enhance deep learning model robustness under adversarial attacks, its effectiveness in such environments remains largely unexplored. This paper proposes a framework for generating adversarial examples in the context of supervised clinical document classification. Specifically, the integration of ChatGPT in the loop enables the generation of diverse sets of adversarial examples, targeting various aspects of the classification process such as semantic perturbations, wordlevel substitutions, sentence rearrangements, polarity shifts, and adversarial phrases. The robustness of DL models against these adversarial examples is thoroughly evaluated. Furthermore, a comprehensive study is conducted to investigate the effectiveness of adversarial training as a defense technique in this sensitive environment. Experimental results demonstrate that the proposed adversarial examples significantly reduce the accuracy of the baseline DL model. Moreover, the study reveals that adversarial training can effectively enhance the model’s robustness against adversarial examples. This research sheds light on the potential of leveraging adversarial training in sensitive domains and emphasizes the importance of addressing robustness concerns in DL-based healthcare applications.

Balancing detection fidelity for amorphous hazards like fire and smoke against edge-device constraints remains a critical challenge. Prevailing methods compound architectural complexity or enforce rigid geometric losses—yet such approaches falter when confronting fire’s stochastic morphology. Introducing Fire-YOLO, a streamlined detector built by embedding Channel Attention Modules (C2f-SE) into YOLOv8n’s backbone, the hypothesis that detection fidelity stems not from structural depth, but from directed attention—a principle embedded in Fire-YOLO's architecture. These modules act as dynamic semantic filters, amplifying flame chromatic signatures and smoke textures while muting environmental clutter. Rigorous ablation exposes pitfalls of alternatives—inception blocks and MPDIoU losses degrade localization accuracy by failing to generalize across fire’s non-stationary spatial dynamics. Fire-YOLO avoids these traps. It achieves 79.5% mean Average Precision (mAP), computed as the average over IoU thresholds from 0.5 to 0.95 with 1.6% increments, 78% recall, and sustained 141 FPS inference on NVIDIA Tesla T4. There is no compromise between rigor and speed. This architecture redefines feasibility for low-cost, real-time fire warning systems.

The Internet of Things (IoT) were declared to be the largest and connected network comprising millions of devices aimed at efficiency, automation, and better decision-making; hence it has been popularly branded "the fourth industrial revolution." But with the arrival of many IoT systems, their vulnerability to cyberattacks is also growing, thereby putting the connected devices and networks in severe compromised positions. This paper investigates the opportunity of using machine learning (ML) and ensemble techniques for enhancing cyber-attack detection in IoT environments. Six machine learning algorithms, including Logistic Regression (LR), Decision Tree (DT), Random Forest (RF), K-Nearest Neighbors (KNN), Gradient Boosting, and Naive Bayes, were evaluated for detecting attacks in IoT network traffic. The ensemble comprised of the three models with the best performance combined in a soft-voting manner so that the complementary strengths were exploited, hence improving robustness and generalization. The performance of the ensemble was measured using accuracy, precision, recall, F1-score, and the area under the Receiver Operating Characteristic curve. The proposed ensemble shows a test accuracy of 99.91%, demonstrating its capacity to detect cyber threats effectively and the promise of ensemble learning schemes in securing cosmopolitan IoT infrastructures.

Securing contemporary computer networks has become increasingly difficult as cyber-attacks continue to grow in complexity and sophistication. Conventional Intrusion Detection Systems (IDS) often fall short in recognizing emerging threats because they depend heavily on predefined attack signatures. To overcome this limitation, hybrid intelligent methodologies that merge clustering with optimization strategies have gained attention as effective tools for improving intrusion detection and classification. This study introduces an enhanced hybrid model that combines K-means clustering with both Genetic Algorithms (GA) and Particle Swarm Optimization (PSO) to strengthen anomaly detection and misuse detection within IDS environments. The approach was tested on the KDD CUP 99 dataset, a standard benchmark in intrusion detection research. The developed Hybrid Clustering Algorithm II (HCAII) refines the detection process by lowering false-positive rates and achieving high accuracy across major attack categories, including Denial of Service (DoS), Probe, User-to-Root (U2R), and Remote-to-Local (R2L). Comparative evaluations indicate that HCAII surpasses traditional clustering and optimization methods by offering superior detection performance and more reliable classification outcomes. Overall, the proposed framework addresses critical limitations in existing IDS techniques and provides a resilient, adaptable solution capable of defending network infrastructures against continuously evolving cyber threats.

The manual process of issuance and validation of academic documents in Iraq has long been frustrating and time-consuming, risking the students losing their hard-earned certificates. It is clear that this calls for a new and unconventional technique to upgrade this archaic system. This is where innovation in blockchain technology provides a powerful, extendable, and private solution for processes of certification. Blockchain is a decentralized database or distributed ledger recording transactions or digital events across participating parties who have executed the transactions. With this understanding, we have come up with a groundbreaking management system for export and verification of academic certificates. In this system, we automated laborious processes of certification, reducing all the manual work necessary in certification processes and thus incredibly reducing the overall cost. The idea is straightforward; a certificate is issued by the university, it is uploaded and hashed into the IPFS for storage. A unique QR code is generated for verification. When a verifier presents a file or a QR code, our system compares the hash with those previously stored in the blockchain for its existence. If it exists, the corresponding certificate is retrieved from the IPFS while an absent hash will result in denied request. By leveraging the power of blockchain technology, our system ensures that academic documents are securely and efficiently validated; a means of freeing up time and resources of institutions. Our proposed solution aims to improve the efficiency and security of academic document issuance and verification in Iraq.

A big problem with Natural Language Interfaces to Databases (NLIDBs) is that they can't turn natural language queries into SQL instructions. The primary causes are linguistic ambiguity, schema complexity, and the challenges non-experts face in articulating relational data objectives. This paper examines the progression of Text-to-SQL methodologies from rule-based and statistical frameworks to deep neural architectures and ultimately to Large Language Models. It compares them to the Spider and WikiSQL benchmarks. Evidence indicates that LLMs, particularly GPT-4-class models, enhance execution accuracy via contextual reasoning and in-context learning; nonetheless, challenges persist in multilingual generalization, complex query management, and robustness across various database schemas. The study also shows how quick engineering, schema linking, and retrieval-augmented methods may fill these gaps and lower the cost of making queries. These improvements show that data interaction models are moving toward ones that are easier to use, more conversational, and allow for more than one way to participate. This makes databases easier for non-technical individuals to use and helps people in various fields make decisions based on data.