Abstract
This research aims to represent a novel approach to detect malicious nodes in Ad-hoc On-demand Distance Vector (AODV) within the next-generation smart cities. Smart city applications have a critical role in improving public services quality, and security is their main weakness. Hence, a systematic multidimensional approach is required for data storage and security. Routing attacks, especially sinkholes, can direct the network data to an attacker and can also disrupt the network equipment. Communications need to be with integrity, confidentiality, and authentication. So, the smart city and urban Internet of Things (IoT) network, must be secure, and the data exchanged across the network must be encrypted. To solve these challenges, a new protocol using CLustering Multi-Layer Security Protocol (CL-MLSP) with AODV has been proposed. The Advanced Encryption Standard (AES) algorithm is aligned with the proposed protocol for encryption and decryption. The shortest path is obtained by the clustering method based on energy, mobility, and distribution for each node. Ns2 is used to evaluate the CL-MLSP performance, and the parameters are network lifetime, latency, packet loss, and security. We have compared CL-MLPS with ECP-AODV, Probe, and Multi-Path. The proposed method superiority rates in energy consumption, drop rate, delay, throughput, and security performance are 6.54%, 12.87%, 8.12%, 9.46%, respectively.

Abstract
The recent proliferation of sensors and actuators, which is related to the Internet of Things (IoT), provide smart living to the general public in many data-critical areas, from homes and healthcare to power grids and transport [...]

Abstract
The government and industry have given the recent development of the Internet of Things in the healthcare sector significant respect. Health service providers retain data gathered from many sources and are useful for patient diagnostics and research for pivotal analysis. However, sensitive personal information about a person is contained in healthcare data, which must be protected. Individual privacy protection is a crucial concern for both people and organizations, particularly when those firms must send user data to data centers due to data mining. This article investigated two general states of increasing entropy by changing the entropy of the class set of characteristics based on artificial intelligence and the k-anonymity model in privacy in context, and also three different strategies have been investigated, i.e., the strategy of selecting the feature with the lowest number of distinct values, selecting the feature with the lowest entropy, and selecting the feature with the highest entropy. For future tasks, we can find an optimal strategy that can help us to achieve optimal entropy in the least possible repetition. The results of our work have been compared by lightweight and MH-Internet of Things, FRUIT methods and shown that the proposed method has high efficiency in entropy criteria.

Abstract
Social engineering attacks such as phishing are performed against companies and institutions and thus, cybersecurity awareness and training of technical and non-technical human resources play a fundamental role in preventing and mitigating a set of cyberattacks. This paper presents a comparative study based on simulated phishing attacks on two organizations with contrasting security practices and procedures. The first organization is a secondary school, with no IT staff, no defined information security policy, no guidance from top management on cybersecurity issues, and no training actions. The other is a company with a permanent IT staff, a defined security policy, and where its employees receive regular cybersecurity awareness training exercises. Two simulated phishing attack scenarios were deployed to compare these organisations regarding the behaviour of their employees and the readiness of their IT staff and to verify if the employees’ academic degree is a decisive criterion to protect them against this type of attack. The main results show that the rapid reporting and action of the IT staff in the organization where it existed, was an effective measure to mitigate the impact of the simulated phishing attack. In addition, the results show that about 18% of school employees leaked their data, compared to about 10% of the company. Furthermore, this study allows us to deduce that the academic level of employees does not seem to be a decisive criterion to protect them against phishing attacks. © 2022, Innovative Information Science and Technology Research Group. All rights reserved.

Abstract
Cyberattacks are performed against all organizations including Higher Education Institutions (HEIs). When these attacks are successful, they can affect the regular operation of these institutions and may cause the leak of essential or sensitive data that can be misused or become inaccessible. Therefore, the adoption of current security services is important for devices and services exposed to the Internet that should run the latest and secure versions of web-related protocols and comply with the latest security-related guidelines and recommendations. This article surveys and analyzes the status of web-related security services, namely the Hyper Text Transfer Protocol Secure (HTTPS) and the Domain Name System Security Extensions (DNSSEC) services, in Brazilian HEIs. The results of this survey show that regarding HTTPS around 15% do not use any SSL / TLS certificate and of those supporting it, about 14% do not demand its usage. Regarding DNSSEC, the analysis shows that only around 2% of the HEIs are implementing this protocol. These results show that it is important to design an effective and continuous action plan for HEIs regarding the support or discontinuity of versions of these protocols, in order to improve their protection against cyberattacks.

Abstract
Low Power Wide Area Networks (LPWAN) are used worldwide in several Internet of Things (IoT) applications that rely on large-scale deployments. Despite most of these networks include their own security mechanisms with built-in encryption, they are still vulnerable to a range of attacks that can be performed using low-cost Software Defined Radio (SDR) hardware and low-complexity techniques. This work provides an experimental setup implemented to exploit physical layer vulnerabilities with SDR techniques. Several attack vectors typically related to LPWAN within the IoT ecosystem are implemented and tested such as Global Positioning (GPS) Spoofing, Replay Attacks, Denial-of-Service (DoS) and Jamming, in environments that rely specifically on LoRaWAN networks. The results show that, in LoRAWAN networks, a set of vulnerabilities can be exploited leading to the incorrect functioning of the executed applications, and possible damage to the systems in which they operate. It was possible to verify that, depending on the type of activation method used between the devices and the LoRaWAN server, the communications and the devices can be compromised.