Rule-Based Cyber Incident Detection and Response for Higher Education in Low-Resource Contexts: A Case Study of Universities in Eastern Uganda

  • Gerald Kisangala Busitema University
  • Gilbert Gilibrays Ocen Busitema University
  • Godfrey Odongtoo Busitema University
DOI: https://doi.org/10.37284/eajit.8.2.3821
Keywords: Cybersecurity, Incident Response, Rule-Based Detection, Higher Education, Low-Resource Environments
Share Article:

Abstract

Higher education institutions (HEIs) in developing countries are increasingly dependent on digital systems for teaching, administration, and research. However, resource-constrained universities remain highly vulnerable to cyber threats such as phishing, ransomware, and web application attacks. To address these challenges, this study adopted the Design Science Methodology (DSM) to design, implement, and evaluate a lightweight, rule-based cyber incident analysis and response algorithm specifically tailored for universities in Eastern Uganda. The approach combined contextual data collection from six universities with simulation-based evaluations to ensure both practical relevance and technical validity. The algorithm, developed on a Laravel-PHP-MySQL stack, integrates rule-based detection, correlation of multi-stage attacks, and an administrative dashboard for IT staff. Simulation results showed strong performance with a recall of 92.8%, precision of 91.3%, and an F1-score of 92.1%. Response latency remained below 100 milliseconds, and the system maintained stability up to 450 requests per second. Benchmarking against Snort demonstrated higher precision and lower resource consumption, though Snort achieved slightly higher recall. This research contributes a context-appropriate and cost-effective cybersecurity framework for HEIs in low-resource contexts. It extends the Defense-in-Depth (DiD) and Resource-Based View (RBV) theories to constrained environments and provides practical recommendations for implementing modular, rule-based detection systems to enhance cybersecurity resilience in African universities

Downloads

Download data is not yet available.

References

Alom, M. Z., Bontupalli, V., & Taha, T. M. (2019). Intrusion detection using deep learning techniques: An overview. Journal of Big Data, 6(1), 101. https://doi.org/10.1186/s40537-019-0191-9

Bace, R. G., & Mell, P. (2001). Intrusion detection systems. National Institute of Standards and Technology. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-31.pdf

Berman, D. S., Buczak, A. L., Chavis, J. S., & Corbett, C. L. (2019). A survey of deep learning methods for cyber security. Information, 10(4), 122. https://doi.org/10.3390/info10040122

Daily Monitor. (2021, December 14). Government agency hit by cyber-attack. Daily Monitor. https://www.monitor.co.ug/uganda/news/national/government-agency-hit-by-cyber-attack-3647928

Davis, J. (2020, June 29). UCSF pays $1.14M to NetWalker hackers after ransomware attack. TechTarget. https://www.techtarget.com/healthtechsecurity/news/366595656/UCSF-Pays-114M-to-NetWalker-Hackers-After-Ransomware-Attack

EDUCAUSE. (2023). 2023 cybersecurity in higher education report. EDUCAUSE. https://library.educause.edu

Hevner, A., March, S., Park, J., & Ram, S. (2004). Design science in information systems research. MIS Quarterly, 28(1), 75–105. https://doi.org/10.2307/25148625

Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, 1, 80–106.

Interpol. (2022). African cyberthreat assessment report. Interpol. https://www.interpol.int

Ivanova, G., & Jovanovic, I. (2019). Web application firewall ModSecurity as an intrusion detection system. International Journal of Computer Applications, 182(22), 29– 34. https://doi.org/10.5120/ijca2019918619

Kisangala, G., Ocen, G. G., & Odongtoo, G. (2025). Cybersecurity threats and preparedness in Ugandan universities: A contextual analysis [Unpublished survey dataset]. Busitema University.

Maheswaran, N., Bose, S., & Natarajan, B. (2024). An adaptive multistage intrusion detection and prevention system in a software defined networking environment. Automatika, 65(4), 1364– 1378. https://doi.org/10.1080/00051144.2024.2372749

Maloof, M. A., & Stephens, G. D. (2018). ELICIT: A system for detecting and responding to coordinated cyberattacks. Computers & Security, 74, 1–15. https://doi.org/10.1016/j.cose.2017.11.007

Mensah, A., Ray, G., & Henseler, J. (2018). Defense-in-depth framework for cybersecurity. Journal of Information Systems, 32(3), 85– 100. https://doi.org/10.2308/isys-52055

National Information Technology Authority–Uganda. (2023). Annual IT and cybersecurity report 2022/2023. Kampala: NITA-U.

New Vision. (2023, December 4). Uganda Christian University warns of phishing attacks on staff emails. New Vision. https://www.newvision.co.ug

Moses. (2022). The influence of cyber norms in fostering Uganda’s bilateral and multilateral relations for responsible state behavior in cyberspace. The Centre for Multilateral Affairs. https://thecfma.org/wp- content/uploads/2023/10/The-Influence-of-Cyber-Norms-in-Fostering-Ugandas-Bilateral-and-Multilateral-Relations-for-Responsible-State-Behavior-in-Cyberspace.pdf

PML Daily. (2024, September 20). Experts warn of Uganda’s cybersecurity vulnerability. PML Daily. https://www.pmldaily.com/business/2024/09/experts-warn-of-ugandas-cybersecurity-vulnerability.html

Roesch, M., & Green, C. (2015). Snort open-source intrusion detection system. SANS Institute Reading Room. https://www.sans.org

Selim, S., Hashem, M., & Nazmy, T. M. (2011). Hybrid multi-level intrusion detection system. International Journal of Computer Science and Information Security, 9(5), 2–9. http://sites.google.com/site/ijcsis/

Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. IEEE Symposium on Security and Privacy, 305–316. https://doi.org/10.1109/SP.2010.25

Uganda Communications Commission. (2023). Annual cybersecurity report 2022/2023. Kampala: UCC. https://www.ucc.co.ug/cybersecurity-report-2023

Verkerken, M., et al. (2023). A novel multi-stage approach for hierarchical intrusion detection. IEEE Transactions on Network and Service Management, 20(3), 3915–3929. https://doi.org/10.1109/TNSM.2023.3259474

Wernerfelt, B. (1984). A resource-based view of the firm. Strategic Management Journal, 5(2), 171– 180. https://doi.org/10.1002/smj.4250050207

Zhou, P., Zhou, G., Wu, D., & Fei, M. (2021). Detecting multi-stage attacks using sequence-to-sequence models. Computers & Security, 105, 102203. https://doi.org/10.1016/j.cose.2021.102203

Published
13 October, 2025
How to Cite
Kisangala, G., Ocen, G., & Odongtoo, G. (2025). Rule-Based Cyber Incident Detection and Response for Higher Education in Low-Resource Contexts: A Case Study of Universities in Eastern Uganda. East African Journal of Information Technology, 8(2), 12-32. https://doi.org/10.37284/eajit.8.2.3821
Issue
Vol 8 No 2 (2025): East African Journal of Information Technology
Section
Articles

Copyright (c) 2025 Gerald Kisangala, Gilbert Gilibrays Ocen, Godfrey Odongtoo

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Most read articles by the same author(s)