This article investigates the distributed recursive filtering problem for discrete-time stochastic cyber–physical systems.A particular feature of our work is that we consider systems in which the state is constrained...This article investigates the distributed recursive filtering problem for discrete-time stochastic cyber–physical systems.A particular feature of our work is that we consider systems in which the state is constrained by saturation.Measurements are transmitted to nodes of a sensor network over unreliable wireless channels.We propose a linear coding mechanism,together with a distributed method for obtaining a state estimate at each node.These designs aim to minimize the state estimation error covariance.In addition,we derive a bound on this covariance,and accommodate the design parameters to minimize this bound.The resulting design depends on the packet loss probabilities of the wireless channels.This permits applying the proposed scheme to systems in which communications suffer from denial-of-service attacks,as such attacks typically affect those probabilities.Finally,we present a numerical example illustrating this application.展开更多
As attack techniques evolve and data volumes increase,the integration of artificial intelligence-based security solutions into industrial control systems has become increasingly essential.Artificial intelligence holds...As attack techniques evolve and data volumes increase,the integration of artificial intelligence-based security solutions into industrial control systems has become increasingly essential.Artificial intelligence holds significant potential to improve the operational efficiency and cybersecurity of these systems.However,its dependence on cyber-based infrastructures expands the attack surface and introduces the risk that adversarial manipulations of artificial intelligence models may cause physical harm.To address these concerns,this study presents a comprehensive review of artificial intelligence-driven threat detection methods and adversarial attacks targeting artificial intelligence within industrial control environments,examining both their benefits and associated risks.A systematic literature review was conducted across major scientific databases,including IEEE,Elsevier,Springer Nature,ACM,MDPI,and Wiley,covering peer-reviewed journal and conference papers published between 2017 and 2026.Studies were selected based on predefined inclusion and exclusion criteria following a structured screening process.Based on an analysis of 101 selected studies,this survey categorizes artificial intelligence-based threat detection approaches across the physical,control,and application layers of industrial control systems and examines poisoning,evasion,and extraction attacks targeting industrial artificial intelligence.The findings identify key research trends,highlight unresolved security challenges,and discuss implications for the secure deployment of artificial intelligence-enabled cybersecurity solutions in industrial control systems.展开更多
The increasing number of interconnected devices and the incorporation of smart technology into contemporary healthcare systems have significantly raised the attack surface of cyber threats.The early detection of threa...The increasing number of interconnected devices and the incorporation of smart technology into contemporary healthcare systems have significantly raised the attack surface of cyber threats.The early detection of threats is both necessary and complex,yet these interconnected healthcare settings generate enormous amounts of heterogeneous data.Traditional Intrusion Detection Systems(IDS),which are generally centralized and machine learning-based,often fail to address the rapidly changing nature of cyberattacks and are challenged by ethical concerns related to patient data privacy.Moreover,traditional AI-driven IDS usually face challenges in handling large-scale,heterogeneous healthcare data while ensuring data privacy and operational efficiency.To address these issues,emerging technologies such as Big Data Analytics(BDA)and Federated Learning(FL)provide a hybrid framework for scalable,adaptive intrusion detection in IoT-driven healthcare systems.Big data techniques enable processing large-scale,highdimensional healthcare data,and FL can be used to train a model in a decentralized manner without transferring raw data,thereby maintaining privacy between institutions.This research proposes a privacy-preserving Federated Learning–based model that efficiently detects cyber threats in connected healthcare systems while ensuring distributed big data processing,privacy,and compliance with ethical regulations.To strengthen the reliability of the reported findings,the resultswere validated using cross-dataset testing and 95%confidence intervals derived frombootstrap analysis,confirming consistent performance across heterogeneous healthcare data distributions.This solution takes a significant step toward securing next-generation healthcare infrastructure by combining scalability,privacy,adaptability,and earlydetection capabilities.The proposed global model achieves a test accuracy of 99.93%±0.03(95%CI)and amiss-rate of only 0.07%±0.02,representing state-of-the-art performance in privacy-preserving intrusion detection.The proposed FL-driven IDS framework offers an efficient,privacy-preserving,and scalable solution for securing next-generation healthcare infrastructures by combining adaptability,early detection,and ethical data management.展开更多
The wide-area damping controllers(WADCs),which are essential for mitigating regional low-frequency oscillations,face cyber-physical security threats due to the vulnerability of wide-area measurement system to cyber at...The wide-area damping controllers(WADCs),which are essential for mitigating regional low-frequency oscillations,face cyber-physical security threats due to the vulnerability of wide-area measurement system to cyber attacks and wind power uncertainties.This paper introduces reachability analysis method to quantify the impact of varying-amplitude attacks and uncertain wind fluctuations on the performance of WADC.Firstly,considering wind farm integration and attack injection,a nonlinear power system model with multiple buses is constructed based on Kron reduction method to improve computational efficiency and mitigate the constraints imposed by algebraic constraints.Then,a zonotope-based polytope construction method is employed to effectively model the range of attack amplitudes and wind uncertainties.By conducting reachability analysis,the reachable set preserving the nonlinear characteristics of studied system is computed,which enables the quantification of the maximum fluctuation range of regional oscillations under the dual disturbances.Case studies are undertaken on two multi-machine power systems with wind farm integration.The obtained results emphasize the efficacy of designed method,providing valuable insights into the magnitude of the impact that attacks exert on the operational characteristics of power system under various uncertain factors.展开更多
This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA f...This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA framework integrates security by design principles, micro-segmentation, and Island Mode Operation (IMO) to enhance cyber resilience and ensure continuous, secure operations. The methodology deploys a Forward-Thinking Architecture Strategy (FTAS) algorithm, which utilises an industrial Intrusion Detection System (IDS) implemented with Python’s Network Intrusion Detection System (NIDS) library. The FTAS algorithm successfully identified and responded to cyber-attacks, ensuring minimal system disruption. ISERA has been validated through comprehensive testing scenarios simulating Denial of Service (DoS) attacks and malware intrusions, at both the IT and OT layers where it successfully mitigates the impact of malicious activity. Results demonstrate ISERA’s efficacy in real-time threat detection, containment, and incident response, thus ensuring the integrity and reliability of critical infrastructure systems. ISERA’s decentralised approach contributes to global net zero goals by optimising resource use and minimising environmental impact. By adopting a decentralised control architecture and leveraging virtualisation, ISERA significantly enhances the cyber resilience and sustainability of critical infrastructure systems. This approach not only strengthens defences against evolving cyber threats but also optimises resource allocation, reducing the system’s carbon footprint. As a result, ISERA ensures the uninterrupted operation of essential services while contributing to broader net zero goals.展开更多
Cyber-Physical Systems integrated with information technologies introduce vulnerabilities that extend beyond traditional cyber threats.Attackers can non-invasively manipulate sensors and spoof controllers,which in tur...Cyber-Physical Systems integrated with information technologies introduce vulnerabilities that extend beyond traditional cyber threats.Attackers can non-invasively manipulate sensors and spoof controllers,which in turn increases the autonomy of the system.Even though the focus on protecting against sensor attacks increases,there is still uncertainty about the optimal timing for attack detection.Existing systems often struggle to manage the trade-off between latency and false alarm rate,leading to inefficiencies in real-time anomaly detection.This paper presents a framework designed to monitor,predict,and control dynamic systems with a particular emphasis on detecting and adapting to changes,including anomalies such as“drift”and“attack”.The proposed algorithm integrates a Transformer-based Attention Generative Adversarial Residual model,which combines the strengths of generative adversarial networks,residual networks,and attention algorithms.The system operates in two phases:offline and online.During the offline phase,the proposed model is trained to learn complex patterns,enabling robust anomaly detection.The online phase applies a trained model,where the drift adapter adjusts the model to handle data changes,and the attack detector identifies deviations by comparing predicted and actual values.Based on the output of the attack detector,the controller makes decisions then the actuator executes suitable actions.Finally,the experimental findings show that the proposed model balances detection accuracy of 99.25%,precision of 98.84%,sensitivity of 99.10%,specificity of 98.81%,and an F1-score of 98.96%,thus provides an effective solution for dynamic and safety-critical environments.展开更多
Dear Editor,This letter studies the stabilization control issue of cyber-physical systems with time-varying delays and aperiodic denial-of-service(DoS)attacks.To address the calculation overload issue caused by networ...Dear Editor,This letter studies the stabilization control issue of cyber-physical systems with time-varying delays and aperiodic denial-of-service(DoS)attacks.To address the calculation overload issue caused by networked predictive control(NPC)approach,an event-based NPC method is proposed.Within the proposed method,the negative effects of time-varying delays and DoS attacks on system performance are compensated.Then,sufficient and necessary conditions are derived to ensure the stability of the closed-loop system.In the end,simulation results are provided to demonstrate the validity of presented method.展开更多
Cyber nets are also known as self modifying nets. Though proposed anddefined some 20 years ago, they have never been under thorough study eversince. The reason for this is simple: the nonlinear nature of such nets kee...Cyber nets are also known as self modifying nets. Though proposed anddefined some 20 years ago, they have never been under thorough study eversince. The reason for this is simple: the nonlinear nature of such nets keeps themaway from applications of well developed methods known to the whole Petri NetSociety in the world. This paper attempts to make a start of studying cybernets in depth by proposing a way to define and to verify S-invariants and T-invariants in such nets. These invariants reflect important dynamic propertiesof cyber nets. Invariants in cyber nets play a role similar to loop invariantsproposed and studied by E.W. Dijkstra and D. Gries when cyber nets are usedfor program specification.展开更多
In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be...In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.展开更多
Vehicular Networks (VANET) are the largest real-life paradigm of ad hoc networks which aim to ensure road safety and enhance drivers’ comfort. In VANET, the vehicles communicate or collaborate with each other and wit...Vehicular Networks (VANET) are the largest real-life paradigm of ad hoc networks which aim to ensure road safety and enhance drivers’ comfort. In VANET, the vehicles communicate or collaborate with each other and with adjacent infrastructure by exchanging significant messages, such as road accident warnings, steep-curve ahead warnings or traffic jam warnings. However, this communication and other assets involved are subject to major threats and provide numerous opportunities for attackers to launch several attacks and compromise security and privacy of vehicular users. This paper reviews the cyber security in VANET and proposes an asset-based approach for VANET security. Firstly, it identifies relevant assets in VANET. Secondly, it provides a detailed taxonomy of vulnerabilities and threats on these assets, and, lastly, it classifies the possible attacks in VANET and critically evaluates them.展开更多
Cyber-Physical Systems(CPS)represent an integration of computational and physical elements,revolutionizing industries by enabling real-time monitoring,control,and optimization.A complementary technology,Digital Twin(D...Cyber-Physical Systems(CPS)represent an integration of computational and physical elements,revolutionizing industries by enabling real-time monitoring,control,and optimization.A complementary technology,Digital Twin(DT),acts as a virtual replica of physical assets or processes,facilitating better decision making through simulations and predictive analytics.CPS and DT underpin the evolution of Industry 4.0 by bridging the physical and digital domains.This survey explores their synergy,highlighting how DT enriches CPS with dynamic modeling,realtime data integration,and advanced simulation capabilities.The layered architecture of DTs within CPS is examined,showcasing the enabling technologies and tools vital for seamless integration.The study addresses key challenges in CPS modeling,such as concurrency and communication,and underscores the importance of DT in overcoming these obstacles.Applications in various sectors are analyzed,including smart manufacturing,healthcare,and urban planning,emphasizing the transformative potential of CPS-DT integration.In addition,the review identifies gaps in existing methodologies and proposes future research directions to develop comprehensive,scalable,and secure CPSDT systems.By synthesizing insights fromthe current literature and presenting a taxonomy of CPS and DT,this survey serves as a foundational reference for academics and practitioners.The findings stress the need for unified frameworks that align CPS and DT with emerging technologies,fostering innovation and efficiency in the digital transformation era.展开更多
With the integration of informatization and intelligence into the Communication-Based Train Control(CBTC)systems,the system is facing an increasing number of information security threats.As an important method of char...With the integration of informatization and intelligence into the Communication-Based Train Control(CBTC)systems,the system is facing an increasing number of information security threats.As an important method of characterizing the system security status,the security situation assessment is used to analyze the system security situation.However,existing situation assessment methods fail to integrate the coupling relationship between the physical layer and the information layer of the CBTC systems,and cannot dynamically characterize the real-time security situation changes under cyber attacks.In this paper,a hierarchical security situation assessment approach is proposed to address the security challenges of CBTC systems,which can perceive cyber attacks,quantify the security situation,and characterize the security situation changes under cyber attacks.Specifically,for the physical layer ofCBTC systems,the impact of cyber attacks is evaluated with the train punctuality rate and train departure interval indicators.For the information layer of CBTC systems,the system vulnerabilities and system threats are selected as static level indicators,and the critical network characteristics are selected as dynamic level indicators to quantify the real-time security situation.Finally,the comprehensive security situation assessment value of the CBTC systems is obtained by integrating the physical and information layer indicators.Simulation results illustrate that the proposed approach can dynamically characterize the real-time security situation of CBTC systems,enhancing the ability to perceive and assess information security risks.展开更多
Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded...Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded computing, communication and related hardware technologies, CPSs have attracted extensive attention and have been widely used in power system, traffic network, refrigeration system and other fields.展开更多
The current global cybersecurity landscape, characterized by the increasing scale and sophistication of cyberattacks, underscores the importance of integrating Cyber Threat Intelligence (CTI) into Land Administration ...The current global cybersecurity landscape, characterized by the increasing scale and sophistication of cyberattacks, underscores the importance of integrating Cyber Threat Intelligence (CTI) into Land Administration Systems (LAS). LAS services involve requests and responses concerning public and private cadastral data, including credentials of parties, ownership, and spatial parcels. This study explores the integration of CTI in LAS to enhance cyber resilience, focusing on the unique vulnerabilities of LAS, such as sensitive data management and interconnection with other critical systems related to spatial data uses and changes. The approach employs a case study of a typical country-specific LAS to analyse structured vulnerabilities and their attributes to determine the degree of vulnerability of LAS through a quantitative inductive approach. The analysis results indicate significant improvements in identifying and mitigating potential threats through CTI integration, thus enhancing cyber resilience. These findings are crucial for policymakers and practitioners to develop robust cybersecurity strategies for LAS.展开更多
This paper provides a systematic review on the resilience analysis of active distribution networks(ADNs)against hazardous weather events,considering the underlying cyber-physical interdependencies.As cyber-physical sy...This paper provides a systematic review on the resilience analysis of active distribution networks(ADNs)against hazardous weather events,considering the underlying cyber-physical interdependencies.As cyber-physical systems,ADNs are characterized by widespread structural and functional interdependen-cies between cyber(communication,computing,and control)and physical(electric power)subsystems and thus present complex hazardous-weather-related resilience issues.To bridge current research gaps,this paper first classifies diverse hazardous weather events for ADNs according to different time spans and degrees of hazard,with model-based and data-driven methods being utilized to characterize weather evolutions.Then,the adverse impacts of hazardous weather on all aspects of ADNs’sources,physical/cyber networks,and loads are analyzed.This paper further emphasizes the importance of situational awareness and cyber-physical collaboration throughout hazardous weather events,as these enhance the implementation of preventive dispatches,corrective actions,and coordinated restorations.In addition,a generalized quantitative resilience evaluation process is proposed regarding additional considerations about cyber subsystems and cyber-physical connections.Finally,potential hazardous-weather-related resilience challenges for both physical and cyber subsystems are discussed.展开更多
Dear Editor,With the advances in computing and communication technologies,the cyber-physical system(CPS),has been used in lots of industrial fields,such as the urban water cycle,internet of things,and human-cyber syst...Dear Editor,With the advances in computing and communication technologies,the cyber-physical system(CPS),has been used in lots of industrial fields,such as the urban water cycle,internet of things,and human-cyber systems[1],[2],which has to face up to malicious cyber-attacks towards cyber communication of control commands.Specifically,jamming attack is regarded as one of the most common attacks of decreasing network performance.Game theory is widely regarded as a method of accurately describing the interaction between jamming attacker and legitimate user[3].In the cyber layer,the signal game model has been utilized to describe the transmission between the attacker and defender[4].However,most previous game theoretical researches are not feasible to meet the demands of industrial CPSs mainly due to the shared communication network nature.Specifically,it leads to incomplete information for players of game owing to various network-induced phenomena and employed communication protocols.In the physical layer,the secure control[5]and estimation[6]under attack detection have been studied for CPSs.However,these methods not only rely heavily on signals injection detection,but also have no access to smart attackers who launch covert attacks so that data receivers cannot observe the attack behaviour[7].Accordingly,the motivation arising here is to tackle the nested game problem for CPSs subject to jamming attack.展开更多
A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on ...A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on feedback and feed-forward channels simultaneously with limited resource.The attacker aims at degrading the UAV CPS's estimation performance to the max while keeping stealthiness characterized by the Kullback-Leibler(K-L)divergence.The attacker is resource limited which can only attack part of sensors,and the attacked sensor as well as specific forms of attack signals at each instant should be considered by the attacker.Also,the sensor selection principle is investigated with respect to time invariant attack covariances.Additionally,the optimal switching attack strategies in regard to time variant attack covariances are modeled as a multi-agent Markov decision process(MDP)with hybrid discrete-continuous action space.Then,the multi-agent MDP is solved by utilizing the deep Multi-agent parameterized Q-networks(MAPQN)method.Ultimately,a quadrotor near hover system is used to validate the effectiveness of the results in the simulation section.展开更多
Recently,cyber physical system(CPS)has gained significant attention which mainly depends upon an effective collaboration with computation and physical components.The greatly interrelated and united characteristics of ...Recently,cyber physical system(CPS)has gained significant attention which mainly depends upon an effective collaboration with computation and physical components.The greatly interrelated and united characteristics of CPS resulting in the development of cyber physical energy systems(CPES).At the same time,the rising ubiquity of wireless sensor networks(WSN)in several application areas makes it a vital part of the design of CPES.Since security and energy efficiency are the major challenging issues in CPES,this study offers an energy aware secure cyber physical systems with clustered wireless sensor networks using metaheuristic algorithms(EASCPSMA).The presented EASCPS-MA technique intends to attain lower energy utilization via clustering and security using intrusion detection.The EASCPSMA technique encompasses two main stages namely improved fruit fly optimization algorithm(IFFOA)based clustering and optimal deep stacked autoencoder(OSAE)based intrusion detection.Besides,the optimal selection of stacked autoencoder(SAE)parameters takes place using root mean square propagation(RMSProp)model.The extensive performance validation of the EASCPS-MA technique takes place and the results are inspected under varying aspects.The simulation results reported the improved effectiveness of the EASCPS-MA technique over other recent approaches interms of several measures.展开更多
As energy-related problems continue to emerge,the need for stable energy supplies and issues regarding both environmental and safety require urgent consideration.Renewable energy is becoming increasingly important,wit...As energy-related problems continue to emerge,the need for stable energy supplies and issues regarding both environmental and safety require urgent consideration.Renewable energy is becoming increasingly important,with solar power accounting for the most significant proportion of renewables.As the scale and importance of solar energy have increased,cyber threats against solar power plants have also increased.So,we need an anomaly detection system that effectively detects cyber threats to solar power plants.However,as mentioned earlier,the existing solar power plant anomaly detection system monitors only operating information such as power generation,making it difficult to detect cyberattacks.To address this issue,in this paper,we propose a network packet-based anomaly detection system for the Programmable Logic Controller(PLC)of the inverter,an essential system of photovoltaic plants,to detect cyber threats.Cyberattacks and vulnerabilities in solar power plants were analyzed to identify cyber threats in solar power plants.The analysis shows that Denial of Service(DoS)and Manin-the-Middle(MitM)attacks are primarily carried out on inverters,aiming to disrupt solar plant operations.To develop an anomaly detection system,we performed preprocessing,such as correlation analysis and normalization for PLC network packets data and trained various machine learning-based classification models on such data.The Random Forest model showed the best performance with an accuracy of 97.36%.The proposed system can detect anomalies based on network packets,identify potential cyber threats that cannot be identified by the anomaly detection system currently in use in solar power plants,and enhance the security of solar plants.展开更多
Networked predictive control(NPC) has gained significant attention in recent years for its ability to effectively and actively address communication constraints in networked control systems(NCSs),such as network-induc...Networked predictive control(NPC) has gained significant attention in recent years for its ability to effectively and actively address communication constraints in networked control systems(NCSs),such as network-induced delays,packet dropouts,and packet disorders.Despite significant advancements,the increasing complexity and dynamism of network environments,along with the growing complexity of systems,pose new challenges for NPC.These challenges include difficulties in system modeling,cyber attacks,component faults,limited network bandwidth,and the necessity for distributed collaboration.This survey aims to provide a comprehensive review of NPC strategies.It begins with a summary of the primary challenges faced by NCSs,followed by an introduction to the control structure and core concepts of NPC.The survey then discusses several typical NPC schemes and examines their extensions in the areas of secure control,fault-tolerant control,distributed coordinated control,and event-triggered control.Moreover,it reviews notable works that have implemented these schemes.Finally,the survey concludes by exploring typical applications of NPC schemes and highlighting several challenging issues that could guide future research efforts.展开更多
基金supported by the KGJ Basic Research Fund(JCKY2023110C080)the National Natural Science Foundation of China(62322306,62173057,62033006)+2 种基金Aviation Science Foundation Project(2022Z018063001)the Argentinean Agency for Scientific and Technological Promotion(PICT-2021-I-A-00730)the National Foreign Expert Individual Project(H20240983).
文摘This article investigates the distributed recursive filtering problem for discrete-time stochastic cyber–physical systems.A particular feature of our work is that we consider systems in which the state is constrained by saturation.Measurements are transmitted to nodes of a sensor network over unreliable wireless channels.We propose a linear coding mechanism,together with a distributed method for obtaining a state estimate at each node.These designs aim to minimize the state estimation error covariance.In addition,we derive a bound on this covariance,and accommodate the design parameters to minimize this bound.The resulting design depends on the packet loss probabilities of the wireless channels.This permits applying the proposed scheme to systems in which communications suffer from denial-of-service attacks,as such attacks typically affect those probabilities.Finally,we present a numerical example illustrating this application.
基金supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(RS-2023-00242528,50%)supported by the Korea Internet&Security Agency(KISA)through the Information Security Specialized University Support Project(50%).
文摘As attack techniques evolve and data volumes increase,the integration of artificial intelligence-based security solutions into industrial control systems has become increasingly essential.Artificial intelligence holds significant potential to improve the operational efficiency and cybersecurity of these systems.However,its dependence on cyber-based infrastructures expands the attack surface and introduces the risk that adversarial manipulations of artificial intelligence models may cause physical harm.To address these concerns,this study presents a comprehensive review of artificial intelligence-driven threat detection methods and adversarial attacks targeting artificial intelligence within industrial control environments,examining both their benefits and associated risks.A systematic literature review was conducted across major scientific databases,including IEEE,Elsevier,Springer Nature,ACM,MDPI,and Wiley,covering peer-reviewed journal and conference papers published between 2017 and 2026.Studies were selected based on predefined inclusion and exclusion criteria following a structured screening process.Based on an analysis of 101 selected studies,this survey categorizes artificial intelligence-based threat detection approaches across the physical,control,and application layers of industrial control systems and examines poisoning,evasion,and extraction attacks targeting industrial artificial intelligence.The findings identify key research trends,highlight unresolved security challenges,and discuss implications for the secure deployment of artificial intelligence-enabled cybersecurity solutions in industrial control systems.
文摘The increasing number of interconnected devices and the incorporation of smart technology into contemporary healthcare systems have significantly raised the attack surface of cyber threats.The early detection of threats is both necessary and complex,yet these interconnected healthcare settings generate enormous amounts of heterogeneous data.Traditional Intrusion Detection Systems(IDS),which are generally centralized and machine learning-based,often fail to address the rapidly changing nature of cyberattacks and are challenged by ethical concerns related to patient data privacy.Moreover,traditional AI-driven IDS usually face challenges in handling large-scale,heterogeneous healthcare data while ensuring data privacy and operational efficiency.To address these issues,emerging technologies such as Big Data Analytics(BDA)and Federated Learning(FL)provide a hybrid framework for scalable,adaptive intrusion detection in IoT-driven healthcare systems.Big data techniques enable processing large-scale,highdimensional healthcare data,and FL can be used to train a model in a decentralized manner without transferring raw data,thereby maintaining privacy between institutions.This research proposes a privacy-preserving Federated Learning–based model that efficiently detects cyber threats in connected healthcare systems while ensuring distributed big data processing,privacy,and compliance with ethical regulations.To strengthen the reliability of the reported findings,the resultswere validated using cross-dataset testing and 95%confidence intervals derived frombootstrap analysis,confirming consistent performance across heterogeneous healthcare data distributions.This solution takes a significant step toward securing next-generation healthcare infrastructure by combining scalability,privacy,adaptability,and earlydetection capabilities.The proposed global model achieves a test accuracy of 99.93%±0.03(95%CI)and amiss-rate of only 0.07%±0.02,representing state-of-the-art performance in privacy-preserving intrusion detection.The proposed FL-driven IDS framework offers an efficient,privacy-preserving,and scalable solution for securing next-generation healthcare infrastructures by combining adaptability,early detection,and ethical data management.
基金supported in part by the Young Elite Scientists Sponsorship Program by the Chinese Society for Electrical Engineering under Grant CSEE-YESS-2022019in part by the Guangzhou Basic and Applied Basic Research Foundation under Grand 2024A04J3672in part by the National Natural Science Foundation of China under Grant 52207106.
文摘The wide-area damping controllers(WADCs),which are essential for mitigating regional low-frequency oscillations,face cyber-physical security threats due to the vulnerability of wide-area measurement system to cyber attacks and wind power uncertainties.This paper introduces reachability analysis method to quantify the impact of varying-amplitude attacks and uncertain wind fluctuations on the performance of WADC.Firstly,considering wind farm integration and attack injection,a nonlinear power system model with multiple buses is constructed based on Kron reduction method to improve computational efficiency and mitigate the constraints imposed by algebraic constraints.Then,a zonotope-based polytope construction method is employed to effectively model the range of attack amplitudes and wind uncertainties.By conducting reachability analysis,the reachable set preserving the nonlinear characteristics of studied system is computed,which enables the quantification of the maximum fluctuation range of regional oscillations under the dual disturbances.Case studies are undertaken on two multi-machine power systems with wind farm integration.The obtained results emphasize the efficacy of designed method,providing valuable insights into the magnitude of the impact that attacks exert on the operational characteristics of power system under various uncertain factors.
基金funded by the Office of Gas and Electricity Markets(Ofgem)and supported by De Montfort University(DMU)and Nottingham Trent University(NTU),UK.
文摘This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA framework integrates security by design principles, micro-segmentation, and Island Mode Operation (IMO) to enhance cyber resilience and ensure continuous, secure operations. The methodology deploys a Forward-Thinking Architecture Strategy (FTAS) algorithm, which utilises an industrial Intrusion Detection System (IDS) implemented with Python’s Network Intrusion Detection System (NIDS) library. The FTAS algorithm successfully identified and responded to cyber-attacks, ensuring minimal system disruption. ISERA has been validated through comprehensive testing scenarios simulating Denial of Service (DoS) attacks and malware intrusions, at both the IT and OT layers where it successfully mitigates the impact of malicious activity. Results demonstrate ISERA’s efficacy in real-time threat detection, containment, and incident response, thus ensuring the integrity and reliability of critical infrastructure systems. ISERA’s decentralised approach contributes to global net zero goals by optimising resource use and minimising environmental impact. By adopting a decentralised control architecture and leveraging virtualisation, ISERA significantly enhances the cyber resilience and sustainability of critical infrastructure systems. This approach not only strengthens defences against evolving cyber threats but also optimises resource allocation, reducing the system’s carbon footprint. As a result, ISERA ensures the uninterrupted operation of essential services while contributing to broader net zero goals.
文摘Cyber-Physical Systems integrated with information technologies introduce vulnerabilities that extend beyond traditional cyber threats.Attackers can non-invasively manipulate sensors and spoof controllers,which in turn increases the autonomy of the system.Even though the focus on protecting against sensor attacks increases,there is still uncertainty about the optimal timing for attack detection.Existing systems often struggle to manage the trade-off between latency and false alarm rate,leading to inefficiencies in real-time anomaly detection.This paper presents a framework designed to monitor,predict,and control dynamic systems with a particular emphasis on detecting and adapting to changes,including anomalies such as“drift”and“attack”.The proposed algorithm integrates a Transformer-based Attention Generative Adversarial Residual model,which combines the strengths of generative adversarial networks,residual networks,and attention algorithms.The system operates in two phases:offline and online.During the offline phase,the proposed model is trained to learn complex patterns,enabling robust anomaly detection.The online phase applies a trained model,where the drift adapter adjusts the model to handle data changes,and the attack detector identifies deviations by comparing predicted and actual values.Based on the output of the attack detector,the controller makes decisions then the actuator executes suitable actions.Finally,the experimental findings show that the proposed model balances detection accuracy of 99.25%,precision of 98.84%,sensitivity of 99.10%,specificity of 98.81%,and an F1-score of 98.96%,thus provides an effective solution for dynamic and safety-critical environments.
基金supported by the National Natural Science Foundation of China(61433003,60904003,11602019).
文摘Dear Editor,This letter studies the stabilization control issue of cyber-physical systems with time-varying delays and aperiodic denial-of-service(DoS)attacks.To address the calculation overload issue caused by networked predictive control(NPC)approach,an event-based NPC method is proposed.Within the proposed method,the negative effects of time-varying delays and DoS attacks on system performance are compensated.Then,sufficient and necessary conditions are derived to ensure the stability of the closed-loop system.In the end,simulation results are provided to demonstrate the validity of presented method.
文摘Cyber nets are also known as self modifying nets. Though proposed anddefined some 20 years ago, they have never been under thorough study eversince. The reason for this is simple: the nonlinear nature of such nets keeps themaway from applications of well developed methods known to the whole Petri NetSociety in the world. This paper attempts to make a start of studying cybernets in depth by proposing a way to define and to verify S-invariants and T-invariants in such nets. These invariants reflect important dynamic propertiesof cyber nets. Invariants in cyber nets play a role similar to loop invariantsproposed and studied by E.W. Dijkstra and D. Gries when cyber nets are usedfor program specification.
基金supported by the Ministry of the Higher Education and Scientific Research in Tunisia
文摘In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.
文摘Vehicular Networks (VANET) are the largest real-life paradigm of ad hoc networks which aim to ensure road safety and enhance drivers’ comfort. In VANET, the vehicles communicate or collaborate with each other and with adjacent infrastructure by exchanging significant messages, such as road accident warnings, steep-curve ahead warnings or traffic jam warnings. However, this communication and other assets involved are subject to major threats and provide numerous opportunities for attackers to launch several attacks and compromise security and privacy of vehicular users. This paper reviews the cyber security in VANET and proposes an asset-based approach for VANET security. Firstly, it identifies relevant assets in VANET. Secondly, it provides a detailed taxonomy of vulnerabilities and threats on these assets, and, lastly, it classifies the possible attacks in VANET and critically evaluates them.
文摘Cyber-Physical Systems(CPS)represent an integration of computational and physical elements,revolutionizing industries by enabling real-time monitoring,control,and optimization.A complementary technology,Digital Twin(DT),acts as a virtual replica of physical assets or processes,facilitating better decision making through simulations and predictive analytics.CPS and DT underpin the evolution of Industry 4.0 by bridging the physical and digital domains.This survey explores their synergy,highlighting how DT enriches CPS with dynamic modeling,realtime data integration,and advanced simulation capabilities.The layered architecture of DTs within CPS is examined,showcasing the enabling technologies and tools vital for seamless integration.The study addresses key challenges in CPS modeling,such as concurrency and communication,and underscores the importance of DT in overcoming these obstacles.Applications in various sectors are analyzed,including smart manufacturing,healthcare,and urban planning,emphasizing the transformative potential of CPS-DT integration.In addition,the review identifies gaps in existing methodologies and proposes future research directions to develop comprehensive,scalable,and secure CPSDT systems.By synthesizing insights fromthe current literature and presenting a taxonomy of CPS and DT,this survey serves as a foundational reference for academics and practitioners.The findings stress the need for unified frameworks that align CPS and DT with emerging technologies,fostering innovation and efficiency in the digital transformation era.
基金supported in part by the project of the State Key Laboratory of Advanced Rail Autonomous Operation(RAO2023ZZ004)in part by the Beijing Natural Science Foundation-Fengtai Rail Transit Frontier Research Joint Fund(L211002)+2 种基金in part by the Foundation of China State Railway Group Corporation Limited under Grant L2021G003in part by the Scientific and Technical Research Fund of China Academy of Railway Sciences Corporation Limited under Grant 2021YJ094in part by the Project I23L00200 and Project I24F00010.
文摘With the integration of informatization and intelligence into the Communication-Based Train Control(CBTC)systems,the system is facing an increasing number of information security threats.As an important method of characterizing the system security status,the security situation assessment is used to analyze the system security situation.However,existing situation assessment methods fail to integrate the coupling relationship between the physical layer and the information layer of the CBTC systems,and cannot dynamically characterize the real-time security situation changes under cyber attacks.In this paper,a hierarchical security situation assessment approach is proposed to address the security challenges of CBTC systems,which can perceive cyber attacks,quantify the security situation,and characterize the security situation changes under cyber attacks.Specifically,for the physical layer ofCBTC systems,the impact of cyber attacks is evaluated with the train punctuality rate and train departure interval indicators.For the information layer of CBTC systems,the system vulnerabilities and system threats are selected as static level indicators,and the critical network characteristics are selected as dynamic level indicators to quantify the real-time security situation.Finally,the comprehensive security situation assessment value of the CBTC systems is obtained by integrating the physical and information layer indicators.Simulation results illustrate that the proposed approach can dynamically characterize the real-time security situation of CBTC systems,enhancing the ability to perceive and assess information security risks.
基金supported by the National Natural Science Foundation of China(62303273,62373226)the National Research Foundation,Singapore through the Medium Sized Center for Advanced Robotics Technology Innovation(WP2.7)
文摘Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded computing, communication and related hardware technologies, CPSs have attracted extensive attention and have been widely used in power system, traffic network, refrigeration system and other fields.
文摘The current global cybersecurity landscape, characterized by the increasing scale and sophistication of cyberattacks, underscores the importance of integrating Cyber Threat Intelligence (CTI) into Land Administration Systems (LAS). LAS services involve requests and responses concerning public and private cadastral data, including credentials of parties, ownership, and spatial parcels. This study explores the integration of CTI in LAS to enhance cyber resilience, focusing on the unique vulnerabilities of LAS, such as sensitive data management and interconnection with other critical systems related to spatial data uses and changes. The approach employs a case study of a typical country-specific LAS to analyse structured vulnerabilities and their attributes to determine the degree of vulnerability of LAS through a quantitative inductive approach. The analysis results indicate significant improvements in identifying and mitigating potential threats through CTI integration, thus enhancing cyber resilience. These findings are crucial for policymakers and practitioners to develop robust cybersecurity strategies for LAS.
基金supported by the National Natural Science Foundation of China(52477132 and U2066601).
文摘This paper provides a systematic review on the resilience analysis of active distribution networks(ADNs)against hazardous weather events,considering the underlying cyber-physical interdependencies.As cyber-physical systems,ADNs are characterized by widespread structural and functional interdependen-cies between cyber(communication,computing,and control)and physical(electric power)subsystems and thus present complex hazardous-weather-related resilience issues.To bridge current research gaps,this paper first classifies diverse hazardous weather events for ADNs according to different time spans and degrees of hazard,with model-based and data-driven methods being utilized to characterize weather evolutions.Then,the adverse impacts of hazardous weather on all aspects of ADNs’sources,physical/cyber networks,and loads are analyzed.This paper further emphasizes the importance of situational awareness and cyber-physical collaboration throughout hazardous weather events,as these enhance the implementation of preventive dispatches,corrective actions,and coordinated restorations.In addition,a generalized quantitative resilience evaluation process is proposed regarding additional considerations about cyber subsystems and cyber-physical connections.Finally,potential hazardous-weather-related resilience challenges for both physical and cyber subsystems are discussed.
基金supported by the National Natural Science Foundation of China(62173136)the Natural Science Foundation of Hunan Province(2020JJ2013,2021JJ50047).
文摘Dear Editor,With the advances in computing and communication technologies,the cyber-physical system(CPS),has been used in lots of industrial fields,such as the urban water cycle,internet of things,and human-cyber systems[1],[2],which has to face up to malicious cyber-attacks towards cyber communication of control commands.Specifically,jamming attack is regarded as one of the most common attacks of decreasing network performance.Game theory is widely regarded as a method of accurately describing the interaction between jamming attacker and legitimate user[3].In the cyber layer,the signal game model has been utilized to describe the transmission between the attacker and defender[4].However,most previous game theoretical researches are not feasible to meet the demands of industrial CPSs mainly due to the shared communication network nature.Specifically,it leads to incomplete information for players of game owing to various network-induced phenomena and employed communication protocols.In the physical layer,the secure control[5]and estimation[6]under attack detection have been studied for CPSs.However,these methods not only rely heavily on signals injection detection,but also have no access to smart attackers who launch covert attacks so that data receivers cannot observe the attack behaviour[7].Accordingly,the motivation arising here is to tackle the nested game problem for CPSs subject to jamming attack.
文摘A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on feedback and feed-forward channels simultaneously with limited resource.The attacker aims at degrading the UAV CPS's estimation performance to the max while keeping stealthiness characterized by the Kullback-Leibler(K-L)divergence.The attacker is resource limited which can only attack part of sensors,and the attacked sensor as well as specific forms of attack signals at each instant should be considered by the attacker.Also,the sensor selection principle is investigated with respect to time invariant attack covariances.Additionally,the optimal switching attack strategies in regard to time variant attack covariances are modeled as a multi-agent Markov decision process(MDP)with hybrid discrete-continuous action space.Then,the multi-agent MDP is solved by utilizing the deep Multi-agent parameterized Q-networks(MAPQN)method.Ultimately,a quadrotor near hover system is used to validate the effectiveness of the results in the simulation section.
基金This study was funded by the Deanship of Scientific Research,Taif University Researchers Supporting project number(TURSP-2020/195)Taif University,Taif,Saudi Arabia.The authors extend their appreciation to the Deanship of Scientific Research at King Khalid University for funding this work under grant number(RGP 2/25/43)+1 种基金The authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code:(22UQU4310373DSR02)The authors would like to acknowledge the support of Prince Sultan University for paying the Article Processing Charges(APC)of this publication.
文摘Recently,cyber physical system(CPS)has gained significant attention which mainly depends upon an effective collaboration with computation and physical components.The greatly interrelated and united characteristics of CPS resulting in the development of cyber physical energy systems(CPES).At the same time,the rising ubiquity of wireless sensor networks(WSN)in several application areas makes it a vital part of the design of CPES.Since security and energy efficiency are the major challenging issues in CPES,this study offers an energy aware secure cyber physical systems with clustered wireless sensor networks using metaheuristic algorithms(EASCPSMA).The presented EASCPS-MA technique intends to attain lower energy utilization via clustering and security using intrusion detection.The EASCPSMA technique encompasses two main stages namely improved fruit fly optimization algorithm(IFFOA)based clustering and optimal deep stacked autoencoder(OSAE)based intrusion detection.Besides,the optimal selection of stacked autoencoder(SAE)parameters takes place using root mean square propagation(RMSProp)model.The extensive performance validation of the EASCPS-MA technique takes place and the results are inspected under varying aspects.The simulation results reported the improved effectiveness of the EASCPS-MA technique over other recent approaches interms of several measures.
基金supported by the Korea Institute of Energy Technology Evaluation and Planning(KETEP)grant funded by the Korea government(MOTIE)(20224B10100140,50%)the Nuclear Safety Research Program through the Korea Foundation of Nuclear Safety(KoFONS)using the financial resource granted by the Nuclear Safety and Security Commission(NSSC)of the Republic of Korea(No.2106058,40%)the Gachon University Research Fund of 2023(GCU-202110280001,10%)。
文摘As energy-related problems continue to emerge,the need for stable energy supplies and issues regarding both environmental and safety require urgent consideration.Renewable energy is becoming increasingly important,with solar power accounting for the most significant proportion of renewables.As the scale and importance of solar energy have increased,cyber threats against solar power plants have also increased.So,we need an anomaly detection system that effectively detects cyber threats to solar power plants.However,as mentioned earlier,the existing solar power plant anomaly detection system monitors only operating information such as power generation,making it difficult to detect cyberattacks.To address this issue,in this paper,we propose a network packet-based anomaly detection system for the Programmable Logic Controller(PLC)of the inverter,an essential system of photovoltaic plants,to detect cyber threats.Cyberattacks and vulnerabilities in solar power plants were analyzed to identify cyber threats in solar power plants.The analysis shows that Denial of Service(DoS)and Manin-the-Middle(MitM)attacks are primarily carried out on inverters,aiming to disrupt solar plant operations.To develop an anomaly detection system,we performed preprocessing,such as correlation analysis and normalization for PLC network packets data and trained various machine learning-based classification models on such data.The Random Forest model showed the best performance with an accuracy of 97.36%.The proposed system can detect anomalies based on network packets,identify potential cyber threats that cannot be identified by the anomaly detection system currently in use in solar power plants,and enhance the security of solar plants.
基金supported by the National Natural Science Foundation of China(62173002,62403235,62403010,52301408,62173255)the Beijing Natural Science Foundation(L241015,4222045)+2 种基金the Yuxiu Innovation Project of NCUT(2024NCUTYXCX111)the China Postdoctoral Science Foundation(2025T180466)the Beijing Postdoctoral Research Foundation(2025-ZZ-70)。
文摘Networked predictive control(NPC) has gained significant attention in recent years for its ability to effectively and actively address communication constraints in networked control systems(NCSs),such as network-induced delays,packet dropouts,and packet disorders.Despite significant advancements,the increasing complexity and dynamism of network environments,along with the growing complexity of systems,pose new challenges for NPC.These challenges include difficulties in system modeling,cyber attacks,component faults,limited network bandwidth,and the necessity for distributed collaboration.This survey aims to provide a comprehensive review of NPC strategies.It begins with a summary of the primary challenges faced by NCSs,followed by an introduction to the control structure and core concepts of NPC.The survey then discusses several typical NPC schemes and examines their extensions in the areas of secure control,fault-tolerant control,distributed coordinated control,and event-triggered control.Moreover,it reviews notable works that have implemented these schemes.Finally,the survey concludes by exploring typical applications of NPC schemes and highlighting several challenging issues that could guide future research efforts.
