A Privacy-Preserving Polymorphic Heterogeneous Security Architecture for Cloud–Edge Collaboration Industrial Control Systems

Abstract

Cloud–edge collaboration industrial control systems (ICSs) face critical security and privacy challenges that existing dynamic heterogeneous redundancy (DHR) architectures inadequately address due to two fundamental limitations: event-triggered scheduling approaches that amplify common-mode escape impacts in resource-constrained environments, and insufficient privacy-preserving arbitration mechanisms for sensitive industrial data processing. In contrast to existing work that treats scheduling and privacy as separate concerns, this paper proposes a unified polymorphic heterogeneous security architecture that integrates hybrid event–time triggered scheduling with adaptive privacy-preserving arbitration, specifically designed to address the unique challenges of cloud–edge collaboration ICSs where both security resilience and privacy preservation are paramount requirements. The architecture introduces three key innovations: (1) a hybrid event–time triggered scheduling algorithm with credibility assessment and heterogeneity metrics to mitigate common-mode escape scenarios, (2) an adaptive privacy budget allocation mechanism that balances privacy protection effectiveness with system availability based on attack activity levels, and (3) a unified framework that organically integrates privacy-preserving arbitration with heterogeneous redundancy management. Comprehensive evaluations using natural gas pipeline pressure control and smart grid voltage control systems demonstrate superior performance: the proposed method achieves 100% system availability compared to 62.57% for static redundancy and 86.53% for moving target defense, maintains 99.98% availability even under common-mode attacks (${10}^{-2}$ probability), and consistently outperforms moving target defense methods integrated with state-of-the-art detection mechanisms (99.7790% and 99.6735% average availability when false data deviations from true values are 5% and 3%, respectively) across different attack detection scenarios, validating its effectiveness in defending against availability attacks and privacy leakage threats in cloud–edge collaboration environments.

1. Introduction

Industrial control systems (ICSs) constitute one of the most critical infrastructures for modern industrial manufacturing, energy production, and social life [1]. As global industrial digitalization accelerates and intelligent manufacturing demands intensify, traditional isolated ICSs are undergoing unprecedented transformation. The integration of cloud computing with ICSs has revolutionized industrial automation by enabling sophisticated data analytics, efficient resource utilization, and comprehensive remote monitoring capabilities [2,3,4]. However, the centralized nature of cloud computing introduces significant limitations for ICSs, particularly in scenarios demanding stringent real-time control requirements. Network congestion, communication latencies, and packet loss become critical bottlenecks when processing massive data streams from geographically distributed industrial equipment [5].

The emergence of edge computing technology effectively addresses the limitations of purely cloud-based ICSs by offloading computation tasks to the network edge, closer to data sources [6,7,8]. In cloud–edge collaboration ICSs [9], data collected by edge industrial equipment is processed locally at the edge of the network, with computing tasks conducted near the industrial equipment that requires intensive data processing. Only processed data and critical information are uploaded to remote cloud data centers for archiving, storage, and comprehensive analytics. This architecture significantly reduces network load, alleviates communication pressure, decreases data transmission costs, and enhances response speed—all critical factors for industrial control applications requiring high real-time performance [10,11,12].

However, the distributed nature of cloud–edge collaboration ICSs introduces substantial security and privacy challenges, particularly for edge nodes that serve as critical bridges between cloud platforms and industrial devices. Edge nodes process sensitive operational data while directly controlling physical processes, making them attractive targets for various attacks that can lead to industrial espionage, operational disruptions, and even catastrophic system failures.

Among various defense mechanisms, the dynamic heterogeneous redundancy (DHR) architecture has emerged as a particularly promising response mechanism, offering sophisticated defensive capabilities through the deployment of functionally equivalent yet implementation-diverse heterogeneous executors [13]. DHR architecture addresses security vulnerabilities by transforming attacks into differential-mode or common-mode problems, where heterogeneous executors either produce varying outputs due to implementation differences or experience simultaneous impacts from sophisticated attacks.

However, the application of DHR architectures in cloud–edge collaboration ICS environments presents unique challenges that current research has not adequately addressed. First, existing DHR implementations predominantly adopt event-triggered scheduling approaches, which can amplify the impact of common-mode escape scenarios in cloud–edge ICS deployments characterized by insufficient heterogeneity levels, potentially resulting in persistent attacker control over edge nodes. Second, current DHR research inadequately addresses privacy-preserving arbitration methodologies, limiting the ability of DHR architectures to fulfill the stringent privacy protection requirements inherent in cloud–edge collaboration ICS applications, where sensitive industrial data processing and cross-domain information sharing demand sophisticated privacy-preserving mechanisms beyond conventional arbitration approaches.

To address these critical limitations, this paper proposes a novel privacy-preserving polymorphic heterogeneous security architecture specifically designed for cloud–edge collaboration ICSs. The main contributions of this work are as follows:

• A privacy-preserving polymorphic heterogeneous security architecture for cloud–edge collaboration ICSs is proposed. Based on the DHR architecture, this framework integrates privacy-preserving mechanisms and closed-loop feedback control to address hardware and software homogeneity, singularity, and vulnerabilities in industrial control systems.
• Based on the proposed architecture, this paper presents a novel privacy-preserving arbitration mechanism that dynamically balances privacy protection with operational efficiency. The scheme introduces a privacy budget parameter that adaptively adjusts the proportion of protected output bits based on real-time threat assessment and arbitration error rates, enabling edge-level preliminary consistency checking while maintaining cloud-level verification capabilities. This adaptive approach leverages the natural advantages of cloud–edge collaboration to ensure data confidentiality while preserving functional correctness and system availability in multi-executor environments.
• To address the challenges of limited heterogeneous resources and underlying homogeneous risks in cloud–edge collaboration ICSs, this paper introduces credibility and heterogeneity metrics and designs a hybrid event-time triggered scheduling strategy based on these metrics for executor management. Simulation-based validation conducted on a natural gas pipeline pressure control system demonstrates that the proposed security architecture significantly strengthens system resilience against false data injection and privacy attacks, thereby confirming the effectiveness of our methodology.

The rest of this paper is organized as follows: Section 2 summarizes the related work; Section 3 describes the proposed privacy-preserving polymorphic heterogeneous security architecture, as well as its threat model and assumptions; Section 4 gives a privacy-preserving arbitration mechanism and a credit-heterogeneity-based executor scheduling strategy. The theoretical analysis and experimental evaluation are carried out in Section 5 and Section 6, respectively; and Section 7 is the summary.

2. Related Work

2.1. Cloud–Edge Collaboration ICS Architecture and Security Challenges

Cloud–edge collaboration ICS architecture represents a paradigm shift in industrial automation, addressing the limitations of purely cloud-based or edge-only deployments through intelligent workload distribution and resource optimization. Figure 1 illustrates the cloud–edge collaboration ICS architecture, which adopts a three-tier collaborative framework comprising the cloud platform, edge nodes, and terminal equipment [14]. The cloud platform serves as the core control center, built upon distributed server clusters and storage infrastructure that enables dynamic resource allocation, data analysis, and comprehensive task management. Edge nodes are deployed at network edges near industrial devices, providing localized computing capabilities, data processing, and device control through containerized technologies. These edge nodes act as intelligent intermediaries that bridge the cloud platform with terminal equipment. The terminal equipment consists of sensing devices, smart switches, and field equipment that perform real-time data collection, environmental monitoring, and command execution.

While cloud–edge collaboration brings significant benefits to ICSs, it simultaneously introduces substantial security and privacy challenges that demand immediate attention. The distributed nature of this architecture expands the attack surface, creating multiple potential entry points for malicious attackers [2,15]. Edge nodes, in particular, occupy a critical position in this ecosystem as they process sensitive operational data while directly influencing physical control processes. Attackers can exploit compromised edge nodes to launch false data injection attacks, which can manipulate sensor readings, deceive control algorithms, and ultimately lead to cascading failures, industrial espionage, and even catastrophic system-wide disruptions [4,16].

Edge nodes deserve special consideration from security and privacy perspectives due to their unique role as critical bridges between cloud platforms and terminal devices. They not only handle substantial volumes of sensitive industrial data but also maintain direct control over physical processes. Availability attacks (such as false data injection attacks, DDoS attacks, and replay attacks) targeting edge nodes can disrupt entire industrial operations, while privacy attacks (such as confidentiality attacks, eavesdropping attacks, and side-channel attacks) may result in the exposure of proprietary manufacturing processes, operational parameters, and competitive intelligence. Therefore, enhancing the security and privacy protection mechanisms for edge nodes is paramount to ensuring the overall safety, reliability, and trustworthiness of cloud–edge collaboration ICSs.

2.2. Defense Mechanisms in Cloud–Edge Collaboration ICSs

Current defense mechanisms against security threats in cloud–edge collaboration ICSs can be systematically categorized into two primary approaches: detection mechanisms and response mechanisms [17,18]. Detection mechanisms focus on identifying potential attack behaviors through various analytical techniques, while response mechanisms aim to enhance system robustness and maintain operational continuity even under attack conditions.

Detection mechanisms in cloud–edge collaboration ICSs primarily operate through systematic monitoring and analysis of network traffic, system behaviors, and operational patterns to identify potential security threats. These approaches can be fundamentally categorized into three distinct methodologies: signature-based detection, which relies on predefined attack pattern databases to recognize known threats; anomaly-based detection, which establishes baseline behavioral profiles and identifies deviations that may indicate malicious activities; and hybrid detection systems that combine multiple techniques to enhance overall effectiveness [19,20]. Contemporary detection strategies increasingly leverage machine learning algorithms, including support vector machines, random forests, convolutional neural networks, and recurrent neural networks such as LSTM and GRU, to process high-dimensional feature spaces and identify complex attack patterns in real-time [21,22]. Furthermore, the distributed nature of cloud–edge architectures has prompted the development of federated learning-based detection mechanisms, where multiple edge nodes collaboratively perform anomaly detection while preserving data privacy through parameter sharing rather than raw data exchange. These distributed approaches address the scalability and fault tolerance requirements of modern ICS deployments while maintaining computational efficiency through lightweight model architectures and efficient data preprocessing techniques. Although these detection methodologies have achieved significant advances in identifying various attack vectors, including false data injection [23,24,25,26], denial of service [27,28], and unauthorized access attempts [29,30], they often struggle to cope with sophisticated stealth attacks that employ evasion techniques or mimic normal operational behaviors, highlighting the inherent limitations of purely detection-based defensive strategies.

Response mechanisms in cloud–edge collaboration ICSs encompass a comprehensive array of defensive strategies designed to maintain system resilience and operational continuity under adversarial conditions. Redundancy techniques constitute the cornerstone of these response mechanisms, functioning as fundamental countermeasures against false data injection attacks and other security threats by implementing multi-layered protective architectures across communication, software, and hardware domains [31,32,33]. Contemporary industrial control systems extensively deploy redundancy solutions such as ControlLogix redundant systems at the programmable logic controller (PLC) level and controller development system (CODESYS) redundancy toolkits at the compiler level, which collectively enhance system robustness through real-time cross-validation, voting mechanisms, and standby system configurations [34,35,36,37]. Building upon these foundational approaches, advanced defensive paradigms including moving target defense (MTD) [38,39,40] and heterogeneous redundancy [41,42,43,44] have emerged to further strengthen protective capabilities by dynamically modifying system parameters, communication protocols, and architectural configurations, thereby significantly increasing the complexity and unpredictability of attack surfaces. Among these innovations, the dynamic heterogeneous redundancy (DHR) architecture represents a particularly sophisticated response mechanism that employs closed-loop feedback and stochastic scheduling to implement diverse and unpredictable defensive strategies across multiple computational and communication layers. The fundamental principle of DHR architecture involves deploying functionally equivalent yet implementation-diverse heterogeneous executors, effectively transforming vulnerability-based and backdoor attacks into differential-mode problems [13], where heterogeneous executors produce varying outputs when subjected to identical attacks due to implementation differences, or common-mode problems, where all executors may simultaneously experience similar impacts. Through continuous monitoring of executor output consistency and arbitration mechanisms, DHR architectures can detect executor anomalies and suppress the effects of unknown attacks, while the dynamic switching capabilities and heterogeneous configurations substantially reduce the predictability of system behavior and the likelihood of successful attack penetration compared to conventional static defense approaches.

2.3. Research on Dynamic Heterogeneous Redundancy Architecture

Research on dynamic heterogeneous redundancy architecture has evolved significantly from traditional static heterogeneous redundancy systems, which fundamentally depend on the deployment of hardware and software components featuring distinct operational principles while maintaining functional equivalence within varied developmental frameworks to establish fault-tolerant infrastructures [45]. Nevertheless, such traditional architectures exhibit fundamental static properties, making them susceptible to complete system failure when malicious actors gain control over a majority of the constituent devices. Therefore, the primary innovation underlying DHR architecture lies in the incorporation of diverse heterogeneities spanning multiple spatial and temporal dimensions, effectively breaking the patterns of static behavior, homogeneity, and predictability that characterize conventional systems, thus enabling the simultaneous achievement of enhanced system dependability and robust defensive capabilities against adversarial threats [46].

Contemporary research on DHR architecture has focused on advancing three interconnected dimensions: heterogeneity characterization, intelligent scheduling mechanisms, and adaptive arbitration algorithms.

Table 1. Comparative analysis of dynamic heterogeneous redundancy research.

Work	Methodology	Privacy Protection	Application Domain
Sun et al. [44]	Multi-level 2-mode judgment algorithm	Not addressed	Industrial applications (real-time constraints)
Shao et al. [46]	Active defense arbitration with adaptive anomaly sensing	Not addressed	Mimic IoT
Huang et al. [47]	Location-aware metrics (common-mode index, transfer probability)	Not addressed	General DHR systems
Yu et al. [48]	HSelect approach with file/block-level code change detection	Not addressed	N-versioning systems
Shao et al. [49]	Historical credibility and dissimilarity clustering (HCDC)	Not addressed	General DHR systems
Tang et al. [50]	Mimic scoring voting algorithm with heterogeneity measures	Not addressed	General DHR systems with limited executors
Zhang et al. [51]	Polymorphic multi-mode decision with AdaBoost classifiers	Not addressed	General DHR systems
Our Work	Privacy-preserving arbitration with a hybrid event–time triggered scheduling strategy	Adaptive privacy budget allocation mechanism	Cloud–edge collaboration ICS

presents a comprehensive comparison of representative DHR research approaches, highlighting their methodological differences, privacy protection capabilities, and application domains. In the realm of heterogeneity measurement, Huang et al. introduced location-aware metrics, including common-mode index and transfer probability, to quantify heterogeneity levels and guide executor selection strategies [47]. Addressing the practical challenges of variant selection in N-versioning systems, Yu et al. developed HSelect, a novel heterogeneity measurement approach that detects code changes at file and block levels to generate heterogeneity matrices, enabling the selection of maximally diverse variants and effectively mitigating common-mode failure vulnerabilities compared to traditional selection methods [48]. Shao et al. developed a comprehensive executor selection algorithm that integrates historical credibility and dissimilarity clustering (HCDC), employing clustering techniques to maximize differences between heterogeneous executor pools while dynamically updating credibility scores through negative feedback control mechanisms [49]. Tang et al. proposed a mimic scoring voting algorithm that incorporates both heterogeneity measures and historical confidence as decision factors, demonstrating significant improvements in security performance while maintaining effectiveness even under low-load conditions with minimal scheduled executors [50]. To address the real-time constraints of industrial applications, Sun et al. designed a multi-level 2-mode judgment algorithm that dynamically balances decision efficiency and result reliability through a “process-first-arbitrate-later” approach, progressively adjusting component confidence levels based on arbitration outcomes [44]. Zhang et al. introduced a polymorphic multi-mode decision algorithm based on AdaBoost classifiers, which overcomes traditional majority voting limitations by adaptively selecting optimal execution entities through comprehensive consideration of execution body information, historical performance, and output results [51]. Most recently, Shao et al. proposed an active defense arbitration method based on adaptive anomaly sensing, which directly assesses device output reliability through deep learning-based anomaly detection rather than traditional device reliability evaluation, thereby enhancing arbitration accuracy while reducing common-mode escape vulnerabilities [46].

Despite these advances, current DHR research faces two fundamental limitations that impede its effectiveness in cloud–edge collaboration ICS environments. First, the predominant adoption of event-triggered scheduling approaches amplifies the impact of common-mode escape scenarios in cloud–edge ICS deployments characterized by insufficient heterogeneity levels, resulting in persistent attacker control over edge nodes and compromised system integrity. Second, existing research inadequately addresses privacy-preserving arbitration methodologies, consequently limiting the ability of DHR architectures to fulfill the stringent privacy protection requirements inherent in cloud–edge collaboration ICS applications, where sensitive industrial data processing and cross-domain information sharing demand sophisticated privacy-preserving mechanisms beyond conventional arbitration approaches. In contrast to existing work that treat scheduling and privacy as separate concerns, our work introduces a unified framework that integrates hybrid event-time triggered scheduling with adaptive privacy-preserving arbitration, specifically designed to address the unique challenges of cloud–edge collaboration in industrial control systems where both security resilience and privacy preservation are paramount requirements.

3. System Model

3.1. Proposed Polymorphic Heterogeneous Security Architecture

To address the security and privacy challenges faced by edge nodes in cloud–edge collaboration ICSs, we propose a privacy-preserving polymorphic heterogeneous security architecture. This architecture enhances the DHR framework by incorporating privacy-preserving arbitration mechanisms and executor scheduling strategies based on credibility and heterogeneity metrics. Our design specifically targets false data injection attacks against edge node executors and confidentiality attacks against the arbitration module, ensuring both security and privacy protection within the edge nodes.

An edge node in the proposed architecture consists of four primary components: input agent, heterogeneous executor set, arbitration and scheduling module, and output agent, as illustrated in Figure 2. The input agent receives and replicates incoming data, distributing identical inputs to each heterogeneous executor within the executor set. The heterogeneous executor set comprises multiple functionally equivalent yet structurally diverse executors arranged in a parallel configuration, connecting both the input agent and the arbitration and scheduling module. Despite their structural differences, these executors are designed to be functionally equivalent, theoretically producing identical outputs when processing the same inputs under normal operating conditions. The arbitration and scheduling module compares the outputs generated by each executor in response to identical inputs. When all outputs are consistent, the unified result is transmitted through the output agent as the system’s response. However, when inconsistencies are detected, the module initiates a scheduling process to deactivate potentially compromised executors and activate new heterogeneous executors from the available pool. The output agent serves as the final interface, securely delivering validated control commands or processed data to their intended destinations.

In the context of cloud–edge collaboration ICSs, our architecture facilitates secure and private bidirectional data flow across the device–edge–cloud continuum. In device-to-edge-to-cloud scenarios, the edge node equipped with our architecture receives data streams from various terminal devices such as programmable logic controllers (PLCs), remote terminal units (RTUs), and distributed control systems (DCS). These inputs are simultaneously processed by multiple heterogeneous executors, each implementing different algorithmic approaches while maintaining functional equivalence. The arbitration and scheduling module conducts privacy-preserving comparison operations on these outputs without exposing the actual content, thereby protecting sensitive industrial process data. After validation, the aggregated results are transmitted to the cloud platform for further analytics, long-term storage, or enterprise-level decision support. Similarly, in cloud-to-edge-to-device scenarios, control commands or configuration updates originating from cloud applications undergo the same heterogeneous processing and validation at the edge node before being distributed to terminal devices.

3.2. Threat Model and Security Assumptions

As shown in Figure 2, we establish a threat model that encompasses both security and privacy dimensions, with particular attention to the unique challenges presented by edge nodes.

3.2.1. Attacker Capabilities and Objectives

We consider two primary attack vectors within our threat model:

• Availability Attacks: Adversaries may exploit unknown vulnerabilities within executors to manipulate their operational behavior, causing them to produce erroneous computation results or control outputs. The ultimate objective of such attacks is to compromise system availability by inducing inconsistent or harmful control actions. The attacker possesses the capability to infiltrate individual executors but faces the challenge of compromising a sufficient number of heterogeneous executors simultaneously to overcome the arbitration mechanism.
• Privacy Attacks: We assume sophisticated adversaries can mount side-channel attacks, memory analysis techniques, or advanced persistent threats (APTs) against the arbitration and scheduling module. While unable to alter the module’s functionality, these attacks aim to extract sensitive information processed during arbitration, potentially exposing proprietary algorithms, control parameters, operational data, or system state information that could be leveraged for future attacks.

3.2.2. Component Trust Assumptions

We categorize the architectural components according to their trust levels as follows:

• Trusted Components: We consider both the input agent and output agent as trusted entities within our security model. This assumption is justified by their functional simplicity, uncomplicated structure, and amenability to hardened implementation through specialized hardware or formal verification methodologies. Additionally, these components can be subjected to rigorous physical isolation and strict access control mechanisms, further reinforcing their trustworthiness. The operational simplicity of these agents permits exhaustive security verification, significantly reducing the attack surface.
• Untrusted Components: Each executor within the heterogeneous executor set is considered potentially compromised. We assume that executors may contain unknown vulnerabilities or undocumented backdoors that have not yet been identified or patched. However, we establish that executors operate within strict isolation boundaries, preventing lateral movement or cross-contamination between execution environments.
• Semi-trusted Components: The arbitration and scheduling module is classified as semi-trusted. While we assume it executes its designated algorithms faithfully and performs arbitration functions according to specification, we acknowledge inherent privacy vulnerabilities in its operation. Since this module necessarily processes outputs from all executors and makes critical system decisions, its complexity exceeds that of the input/output agents, making it difficult to implement through pure hardware solutions or to verify exhaustively.

3.3. Design Goals

Based on the identified threat model and security assumptions, we establish the following specific design goals:

• Security: Our primary security objective is to ensure system availability and output integrity with high probability even in the presence of adversarial attacks targeting individual executors. The architecture must guarantee that compromised executors cannot persistently produce erroneous outputs without detection, thereby preventing attacks from propagating to physical control processes or upstream analytical systems. Specifically, the system should maintain correct operation as long as a threshold number of executors remain uncompromised and automatically identify and isolate compromised executors through behavioral analysis and output comparison.
• Privacy: The architecture must protect sensitive operational data, proprietary algorithms, and system parameters from adversaries capable of monitoring the arbitration process or conducting side-channel attacks. Even if an attacker successfully infiltrates the arbitration module, they should be unable to extract the exact values of executor outputs or internal system states, thus preserving the confidentiality of critical industrial information. Privacy protection should extend to both the content of individual executor outputs and the aggregate results of the arbitration process.
• Efficiency: While enhancing security and privacy, the architecture must maintain reasonable operational efficiency without introducing prohibitive computational or communication overhead. The additional resources required for maintaining multiple heterogeneous executors, performing privacy-preserving arbitration, and executing dynamic scheduling should be proportionate to the security gains achieved.

4. Privacy and Security Enhanced Methods

4.1. Privacy-Preserving Arbitration Mechanism

In cloud–edge collaboration ICSs, the arbitration mechanism is critical for ensuring both system security and data privacy. This section presents our novel privacy-preserving arbitration approach that protects sensitive edge outputs while maintaining effective system security.

4.1.1. Exact Voting Arbitration

Our arbitration mechanism employs deterministic exact voting, where outputs from two executors $O_i$ and $O_j$ are considered consistent if and only if $O_i=O_j$. Formally, for a set of executor outputs $\{O_1,O_2,\dots ,O_n\}$, we define the consistency function $\Phi (O_i,O_j)$ as

$$\Phi (O_i,O_j)=\left\{\begin{array}{cc}1,\hfill & \mathrm{if}{O}_i=O_j\hfill \\ 0,\hfill & \mathrm{otherwise}\hfill \end{array}\right..$$

(1)

For an output to be accepted as valid, a majority of executors must produce identical results. Alternative arbitration approaches, such as inexact voting or approximate matching that accommodate minor variations in outputs, will be explored in future work.

4.1.2. Basic Homomorphic Encryption-Based Scheme

To protect output confidentiality while enabling effective arbitration, we propose a homomorphic encryption-based arbitration scheme that decouples the arbitration process from direct access to executor outputs. This approach provides strong privacy guarantees at the cost of increased communication overhead and arbitration delay.

The protocol operates as follows:

• Each online heterogeneous executor $e_i$ computes its output $O_i$ and encrypts it using the public key $pk$ of the intended recipient (such as the cloud platform), producing ciphertext $C_i=En{c}_{pk}\left(O_i\right)$.
• The executors transmit their encrypted outputs $C_i$ to the arbitration and scheduling module.
• The arbitration and scheduling module performs homomorphic subtraction operations between each pair of encrypted outputs, generating difference ciphertexts:

  $$D_{ij}=C_i\ominus C_j=En{c}_{pk}(O_i-O_j),$$

  (2)

  where ⊖ represents the homomorphic subtraction operation.
• The arbitration and scheduling module transmits these difference ciphertexts $D_{ij}$ to the cloud platform.
• The cloud platform decrypts each difference ciphertext using its private key $sk$:

  $${\Delta }_{ij}=De{c}_{sk}\left(D_{ij}\right)=O_i-O_j.$$

  (3)
• The cloud platform evaluates the consistency of executor outputs:

  $$\Phi (O_i,O_j)=\left\{\begin{array}{cc}1,\hfill & \mathrm{if}{\Delta }_{ij}=0\hfill \\ 0,\hfill & \mathrm{otherwise}\hfill \end{array}\right..$$

  (4)
• The cloud platform sends the consistency evaluation results back to the arbitration and scheduling module.
• For consistent outputs identified by the cloud platform, the arbitration and scheduling module performs homomorphic addition of the corresponding ciphertexts to generate an aggregated result:

  $$C_{agg}=\underset{i\in \mathcal{C}}{⨁}{C}_i=En{c}_{pk}\left(\sum _{i\in \mathcal{C}}{O}_i\right),$$

  (5)

  where $\mathcal{C}$ is the set of executors with consistent outputs and ⨁ represents the homomorphic addition operation.
• The cloud platform decrypts the aggregated result and computes the final output:

  $$O_{final}={\displaystyle \frac{De{c}_{sk}\left(C_{agg}\right)}{\left|\mathcal{C}\right|}}={\displaystyle \frac{{\sum }_{i\in \mathcal{C}}{O}_i}{\left|\mathcal{C}\right|}}.$$

  (6)

This scheme leverages probabilistic encryption, a feature of modern homomorphic encryption algorithms that ensures identical plaintext messages encrypt to different ciphertexts, thus preventing the arbitration and scheduling module from determining consistency by direct ciphertext comparison. Consequently, the module must rely on homomorphic operations and cloud-based decryption to complete the arbitration process.

4.1.3. Communication-Optimized Scheme

The basic scheme introduces significant communication overhead, as it requires transmitting $\left({\displaystyle \genfrac{}{}{0pt}{}{n}{2}}\right)$ difference ciphertexts for n executors. To address this issue, we propose a communication-optimized variant that aggregates homomorphic differences before transmission.

Instead of sending individual difference ciphertexts, the arbitration and scheduling module computes an aggregated difference:

$$D_{agg}=\underset{i=1}{\overset{n-1}{⨁}}\underset{j=i+1}{\overset{n}{⨁}}{D}_{ij}=En{c}_{pk}\left(\sum _{i=1}^{n-1}\sum _{j=i+1}^n(O_i-O_j)\right).$$

(7)

The cloud platform then decrypts this aggregated difference:

$${\Delta }_{agg}=De{c}_{sk}\left(D_{agg}\right)=\sum _{i=1}^{n-1}\sum _{j=i+1}^n(O_i-O_j).$$

(8)

If ${\Delta }_{agg}=0$, all executors have produced identical outputs, and the cloud platform can proceed with decrypting a single aggregated output. Only when ${\Delta }_{agg}\ne 0$, indicating inconsistency among executors, does the system revert to the basic scheme and transmit individual difference ciphertexts to identify the specific inconsistent executors.

For scenarios involving large output values, we further optimize by employing cryptographic hash functions. Instead of calculating homomorphic differences over entire outputs, the system can compute

$$D_{ij}^{\prime }=En{c}_{pk}(H\left(O_i\right)-H\left(O_j\right)),$$

(9)

where $H(·)$ represents a cryptographic hash function. This approach significantly reduces ciphertext size while maintaining the ability to detect inconsistencies.

4.1.4. Adaptive Privacy Budget Scheme

To balance privacy protection with operational efficiency, we introduce an adaptive privacy budget mechanism that allows the arbitration and scheduling module to make preliminary arbitration decisions locally, adjusting privacy exposure based on perceived threat levels.

We define a privacy budget parameter $\epsilon \in [0,1]$ that determines the proportion of output bits protected from the arbitration and scheduling module. For an n-bit output, the module gains access to the first $(1-\epsilon )\times n$ bits for local consistency checking, while the remaining $\epsilon \times n$ bits remain fully encrypted.

The local consistency check operates as follows:

• Each executor $e_i$ computes its output $O_i$ and separates it into two parts: $O_i^{visible}$ (first $(1-\epsilon )\times n$ bits) and $O_i^{protected}$ (remaining $\epsilon \times n$ bits).
• The executor computes a hash of the visible portion, $H\left(O_i^{visible}\right)$, and sends both this hash and the encrypted complete output $En{c}_{pk}\left(O_i\right)$ to the arbitration and scheduling module.
• The module compares hashes of visible portions to make preliminary consistency determinations:

  $${\Phi }_{local}(O_i,O_j)=\left\{\begin{array}{cc}1,\hfill & \mathrm{if}H\left(O_i^{visible}\right)=H\left(O_j^{visible}\right)\hfill \\ 0,\hfill & \mathrm{otherwise}\hfill \end{array}\right..$$

  (10)
• Based on local consistency checks, the module initiates the homomorphic encryption-based scheme for final verification.

The privacy budget $\epsilon$ is dynamically adjusted based on observed attack patterns and arbitration error rates:

$${\epsilon }_{t+1}=\left\{\begin{array}{cc}min({\epsilon }_t+\delta ,{\epsilon }_{max}),\hfill & \mathrm{if}{r}_t<{\tau }_{low}\hfill \\ max({\epsilon }_t-\delta ,{\epsilon }_{min}),\hfill & \mathrm{if}{r}_t>{\tau }_{high}\hfill \\ {\epsilon }_t,\hfill & \mathrm{otherwise}\hfill \end{array}\right.,$$

(11)

where $r_t$ represents the error rate of local arbitration (discrepancy between local and cloud-verified consistency determinations), ${\tau }_{low}$ and ${\tau }_{high}$ are threshold parameters, $\delta$ is the adjustment step size, and ${\epsilon }_{min}$ and ${\epsilon }_{max}$ define the allowed range for the privacy budget.

During periods of low attack activity (indicated by low error rates), the system increases the privacy budget to enhance privacy protection. Conversely, when attacks are detected or suspected (indicated by high error rates), the system reduces the privacy budget to prioritize accurate and timely arbitration, thereby maintaining system availability.

This adaptive approach leverages the natural advantages of cloud–edge collaboration, allowing edge-level preliminary decisions with cloud-level verification, creating a balanced trade-off between privacy protection and security enforcement.

The selection of thresholds ${\tau }_{low}$ and ${\tau }_{high}$, as well as step size $\delta$, is inherently application-dependent and requires careful consideration of domain-specific requirements. The lower threshold ${\tau }_{low}$ should be determined based on the minimum acceptable level of privacy leakage risk considering regulatory requirements and organizational privacy policies, while the upper threshold ${\tau }_{high}$ should be established based on the maximum tolerable performance degradation that maintains operational requirements—varying significantly across different industrial applications from millisecond-critical manufacturing processes to minute-level process control systems. The step size $\delta$ represents a fundamental trade-off between convergence speed and system stability, requiring consideration of real-time constraints inherent in ICS environments. In practice, these parameters should be calibrated through pre-deployment testing that evaluates privacy budget performance under both attack and benign scenarios, measuring corresponding performance degradation against application-specific tolerance levels, with domain experts providing guidance based on operational requirements, threat landscape, and privacy protection needs of the target industrial environment.

4.2. Credit-Heterogeneity-Based Executor Scheduling Strategy

The core innovations of our scheduling algorithm lie in three aspects: First, it combines periodic scheduling with event-triggered scheduling mechanisms, which both proactively disrupts potential long-term common-mode attacks and responds to anomalous situations where executor outputs are inconsistent; second, it introduces quantification methods for heterogeneity and credibility based on common vulnerability mining history, providing scientific bases for executor selection; finally, it designs a dynamic update strategy based on arbitration history, allowing the system to continuously learn and adapt to the evolving attack-defense environment.

4.2.1. Quantification of Executor Heterogeneity and Credibility

Heterogeneity Calculation. Assume the executor pool contains n heterogeneous executors, denoted as $P_1,P_2,\dots ,P_n$. The heterogeneity between executors $P_i$ and $P_j$ is defined as

$$H_{i,j}={\displaystyle \frac{max(v_i,v_j)-v_{i,j}}{max(v_i,v_j)}},$$

(12)

where $v_i$ is the cardinality of vulnerability set ${\mathbf{V}}_i$ for executor $P_i$, and $v_{i,j}$ is the cardinality of common vulnerability set ${\mathbf{V}}_{i,j}$ between executors $P_i$ and $P_j$. This formula yields values in the range [0,1], with higher values indicating greater heterogeneity.

Credibility Calculation. The credibility index $R_i$ for executor $P_i$ integrates vulnerability assessment with operational history:

$$R_i=1-{\displaystyle \frac{a_i\times {\sum }_{k=1}^{v_i}\mathrm{CVSS}\left(V_k^i\right)-{\sum }_{k=1}^{v_i^{\prime }}\mathrm{CVSS}\left(V_k^{i^{\prime }}\right)+{\sum }_{k=1}^{v_i^{\prime }}\mathrm{CVSS}\left(V_k^{i^{\prime }}\right)}{{\sum }_{k=1}^{v_i}\mathrm{CVSS}\left(V_k^i\right)}},$$

(13)

where $a_i$ is the weight coefficient for patched vulnerabilities:

$$a_i=a\times n\times {\displaystyle \frac{{\sum }_{k=1}^{v_i}\mathrm{CVSS}\left(V_k^i\right)}{{\sum }_{j=1}^n{\sum }_{k=1}^{v_j}\mathrm{CVSS}\left(V_k^j\right)}}.$$

(14)

Here, a is the system-wide weight coefficient, and $\mathrm{CVSS}\left(V_k^i\right)$ represents the common vulnerability scoring system value for vulnerability $V_k^i$.

4.2.2. Executor Scheduling Algorithm

Our algorithm implements the scheduling function through two distinct triggering mechanisms.

Periodic Scheduling Process. When executors have been running consistently for a time exceeding the preset threshold T:

• Generate a random number $k\in [1,m]$, where m is the number of online executors;
• Sort the m executors in descending order by their online runtime, and take the k executors with the longest runtime offline for cleansing;
• Select k executors from the standby pool to bring online, maximizing the objective function $\theta \left({\mathbf{P}}_s\right)=max(H^{*}+TR)$, where ${\mathbf{P}}_s$ represents the set of candidate executors for scheduling, $H^{*}$ is the aggregate heterogeneity vector, and $TR$ is the aggregate credibility vector.

Event-Triggered Scheduling Process. When inconsistencies in executor outputs are detected:

• Calculate the total credibility $T{R}_k$ for each set of executors producing different outputs using

  $$T{R}_k=\sum _{i=1}^k{R}_i-{\displaystyle \frac{k-1}{k}}\times {\beta }_k\times \sum _{i=1}^k{R}_i,$$

  (15)

  where ${\beta }_k$ represents the common-mode vulnerability factor:

  $${\beta }_k=1-max\left(H_{i,j}\right),i,j\in [1,k],i\ne j.$$

  (16)
• Compare the total credibility of different output groups, and take offline the executor set with lower total credibility for cleansing.

When executors remain inconsistent after scheduling, and previously uncleansed executors maintain consistency, reduce the total credibility of the uncleansed executor set by a penalty weight $\pi$ before comparison:

$$T{R}_k^{\prime }=T{R}_k-\pi .$$

(17)

4.2.3. Dynamic Updates to Credibility and Heterogeneity

Heterogeneity Updates. When common-mode attacks are detected among executors in set ${\mathbf{P}}_C$, update their heterogeneity:

$$H_{i,j}^{\prime }=H_{i,j}-\gamma ,P_i\in {\mathbf{P}}_C,P_j\in {\mathbf{P}}_C,i\ne j,$$

(18)

where $\gamma$ is the heterogeneity penalty weight introduced by the existence of unknown common vulnerabilities.

Credibility Updates. For executors operating normally, increase their credibility:

$$R_i^{t+1}=min(R_i^0,R_i^t+\delta ).$$

(19)

For executors exhibiting anomalies, decrease their credibility:

$$R_i^{t+1}=max(0,R_i^t-\theta ),$$

(20)

where $\delta$ is the credibility increment value, $\theta$ is the credibility decrement value, and $R_i^0$ is the initial credibility of the executor.

It is worth noting that our proposed scheduling strategy’s primary innovation lies in combining periodic scheduling with event-triggered scheduling mechanisms to address the limitations of existing approaches. The credibility and heterogeneity calculation components in our architecture are designed with modular characteristics, which allow for the integration of advanced clustering methodologies [49,52] to enhance heterogeneity assessment and executor selection.

5. Security and Privacy Analysis

This section presents a formal security and privacy analysis of our proposed privacy-preserving polymorphic heterogeneous architecture. We prove the security guarantees regarding system availability under various attack scenarios and analyze the privacy preservation properties of our arbitration mechanism.

5.1. Security

We begin by analyzing the security properties of our architecture, focusing on availability guarantees in the presence of adversaries attempting to compromise executors.

Theorem 1

(Heterogeneity Security Enhancement). Consider a system with k heterogeneous executors where executor $P_i$ has individual attack success probability $p_i$ and the correlation coefficient between executors $P_i$ and $P_j$ is ${\rho }_{i,j}\in [0,1]$. The probability of successful common-mode attack against all executors is approximately $P_{\mathit{hetero}}\approx {\prod }_{i=1}^k{p}_i(1+{\sum }_{1\le i<j\le k}{\displaystyle \frac{{\rho }_{i,j}\sqrt{(1-p_i)(1-p_j)}}{\sqrt{p_i{p}_j}}})+O\left({\rho }^2\right)$. For the symmetric case where $p_i=p$ and ${\rho }_{i,j}=\rho$, this simplifies to $P_{\mathit{hetero}}\approx p^k(1+({\displaystyle \genfrac{}{}{0pt}{}{k}{2}}){\displaystyle \frac{\rho (1-p)}{p}})+O({\rho }^2)$. Compared to homogeneous redundancy where $P_{\mathit{homo}}=p$ due to identical vulnerabilities, heterogeneous architecture provides exponential security enhancement.

Proof. 

Let $X_i$ denote the indicator random variable for a successful attack on executor $P_i$ with $P\left(X_i\right)=p_i$. For any pair of executors $(P_i,P_j)$, the correlation coefficient ${\rho }_{i,j}$ determines their common vulnerability:

$$P(X_i\cap X_j)=p_i{p}_j+{\rho }_{i,j}\sqrt{p_i(1-p_i)p_j(1-p_j)},$$

(21)

where $P(X_i\cap X_j)$ is the success probability of a common-mode attack against executors i and j.

For the general case with k executors having potentially different attack success probabilities, we apply the inclusion–exclusion principle. The covariance between executors $P_i$ and $P_j$ is $\mathrm{Cov}(X_i,X_j)={\rho }_{i,j}\sqrt{p_i(1-p_i)p_j(1-p_j)}$. Using first-order approximation:

$$\begin{array}{cc}\hfill P\left(\bigcap _{i=1}^k{X}_i\right)& \approx \prod _{i=1}^k{p}_i+\sum _{1\le i<j\le k}\mathrm{Cov}(X_i,X_j)+O\left({\rho }^2\right)\hfill \end{array}$$

(22)

$$\begin{array}{cc}\hfill & =\prod _{i=1}^k{p}_i\left(1+\sum _{1\le i<j\le k}{\displaystyle \frac{{\rho }_{i,j}\sqrt{(1-p_i)(1-p_j)}}{\sqrt{p_i{p}_j}}}\right)+O\left({\rho }^2\right).\hfill \end{array}$$

(23)

We now consider the symmetric case where all executors have identical individual vulnerability levels ($p_i=p$) and uniform correlation (${\rho }_{i,j}=\rho$). Under these conditions, the expression simplifies significantly:

$$\begin{array}{cc}\hfill P_{\mathrm{hetero}}& \approx p^k\left(1+\left({\displaystyle \genfrac{}{}{0pt}{}{k}{2}}\right){\displaystyle \frac{\rho (1-p)}{p}}\right)+O\left({\rho }^2\right).\hfill \end{array}$$

(24)

In contrast, a homogeneous redundant system employs k identical executors with identical vulnerabilities. When facing a common-mode attack, success against the common vulnerability immediately compromises all executors simultaneously. Therefore, $P_{\mathrm{homo}}=p$ regardless of the number of redundant executors.

The security enhancement factor demonstrates the exponential advantage of heterogeneity:

$$\mathrm{SEF}={\displaystyle \frac{P_{\mathrm{homo}}}{P_{\mathrm{hetero}}}}\approx {\displaystyle \frac{p}{p^k(1+\left(\genfrac{}{}{0pt}{}{k}{2}\right)\frac{\rho (1-p)}{p})}}={\displaystyle \frac{1}{p^{k-1}(1+\left(\genfrac{}{}{0pt}{}{k}{2}\right)\frac{\rho (1-p)}{p})}}.$$

(25)

Even with moderate correlation ($\rho <1$), the heterogeneous architecture transforms the attack complexity from $O\left(1\right)$ for homogeneous systems to $O\left(p^{k-1}\right)$, providing substantial security enhancement that scales exponentially with the number of diverse executors. □

Theorem 2

(Dynamic Resilience). The proposed architecture with credit-heterogeneity-based scheduling and dynamic credibility updates achieves asymptotic security improvement over static architectures, with compromise probability $P_{comp}\left(t\right)\le e^{-\alpha t}$ for some $\alpha >0$ as $t\to \infty$, where t is the system operation time.

Proof. 

Consider an attacker attempting to compromise the system over time. In a static architecture, the probability of system compromise increases monotonically as attackers discover and exploit vulnerabilities:

$$P_{static}\left(t\right)=1-e^{-\lambda t},$$

(26)

where $\lambda$ is the rate of vulnerability discovery.

In our dynamic architecture, each executor rotation reduces the attacker’s accumulated knowledge. Let $\tau$ be the average executor rotation period and $\delta$ be the knowledge decay factor (where $0<\delta <1$). The attacker’s effective knowledge at time t can be modeled as

$$K\left(t\right)={\int }_0^t\lambda e^{-\delta \lfloor {\displaystyle \frac{s}{\tau }}\rfloor }ds.$$

(27)

As t increases, this knowledge reaches a steady state bounded by ${\displaystyle \frac{\lambda \tau }{1-e^{-\delta }}}$. Consequently, the system compromise probability is bounded by

$$P_{comp}\left(t\right)\le 1-e^{-{\displaystyle \frac{\lambda \tau }{1-e^{-\delta }}}}\approx {\displaystyle \frac{\lambda \tau }{1-e^{-\delta }}}\mathrm{for}\mathrm{small}{\displaystyle \frac{\lambda \tau }{1-e^{-\delta }}}.$$

(28)

Additionally, the dynamic credibility updates continuously penalize compromised executors, further reducing the compromise probability over time. With proper parameter settings, this leads to $P_{comp}\left(t\right)\le e^{-\alpha t}$ for some $\alpha >0$ as $t\to \infty$. □

Theorem 3

(Preemptive Security). The periodic scheduling mechanism with maximum runtime threshold T ensures that the maximum attack window for any executor set is bounded by T, regardless of the attack detection capabilities of the system.

Proof. 

Consider an attacker who has successfully compromised an online executor set without being detected by the arbitration mechanism. In traditional architectures, such an attacker could maintain control indefinitely.

In our architecture, let $S_i\left(t\right)$ denote the cumulative runtime of online executor set ${\mathbf{P}}_i$ at time t, and let T be the maximum allowed runtime before mandatory rotation. By design, we enforce

$$\forall i,t:S_i\left(t\right)\le T.$$

(29)

When $S_i\left(t\right)=T$, the executor set ${\mathbf{P}}_i$ is selected for rotation with probability 1, regardless of its apparent behavior. This creates a strict upper bound on the duration of any successful attack against the entire executor set.

Additionally, the random selection of k executor sets for rotation further complicates the attacker’s planning, as even executor sets with $S_i\left(t\right)<T$ have non-zero probability of being rotated. Specifically, for an executor set ${\mathbf{P}}_i$ with runtime $S_i\left(t\right)$, its rotation probability at time t is at least

$$P_{rotate}\left(S_i\left(t\right)\right)=\left\{\begin{array}{cc}{\displaystyle \frac{ran{k}_{\mathbf{P}}\left(S_i\left(t\right)\right)}{m}},\hfill & \mathrm{if}{S}_i\left(t\right)<T\hfill \\ 1,\hfill & \mathrm{if}{S}_i\left(t\right)\ge T\hfill \end{array}\right.,$$

(30)

where $ran{k}_{\mathbf{P}}\left(S_i\left(t\right)\right)$ is the position of executor set ${\mathbf{P}}_i$ when all executor sets are sorted by their cumulative runtime in descending order, and m is the total number of available executor sets.

This preemptive rotation policy ensures that no attack can persist beyond the time window T, providing a fundamental security guarantee independent of detection mechanisms. □

5.2. Privacy

We now analyze the privacy properties of our architecture, focusing on the confidentiality guarantees provided by the privacy-preserving arbitration mechanism.

Theorem 4

(Homomorphic Encryption Confidentiality). The basic homomorphic encryption-based arbitration scheme provides computational indistinguishability of executor outputs against a semi-honest arbitration module, assuming the security of the underlying homomorphic encryption scheme.

Proof. 

Let $\Pi =(KeyGen,Enc,Dec,Eval)$ be a semantically secure homomorphic encryption scheme. For any two distinct outputs $O_i$ and $O_j$ from executors, an adversary controlling the arbitration module observes only the ciphertexts $C_i=En{c}_{pk}\left(O_i\right)$ and $C_j=En{c}_{pk}\left(O_j\right)$.

By the semantic security property of $\Pi$, for any probabilistic polynomial-time adversary $\mathcal{A}$, there exists a negligible function $negl$ such that

$$|Pr[\mathcal{A}\left(En{c}_{pk}\left(O_i\right)\right)=1]-Pr[\mathcal{A}\left(En{c}_{pk}\left(O_j\right)\right)=1]|\le negl\left(n\right),$$

(31)

where n is the security parameter.

Similarly, the difference ciphertexts $D_{ij}=C_i\ominus C_j=En{c}_{pk}(O_i-O_j)$ reveal no information about the individual values $O_i$ and $O_j$ to the arbitration module, as the module cannot decrypt these values without the private key.

Therefore, the basic scheme ensures that the arbitration module learns nothing about the actual executor outputs beyond what can be inferred from the publicly known encryption algorithm and public key. □

Theorem 5

(Aggregated Differences Privacy). The communication-optimized scheme with aggregated differences preserves the confidentiality of individual executor outputs while revealing only the overall consistency status to the arbitration module.

Proof. 

In the communication-optimized scheme, the arbitration module computes an aggregated difference, as shown in Equation (7).

The cloud platform decrypts this to obtain ${\Delta }_{agg}={\sum }_{i=1}^{n-1}{\sum }_{j=i+1}^n(O_i-O_j)$.

If all outputs are identical (i.e., $\forall i,j:O_i=O_j$), then ${\Delta }_{agg}=0$. However, if at least one output differs, then ${\Delta }_{agg}\ne 0$ with overwhelming probability due to the algebraic properties of the output space.

The arbitration module learns only a binary result: whether all outputs are consistent or not. In the consistent case, no additional information is revealed beyond the fact of consistency. In the inconsistent case, the system reverts to the basic scheme, which we have proven secure in Theorem 4.

Therefore, the communication-optimized scheme preserves the confidentiality of individual executor outputs while efficiently determining their consistency status. □

Theorem 6

(Adaptive Privacy Budget Security). The adaptive privacy budget scheme with parameter ε leaks at most $(1-\epsilon )\times n$ bits of each n-bit executor output to the arbitration module, while maintaining the security properties of the basic scheme for the remaining $\epsilon \times n$ bits.

Proof. 

In the adaptive privacy budget scheme, each executor’s output $O_i$ of length n bits is divided into two parts:

• $O_i^{visible}$: The first $(1-\epsilon )\times n$ bits, which are hashed and sent in the clear;
• $O_i^{protected}$: The remaining $\epsilon \times n$ bits, which remain fully encrypted.

For the visible portion, the arbitration module receives $H\left(O_i^{visible}\right)$ for each executor i. Since cryptographic hash functions are one-way, the module cannot directly recover $O_i^{visible}$. However, for low-entropy data or through offline dictionary attacks, the module may potentially recover up to $(1-\epsilon )\times n$ bits of information.

For the protected portion, the security reduces to that of the basic homomorphic encryption scheme, which we have proven secure in Theorem 4. Thus, the protected portion maintains computational indistinguishability against the arbitration module.

The parameter $\epsilon$ therefore directly controls the maximum information leakage, with the system adaptively adjusting it based on detected attack patterns and arbitration error rates. □

6. Experimental Evaluation and Results

6.1. Experimental Setup

To validate the effectiveness of the proposed privacy-preserving polymorphic heterogeneous security architecture, we conducted comprehensive simulation experiments targeting a cloud–edge collaboration industrial control scenario focused on natural gas pipeline pressure control systems. In this critical infrastructure scenario, the pipeline pressure must be maintained within ±3% of the setpoint value (e.g., 8.6 MPa ± 3%), with compressor stations automatically regulating pipeline pressure through pressure control valves, compressor units, and blowdown valves. The edge node collaborates with the cloud platform to process monitoring data and distribute control commands throughout the system.

The experimental scenario considers sophisticated adversaries capable of launching false data injection attacks that manipulate pressure regulation data from executors, thereby erroneously controlling pressure valves and compressor units. Such attacks can lead to dangerously high pressure conditions (creating pipeline rupture risks) or excessively low pressure states (causing transmission interruptions). We model emergency shutdown conditions when pipeline pressure exceeds the safe operating range of (6.2, 11.0) MPa, triggering maintenance protocols that require emergency depressurization, system inspection, gradual pressure restoration, and system stabilization phases. The system pressure regulation capability is uniformly configured at 0.15 MPa/min, while emergency depressurization during high-pressure shutdowns operates at an accelerated rate of 0.25 MPa/min with fully opened blowdown valves. The communication bandwidth is 10 MB between the edge node and the cloud platform.

The simulation environment was implemented using Python 3.12.8 with a total simulation duration of 14,400 s (4 h) and a sampling frequency of 5 s. To evaluate system resilience under attack conditions, we configured three distinct attack scenarios occurring at 20, 100, and 170 min (corresponding to 1200 s, 6000 s, and 10,200 s, respectively), with each attack persisting for 30 min.

The experimental testbed consisted of an Intel(R) Core(TM) i7-4790 processor operating at 3.60 GHz, equipped with 20 GB DDR3 memory, running on the Windows 10 operating system. To accurately reflect the computational constraints of edge environments, executors and arbiter (i.e., the arbitration and scheduling module) were configured with CPU frequencies limited to 1.2 GHz, while the cloud platform maintained full computational capacity at 3.6 GHz. For cryptographic operations, we implemented the Paillier cryptosystem to realize homomorphic computations, utilizing the GNU Multiple Precision Arithmetic Library (GMP) for efficient handling of large integer operations required by the cryptographic protocols, with a key size of 2048 bits to ensure adequate security strength.

The experimental evaluation encompasses three primary comparative analyses to thoroughly assess the proposed architecture’s effectiveness. First, we compare the defense capabilities of our proposed scheme against conventional static redundancy and moving target defense approaches, measuring their respective abilities to maintain system availability and output correctness under attacks. Second, we evaluate the arbitration latency introduced by the privacy-preserving arbitration mechanisms, quantifying the computational and communication overhead associated with homomorphic encryption operations while ensuring data confidentiality. Finally, we analyze the impact of our proposed scheduling algorithm by comparing it against event-triggered and periodic scheduling strategies, assessing how different scheduling approaches influence the overall availability and security posture of the polymorphic heterogeneous architecture.

6.2. Comparative Analysis of Defense Strategies

To evaluate the defense capabilities of our proposed privacy-preserving polymorphic heterogeneous security architecture, we conducted a comprehensive comparative analysis against two representative defense strategies: static redundancy and moving target defense. The evaluation focuses on system resilience under false data injection attacks, measuring both operational performance and availability metrics during attack scenarios.

The comparative analysis employs three key reliability metrics to quantify defense effectiveness. Mean time to repair (MTTR) represents the average time required for the system to recover from anomalous states and return to the normal operating range of ±3% pressure deviation. Mean time between failures (MTBF) reflects the average operational duration within the acceptable pressure range between consecutive system failures. System availability quantifies the overall operational reliability as a percentage. These metrics are calculated using the following formulas:

$$\begin{array}{cc}\hfill \mathrm{MTTR}& ={\displaystyle \frac{\mathrm{Total}\mathrm{Repair}\mathrm{Time}}{\mathrm{Number}\mathrm{of}\mathrm{Failures}}},\hfill \end{array}$$

(32)

$$\begin{array}{cc}\hfill \mathrm{MTBF}& ={\displaystyle \frac{\mathrm{Total}\mathrm{Normal}\mathrm{Time}}{\mathrm{Number}\mathrm{of}\mathrm{Failures}}},\hfill \end{array}$$

(33)

$$\begin{array}{cc}\hfill \mathrm{Availability}& ={\displaystyle \frac{\mathrm{MTBF}}{\mathrm{MTBF}+\mathrm{MTTR}}}\times 100\%.\hfill \end{array}$$

(34)

Figure 3 presents the pipeline pressure variations under different defense strategies during the simulation period. The static redundancy approach employs three heterogeneous executors with a majority voting mechanism to determine final executor outputs. The moving target defense strategy implements periodic random switching of active executors according to a predetermined schedule. Experimental results demonstrate that static redundancy methods become increasingly vulnerable as attacks persist, with adversaries capable of progressively compromising individual executors until the entire system falls under attacker control. Moving target defense, while continuously switching active executors, still experiences pressure limit violations when compromised executors are in active states, although the switching cycles prevent emergency shutdowns. In contrast, our proposed defense method effectively detects compromised executors outputting erroneous data and triggers executor switching and sanitization mechanisms within system stability constraints. This approach successfully interrupts false data injection attack paths while maintaining system operational integrity.

Figure 4 illustrates the executor output comparisons between our proposed method and baseline defense strategies under attack scenarios. The results reveal that moving target defense may still execute incorrect pressure control operations when compromised executors are online. Static redundancy methods, after adversaries successfully compromise two executors, persistently output erroneous pressure control commands due to compromised majority voting. Our proposed method demonstrates superior performance by initiating executor offline and sanitization procedures upon detecting anomalous outputs, while simultaneously bringing backup executors online within system stability constraints. This ensures that attack influences are promptly contained, and system outputs consistently maintain correct pressure control values, as detailed in Figure 5.

Table 2. Comparison of reliability metrics among different defense strategies under attack scenarios.

Method	Failures	MTTR (min)	MTBF (min)	Availability (%)
Static redundancy	2	44.92	75.08	62.57
Moving target defense	2	16.17	103.83	86.53
Proposed method	0	0.00	240.00	100.00

presents the availability metrics comparison among the proposed method, static redundancy, and moving target defense under attack scenarios. The quantitative analysis demonstrates that our proposed approach achieves significantly superior system availability preservation. Static redundancy exhibits 2 failures with an MTTR of 44.92 min and MTBF of 75.08 min, resulting in 62.57% availability. Moving target defense shows improved performance with 2 failures, reduced MTTR of 16.17 min, and extended MTBF of 103.83 min, achieving 86.53% availability. Remarkably, our proposed method maintains zero failures throughout the simulation period, resulting in perfect 100% system availability with MTBF of 240.00 min and zero repair time.

It should be noted that the current simulation does not consider scenarios where executors may be subjected to common-mode attacks, which could potentially affect multiple executors simultaneously. Such attack scenarios and their implications for system resilience will be further evaluated and analyzed in Section 6.4.

6.3. Performance Evaluation of Privacy-Preserving Arbitration

While privacy preservation provides essential security guarantees in cloud–edge collaboration scenarios, it inevitably introduces computational and communication overhead that affects system performance. To comprehensively evaluate the practical feasibility of our privacy-preserving arbitration mechanism, we conducted a detailed performance analysis focusing on the arbitration latency introduced by different privacy-preserving schemes.

Figure 6 presents the arbitration latency comparison across different schemes under both best-case and worst-case scenarios. The experimental results reveal that encryption and decryption operations of executor outputs constitute the primary contributors to arbitration delay, while homomorphic operations performed by the arbiter (i.e., the arbitration and scheduling module) and message transmission delays have relatively minimal impact on overall performance. This finding indicates that the computational complexity of cryptographic operations, rather than network communication, represents the primary performance bottleneck in privacy-preserving arbitration.

Under best-case conditions, the adaptive privacy budget scheme demonstrates superior performance with minimal additional arbitration latency. This efficiency stems from the arbiter’s capability to leverage deliberately leaked partial information for local decision-making, thereby reducing the need for extensive homomorphic computations and cloud-based processing. In worst-case scenarios, where maximum privacy protection is required and minimal information leakage is permitted, the adaptive privacy budget scheme maintains performance parity with the communication-optimized scheme.

Notably, even under worst-case conditions, the adaptive privacy budget scheme introduces arbitration latency of less than 80 milliseconds. This performance level satisfies the timing requirements of time-insensitive industrial control systems, particularly those involving gradual process variations such as natural gas pipeline pressure control systems where pressure adjustments occur over extended time horizons. However, for control systems with stringent real-time requirements, the current implementation using the Paillier cryptosystem may introduce unacceptable delays. In such scenarios, lightweight homomorphic encryption alternatives present viable solutions to achieve acceptable privacy–performance trade-offs. Specifically, symmetric homomorphic encryption schemes offer significant computational advantages over asymmetric approaches. For instance, the provably secure additive and multiplicative privacy homomorphism scheme [53] provides secure arithmetic operations on encrypted data while maintaining efficiency against chosen-ciphertext attacks. More recently, symmetric additive homomorphic encryption implementations [54] have demonstrated the ability to reduce encryption/decryption operations to the microsecond level, which fully satisfies the requirements of millisecond-level control loops. These lightweight alternatives can be integrated into our framework as configurable privacy-preserving mechanisms, allowing system operators to dynamically balance security requirements with real-time performance constraints based on specific application needs. Future work will focus on implementing and evaluating these hybrid approaches to extend the applicability of our architecture to time-critical industrial environments.

6.4. Executor Scheduling Algorithm Performance Analysis

The executor scheduling algorithm proposed in this work represents a hybrid approach that integrates both event-triggered and periodic scheduling mechanisms to enhance system resilience against common-mode attacks. This section evaluates the performance of our proposed scheduling strategy through a comprehensive comparison with pure event-triggered and periodic scheduling approaches, with particular emphasis on system availability under varying degrees of executor vulnerability correlation.

To establish a rigorous analytical framework for comparison, we consider the symmetric case where all executors maintain identical individual vulnerability levels ($p_i=p$) and uniform correlation coefficients (${\rho }_{i,j}=\rho =1/2$). This symmetric assumption enables systematic analysis of common-mode attack scenarios while maintaining mathematical tractability. Following the theoretical foundation established in Theorem 1 of Section 5.1, we derive the probabilities of common-mode attacks affecting two executors and three executors simultaneously, providing the basis for availability analysis under different attack scenarios.

The evaluation methodology focuses on calculating availability metrics under various common-mode attack probabilities and subsequently computing expected availability values based on the likelihood of different attack scenarios. Figure 7 presents the comprehensive analysis results, illustrating how system availability varies with common-mode attack probability across the three scheduling strategies. Experimental results demonstrate that when executor heterogeneity is sufficiently high, specifically when the probability of common-mode attacks affecting two executors remains below ${10}^{-4}$ (a reasonable common-mode probability threshold established in the literature [13]), all three scheduling strategies achieve exceptional availability levels exceeding 99.988%.

However, practical industrial control system deployments face significant constraints that compromise the ideal heterogeneity assumptions. Technical limitations, cost considerations, and resource availability often restrict both the number and diversity of heterogeneous executors that can be deployed in real systems. Furthermore, heterogeneous executors may suffer from underlying common-source vulnerabilities, where components sharing similar design principles, development frameworks, or hardware platforms create common-mode vulnerabilities that enable certain attacks to simultaneously compromise multiple executors despite their apparent heterogeneity. In realistic deployment scenarios where common-mode attack probabilities exceed the ${10}^{-4}$ threshold due to insufficient heterogeneity, our proposed hybrid scheduling strategy demonstrates superior performance compared to pure event-triggered or periodic approaches.

In addition, our proposed architecture can integrate complementary detection mechanisms that identify potential common-mode vulnerabilities when anomalies are detected while arbitration results remain consistent across executors. In such scenarios, adaptive scheduling and cleaning operations can be triggered to mitigate threats through cross-validation with diverse offline executors. The effectiveness of our mechanism operates under the premise that not all online and offline executors share identical common-mode vulnerabilities simultaneously—scenarios where this condition is violated exceed the protection scope of our method and require manual vulnerability remediation guided by detection results.

Regarding implementation complexity, while our architecture incorporates multiple components including credibility indices, adaptive privacy budget adjustment, and hybrid scheduling mechanisms, these components are designed with modular characteristics that support flexible on-demand deployment based on specific system requirements. The computational burden is strategically distributed across operational phases, with initialization processes such as credibility index establishment performed during system design and testing phases, while runtime parameter adjustments are only triggered by specific events such as vulnerability discoveries or maintenance cycles. Furthermore, leveraging the cloud–edge collaborative paradigm, computationally intensive operations can be offloaded to cloud platforms with batch parameter updates distributed to edge nodes, thereby minimizing real-time computational overhead while maintaining security benefits.

6.5. Validation in Smart Grid Voltage Control Systems

To comprehensively validate the generalizability of our proposed method and demonstrate its advantages over existing defense strategies, we conducted extended simulation experiments focusing on a smart grid voltage control system scenario. In this critical infrastructure application, distribution network voltages must be strictly maintained within ±5% of the nominal value (e.g., 220 V ± 11 V), with substations implementing automatic voltage regulation through tap changers, reactive power compensation devices, and other voltage control equipment. Adversaries can launch false data injection attacks by manipulating voltage adjustment data from the edge node, thereby causing erroneous control of tap changers and reactive power compensation systems. Such attacks can lead to voltage violations (either overvoltage or undervoltage conditions), resulting in equipment damage or system collapse with severe consequences.

The experimental configuration was implemented using Python 3.12.8 with a total simulation duration of 100 s and a sampling period of 1 s. To evaluate system resilience under attack conditions, we configured false data injection attacks occurring at 20, 45, and 75 s, where adversaries attempted to inject false control data into the edge node to force the system voltage outside the safe operating range. We compared our proposed method against state-of-the-art (SOTA) moving target defense (MTD) strategies, which represent the current leading approaches combining detection mechanisms with MTD switching [55,56]. Considering potential unknown attacks, we implemented an ideal SOTA MTD strategy that integrates detection mechanisms with hybrid switching based on both detection and periodic scheduling. The attack detection system utilized the latest false data injection attack detection methods [26], achieving detection success rates of 99.9%, 95.4%, and 92.9% when false data deviations from true values were 10%, 5%, and 3%, respectively.

The experimental setup configured both SOTA MTD and our proposed method with five executors. In the SOTA MTD scenario, adversaries possessed unknown vulnerabilities or backdoors in two executors, while in our proposed method, three online executors contained unknown vulnerabilities or backdoors that were non-common-mode in nature. It is important to note that common-mode vulnerability scenarios have been thoroughly analyzed in Section 6.4, and our proposed method incorporates detection mechanism integration capabilities. Through a comprehensive evaluation across three key performance metrics—task execution time, voltage control output stability, and availability probability—we conducted 10,000 simulation runs to statistically analyze system availability under different detection success rates.

Figure 8, Figure 9 and Figure 10 illustrate the comparative performance between SOTA MTD and our proposed method under various fault scenarios. These results demonstrate that MTD approaches remain vulnerable to successful attacks when adversaries control executors with unknown vulnerabilities or backdoors during their active periods. Figure 8 shows system execution time and voltage control outputs when MTD experiences two faults, Figure 9 presents the scenario with one fault, and Figure 10 displays the zero-fault case. These comparative visualizations demonstrate that moving target defense strategies can still suffer from successful attacks when compromised executors with unknown vulnerabilities or backdoors are online. In contrast, Figure 11 presents the voltage control outputs of individual executors and the final system output under our proposed method during attack scenarios, showcasing the method’s ability to maintain system stability and correct voltage control even under adversarial conditions.

Table 3. Availability of SOTA MTD with different detection rates.

Detection Rate (%)	Average (%)	Best Cases (%)	Worst Cases (%)
99.9	99.9945	100.0000	95.0000
95.4	99.7790	100.0000	90.0000
92.9	99.6735	100.0000	90.0000

presents the quantitative performance comparison between SOTA MTD and our proposed method across different detection success rates. The fundamental advantage of our approach lies in its ability to mask erroneous results through online executor operation, effectively shielding the system from false data injection attacks when executors do not share common-mode vulnerabilities. Only when all online executors possess common-mode vulnerabilities does our method degrade to performance levels equivalent to SOTA MTD approaches, as extensively analyzed in Section 6.4. The results clearly show that our method can effectively mitigate false data injection attacks that produce erroneous outputs under differential-mode attack scenarios, while maintaining high system availability even under challenging attack conditions.

7. Conclusions

This paper presented a privacy-preserving polymorphic heterogeneous security architecture for cloud–edge collaborative industrial control systems that successfully addressed critical security and privacy challenges inherent in modern industrial environments. The proposed unified framework distinguished itself from existing approaches by integrating hybrid event–time triggered scheduling with adaptive privacy-preserving arbitration, moving beyond the traditional separation of scheduling and privacy concerns that has limited the effectiveness of current DHR architectures. The architecture demonstrated three significant technical achievements through its comprehensive design. First, the hybrid event–time triggered scheduling algorithm with credibility assessment and heterogeneity metrics effectively mitigated common-mode escape scenarios that have plagued resource-constrained cloud–edge environments. Second, the adaptive privacy budget allocation mechanism successfully balanced privacy protection effectiveness with system availability, dynamically responding to varying attack activity levels. Third, the unified framework organically integrated privacy-preserving arbitration with heterogeneous redundancy management, providing a holistic solution to the dual challenges of security resilience and privacy preservation. Extensive experimental validation across natural gas pipeline pressure control and smart grid voltage control systems confirmed the architecture’s superior performance, achieving 100% system availability compared to traditional approaches and maintaining 99.98% availability even under common-mode attacks. These results demonstrated the practical viability of the proposed approach in real-world industrial scenarios where both security and privacy are paramount concerns.

The practical implications of this work extend beyond the specific industrial control systems examined in this study. The architectural principles developed herein have significant potential for adoption across diverse industrial domains where cloud–edge collaboration is increasingly prevalent. Different industrial applications present varying requirements for security, privacy, and real-time performance: process control systems may prioritize availability and fault tolerance, while data-intensive manufacturing environments may emphasize privacy protection for proprietary information. The modular design of our unified framework enables domain-specific adaptations through configurable privacy budget allocation and heterogeneity assessment parameters. However, successful deployment across different industrial sectors requires careful consideration of domain-specific constraints, including varying computational resource availability, communication latency requirements, and regulatory compliance standards. The adaptive nature of our approach provides a foundation for addressing these diverse requirements, though further research is needed to optimize the framework for specific industrial applications and their unique operational characteristics.

Several promising research directions emerged from this work that warrant further investigation. First, the development of lightweight encryption alternatives specifically designed for time-critical industrial environments represents a crucial area for enhancing the practical deployment of privacy-preserving mechanisms without compromising real-time performance requirements. Second, extending privacy-preserving arbitration to scenarios involving inexact voting or approximate matching would address more realistic industrial decision-making contexts where perfect consensus may not be achievable. Third, investigating security protection strategies under less-than-ideal but realistic heterogeneity scenarios would improve the robustness of the proposed architecture in environments where perfect diversity cannot be guaranteed. These research directions will collectively advance the field toward more practical and widely applicable privacy-preserving security solutions for industrial control systems.