Search Results (430)

The exponential growth of autonomous systems demands robust security mechanisms that can operate within the extreme constraints of real-time embedded environments. This paper introduces SMART DShot, a groundbreaking machine learning-enhanced framework that transforms the security landscape of unmanned aerial vehicle motor control systems through seamless integration of adaptive timing correction and real-time anomaly detection within Digital Shot (DShot) communication protocols. Our approach addresses critical vulnerabilities in Electronic Speed Controller (ESC) interfaces by deploying four synergistic algorithms—Kalman Filter Timing Correction (KFTC), Recursive Least Squares Timing Correction (RLSTC), Fuzzy Logic Timing Correction (FLTC), and Hybrid Adaptive Timing Correction (HATC)—each optimized for specific error characteristics and attack scenarios. Through comprehensive evaluation encompassing 32,000 Monte Carlo test iterations (500 per scenario × 16 scenarios × 4 algorithms) across 16 distinct operational scenarios and PolarFire SoC Field-Programmable Gate Array (FPGA) implementation, we demonstrate exceptional performance with 88.3% attack detection rate, only 2.3% false positive incidence, and substantial vulnerability mitigation reducing Common Vulnerability Scoring System (CVSS) severity from High (7.3) to Low (3.1). Hardware validation on PolarFire SoC confirms practical viability with minimal resource overhead (2.16% Look-Up Table utilization, 16.57 mW per channel) and deterministic sub-10 microsecond execution latency. The Hybrid Adaptive Timing Correction algorithm achieves 31.01% success rate (95% CI: [30.2%, 31.8%]), representing a 26.5% improvement over baseline approaches through intelligent meta-learning-based algorithm selection. Statistical validation using Analysis of Variance confirms significant performance differences (F(3,1996) = 30.30, p < 0.001) with large effect sizes (Cohen’s d up to 4.57), where 64.6% of algorithm comparisons showed large practical significance. SMART DShot establishes a paradigmatic shift from reactive to proactive embedded security, demonstrating that sophisticated artificial intelligence can operate effectively within microsecond-scale real-time constraints while providing comprehensive protection against timing manipulation, de-synchronization, burst interference, replay attacks, coordinated multi-channel attacks, and firmware-level compromises. This work provides essential foundations for trustworthy autonomous systems across critical domains including aerospace, automotive, industrial automation, and cyber–physical infrastructure. These results conclusively demonstrate that ML-enhanced motor control systems can achieve both superior security (88.3% attack detection rate with 2.3% false positives) and operational performance (31.01% timing correction success rate, 26.5% improvement over baseline) simultaneously, establishing SMART DShot as a practical, deployable solution for next-generation autonomous systems. Full article

The increasing reliance on Medical Internet of Things (MIoT) devices introduces critical cybersecurity vulnerabilities, necessitating advanced, adaptive defense mechanisms. Recent cyber incidents—such as compromised critical care systems, modified therapeutic device outputs, and fraudulent clinical data inputs—demonstrate that these threats now directly impact life-critical aspects of patient security. In this paper, we introduce a machine learning-enabled Cognitive Cyber-Physical System (ML-CCPS), which is designed to identify and respond to cyber threats in MIoT environments through a layered cognitive architecture. The system is constructed on a feedback-looped architecture integrating hybrid feature modeling, physical behavioral analysis, and Extreme Learning Machine (ELM)-based classification to provide adaptive access control, continuous monitoring, and reliable intrusion detection. ML-CCPS is capable of outperforming benchmark classifiers with an acceptable computational cost, as evidenced by its macro F1-score of 97.8% and an AUC of 99.1% when evaluated with the ToN-IoT dataset. Alongside classification accuracy, the framework has demonstrated reliable behaviour under noisy telemetry, maintained strong efficiency in resource-constrained settings, and scaled effectively with larger numbers of connected devices. Comparative evaluations, radar-style synthesis, and ablation studies further validate its effectiveness in real-time MIoT environments and its ability to detect novel attack types with high reliability. Full article

The integration of digital twins (DTs) with intelligent traffic systems (ITSs) holds strong potential for improving real-time management in smart cities. However, securing digital twins remains a significant challenge due to the dynamic and adversarial nature of cyber–physical environments. In this work, we propose TwinFedPot, an innovative digital twin-based security architecture that combines honeypot-driven data collection with Zero-Shot Learning (ZSL) for robust and adaptive cyber threat detection without requiring prior sampling. The framework leverages Inverse Federated Distillation (IFD) to train the DT server, where edge-deployed honeypots generate semantic predictions of anomalous behavior and upload soft logits instead of raw data. Unlike conventional federated approaches, TwinFedPot reverses the typical knowledge flow by distilling collective intelligence from the honeypots into a central teacher model hosted on the DT. This inversion allows the system to learn generalized attack patterns using only limited data, while preserving privacy and enhancing robustness. Experimental results demonstrate significant improvements in accuracy and F1-score, establishing TwinFedPot as a scalable and effective defense solution for smart traffic infrastructures. Full article

Wireless sensor networks (WSNs) are used for data acquisition and transmission in unmanned surface vessels (USVs). However, the openness of wireless networks makes USVs highly susceptible to false data injection (FDI) attacks during data transmission, which affects the sensors’ ability to receive real data and leads to decision-making errors in the control center. In this paper, a novel dynamic data encryption method is proposed whereby data are encrypted prior to transmission and the key is dynamically updated using historical system data, with a view to increasing the difficulty for attackers to crack the ciphertext. At the same time, a dynamic relationship is established among ciphertext, key, and auxiliary encrypted ciphertext, and an attack detection scheme based on dynamic encryption is designed to realize instant detection and localization of FDI attacks. Further, an $H_{\infty }$ fusion filter is designed to filter external interference noise, and the real information is estimated or restored by the weighted fusion algorithm. Ultimately, the validity of the proposed scheme is confirmed through simulation experiments. Full article

Modern vehicles are rapidly transforming into interconnected cyber–physical systems that rely on advanced sensor technologies and pervasive connectivity to support autonomous functionality. Yet, despite this evolution, standardized methods for quantifying cybersecurity vulnerabilities across critical automotive components remain scarce. This paper introduces a novel hybrid model that integrates expert-driven insights with generative AI tools to adapt and extend the Common Vulnerability Scoring System (CVSS) specifically for autonomous vehicle sensor systems. Following a three-phase methodology, the study conducted a systematic review of 16 peer-reviewed sources (2018–2024), applied CVSS version 4.0 scoring to 15 representative attack types, and evaluated four free source generative AI models—ChatGPT, DeepSeek, Gemini, and Copilot—on a dataset of 117 annotated automotive-related vulnerabilities. Expert validation from 10 domain professionals reveals that Light Detection and Ranging (LiDAR) sensors are the most vulnerable (9 distinct attack types), followed by Radio Detection And Ranging (radar) (8) and ultrasonic (6). Network-based attacks dominate (104 of 117 cases), with 92.3% of the dataset exhibiting low attack complexity and 82.9% requiring no user interaction. The most severe attack vectors, as scored by experts using CVSS, include eavesdropping (7.19), Sybil attacks (6.76), and replay attacks (6.35). Evaluation of large language models (LLMs) showed that DeepSeek achieved an F1 score of 99.07% on network-based attacks, while all models struggled with minority classes such as high complexity (e.g., ChatGPT F1 = 0%, Gemini F1 = 15.38%). The findings highlight the potential of integrating expert insight with AI efficiency to deliver more scalable and accurate vulnerability assessments for modern vehicular systems.This study offers actionable insights for vehicle manufacturers and cybersecurity practitioners, aiming to inform strategic efforts to fortify sensor integrity, optimize network resilience, and ultimately enhance the cybersecurity posture of next-generation autonomous vehicles. Full article

Intelligent transport systems are revolutionising all aspects of modern life, increasing the efficiency of commerce, modern living, and international travel. Intelligent transport systems are systems of systems comprised of cyber, physical, and social nodes. They represent unique opportunities but also have potential threats to system operation and correctness. The emergent behaviour in Complex Cyber–Physical–Social Systems (C-CPSSs), caused by events such as cyber-attacks and network outages, have the potential to have devastating effects to critical services across society. It is therefore imperative that the risk of cascading failure is minimised through the fortifying of these systems of systems to achieve resilient mission assurance. This work designs and implements a programmatic model to validate the value of cascading failure simulation and analysis, which is then tested against a C-CPSS intelligent transport system scenario. Results from the model and its implementations highlight the value in identifying both critical nodes and percolation of consequences during a cyber failure, in addition to the importance of including social nodes in models for accurate simulation results. Understanding the relationships between cyber, physical, and social nodes is key to understanding systems’ failures that occur because of or that involve cyber systems, in order to achieve cyber and system resilience. Full article

With the widespread application of cyber–physical systems (CPS) in the field of automation, security concerns have become increasingly prominent. One critical and urgent challenge is the accurate identification of sensor nodes compromised by false data injection (FDI) attacks in multiple-input multiple-output (MIMO) control systems. Building on the implementation of multi-step sampling and residual-based anomaly detection using a support vector machine (SVM), this paper further introduces the Shapley value evaluation method from cooperative game theory and a voting mechanism, and proposes a method for node attack localization. First, multi-step sampling is conducted within each control period to provide a large amount of effective data for the localization of attacked sensor nodes. Next, the residual between the estimated value of the MIMO system’s full response and the actual value received by the controller is calculated, and an SVM model is used to detect anomalies in the residual. Finally, the Shapley value contribution of each residual to the SVM anomaly detection result is evaluated based on cooperative game theory and combined with a voting mechanism to achieve accurate localization of the attacked sensor nodes. Simulation results demonstrate that the proposed method achieves an anomaly detection accuracy of 96.472% and can accurately localize attacked nodes in both single-node and multi-node attack scenarios, indicating strong robustness and practical applicability. Full article

Traditional security detection methods struggle to identify zero-day attacks in Industrial Control Systems (ICSs), particularly within critical infrastructures (CIs) integrated with the Industrial Internet of Things (IIoT). These attacks exploit unknown vulnerabilities, leveraging the complexity of physical and digital system interconnections, making them difficult to detect. The integration of legacy ICS networks with modern computing and networking technologies has expanded the attack surface, increasing susceptibility to cyber threats. Anomaly detection systems play a crucial role in safeguarding these infrastructures by identifying deviations from normal operations. This study investigates the effectiveness of deep learning-based anomaly detection models in revealing operational anomalies that could indicate potential cyber-attacks. We implemented and evaluated a hybrid deep learning architecture combining Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks to analyze ICS telemetry data. The CNN-LSTM model excels in identifying time-dependent anomalies and enables near real-time detection of cyber-attacks, significantly improving security monitoring capabilities for IIoT-integrated critical infrastructures. Full article

This study presents a novel spatio-temporal detection framework for identifying False Data Injection (FDI) attacks in DC microgrid systems from the perspective of cyber–physical symmetry. While modern DC microgrids benefit from increasingly sophisticated cyber–physical symmetry network integration, this interconnected architecture simultaneously introduces significant cybersecurity vulnerabilities. Notably, FDI attacks can effectively bypass conventional Chi-square detector-based protection mechanisms through malicious manipulation of communication layer data. To address this critical security challenge, we propose a hybrid deep learning framework that synergistically combines: Convolutional Neural Networks (CNN) for robust spatial feature extraction from power system measurements; Long Short-Term Memory (LSTM) networks for capturing complex temporal dependencies; and an attention mechanism that dynamically weights the most discriminative features. The framework operates through a hierarchical feature extraction process: First-level spatial analysis identifies local measurement patterns; second-level temporal analysis detects sequential anomalies; attention-based feature refinement focuses on the most attack-relevant signatures. Comprehensive simulation studies demonstrate the superior performance of our CNN-LSTM-Attention framework compared to conventional detection approaches (CNN-SVM and MLP), with significant improvements across all key metrics. Namely, the accuracy, precision, F1-score, and recall could be improved by at least 7.17%, 6.59%, 2.72% and 6.55%. Full article

The increasing frequency and sophistication of cyber attacks have posed significant challenges for digital financial organisations, particularly in quantifying their multidimensional impacts. These challenges are largely attributed to the lack of a standardised cyber impact taxonomy, limited data availability, and the evolving nature of technological threats. As a result, organisations often struggle with ineffective security investment prioritisation, reactive incident response planning, and the inability to implement robust, risk-based controls. Hence, an efficient and comprehensive approach is needed to quantify the diverse impacts of cyber attacks in digital financial services. This paper presents a systematic review and examination of the state of the art in cyber impact quantification, with a particular focus on digital financial organisations. Based on a structured search strategy, 44 articles (out of 637) were selected for in-depth analysis. The review investigates the terminologies used to describe cyber impacts, categorises current quantification techniques (pre-attack and post-attack), and identifies the most commonly utilised internal and external data sources. Furthermore, it explores the application of Machine Learning (ML) and Deep Learning (DL) techniques in cyber security risk quantification. Our findings reveal a significant lack of standardised taxonomy for describing and quantifying the multidimensional impact of cyberattacks across physical, digital, economic, psychological, reputational, and societal dimensions. Lastly, open issues and future research directions are discussed. This work provides insights for researchers and professionals by consolidating and identifying quantification technique gaps in cyber security risk quantification. Full article

Although the Power Internet of Things (PIoT) significantly improves operational efficiency by enabling real-time monitoring, intelligent control, and predictive maintenance across the grid, its inherently open and deeply interconnected cyber-physical architecture concurrently introduces increasingly complex and severe security threats. Existing IoT security solutions are not fully adapted to the specific requirements of power systems, such as safety-critical reliability, protocol heterogeneity, physical/electrical context awareness, and the incorporation of domain-specific operational knowledge unique to the power sector. These limitations often lead to high false positives (flagging normal operations as malicious) and false negatives (failing to detect actual intrusions), ultimately compromising system stability and security response. To address these challenges, we propose a domain knowledge-driven threat source detection and localization method for the PIoT. The proposed method combines multi-source features—including electrical-layer measurements, network-layer metrics, and behavioral-layer logs—into a unified representation through a multi-level PIoT feature engineering framework. Building on advances in multimodal data integration and feature fusion, our framework employs a hybrid neural architecture combining the TabTransformer to model structured physical and network-layer features with BiLSTM to capture temporal dependencies in behavioral log sequences. This design enables comprehensive threat detection while supporting interpretable and fine-grained source localization. Experiments on a real-world Power Internet of Things (PIoT) dataset demonstrate that the proposed method achieves high detection accuracy and enables the actionable attribution of attack stages aligned with the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework. The proposed approach offers a scalable and domain-adaptable foundation for security analytics in cyber-physical power systems. Full article

(1) Background: Side-channel attacks (SCAs) exploit unintended information leakage to compromise cryptographic security. In cyber-physical systems (CPSs), embedded systems are inherently constrained by limited resources, restricting the implementation of complex countermeasures. Traditional countermeasures, such as hiding techniques, attempt to obscure power consumption patterns; however, their effectiveness has been increasingly challenged. This study evaluates the vulnerability of dummy power traces against deep learning-based SCAs (DL-SCAs). (2) Methods: A power trace dataset was generated using a simulation environment based on Quick Emulator (QEMU) and GNU Debugger (GDB), integrating dummy traces to obfuscate execution signatures. DL models, including a Recurrent Neural Network (RNN), a Bidirectional RNN (Bi-RNN), and a Multi-Layer Perceptron (MLP), were used to evaluate classification performance. (3) Results: The models trained with dummy traces achieved high classification accuracy, with the MLP model reaching 97.81% accuracy and an F1-score of 97.77%. Despite the added complexity, DL models effectively distinguished real and dummy traces, highlighting limitations in existing hiding techniques. (4) Conclusions: These findings highlight the need for adaptive countermeasures against DL-SCAs. Future research should explore dynamic obfuscation techniques, adversarial training, and comprehensive evaluations of broader cryptographic algorithms. This study underscores the urgency of evolving security paradigms to defend against artificial intelligence-powered attacks. Full article

The increasing integration of photovoltaic (PV) systems into smart grids introduces new cybersecurity vulnerabilities, particularly against cyber-physical attacks that can manipulate grid operations and disrupt renewable energy generation. This paper proposes a multi-layered cyber-resilient PV optimization framework, leveraging digital twin-based deception, reinforcement learning-driven cyber defense, and blockchain authentication to enhance grid security and operational efficiency. A deceptive cyber-defense mechanism is developed using digital twin technology to mislead adversaries, dynamically generating synthetic PV operational data to divert attack focus away from real assets. A deep reinforcement learning (DRL)-based defense model optimizes adaptive attack mitigation strategies, ensuring real-time response to evolving cyber threats. Blockchain authentication is incorporated to prevent unauthorized data manipulation and secure system integrity. The proposed framework is modeled as a multi-objective optimization problem, balancing attack diversion efficiency, system resilience, computational overhead, and energy dispatch efficiency. A non-dominated sorting genetic algorithm (NSGA-III) is employed to achieve Pareto-optimal solutions, ensuring high system resilience while minimizing computational burdens. Extensive case studies on a realistic PV-integrated smart grid test system demonstrate that the framework achieves an attack diversion efficiency of up to 94.2%, improves cyberattack detection rates to 98.5%, and maintains an energy dispatch efficiency above 96.2%, even under coordinated cyber threats. Furthermore, computational overhead is analyzed to ensure that security interventions do not impose excessive delays on grid operation. The results validate that digital twin-based deception, reinforcement learning, and blockchain authentication can significantly enhance cyber-resilience in PV-integrated smart grids. This research provides a scalable and adaptive cybersecurity framework that can be applied to future renewable energy systems, ensuring grid security, operational stability, and sustainable energy management under adversarial conditions. Full article

This paper presents a secure control framework enhanced with an event-triggered mechanism to ensure resilient and resource-efficient operation under false data injection (FDI) attacks on sensor measurements. The proposed method integrates a Kalman filter and a neural network (NN) to construct a hybrid observer capable of detecting and compensating for malicious anomalies in sensor measurements in real time. Lyapunov-based update laws are developed for the neural network weights to ensure closed-loop system stability. To efficiently manage system resources and minimize unnecessary control actions, an event-triggered control (ETC) strategy is incorporated, updating the control input only when a predefined triggering condition is violated. A Lyapunov-based stability analysis is conducted, and linear matrix inequality (LMI) conditions are formulated to guarantee the boundedness of estimation and system errors, as well as to determine the triggering threshold used in the event-triggered mechanism. Simulation studies on a two-degree-of-freedom (2-DOF) robot manipulator validate the effectiveness of the proposed scheme in mitigating various FDI attack scenarios while reducing control redundancy and computational overhead. The results demonstrate the framework’s suitability for secure and resource-aware control in safety-critical applications. Full article

As cyber–physical systems are applied not only to crucial infrastructure but also to day-to-day technologies, from industrial control systems through to smart grids and medical devices, they have become very significant. Cyber–physical systems are a target for various security attacks, too; their growing complexity and digital networking necessitate robust cybersecurity solutions. Recent research indicates that deep learning can improve CPS security through intelligent threat detection and response. We still foresee limitations to scalability, data privacy, and handling the dynamic nature of CPS environments in existing approaches. We developed the CPS ShieldNet Fusion model as a comprehensive security framework for protecting CPS from ever-evolving cyber threats. We will present a model that integrates state-of-the-art methodologies in both federated learning and optimization paradigms through the combination of the Federated Residual Convolutional Network (FedRCNet) and the EEL-Levy Fusion Optimization (ELFO) methods. This involves the incorporation of the Federated Residual Convolutional Network into an optimization method called EEL-Levy Fusion Optimization. This preserves data privacy through decentralized model training and improves complex security threat detection. We report the results of a rigorous evaluation of CICIoT-2023, Edge-IIoTset-2023, and UNSW-NB datasets containing the CPS ShieldNet Fusion model at the forefront in terms of accuracy and effectiveness against several threats in different CPS environments. Therefore, these results underline the potential of the proposed framework to improve CPS security by providing a robust and scalable solution to current problems and future threats. Full article