Search Results (436)

As Industrial Control Systems (ICSs) increasingly adopt cloud–edge collaborative architectures, they face escalating risks from complex cross-domain cyber threats. To address this challenge, we propose a novel threat assessment framework specifically designed for cloud–edge-integrated ICSs. Our approach systematically identifies and evaluates security risks across cyber and physical boundaries by building a structured dataset of ICS assets, attack entry points, techniques, and impacts. We introduce a unique set of evaluation indicators spanning four key dimensions—system modules, attack paths, attack methods, and potential impacts—providing a holistic view of cyber threats. Through simulation experiments on a representative ICS scenario inspired by real-world attacks, we demonstrate the framework’s effectiveness in detecting vulnerabilities and quantifying security posture improvements. Our results underscore the framework’s practical utility in guiding targeted defense strategies and its potential to advance research on cloud–edge ICS security. This work not only fills gaps in the existing methodologies but also provides new insights and tools applicable to sectors such as smart grids, intelligent manufacturing, and critical infrastructure protection. Full article

The convergence of operational technology (OT) and information technology (IT) in industrial environments, such as water treatment plants, has significantly increased the attack surface of Supervisory Control and Data Acquisition (SCADA) systems. Traditional intrusion detection systems (IDS), which focus solely on network traffic, often fail to detect stealthy, process-level attacks. This paper proposes a Digital Twin-driven Intrusion Detection (DT-ID) framework that integrates high-fidelity process simulation, real-time sensor modeling, adversarial attack injection, and hybrid anomaly detection using both physical residuals and machine learning. We evaluate the DT-ID framework using a simulated water treatment plant environment, testing against false data injection (FDI), denial-of-service (DoS), and command injection attacks. The system achieves a detection F1-score of 96.3%, a false positive rate below 2.5%, and an average detection latency under 500 ms, demonstrating substantial improvement over conventional rule-based and physics-only IDS in identifying stealthy anomalies. Our findings highlight the potential of cyber-physical digital twins to enhance SCADA security in critical infrastructure. In the following sections, we present the motivation and approach underlying this framework. Full article

The rapid expansion of the Metaverse presents complex security challenges, particularly in verifying virtual objects and avatars within immersive environments. Conventional authentication methods, such as passwords and biometrics, often prove inadequate in these dynamic environments, especially as essential infrastructures, such as smart grids, integrate with virtual platforms. Cybersecurity threats intensify as advanced attacks introduce fraudulent data, compromising system reliability and safety. Using the Electric Network Frequency (ENF), a naturally varying signal emitted from power grids, provides an innovative environmental fingerprint to authenticate digital twins and Metaverse entities in the smart grid. This paper provides a comprehensive survey of the ENF as an environmental fingerprint for enhancing Metaverse security, reviewing its characteristics, sensing methods, limitations, and applications in threat modeling and the CIA triad (Confidentiality, Integrity, and Availability), and presents a real-world case study to demonstrate its effectiveness in practical settings. By capturing the ENF as having a unique signature that is timestamped, this method strengthens security by directly correlating physical grid behavior and virtual interactions, effectively combating threats such as deepfake manipulations. Building upon recent developments in signal processing, this strategy reinforces the integrity of digital environments, delivering robust protection against evolving cyber–physical risks and facilitating secure, scalable virtual infrastructures. Full article

Integrated circuits are the core of a cyber-physical system, where tens of billions of components are integrated into a tiny silicon chip to conduct complex functions. To maximize utilities, the design and manufacturing life cycle of integrated circuits rely on numerous untrustworthy third parties, forming a global supply chain model. At the same time, this model produces unpredictable and catastrophic issues, threatening the security of individuals and countries. As for guaranteeing the security of ultra-highly integrated chips, detecting slight abnormalities caused by malicious behavior in the current and voltage is challenging, as is achieving computability within a reasonable time and obtaining a golden reference chip; however, artificial intelligence can make everything possible. For the first time, this paper presents a systematic review of artificial-intelligence-based integrated circuit security approaches, focusing on the latest attack and defense strategies. First, the security threats of integrated circuits are analyzed. For one of several key threats to integrated circuits, hardware Trojans, existing attack models are divided into several categories and discussed in detail. Then, for summarizing and comparing the numerous existing artificial-intelligence-based defense strategies, traditional and advanced artificial-intelligence-based approaches are listed. Finally, open issues on artificial-intelligence-based integrated circuit security are discussed from three perspectives: in-depth exploration of hardware Trojans, combination of artificial intelligence, and security strategies involving the entire life cycle. Based on the rapid development of artificial intelligence and the initial successful combination with integrated circuit security, this paper offers a glimpse into their intriguing intersection, aiming to draw greater attention to these issues. Full article

Wireless sensor networks have become a vital technology that is extensively applied across multiple industries, including agriculture, industrial operations, and smart cities, as well as residential smart homes and environmental monitoring systems. Security threats emerge in these systems through hidden routing-level attacks such as Wormhole and Sinkhole attacks. The aim of this research was to develop a methodology for detecting security incidents in WSNs by conducting real-time analysis of Wormhole and Sinkhole attacks. Furthermore, the paper proposes a novel detection methodology combined with architectural enhancements to improve network robustness, measured by hop counts, delays, false data ratios, and route integrity. A real-time WSN infrastructure was developed using ZigBee and Global System for Mobile Communications/General Packet Radio Service (GSM/GPRS) technologies. To realistically simulate Wormhole and Sinkhole attack scenarios and conduct evaluations, we developed a modular cyber–physical architecture that supports real-time monitoring, repeatability, and integration of ZigBee- and GSM/GPRS-based attacker nodes. During the experimentation, Wormhole attacks caused the hop count to decrease from 4 to 3, while the average delay increased by 40%, and false sensor readings were introduced in over 30% of cases. Additionally, Sinkhole attacks led to a 27% increase in traffic concentration at the malicious node, disrupting load balancing and route integrity. The proposed multi-stage methodology includes data collection, preprocessing, anomaly detection using the 3-sigma rule, and risk-based decision making. Simulation results demonstrated that the methodology successfully detected route shortening, packet loss, and data manipulation in real time. Thus, the integration of anomaly-based detection with ZigBee and GSM/GPRS enables a timely response to security threats in critical WSN deployments. Full article

The development of Industry 4.0 has accelerated the adoption of sophisticated technologies, including Digital Twins (DTs), Artificial Intelligence (AI), and cybersecurity, within Additive Manufacturing (AM). Enabling real-time monitoring, process optimization, predictive maintenance, and secure data management can redefine conventional manufacturing paradigms. Although their individual importance is increasing, a consistent understanding of how these technologies interact and collectively improve AM procedures is lacking. Focusing on the integration of digital twins (DTs), modular AI, and cybersecurity in AM, this review presents a comprehensive analysis of over 137 research publications from Scopus, Web of Science, Google Scholar, and ResearchGate. The publications are categorized into three thematic groups, followed by an analysis of key findings. Finally, the study identifies research gaps and proposes detailed recommendations along with a framework for future research. The study reveals that traditional AM processes have undergone significant transformations driven by digital threads, digital threads (DTs), and AI. However, this digitalization introduces vulnerabilities, leaving AM systems prone to cyber-physical attacks. Emerging advancements in AI, Machine Learning (ML), and Blockchain present promising solutions to mitigate these challenges. This paper is among the first to comprehensively summarize and evaluate the advancements in AM, emphasizing the integration of DTs, Modular AI, and cybersecurity strategies. Full article

The exponential growth of autonomous systems demands robust security mechanisms that can operate within the extreme constraints of real-time embedded environments. This paper introduces SMART DShot, a groundbreaking machine learning-enhanced framework that transforms the security landscape of unmanned aerial vehicle motor control systems through seamless integration of adaptive timing correction and real-time anomaly detection within Digital Shot (DShot) communication protocols. Our approach addresses critical vulnerabilities in Electronic Speed Controller (ESC) interfaces by deploying four synergistic algorithms—Kalman Filter Timing Correction (KFTC), Recursive Least Squares Timing Correction (RLSTC), Fuzzy Logic Timing Correction (FLTC), and Hybrid Adaptive Timing Correction (HATC)—each optimized for specific error characteristics and attack scenarios. Through comprehensive evaluation encompassing 32,000 Monte Carlo test iterations (500 per scenario × 16 scenarios × 4 algorithms) across 16 distinct operational scenarios and PolarFire SoC Field-Programmable Gate Array (FPGA) implementation, we demonstrate exceptional performance with 88.3% attack detection rate, only 2.3% false positive incidence, and substantial vulnerability mitigation reducing Common Vulnerability Scoring System (CVSS) severity from High (7.3) to Low (3.1). Hardware validation on PolarFire SoC confirms practical viability with minimal resource overhead (2.16% Look-Up Table utilization, 16.57 mW per channel) and deterministic sub-10 microsecond execution latency. The Hybrid Adaptive Timing Correction algorithm achieves 31.01% success rate (95% CI: [30.2%, 31.8%]), representing a 26.5% improvement over baseline approaches through intelligent meta-learning-based algorithm selection. Statistical validation using Analysis of Variance confirms significant performance differences (F(3,1996) = 30.30, p < 0.001) with large effect sizes (Cohen’s d up to 4.57), where 64.6% of algorithm comparisons showed large practical significance. SMART DShot establishes a paradigmatic shift from reactive to proactive embedded security, demonstrating that sophisticated artificial intelligence can operate effectively within microsecond-scale real-time constraints while providing comprehensive protection against timing manipulation, de-synchronization, burst interference, replay attacks, coordinated multi-channel attacks, and firmware-level compromises. This work provides essential foundations for trustworthy autonomous systems across critical domains including aerospace, automotive, industrial automation, and cyber–physical infrastructure. These results conclusively demonstrate that ML-enhanced motor control systems can achieve both superior security (88.3% attack detection rate with 2.3% false positives) and operational performance (31.01% timing correction success rate, 26.5% improvement over baseline) simultaneously, establishing SMART DShot as a practical, deployable solution for next-generation autonomous systems. Full article

The increasing reliance on Medical Internet of Things (MIoT) devices introduces critical cybersecurity vulnerabilities, necessitating advanced, adaptive defense mechanisms. Recent cyber incidents—such as compromised critical care systems, modified therapeutic device outputs, and fraudulent clinical data inputs—demonstrate that these threats now directly impact life-critical aspects of patient security. In this paper, we introduce a machine learning-enabled Cognitive Cyber-Physical System (ML-CCPS), which is designed to identify and respond to cyber threats in MIoT environments through a layered cognitive architecture. The system is constructed on a feedback-looped architecture integrating hybrid feature modeling, physical behavioral analysis, and Extreme Learning Machine (ELM)-based classification to provide adaptive access control, continuous monitoring, and reliable intrusion detection. ML-CCPS is capable of outperforming benchmark classifiers with an acceptable computational cost, as evidenced by its macro F1-score of 97.8% and an AUC of 99.1% when evaluated with the ToN-IoT dataset. Alongside classification accuracy, the framework has demonstrated reliable behaviour under noisy telemetry, maintained strong efficiency in resource-constrained settings, and scaled effectively with larger numbers of connected devices. Comparative evaluations, radar-style synthesis, and ablation studies further validate its effectiveness in real-time MIoT environments and its ability to detect novel attack types with high reliability. Full article

The integration of digital twins (DTs) with intelligent traffic systems (ITSs) holds strong potential for improving real-time management in smart cities. However, securing digital twins remains a significant challenge due to the dynamic and adversarial nature of cyber–physical environments. In this work, we propose TwinFedPot, an innovative digital twin-based security architecture that combines honeypot-driven data collection with Zero-Shot Learning (ZSL) for robust and adaptive cyber threat detection without requiring prior sampling. The framework leverages Inverse Federated Distillation (IFD) to train the DT server, where edge-deployed honeypots generate semantic predictions of anomalous behavior and upload soft logits instead of raw data. Unlike conventional federated approaches, TwinFedPot reverses the typical knowledge flow by distilling collective intelligence from the honeypots into a central teacher model hosted on the DT. This inversion allows the system to learn generalized attack patterns using only limited data, while preserving privacy and enhancing robustness. Experimental results demonstrate significant improvements in accuracy and F1-score, establishing TwinFedPot as a scalable and effective defense solution for smart traffic infrastructures. Full article

Wireless sensor networks (WSNs) are used for data acquisition and transmission in unmanned surface vessels (USVs). However, the openness of wireless networks makes USVs highly susceptible to false data injection (FDI) attacks during data transmission, which affects the sensors’ ability to receive real data and leads to decision-making errors in the control center. In this paper, a novel dynamic data encryption method is proposed whereby data are encrypted prior to transmission and the key is dynamically updated using historical system data, with a view to increasing the difficulty for attackers to crack the ciphertext. At the same time, a dynamic relationship is established among ciphertext, key, and auxiliary encrypted ciphertext, and an attack detection scheme based on dynamic encryption is designed to realize instant detection and localization of FDI attacks. Further, an $H_{\infty }$ fusion filter is designed to filter external interference noise, and the real information is estimated or restored by the weighted fusion algorithm. Ultimately, the validity of the proposed scheme is confirmed through simulation experiments. Full article

Modern vehicles are rapidly transforming into interconnected cyber–physical systems that rely on advanced sensor technologies and pervasive connectivity to support autonomous functionality. Yet, despite this evolution, standardized methods for quantifying cybersecurity vulnerabilities across critical automotive components remain scarce. This paper introduces a novel hybrid model that integrates expert-driven insights with generative AI tools to adapt and extend the Common Vulnerability Scoring System (CVSS) specifically for autonomous vehicle sensor systems. Following a three-phase methodology, the study conducted a systematic review of 16 peer-reviewed sources (2018–2024), applied CVSS version 4.0 scoring to 15 representative attack types, and evaluated four free source generative AI models—ChatGPT, DeepSeek, Gemini, and Copilot—on a dataset of 117 annotated automotive-related vulnerabilities. Expert validation from 10 domain professionals reveals that Light Detection and Ranging (LiDAR) sensors are the most vulnerable (9 distinct attack types), followed by Radio Detection And Ranging (radar) (8) and ultrasonic (6). Network-based attacks dominate (104 of 117 cases), with 92.3% of the dataset exhibiting low attack complexity and 82.9% requiring no user interaction. The most severe attack vectors, as scored by experts using CVSS, include eavesdropping (7.19), Sybil attacks (6.76), and replay attacks (6.35). Evaluation of large language models (LLMs) showed that DeepSeek achieved an F1 score of 99.07% on network-based attacks, while all models struggled with minority classes such as high complexity (e.g., ChatGPT F1 = 0%, Gemini F1 = 15.38%). The findings highlight the potential of integrating expert insight with AI efficiency to deliver more scalable and accurate vulnerability assessments for modern vehicular systems.This study offers actionable insights for vehicle manufacturers and cybersecurity practitioners, aiming to inform strategic efforts to fortify sensor integrity, optimize network resilience, and ultimately enhance the cybersecurity posture of next-generation autonomous vehicles. Full article

Intelligent transport systems are revolutionising all aspects of modern life, increasing the efficiency of commerce, modern living, and international travel. Intelligent transport systems are systems of systems comprised of cyber, physical, and social nodes. They represent unique opportunities but also have potential threats to system operation and correctness. The emergent behaviour in Complex Cyber–Physical–Social Systems (C-CPSSs), caused by events such as cyber-attacks and network outages, have the potential to have devastating effects to critical services across society. It is therefore imperative that the risk of cascading failure is minimised through the fortifying of these systems of systems to achieve resilient mission assurance. This work designs and implements a programmatic model to validate the value of cascading failure simulation and analysis, which is then tested against a C-CPSS intelligent transport system scenario. Results from the model and its implementations highlight the value in identifying both critical nodes and percolation of consequences during a cyber failure, in addition to the importance of including social nodes in models for accurate simulation results. Understanding the relationships between cyber, physical, and social nodes is key to understanding systems’ failures that occur because of or that involve cyber systems, in order to achieve cyber and system resilience. Full article

With the widespread application of cyber–physical systems (CPS) in the field of automation, security concerns have become increasingly prominent. One critical and urgent challenge is the accurate identification of sensor nodes compromised by false data injection (FDI) attacks in multiple-input multiple-output (MIMO) control systems. Building on the implementation of multi-step sampling and residual-based anomaly detection using a support vector machine (SVM), this paper further introduces the Shapley value evaluation method from cooperative game theory and a voting mechanism, and proposes a method for node attack localization. First, multi-step sampling is conducted within each control period to provide a large amount of effective data for the localization of attacked sensor nodes. Next, the residual between the estimated value of the MIMO system’s full response and the actual value received by the controller is calculated, and an SVM model is used to detect anomalies in the residual. Finally, the Shapley value contribution of each residual to the SVM anomaly detection result is evaluated based on cooperative game theory and combined with a voting mechanism to achieve accurate localization of the attacked sensor nodes. Simulation results demonstrate that the proposed method achieves an anomaly detection accuracy of 96.472% and can accurately localize attacked nodes in both single-node and multi-node attack scenarios, indicating strong robustness and practical applicability. Full article

Traditional security detection methods struggle to identify zero-day attacks in Industrial Control Systems (ICSs), particularly within critical infrastructures (CIs) integrated with the Industrial Internet of Things (IIoT). These attacks exploit unknown vulnerabilities, leveraging the complexity of physical and digital system interconnections, making them difficult to detect. The integration of legacy ICS networks with modern computing and networking technologies has expanded the attack surface, increasing susceptibility to cyber threats. Anomaly detection systems play a crucial role in safeguarding these infrastructures by identifying deviations from normal operations. This study investigates the effectiveness of deep learning-based anomaly detection models in revealing operational anomalies that could indicate potential cyber-attacks. We implemented and evaluated a hybrid deep learning architecture combining Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks to analyze ICS telemetry data. The CNN-LSTM model excels in identifying time-dependent anomalies and enables near real-time detection of cyber-attacks, significantly improving security monitoring capabilities for IIoT-integrated critical infrastructures. Full article

This study presents a novel spatio-temporal detection framework for identifying False Data Injection (FDI) attacks in DC microgrid systems from the perspective of cyber–physical symmetry. While modern DC microgrids benefit from increasingly sophisticated cyber–physical symmetry network integration, this interconnected architecture simultaneously introduces significant cybersecurity vulnerabilities. Notably, FDI attacks can effectively bypass conventional Chi-square detector-based protection mechanisms through malicious manipulation of communication layer data. To address this critical security challenge, we propose a hybrid deep learning framework that synergistically combines: Convolutional Neural Networks (CNN) for robust spatial feature extraction from power system measurements; Long Short-Term Memory (LSTM) networks for capturing complex temporal dependencies; and an attention mechanism that dynamically weights the most discriminative features. The framework operates through a hierarchical feature extraction process: First-level spatial analysis identifies local measurement patterns; second-level temporal analysis detects sequential anomalies; attention-based feature refinement focuses on the most attack-relevant signatures. Comprehensive simulation studies demonstrate the superior performance of our CNN-LSTM-Attention framework compared to conventional detection approaches (CNN-SVM and MLP), with significant improvements across all key metrics. Namely, the accuracy, precision, F1-score, and recall could be improved by at least 7.17%, 6.59%, 2.72% and 6.55%. Full article