Search Results (263)

The integration of digital twins (DTs) with intelligent traffic systems (ITSs) holds strong potential for improving real-time management in smart cities. However, securing digital twins remains a significant challenge due to the dynamic and adversarial nature of cyber–physical environments. In this work, we propose TwinFedPot, an innovative digital twin-based security architecture that combines honeypot-driven data collection with Zero-Shot Learning (ZSL) for robust and adaptive cyber threat detection without requiring prior sampling. The framework leverages Inverse Federated Distillation (IFD) to train the DT server, where edge-deployed honeypots generate semantic predictions of anomalous behavior and upload soft logits instead of raw data. Unlike conventional federated approaches, TwinFedPot reverses the typical knowledge flow by distilling collective intelligence from the honeypots into a central teacher model hosted on the DT. This inversion allows the system to learn generalized attack patterns using only limited data, while preserving privacy and enhancing robustness. Experimental results demonstrate significant improvements in accuracy and F1-score, establishing TwinFedPot as a scalable and effective defense solution for smart traffic infrastructures. Full article

This paper introduces the Automated Zero Trust Risk Management with DevSecOps Integration (AZTRM-D) framework, a novel approach that embeds security throughout the entire Secure Software and System Development Life Cycle (S-SDLC). AZTRM-D strategically unifies three established methodologies: DevSecOps practices, the NIST Risk Management Framework (RMF), and the Zero Trust (ZT) model. It then significantly augments their capabilities through the pervasive application of Artificial Intelligence (AI). This integration shifts traditional, often fragmented, security paradigms towards a proactive, automated, and continuously adaptive security posture. AI serves as the foundational enabler, providing real-time threat intelligence, automating critical security controls, facilitating continuous vulnerability detection, and enabling dynamic policy enforcement from initial code development through operational deployment. By automating key security functions and providing continuous oversight, AZTRM-D enhances risk mitigation, reduces vulnerabilities, streamlines compliance, and significantly strengthens the overall security posture of software systems, thereby addressing the complexities of modern cyber threats and accelerating the delivery of secure software. Full article

Assessing building fire safety risks during the early design phase is vital for developing practical solutions to minimize loss of life and property. This study aims to identify research trends and provide a guiding framework for researchers by systematically reviewing the literature on integrating machine learning-based predictive methods into building fire safety design using bibliometric methods. This study evaluates machine learning applications in fire safety using a comprehensive approach that combines bibliometric and content analysis methods. For this purpose, as a result of the scan without any year limitation from the Web of Science Core Collection-Citation database, 250 publications, the first of which was published in 2001, and the number has increased since 2019, were reached, and sample analysis was performed. In order to evaluate the contribution of qualified publications to science more accurately, citation counts were analyzed using normalized citation counts that balanced differences in publication fields and publication years. Multiple regression analysis was applied to support this metric’s theoretical basis and determine the impact levels of variables affecting the metric’s value (such as total citation count, publication year, and number of articles). Thus, the statistical impact of factors influencing the formation of the normalized citation count was measured, and the validity of the approach used was tested. The research categories included evacuation and emergency management, fire detection, and early warning systems, fire dynamics and spread prediction, fire load, and material risk analysis, intelligent systems and cyber security, fire prediction, and risk assessment. Convolutional neural networks, artificial neural networks, support vector machines, deep neural networks, you only look once, deep learning, and decision trees were prominent as machine learning categories. As a result, detailed literature was presented to define the academic publication profile of the research area, determine research fronts, detect emerging trends, and reveal sub-themes. Full article

Smart buildings require an energy management system that can meet inhabitants’ demands with a reduced amount of energy consumed by the heating ventilation and air-conditioning system (HVAC), as well as the lighting and shading systems. This work provides a detailed review of available methods proposed in the literature for effective control of automated systems such as HVAC, lighting, shading, etc. Moreover, effective forecasting of renewable energy generations and loads, scheduling of loads, and efficient operations of thermal and electric energy storage are crucial elements for energy management systems for ensuring reliability and stability. In this work, these aspects of energy management systems, that have been popular over the last ten years, are analyzed. In addition, the development of internet-of-things (IoT)-based sensors widens the artificial intelligence (AI) and machine learning applications in smart buildings. However, this system can be vulnerable against cyber-attacks. The state of the art of AI and machine learning applications along with cyber security issues and solutions for smart building systems are discussed. Finally, some recommendations for future research trends and directions on smart building systems are provided. This work will provide a basic guideline and will also be very useful to researchers in the area of smart building systems in the future. Full article

As cyber systems increasingly converge with physical infrastructure and social processes, they give rise to Complex Cyber–Physical–Social Systems (C-CPSS), whose emergent behaviors pose unique risks to security and mission assurance. Traditional cyber–physical system models often fail to address the unpredictability arising from human and organizational dynamics, leaving critical gaps in how cyber risks are assessed and managed across interconnected domains. The challenge lies in building resilient systems that not only resist disruption, but also absorb, recover, and adapt—especially in the face of complex, nonlinear, and often unintentionally emergent threats. This paper introduces the concept of ‘responsible resilience’, defined as the capacity of systems to adapt to cyber risks using trustworthy, transparent agent-based models that operate within socio-technical contexts. We identify a fundamental research gap in the treatment of social complexity and emergence in existing the cyber–physical system literature. To address this, we propose the E3R modeling paradigm—a novel framework for conceptualizing Emergent, Risk-Relevant Resilience in C-CPSS. This paradigm synthesizes human-in-the-loop diagrams, agent-based Artificial Intelligence simulations, and ontology-driven representations to model the interdependencies and feedback loops driving unpredictable cyber risk propagation more effectively. Compared to conventional cyber–physical system models, E3R accounts for adaptive risks across social, cyber, and physical layers, enabling a more accurate and ethically grounded foundation for cyber defence and mission assurance. Our analysis of the literature review reveals the underrepresentation of socio-emergent risk modeling in the literature, and our results indicate that existing models—especially those in industrial and healthcare applications of cyber–physical systems—lack the generalizability and robustness necessary for complex, cross-domain environments. The E3R framework thus marks a significant step forward in understanding and mitigating emergent threats in future digital ecosystems. Full article

Industrial Control Systems (ICSs), a specialized type of Cyber–Physical System, have shifted from isolated and obscured environments to ones exposed to diverse Information Technology (IT) security threats, which are now highly interconnected. Their adoption of IT introduces vulnerabilities which they were not originally designed to handle, posing critical risks. Thus, it’s imperative to integrate security measures early in CPS development, particularly during the design and implementation phases, to mitigate these vulnerabilities effectively. This study aims to identify, classify, and analyze existing research on the security-by-design paradigm for CPSs, exploring trends and defining the characteristics, advantages, limitations, and open issues of current methodologies. A systematic mapping study was conducted, selecting 55 primary studies through a rigorous protocol. The findings indicate that the majority of methodologies concentrate on the design phase, frequently overlooking other stages of development. Moreover, while there is a notable emphasis on security analysis across most primary studies, there is a notable gap in considering the integration of mitigation measures. This oversight raises concerns about the efficacy of security measures in real-world deployment scenarios. Additionally, there is a significant reliance on human intervention, highlighting the need for further development in automated security solutions. Conflicts between security requirements and other system needs are also inadequately addressed, potentially compromising overall system effectiveness. This work provides a comprehensive overview of CPS security-by-design methodologies and identifies several open issues that require further investigation, emphasizing the need for a holistic approach that includes vulnerability handling, clear security objectives, and effective conflict management, along with improved standard integration, advanced validation methods, and automated tools. Full article

This study presents a metric selection framework and a normalization method for the quantitative assessment of cyber resilience, with a specific focus on availability as a core dimension. To develop a generalizable evaluation model, service types from 1124 organizations were categorized, and candidate metrics applicable across diverse operational environments were identified. Ten quantitative metrics were derived based on five core selection criteria—objectivity, reproducibility, scalability, practicality, and relevance to resilience—while adhering to the principles of mutual exclusivity and collective exhaustiveness. To validate the framework, two availability-oriented metrics—Transactions per Second (TPS) and Connections per Second (CPS)—were empirically evaluated in a simulated denial-of-service environment using a TCP SYN flood attack scenario. The experiment included three phases: normal operation, attack, and recovery. An Area Under the Curve (AUC)-based Normalized Resilience Index (NRI) was introduced to quantify performance degradation and recovery, using each organization’s Recovery Time Objective (RTO) as a reference baseline. This approach facilitates objective, interpretable comparisons of resilience performance across systems with varying service conditions. The findings demonstrate the practical applicability of the proposed metrics and normalization technique for evaluating cyber resilience and underscore their potential in informing resilience policy development, operational benchmarking, and technical decision-making. Full article

The increasing integration of photovoltaic (PV) systems into smart grids introduces new cybersecurity vulnerabilities, particularly against cyber-physical attacks that can manipulate grid operations and disrupt renewable energy generation. This paper proposes a multi-layered cyber-resilient PV optimization framework, leveraging digital twin-based deception, reinforcement learning-driven cyber defense, and blockchain authentication to enhance grid security and operational efficiency. A deceptive cyber-defense mechanism is developed using digital twin technology to mislead adversaries, dynamically generating synthetic PV operational data to divert attack focus away from real assets. A deep reinforcement learning (DRL)-based defense model optimizes adaptive attack mitigation strategies, ensuring real-time response to evolving cyber threats. Blockchain authentication is incorporated to prevent unauthorized data manipulation and secure system integrity. The proposed framework is modeled as a multi-objective optimization problem, balancing attack diversion efficiency, system resilience, computational overhead, and energy dispatch efficiency. A non-dominated sorting genetic algorithm (NSGA-III) is employed to achieve Pareto-optimal solutions, ensuring high system resilience while minimizing computational burdens. Extensive case studies on a realistic PV-integrated smart grid test system demonstrate that the framework achieves an attack diversion efficiency of up to 94.2%, improves cyberattack detection rates to 98.5%, and maintains an energy dispatch efficiency above 96.2%, even under coordinated cyber threats. Furthermore, computational overhead is analyzed to ensure that security interventions do not impose excessive delays on grid operation. The results validate that digital twin-based deception, reinforcement learning, and blockchain authentication can significantly enhance cyber-resilience in PV-integrated smart grids. This research provides a scalable and adaptive cybersecurity framework that can be applied to future renewable energy systems, ensuring grid security, operational stability, and sustainable energy management under adversarial conditions. Full article

While digital transformation in e-commerce receives the most publicity, applications in energy and water utilities have been ongoing for decades. Using a methodology based on a systematic review, the paper offers a model of how it occurs in water utilities, reviews experiences from the field, and derives lessons learned to create a road map for future research and implementation. Innovation in water utilities occurs more in the field than through organized research, and utilities share their experiences globally through networks such as water associations, focus groups, and media outlets. Their digital transformation journeys are evident in business practices, operations, and asset management, including methods like decision support systems, SCADA systems, digital twins, and process optimization. Meanwhile, they operate traditional regulated services while being challenged by issues like aging infrastructure and workforce capacity. They operate complex and expensive distribution systems that require grafting of new controls onto older systems with vulnerable components. Digital transformation in utilities is driven by return on investment and regulatory and workforce constraints and leads to cautious adoption of innovative methods unless required by external pressures. Utility adoption occurs gradually as digital tools help utilities to leverage system data for maintenance management, system renewal, and water loss control. Digital twins offer the advantages of enterprise data, decision support, and simulation models and can support distribution system optimization by integrating advanced metering infrastructure devices and water loss control through more granular pressure control. Models to anticipate water main breaks can also be included. With such advances, concerns about cyber security will grow. The lessons learned from the review indicate that research and development for new digital tools will continue, but utility adoption will continue to evolve slowly, even as many utilities globally are too stressed with difficult issues to adopt them. Rather than rely on government and academics for research support, utilities will need help from their support community of regulators, consultants, vendors, and all researchers to navigate the pathways that lie ahead. Full article

The increasing complexity and sophistication of cyber threats underscore the critical need for advanced threat detection mechanisms within Security Operations Centers (SOCs) to effectively mitigate risks and enhance cybersecurity resilience. This study enhances the capabilities of Wazuh, an open-source Security Information and Event Management (SIEM) system, by addressing its primary limitation: high false-positive rates in rule-based detection. We propose a hybrid approach that integrates machine learning (ML) techniques—specifically, Random Forest (RF) and DBSCAN—into Wazuh’s detection pipeline to improve both accuracy and operational efficiency. Experimental results show that RF achieves 97.2% accuracy, while DBSCAN yields 91.06% accuracy with a false-positive rate of 0.0821, significantly improving alert quality. Real-time deployment requirements are rigorously evaluated, with all models maintaining end-to-end processing latencies below 100 milliseconds and 95% of events processed within 500 milliseconds. Scalability testing confirms linear performance up to 500 events per second, with an average processing latency of 45 milliseconds under typical SOC workloads. This integration demonstrates a practical, resource-efficient solution for enhancing real-time threat detection in modern cybersecurity environments. Full article

Assistive technology (AT) is increasingly utilized across various sectors, including digital healthcare and sports education. E-learning plays a vital role in enabling students with special needs, particularly those in remote areas, to access education. However, as the adoption of AI-based AT systems expands, the associated cybersecurity challenges also grow. This study aims to examine the impact of AI-driven assistive technologies on cybersecurity in digital healthcare applications, with a focus on the potential vulnerabilities these technologies present. Methods: The proposed model focuses on enhancing AI-based AT through the implementation of emerging technologies used for security, risk management strategies, and a robust assessment framework. With these improvements, the AI-based Internet of Things (IoT) plays major roles within the AT. This model addresses the identification and mitigation of cybersecurity risks in AI-based systems, specifically in the context of digital healthcare applications. Results: The findings indicate that the application of the AI-based risk and resilience assessment framework significantly improves the security of AT systems, specifically those supporting e-learning for blind users. The model demonstrated measurable improvements in the robustness of cybersecurity in digital health, particularly in reducing cyber risks for AT users involved in e-learning environments. Conclusions: The proposed model provides a comprehensive approach to securing AI-based AT in digital healthcare applications. By improving the resilience of assistive systems, it minimizes cybersecurity risks for users, specifically blind individuals, and enhances the effectiveness of e-learning in sports education. Full article

As cyber threats escalate in scale and sophistication, the imperative to secure public data through theoretically grounded and practically viable frameworks becomes increasingly urgent. This review investigates whether and how criminology theories have effectively informed the development and implementation of information security management frameworks (ISMFs) to prevent cybercrime and fortify the digital ecosystem’s resilience. Anchored in a comprehensive bibliometric analysis of 617 peer-reviewed records extracted from Scopus and Web of Science, the study employs Multiple Correspondence Analysis (MCA), conceptual co-word mapping, and citation coupling to systematically chart the intellectual landscape bridging criminology and cybersecurity. The review reveals those foundational criminology theories—particularly routine activity theory, rational choice theory, and deterrence theory—have been progressively adapted to cyber contexts, offering novel insights into offender behaviour, target vulnerability, and systemic guardianship. In parallel, the study critically engages with global cybersecurity standards such as National Institute of Standards and Technology (NIST) and ISO, to evaluate how criminological principles are embedded in practice. Using data from the Global Cybersecurity Index (GCI), the paper introduces an innovative visual mapping of the divergence between cybersecurity preparedness and digital development across 170+ countries, revealing strategic gaps and overperformers. This paper ultimately argues for an interdisciplinary convergence between criminology and cybersecurity governance, proposing that the integration of criminological logic into cybersecurity frameworks can enhance risk anticipation, attacker deterrence, and the overall security posture of digital public infrastructures. Full article

In this article, we explored how open-source software serves as a strategic enabler for safety and security in the digital transformation of logistics systems. Open source is examined across multiple dimensions, including transparency, community collaboration, digital sovereignty, and long-term infrastructure resilience. The analysis focuses on the logistics domain, where interoperability, critical infrastructure protection, and supply chain continuity are essential. Key elements of open-source development—such as modular architectures, legal and licensing frameworks, and peer-reviewed codebases—support rapid vulnerability management, increased transparency, and the creation of sustainable digital ecosystems. Emphasis is placed on the role of open-source models in strengthening institutional trust, reducing dependency on proprietary vendors, and enhancing responsiveness to cyber threats. Our findings indicate that open source is not merely a technical alternative, but a strategic decision with legal, economic, and political implications, shaping secure, sovereign, and adaptive digital environments—particularly in mission-critical sectors. Full article

Ensuring the safe, reliable, and energy-efficient provision of electricity is a complex task for smart grid (SG) management applications. Internet of Things (IoT) and edge computing-based SG applications have been proposed for time-responsive monitoring and controlling tasks related to power systems. Recent studies have provided valuable insights into the potential of machine learning algorithms in SGs, covering areas such as generation, distribution, microgrids, consumer energy market, and cyber security. Integrated IoT devices directly exchange data with the SG cloud, which increases the vulnerability and security threats to the energy system. The review aims to provide a comprehensive analysis of privacy-preserving machine learning (PPML) applications in IoT-Integrated SGs, focusing on non-intrusive load monitoring, fault detection, demand forecasting, generation forecasting, energy-management systems, anomaly detection, and energy trading. The study also highlights the importance of data privacy and security when integrating these applications to enable intelligent decision-making in smart grid domains. Furthermore, the review addresses performance issues (e.g., accuracy, latency, and resource constraints) associated with PPML techniques, which may impact the security and overall performance of IoT-integrated SGs. The insights of this study will provide essential guidelines for in-depth research in the field of IoT-integrated smart grid privacy and security in the future. Full article

Background: The increasing prevalence of cyber threats in industrial cyber–physical systems (ICPSs) necessitates advanced solutions for threat detection and analysis. This research proposes a novel GPT-based framework for assessing cyber threats, leveraging artificial intelligence to process and analyze large-scale cyber event data. Methods: The framework integrates multiple components, including data ingestion, preprocessing, feature extraction, and analysis modules such as knowledge graph construction, clustering, and anomaly detection. It utilizes a hybrid methodology combining spectral residual transformation and Convolutional Neural Networks (CNNs) to identify anomalies in time-series cyber event data, alongside regression models for evaluating the significant factors associated with cyber events. Results: The system was evaluated using 9018 cyber-related events sourced from 44 global news portals. Performance metrics, including precision (0.999), recall (0.998), and F1-score (0.998), demonstrate the framework’s efficacy in accurately classifying and categorizing cyber events. Notably, anomaly detection identified six significant deviations during the monitored timeframe, starting from 25 September 2023 to 25 November 2024, with a sensitivity of 75%, revealing critical insights into unusual activity patterns. The fully deployed automated model also identified 11 correlated factors and five unique clusters associated with high-rated cyber incidents. Conclusions: This approach provides actionable intelligence for stakeholders by offering real-time monitoring, anomaly detection, and knowledge graph-based insights into cyber threats. The outcomes highlight the system’s potential to enhance ICPS security, supporting proactive threat management and resilience in increasingly complex industrial environments. Full article