Cyber-physical Systems Research Articles

Reusing model validation methods for the continuous validation of digital twins of cyber-physical systems

Reusing model validation methods for the continuous validation of digital twins of cyber-physical systems

In Search of Suitable Methods for Cost-Benefit Analysis of Cyber Risk Mitigation in Offshore Wind: A Survey

In recent years, notable incidents have highlighted the vulnerability of wind energy infrastructure, making cybersecurity crucial for the offshore wind industry. However, justifying the costs of cybersecurity measures is essential. A cost benefit analysis (CBA) is commonly utilised to support decision-making for risk mitigation. With a cost benefit analysis, risk mitigation strategies that strike an optimal balance between the costs of mitigation measures and the resulting risk reduction can be identified. This survey of literature was carried out to identify the existing proposed solutions for cost benefit analysis on cyber risk mitigation measures for offshore wind cyber physical systems. After narrowing the area scope, a systematic search across Scopus and Web of Science, yielded 18 articles, of which six met the selection criteria. It was found that the there was a lack of cost benefit analysis of cybersecurity solutions for, or set in, the area of offshore wind directly. From the analysis of the surveyed works, suggestions on future directions were given. The existing literature found lacks detailed cost modelling for offshore wind, beyond general breakdowns encompassing capital, maintenance, and labour/installation expenses, risk and scenario loss. Some of the literature used contextual factors such as compatibility and effectiveness of mitigation measures, effects on OT performance, geographical location, geopolitical context, and installed rated power which could be adapted to suit offshore wind. Since offshore operations contribute significantly to costs, cost modelling and consideration of other relevant factors pertaining to this area would be beneficial if explored. As an emerging area, in the future we expect this research to be a basis and a methodology that can be expanded with a larger data set from other publications in the field. Thus, it represents an opportunity to advance knowledge in offshore wind cyber-physical systems.

Explainable artificial intelligence in web phishing classification on secure IoT with cloud-based cyber-physical systems

IoT is the technology that aids the interconnection of all kinds of devices over the internet to replace data, monitor devices and enhance actuators to create outcomes. Cyber-physical systems (CPS) contain control and computation components, which are compactly assured with physical procedures. The internet plays a prominent role in modern lives, and the cybersecurity challenge caused by phishing attacks is significant. This research presents a novel approach to address this problem using machine learning (ML) methods for phishing website classification. Leveraging feature extraction and innovative algorithms, the projected method aims to distinguish between malicious and legitimate websites by features of phishing attempts and analyzing inherent patterns. Phishing is a significant threat that causes extensive financial losses for internet users yearly. This fraudulent act includes identity hackers utilizing clever approaches to deceive individuals into revealing sensitive data. Generally, phishers use strategies such as advanced phishing software and fake emails to illegally acquire confidential details like usernames and passwords from financial accounts. This article develops an Explainable Artificial Intelligence with Aquila Optimization Algorithm in Web Phishing Classification (XAIAOA-WPC) approach on secure Cyber-Physical Systems. The developed XAIAOA-WPC approach mainly emphasizes the effectual classification and recognition of web phishing based on CPS. In the first phase, preprocessing is carried out on three levels: data cleaning, text preprocessing, and standardization. Furthermore, the Harris' Hawks optimization-based feature selection (HHO-FS) method is applied to derive feature subsets. The XAIAOA-WPC method utilizes a multi-head attention-based long short-term memory (MHA-LSTM) model for web phishing recognition. Besides, the detection outcomes of the MHA-LSTM approach are enhanced by using the Aquila optimization algorithm (AOA) model. At last, the XAIAOA-WPC method incorporates the XAI model LIME for superior perception and explainability of the black-box process for precise identification of intrusions. The simulation outcome of the XAIAOA-WPC method is examined on a benchmark database. The experimental validation of the XAIAOA-WPC method exhibited a superior accuracy value of 99.29 % over existing techniques.

Ejection of Real-Time Malicious Intrusion and Attacks in IoT Empowered Infrastructure

The project recognizes the pervasive threat of computer viruses, malware, and hostile attacks on computer networks, highlighting the critical role of intrusion detection as a proactive defense technology. The project introduces a novel approach based on deep learning to identify and mitigate cybersecurity vulnerabilities and breaches in IoT-driven cyber-physical systems, aiming for enhanced security measures. The project's objective is to elevate intrusion detection beyond the limitations of traditional systems by addressing issues like accuracy, detection effectiveness, and reducing false positives. This emphasizes the advancement and innovation in cybersecurity. To achieve the project's goals, the method employs a generative adversarial network, a cutting-edge deep learning technique. Additionally, it distinguishes itself by contrasting unsupervised and deep learning-based discriminative approaches, showcasing a comprehensive and effective approach to cybersecurity. In our project, we successfully implemented an ensemble method to boost predictive accuracy by integrating multiple individual models. Particularly noteworthy is the inclusion of a hybrid architecture, combining Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM), denoted as CNN+LSTM. This hybrid model achieved an impressive accuracy of 99% when applied to the KDD-Cup dataset, underscoring the efficacy of our ensemble technique for intrusion detection in IoT- based cybersecurity infrastructures.

The Design of Human-in-the-Loop Cyber-Physical Systems for Monitoring the Ecosystem of Historic Villages

The Design of Human-in-the-Loop Cyber-Physical Systems for Monitoring the Ecosystem of Historic Villages

Graph neural network-based anomaly detection for human cyber physical systems

ABSTRACT Human Cyber Physical Systems (HCPS) encompass humans, networks, and physical devices, characterized by intricate interactions and interdependencies. The complexity of HCPS networks makes them vulnerable to network issues and cyberattacks, potentially resulting in network paralysis and significantly impacting the reliable operation of HCPS. Therefore, precise anomaly detection is imperative for HCPS. To tackle this issue, we integrate HCPS with the Software Defined Networking (SDN) infrastructure layer and propose an anomaly detection strategy based on Graph Neural Networks (GNN). Our approach utilizes Graph Sample and Aggregates (GraphSAGE) to capture adjacent feature information of nodes, revealing hidden relationships within the graph. These embeddings are then combined with Graph Attention Networks (GAT), which calculate attention coefficients between a node and its neighboring nodes, representing the importance of neighboring nodes to the central node. Finally, a fully connected layer is employed to obtain anomaly node labels. To assess the performance of our method, we conduct experiments using real datasets and compare them with other advanced anomaly detection methods in terms of accuracy, precision, recall, F1 score, and area under the ROC curve (AUC). Our method accurately detects anomalous nodes, offering a viable solution for practical applications.

Digital-Twin Predictive Control of Nonlinear Systems With Time Delays, Unknown Dynamics, and Communication Delays.

With the advancement of computing technology and big data technology, digital twins have gradually been applied in various fields, such as manufacturing, energy, and healthcare. This article studies the predictive control of nonlinear dynamic systems using digital twins. Based on a digital-twin control system framework, predictive control is discussed for three different nonlinear systems with time delays: 1) known nonlinear systems; 2) unknown nonlinear systems; and 3) unknown nonlinear cyber-physical systems. Both a digital-twin predictive control strategy and a digital-twin control predictor are proposed to compensate for time delays and communication delays actively. With the strategy and predictor, the digital-twin controller of a time-delay nonlinear system can be designed to achieve the desired performance based on the nonlinear system without time delays, which vastly simplifies the controller design procedure. A digital model is constructed using data to deal with unknown nonlinear dynamics. The three different closed-loop digital-twin predictive control systems are analyzed to derive a unified stability criterion. The simulation results show how the proposed digital-twin predictive control method performs well for nonlinear systems with time delays, unknown dynamics, and/or communication delays.

Gaussian process-based online sensor selection for source localization

This paper addresses the sensor selection problem for source localization within cyber–physical systems (CPSs). While recent machine learning and reinforcement learning approaches aim to optimize sensor selection and placement within the Area of Interest (AoI), their need for intensive data collection and training precludes online operation. Furthermore, these methods often require prior knowledge of the unknown source’s characteristics and lack adaptability to the dynamic nature of CPSs, leading to inefficiencies in unseen environments. This paper addresses these shortcomings using Gaussian process Optimization coupled with an active sensor selection mechanism to locate the unknown source within the AoI. The proposed approach first builds a probabilistic model of the environment, which is discretized into a grid, without prior training using a Gaussian Process surrogate model. Next, the model iteratively and systematically learns the underlying spatial phenomenon using Gaussian Process optimization. Concurrently, the approach selects a subset of sensors by optimizing a fitness function that advocates selecting informative and energy-efficient sensors. Next, the probabilistic model, having accurately learned the environment, directs the algorithm to the unknown source by identifying the cell with the highest likelihood of containing it. Finally, a peak refinement step is performed, which computes the exact location of the source within the designated cell. The proposed method’s efficacy is validated through experiments in radioactive source localization, validation studies, and adaptability assessments across various environments. In terms of quality of localization (QoL), it outperforms recent localization benchmarks, such as a reinforcement learning-based approach and DANS, by around 18% and 100%, respectively.

REMaQE: Reverse Engineering Math Equations from Executables

Cybersecurity attacks on embedded devices for industrial control systems and cyber-physical systems may cause catastrophic physical damage as well as economic loss. This could be achieved by infecting device binaries with malware that modifies the physical characteristics of the system operation. Mitigating such attacks benefits from reverse engineering tools that recover sufficient semantic knowledge in terms of mathematical equations of the implemented algorithm. Conventional reverse engineering tools can decompile binaries to low-level code, but offer little semantic insight. This paper proposes the REMaQE automated framework for reverse engineering of math equations from binary executables. Improving over state-of-the-art, REMaQE handles equation parameters accessed via registers, the stack, global memory, or pointers, and can reverse engineer equations from object-oriented implementations such as C++ classes. Using REMaQE, we discovered a bug in the Linux kernel thermal monitoring tool “tmon”. To evaluate REMaQE, we generate a dataset of 25,096 binaries with math equations implemented in C and Simulink. REMaQE successfully recovers a semantically matching equation for all 25,096 binaries. REMaQE executes in 0.48 seconds on average and in up to 2 seconds for complex equations. Real-time execution enables integration in an interactive math-oriented reverse engineering workflow.

Solving industrial fault diagnosis problems with quantum computers

In this article, we investigate in how far quantum computers can be leveraged to solve NP-complete fault diagnosis problems within the area of industrial cyber-physical systems. Therefore, two approaches are proposed which exploit quantum computing to solve diagnosis problems: The first method employs Grover’s algorithm, and the second is based on the Quantum Approximate Optimization Algorithm. To show the industrial application, we present an integrated approach to learn the diagnosis model from process data, check whether the model is suitable, and use it for diagnosis. The result is a method for quantum industrial fault diagnosis. For this approach, the diagnostic capabilities and the runtime have been evaluated on an IBM Falcon processor using three publicly available benchmarks from the process industry. Further, the scaling between quantum computers and classical PCs has been analyzed.

Efficient Differential Diagnosis using Cost-aware Active Testing

The diagnosis of complex systems benefits greatly from a differential, multistep approach that narrows down the list of possible conditions or failures that share the same observable effects to a single root cause. We provide a suitable and practically applicable methodology for this. In extension to existing work, it covers all types of diagnostic actions, i.e., the observation of system properties, active testing, and system interventions like providing a dedicated diagnostic input or forcing the system into discriminating states, but also the replacement of components. Combining all these possible steps into one probabilistic and causal reasoning framework, we I) stepwise generate the diagnostic model systematically to correctly cover the interplay of observations and diagnostic interventions, and II) provide decision support based on counterfactuals for the selection of the next diagnostic step, countering the vast number of possible actions that arise in machine diagnostic processes, considering costs of actions to minimize the expected overall cost of the diagnosis.We developed and successfully tried our methodology for diagnosing cyber-physical systems in the high-tech industry, but we found that it supports more processes, such as computing intervention actions for autonomous robots.

A PCA-based algorithm for online false data injection and jamming attacks detection in cyber-physical systems

Cyber-physical systems face cyberattacks that hinder performance, increase cost, or even collapse the system. Thus, rapid and accurate attack detection is crucial for quick activation of defense mechanisms. Model-based attack detection approaches are known for their precision; however, the unavailability of the exact system model poses a challenge. In response, model-free approaches have gained increased attention as a practical alternative. In this paper, an online model-free algorithm for detecting false data injection and jamming attacks on CPSs is proposed. The method leverages principal component analysis to reconstruct the expected observations in a reduced dimension space, emphasizing the most effective principal components. Then, deciding on attacked or normal operation relies on analyzing either the Euclidean distance or the cosine similarity of the discrepancy between the expected and actual observations. The proposed metrics effectively expose subtle deviations from expected behavior, as any alteration in these components augments the distance between the observed and reconstructed values. The proposed method was compared with the conventional cumulative sum discriminator and Kalman-based algorithm, using an IEEE-14, IEEE-30, and IEEE-118 bus systems. The results demonstrate the superiority of the proposed algorithm in terms of various evaluation metrics, including F-score, precision, recall, and miss detection ratio.

Leveraging Digital Twins and Intrusion Detection Systems for Enhanced Security in IoT-Based Smart City Infrastructures

In this research, we investigate the integration of an Intrusion Detection System (IDS) with a Digital Twin (DT) to enhance the cybersecurity of physical devices in cyber–physical systems. Using Eclipse Ditto as the DT platform and Snort as the IDS, we developed a near-realistic test environment that included a Raspberry Pi as the physical device and a Kali Linux virtual machine to perform common cyberattacks such as Hping3 flood attacks and NMAP reconnaissance scans. The results demonstrated that the IDS effectively detected Hping3-based flood attacks but showed limitations in identifying NMAP scans, suggesting areas for IDS configuration improvements. Furthermore, the study uncovered significant system resource impacts, including high Central Processing Unit (CPU) usage during SYN and ACK flood attacks and persistent memory usage after Network Mapper (NMAP) scans, highlighting the need for enhanced recovery mechanisms. This research presents a novel approach by coupling a Digital Twin with an IDS, enabling real-time monitoring and providing a dual perspective on both system performance and security. The integration offers a holistic method for identifying vulnerabilities and understanding resource impacts during cyberattacks. The work contributes new insights into the use of Digital Twins for cybersecurity and paves the way for further research into automated defense mechanisms, real-world validation of the proposed model, and the incorporation of additional attack scenarios. The results suggest that this combined approach holds significant promise for enhancing the security and resilience of IoT devices and other cyber–physical systems.

Enhancing Traffic Management in Cyber Physical Systems – A Gradient Based Fuzzy Controller Approach

Traffic forecast is a critical aspect of effective traffic management and planning in cyber-physical systems (CPS). In this study, we present a novel approach to traffic prediction and regulation within cyber-physical systems (CPS), introducing the Gradient Rule based Fuzzy Controller. This innovative methodology utilizes dynamic fuzzy logic control enhanced with gradient-based rules to adapt signal timings in real-time, effectively addressing the variable nature of traffic. Our results demonstrate significant improvements in reducing total queue length and delay at intersections, with reductions of up to 91.23%. Furthermore, extensive simulations and evaluations underscore the superiority of our approach compared to state-of-the-art models, highlighting its flexibility and adaptability to diverse traffic scenarios. This research emphasizes the novelty of integrating gradient-based rules into fuzzy control techniques, offering a promising avenue for advancing traffic management systems in CPS environments.

Modeling and detection of false data injection attacks in cyber-physical distribution system with load aggregator interaction

With the increasing number of users and multi-type loads accessing the cyber–physical distribution system (CPDS), the bidirectional interaction between the system becomes more and more frequent. The Load aggregator (LA) also plays an increasingly important role in the interaction process. However, the LA’s high dependence on information and lack of security measures make it vulnerable to attacks, so this paper analyzes the interactive security of the LAs from two points. Considering the game process between the LAs and users from the attacker’s point of view, this paper puts forward an attack strategy aiming cost function of the LAs, establishes a bi-level multi-objective programming attack model of false data injection attacks(FDIAs), and proposes an attack detection method based on the multi-state matching method and improved similar daily data preprocessing generative adversarial network (P-GAN) from the defender’s point of view to defend against the above attack strategy. Furthermore, a hybrid detection mechanism combining event triggering and periodic detection is proposed to ensure response speed and adaptability of detection. The effectiveness of the proposed attack model and the detection method is verified by simulation analysis.

Machine Learning Advancements in Cyber-Physical Systems: Enhancing Security, Performance, and Privacy

Machine Learning Advancements in Cyber-Physical Systems: Enhancing Security, Performance, and Privacy

Cyber-Physical Perception Interface for Co-Simulation Applications.

Co-simulation can bring improvements to the development of cyber-physical perceptive systems (CPPS) in critical fields, allowing uninterrupted system operation and flexibility to use both real-time sensor data and non-real-time data. This paper proposes a co-simulation approach that integrates physical systems and communication systems, including both hardware and software components. This study demonstrates how systems of different natures with discrete or continuous events can be simulated using three methods: time stepped, global event driven, and variable stepped. Through two case studies from the medical and energy fields, CPPS and co-simulation reveal their importance for the future by improving precision and efficiency, which leads to more accurate diagnoses and personalized treatments in the medical field and increases the stability of energy networks.

Super-twisting nonsingular terminal sliding mode control for cyber physical system under FDI attacks

Super-twisting nonsingular terminal sliding mode control for cyber physical system under FDI attacks

Predefined time fuzzy adaptive tracking control for nonlinear cyber physical systems with unmeasurable states and FDI attacks

Predefined time fuzzy adaptive tracking control for nonlinear cyber physical systems with unmeasurable states and FDI attacks

TRIPLE: A blockchain-based digital twin framework for cyber-physical systems security

Cyber-physical systems (CPSs) are being increasingly adopted for industrial applications, yet they involve a dynamic threat landscape that requires CPSs to adapt to emerging threats during their operation. Recently, digital twin (DT) technology (which refers to a virtual representation of a device, process, or environment) has emerged as a suitable candidate to address the security challenges faced by dynamic CPSs. DT has the capability of strengthening the security of CPSs by continuously mapping the physical to twin counterparts to detect inconsistencies. The existing DT-based security solutions are constrained by untrustworthy data dissemination as well as limited data sharing among the involved stakeholders, which, in turn, limit the ability of DTs to run accurate simulations or make valid decisions. To address these challenges, this paper proposes a modular framework called TRusted and Intelligent cyber-PhysicaL systEm (TRIPLE), that leverages blockchain, DTs, and threat intelligence (TI) to secure CPSs. The blockchain-based DT components in the framework provide data integrity, traceability, and availability for trusted DTs. Furthermore, to accurately and comprehensively model system states, the framework envisions fusing process knowledge for modeling DTs from system specification-based and learning-based information and other sources, including infrastructure-as-code (IaC) and knowledge base (KB). The framework also integrates TI for future-proofing against emerging threats, such that threats can be detected either reactively by mapping the behavior of physical and virtual spaces or proactively by TI and threat hunting. We demonstrate the viability of the framework through a proof of concept. Finally, we formally verify the TRIPLE framework to demonstrate its correctness and effectiveness in enhancing CPS security.