IET Cyber-Physical Systems: Theory and Applications最新文献

Cyber-physical power systems (CPPS) are integral to meeting society's demand for secure, sustainable, affordable and resilient critical networks and services. Given the convergence of decarbonising, heating, cooling, and transportation networks onto cyber-physical power systems (CPPS), this takes on increased significance. This paper introduces an innovative approach to the open challenge of how we evaluate CPPS resilience, presenting the use of network motifs and Monte Carlo simulations. We demonstrate how our methodology enables a comprehensive analysis of CPPS by capturing the interdependence between cyber and physical networks and by accounting for inherent uncertainties in cyber and physical components. Specifically, this method incorporates the dynamic interplay between the physical and cyber networks, presenting a time-dependent motif-based resilience metric. This metric evaluates CPPS performance in maintaining critical loads during and after diverse extreme events in cyber and/or physical layers. The resilience status of the system is determined using the prevalence of 4-node motifs within the system's network, offering valuable redundant paths for critical load supply. The study models a variety of natural events, including earthquakes, windstorms, and tornadoes, along with cyber-attacks while accounting for their inherent uncertainties using Monte Carlo simulation. The proposed approach is demonstrated through two test CPPS, specifically the IEEE 14-bus and IEEE 30-bus test systems, affirming its effectiveness in quantifying CPPS resilience. By comprehensively addressing system dynamics, interdependencies, and uncertainties, the proposed technique advances our understanding of CPPS and supports resilient system design.

Demand for autonomous protection in computing devices cannot go unnoticed, considering the rapid proliferation of deployed devices and escalating cyberattacks. Consequently, cybersecurity measures with an improved generalisation that can proactively determine the indicators of compromises to predict 0-day threats or previously unseen malware together with known malware are highly desirable. In this article, the authors present a novel concept of autonomous device protection based on behavioural profiling by continuously monitoring internal resource usage and leveraging generative artificial intelligence (genAI) to distinguish between benign and malicious behaviour. The authors design a proof-of-concept for Windows-based computing devices relying on a built-in event tracing mechanism for log collection that is converted into structured data using a graph data structure. The authors extract graph-level features, that is, graph depth, nodes count, number of leaf nodes, node degree statistics, and events count and node-level features (NLF), that is, process start, file create and registry events details for each graph. Further, the authors investigate the use of genAI exploiting a pre-trained large language network—a simple contrastive sentence embedding framework to extract strong features, that is, dense vectors from event graphs. Finally, the authors train a random forest classifier using both the graph-level features and NLF to obtain classification models that are evaluated on a collected dataset containing one thousand benign and malicious samples achieving accuracy up to 99.25%.

The modern Industrial Control System (ICS) environment now combines information technology (IT), operational technology, and physical processes. This digital transformation enhances operational efficiency, service quality, and physical system capabilities enabling systems to measure and control the physical world. However, it also exposes ICS to new and evolving cybersecurity threats that were once confined to the IT domain. As a result, identifying cyber risks in ICS has become more critical, leading to the development of new methods and tools to tackle these emerging threats. This study reviews some of the latest tools for cyber-risk identification in ICS. It empirically analyses each tool based on specific attributes: focus, application domain, core risk management concepts, and how they address current cybersecurity concerns in ICS.

The difficulty of adjusting the weighting coefficients of the cost function in traditional model predictive torque control is addressed by proposing a fixed weighting coefficient three-vector model predictive torque control (FWC-MPTC) strategy. The strategy applies three voltage vectors in a control period. The first voltage vector is selected by a fixed coefficient cost function, the second and third voltage vectors are determined by a cost function that includes only torque and flux, and the third voltage vector is no longer just a traditional zero vector. In addition, to solve the problem of poor disturbance immunity of the speed loop PI controller, an active disturbance rejection controller (ADRC) is introduced in the speed loop, and the error non-linear function in the controller is rewritten into a smoother new function. The proposed control strategy reduces the torque and speed fluctuation of the traditional three-vector model predictive control (TTV-MPTC), improves the robustness of the system, avoids the difficulty of adjusting the weight coefficient in the traditional cost function, and reduces the computational complexity of the cost function.

The authors propose a self-triggered synchronisation control method of a general high-order linear time-invariant multi-agent system through a cloud repository. In the cloud-mediated self-triggered control, each agent asynchronously accesses the cloud repository to obtain past information about its neighbouring agents. Then, the agent predicts future behaviours of its neighbours as well as of its own and locally determines its next access time to the cloud repository. In the case of a general high-order linear agent dynamics, each agent has to estimate exponential evolution of its trajectory characterised by eigenvalues of a system matrix, which is different from single/double integrator or first-order linear agents. The authors’ proposed method deals with exponential behaviours of the agents by tightly evaluating the bounds on matrix exponentials. Based on these bounds, the authors design the self-triggered controller through a cloud that achieves the bounded state synchronization of the closed-loop system without exhibiting any Zeno behaviours. The effectiveness of the proposed method is demonstrated through the numerical simulation.

Zero-dynamics attack (ZDA) is a destructive stealthy cyberattack that threatens cyber-physical systems (CPS). The authors have warned about the risk of a cyberattack by introducing a new general ZDA that can be effective and robust in non-linear multiple-input multiple-output CPS. In this proposed attack policy, the adversary extracts the sensor and actuator online data on the network platform. Then, by utilising a state observer and considering specific delay times, the attacker injects a ZDA signal into the actuator channels of the cyber-physical system. As a result, the internal dynamics will diverge from the nominal working region of the controlled cyber-physical system, while the outputs remain close to the actual outputs of the attack-free system. Therefore, this cyberattack can remain stealthy, and it can also be robust against revealing signals. The efficiency of this new attack policy is demonstrated in the simulation results for a continuous stirred tank reactor regarded as a cyber-physical system.

A novel context-based privacy policy deployment model enhanced with bioinspired Q-learning optimisations is presented. The model addresses the challenge of maintaining privacy while ensuring data integrity and usability in various settings. Leveraging datasets including Adult (Census Income), Yelp, UC Irvine Machine Learning, and Movie Lens, the authors evaluate the model's performance against state-of-the-art techniques, such as GEF AL, Deep Forest, and Robust Continual Learning. The approach employs Firefly Optimiser (FFO) and Ant Lion Optimiser (ALO) algorithms to dynamically adjust privacy parameters and handle large datasets efficiently. Additionally, Q-learning enables intelligent decision-making and rapid adaptation to changing data and network conditions and scenarios. Evaluation results demonstrate that the model consistently outperforms reference techniques across multiple metrics, including privacy levels, scalability, fidelity, and sensitivity management. By reducing reputational harm, minimising delays, and enhancing network quality, the model offers robust privacy protection without sacrificing data utility. Overall, a dynamic context-based privacy policy deployment approach, enhanced with bioinspired Q-learning optimisations, presents a significant advancement in privacy preservation methods. The combination of ALO, FFO, and Q-learning techniques offers a practical solution to evolving data privacy challenges and enhances flexibility in various use case scenarios.

Power systems are facing an increasing number of cyber incidents, potentially leading to damaging consequences to both physical and cyber aspects. However, the development of analytical methods for the study of large-scale power infrastructures as cyber-physical systems is still in its early stages. Drawing inspiration from machine-learning techniques, the authors introduce a method inspired by the principles of graph embedding that is tailored for quantitative risk assessment and the exploration of possible mitigation strategies of large-scale cyber-physical power systems. The primary advantage of the graph embedding approach lies in its ability to generate numerous random walks on a graph, simulating potential access paths. Meanwhile, it enables capturing high-dimensional structures in low-dimensional spaces, facilitating advanced machine-learning applications, and ensuring scalability and adaptability for comprehensive network analysis. By employing this graph embedding-based approach, the authors present a structured and methodical framework for risk assessment in cyber-physical systems. The proposed graph embedding-based risk analysis framework aims to provide a more insightful perspective on cyber-physical risk assessment and situation awareness for power systems. To validate and demonstrate its applicability, the method has been tested on two cyber-physical power system models: the Western System Coordinating Council (WSCC) 9-Bus System and the Illinois 200-Bus System, thereby showing its advantages in enhancing the accuracy of risk analysis and comprehensiveness of situational awareness.

Industrial Cyber-Physical Systems (iCPSs) represent a new generation of industrial systems that enable a profound integration of industrial processes and informational spaces, thereby empowering the fourth industrial revolution. iCPSs confront more severe safety and security (S&S) challenges compared to traditional industrial systems. One of the most critical challenges is the joint risk analysis of S&S. Many scholars have devoted their research to this area. However, there is a dearth of literature reviews encapsulating recent advancements, which provides the motivation for this study. The authors review the methodologies in this field, delve into the S&S relationships involved, and propose 12 criteria for evaluating these methods. Furthermore, the current research limitations were analysed and potential directions were suggested for future research.

As power grids develop, their structure becomes more complex, multi-dimensional, and digitalised—hence, it is referred to as cyber-physical infrastructure. The sensitivity of grids to extreme cyber and physical events is becoming a hot research topic due to the increasing rate of such events and their catastrophic consequences. To produce accurate and comprehensive measures, modelling and assessing the resilience of power systems must include both the physical and cyber domains. However, resilience quantification models that include both domains have not received sufficient attention. A novel resilience model and quantification framework are proposed. The model is based on a resilience trapezoid that depicts the different phases of the cyber and physical domains during severe natural or anthropogenic events. A resilience index is also proposed to measure the resilience levels of local nodes and entire systems, including various factors that contribute to the modelled degradation states. Severe weather conditions were modelled to examine the impact of this category of events on the proposed resilience model.