International Journal of Critical Infrastructure Protection最新文献

Dynamic protection of human-cyber-physical systems based on CPN and multi-agent reinforcement learning: Evidence from smart coal mines 基于CPN和多智能体强化学习的人-网络-物理系统动态保护：来自智能煤矿的证据

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2026-01-12 DOI: 10.1016/j.ijcip.2026.100831

Yufeng Jiang

Smart coal mines increasingly function as Human-Cyber-Physical Systems (HCPS), in which tightly coupled interactions generate dynamic risks that traditional static safeguards fail to address. This study develops a dynamic protection framework that integrates Colored Petri Nets (CPN) with Multi-Agent Reinforcement Learning (MARL) to model and mitigate cross-layer failures. A three-layer HCPS model is constructed to quantify interdependencies through a cross-layer propagation coefficient, and risk evolution is described using a simplified two-term time-evolution equation separating endogenous growth and external shocks. Gradual degradation and sudden disturbances are modeled via Gamma-Poisson hybrid processes, while CPN enables visualization of cascading faults across layers. MARL is used to optimize defense strategies under a joint-reward mechanism, facilitating coordinated interventions among human, cyber, and physical agents. Simulation results indicate that the cyber layer is particularly sensitive to external shocks, highlighting the necessity of enhanced real-time monitoring and cyber-attack resilience. MARL-enhanced strategies effectively slow risk accumulation and reduce cascading propagation. The contributions are refined into concise, parallel statements to improve clarity. The proposed framework provides a reproducible and adaptive approach for dynamic safety management in intelligent mining environments.

智能煤矿越来越多地发挥人-网络-物理系统（HCPS）的作用，其中紧密耦合的相互作用产生了传统静态保障措施无法解决的动态风险。本研究开发了一个动态保护框架，该框架将彩色Petri网（CPN）与多智能体强化学习（MARL）集成在一起，以建模和减轻跨层故障。构建了一个三层HCPS模型，通过跨层传播系数来量化相互依赖性，并使用分离内生增长和外部冲击的简化两项时间演化方程来描述风险演化。逐渐退化和突然干扰通过伽玛-泊松混合过程建模，而CPN可以实现跨层级联故障的可视化。MARL用于优化联合奖励机制下的防御策略，促进人类、网络和物理代理之间的协调干预。仿真结果表明，网络层对外部冲击特别敏感，突出了增强实时监控和网络攻击抵御能力的必要性。marl增强策略有效地减缓了风险积累，减少了级联传播。这些贡献被精炼成简洁、并行的语句，以提高清晰度。该框架为智能矿山环境下的动态安全管理提供了一种可复制、自适应的方法。

{"title":"Dynamic protection of human-cyber-physical systems based on CPN and multi-agent reinforcement learning: Evidence from smart coal mines","authors":"Yufeng Jiang","doi":"10.1016/j.ijcip.2026.100831","DOIUrl":"10.1016/j.ijcip.2026.100831","url":null,"abstract":"<div><div>Smart coal mines increasingly function as Human-Cyber-Physical Systems (HCPS), in which tightly coupled interactions generate dynamic risks that traditional static safeguards fail to address. This study develops a dynamic protection framework that integrates Colored Petri Nets (CPN) with Multi-Agent Reinforcement Learning (MARL) to model and mitigate cross-layer failures. A three-layer HCPS model is constructed to quantify interdependencies through a cross-layer propagation coefficient, and risk evolution is described using a simplified two-term time-evolution equation separating endogenous growth and external shocks. Gradual degradation and sudden disturbances are modeled via Gamma-Poisson hybrid processes, while CPN enables visualization of cascading faults across layers. MARL is used to optimize defense strategies under a joint-reward mechanism, facilitating coordinated interventions among human, cyber, and physical agents. Simulation results indicate that the cyber layer is particularly sensitive to external shocks, highlighting the necessity of enhanced real-time monitoring and cyber-attack resilience. MARL-enhanced strategies effectively slow risk accumulation and reduce cascading propagation. The contributions are refined into concise, parallel statements to improve clarity. The proposed framework provides a reproducible and adaptive approach for dynamic safety management in intelligent mining environments.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"52 ","pages":"Article 100831"},"PeriodicalIF":5.3,"publicationDate":"2026-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145977822","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Novel RF-jamming IDS for vehicular networks: LSTM, XGBoost, and meta-models approaches 新型车载网络射频干扰IDS: LSTM、XGBoost和元模型方法

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2026-01-08 DOI: 10.1016/j.ijcip.2026.100830

Mubashir Murshed , Nujitha Wickramasurendra , Afrin Jubaida , Robson E. De Grande , Glaucio H.S. Carvalho

The rapid advancement of Intelligent Transportation Systems (ITS) has facilitated diverse safety and comfort services via vehicular networks. However, despite these technological improvements, vehicular networks remain exposed to Radio Frequency (RF) jamming attacks, which continue to challenge the effectiveness of Intrusion Detection Systems (IDS). This paper addresses this topic by proposing novel IDS architectures based on Long Short-Term Memory (LSTM) and eXtreme Gradient Boosting (XGBoost), as well as meta-models that integrate these methods to enhance detection and classification. Through a comprehensive analysis of several models, this research demonstrates that the best LSTM model, LSTM_RELU_IO-L1, achieves an accuracy of 95.67% and 85.17% for vehicles traveling at

25 m/s

and

15 m/s

, respectively. These results confirm its superior performance compared to baseline and recent models: K-Nearest Neighbors (94.46%/82.27%), Random Forest (94.61%/80.04%), and a previous LSTM work (95.17%/84.83%). Furthermore, the proposed RFV-LG meta-model, which combines LSTM and XGBoost, shows substantial improvements. Particularly, the RFV-LG-H6 model reaches 96.46% accuracy for low-speed vehicles, which is the most critical scenario for IDS, and nearly 100% accuracy for high-speed vehicles. These proposals advance the state-of-the-art RF jamming IDS for vehicular networks while establishing the RF jamming IDS meta-models as cutting-edge solutions with strong potential for real-world deployment.

智能交通系统（ITS）的快速发展通过车辆网络促进了各种安全和舒适服务。然而，尽管有这些技术进步，车辆网络仍然暴露于射频（RF）干扰攻击，这继续挑战入侵检测系统（IDS）的有效性。本文通过提出基于长短期记忆（LSTM）和极端梯度增强（XGBoost）的新型IDS架构，以及集成这些方法的元模型来增强检测和分类，从而解决了这一主题。通过对多个模型的综合分析，本研究表明，对于车速为25m/s和15m/s的车辆，最佳LSTM模型lstm_relu_tio - l1的准确率分别为95.67%和85.17%。这些结果证实了它的性能优于基线和最近的模型：K-Nearest Neighbors (94.46%/82.27%), Random Forest（94.61%/80.04%）和之前的LSTM工作（95.17%/84.83%）。此外，提出的RFV-LG元模型结合了LSTM和XGBoost，显示出实质性的改进。其中，RFV-LG-H6模型在IDS最关键的低速工况下准确率达到96.46%，在高速工况下准确率接近100%。这些建议推动了车辆网络中最先进的射频干扰IDS，同时建立了射频干扰IDS元模型，作为具有实际部署潜力的前沿解决方案。

{"title":"Novel RF-jamming IDS for vehicular networks: LSTM, XGBoost, and meta-models approaches","authors":"Mubashir Murshed , Nujitha Wickramasurendra , Afrin Jubaida , Robson E. De Grande , Glaucio H.S. Carvalho","doi":"10.1016/j.ijcip.2026.100830","DOIUrl":"10.1016/j.ijcip.2026.100830","url":null,"abstract":"<div><div>The rapid advancement of Intelligent Transportation Systems (ITS) has facilitated diverse safety and comfort services via vehicular networks. However, despite these technological improvements, vehicular networks remain exposed to Radio Frequency (RF) jamming attacks, which continue to challenge the effectiveness of Intrusion Detection Systems (IDS). This paper addresses this topic by proposing novel IDS architectures based on Long Short-Term Memory (LSTM) and eXtreme Gradient Boosting (XGBoost), as well as meta-models that integrate these methods to enhance detection and classification. Through a comprehensive analysis of several models, this research demonstrates that the best LSTM model, LSTM_RELU_IO-L1, achieves an accuracy of <strong>95.67%</strong> and <strong>85.17%</strong> for vehicles traveling at <span><math><mrow><mn>25</mn><mspace></mspace><mtext>m/s</mtext></mrow></math></span> and <span><math><mrow><mn>15</mn><mspace></mspace><mtext>m/s</mtext></mrow></math></span>, respectively. These results confirm its superior performance compared to baseline and recent models: K-Nearest Neighbors (94.46%/82.27%), Random Forest (94.61%/80.04%), and a previous LSTM work (95.17%/84.83%). Furthermore, the proposed RFV-LG meta-model, which combines LSTM and XGBoost, shows substantial improvements. Particularly, the RFV-LG-H6 model reaches 96.46% accuracy for low-speed vehicles, which is the most critical scenario for IDS, and nearly 100% accuracy for high-speed vehicles. These proposals advance the state-of-the-art RF jamming IDS for vehicular networks while establishing the RF jamming IDS meta-models as cutting-edge solutions with strong potential for real-world deployment.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"52 ","pages":"Article 100830"},"PeriodicalIF":5.3,"publicationDate":"2026-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145926419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Securing smart city Internet of Vehicles via transformer integrated consensus ensemble learning and bio-inspired metaheuristics 通过变压器集成共识集成学习和生物启发元启发式保护智慧城市车联网

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2026-01-03 DOI: 10.1016/j.ijcip.2026.100829

Hamad Naeem , Farhan Ullah , Faheem Mazhar , Muhammad Aasim Rafique

The Internet of Vehicles (IoV), an extension of the Internet of Things (IoT) concept, facilitates online communication and connectivity among smart vehicles. The advanced features of smart vehicles have drawn customer interest in electric vehicle technology. The rapid development of the Internet of Vehicles (IoV) raises important privacy and security issues that could lead to dangerous events. Many researchers have developed deep learning based systems for IoT network intrusion detection. These models aim to reduce smart vehicle accidents and identify compromising network attacks. In this paper, a consensus-driven ensemble of classifiers, Ant Colony Optimization (ACO) for feature selection, and vision transformer-based feature extraction are all included in the proposed system. Initially, the CLIP vision transformer model is used to extract semantic features from vehicle network data. After that, ACO selects the best feature subset to increase accuracy and decrease complexity. Predictions are integrated using a consensus ensemble of Support Vector Machine (SVM), K Nearest Neighbor (KNN), and Logistic Regression (LR), which selectively applies stacking to improve multiclass intrusion detection. The evaluations were conducted using two data sets: the CICEVSE dataset, which contains 22,086 samples from eight different intrusion categories, and the publicly available Car Hacking dataset, which contains 29,228 samples from five different intrusion categories. The experimental results demonstrate that the proposed approach achieved a maximum score of 100% on the Car Hacking dataset and 99.29% on the CICEVSE dataset, reflecting optimum accuracy.

车联网（IoV）是物联网（IoT）概念的延伸，可以促进智能车辆之间的在线通信和连接。智能汽车的先进特性吸引了消费者对电动汽车技术的兴趣。车联网（IoV）的快速发展引发了重要的隐私和安全问题，可能导致危险事件。许多研究人员开发了基于深度学习的物联网网络入侵检测系统。这些模型旨在减少智能车辆事故并识别有害的网络攻击。在本文中，一个共识驱动的分类器集成，用于特征选择的蚁群优化（ACO）和基于视觉变换的特征提取都包含在该系统中。首先，利用CLIP视觉变换模型从车联网数据中提取语义特征。然后，蚁群算法选择最佳特征子集来提高准确率和降低复杂度。使用支持向量机（SVM）， K近邻（KNN）和逻辑回归（LR）的共识集合集成预测，该集合有选择地应用堆栈来改进多类入侵检测。评估使用两个数据集进行：CICEVSE数据集包含来自8个不同入侵类别的22,086个样本，以及公开的汽车黑客数据集，包含来自5个不同入侵类别的29,228个样本。实验结果表明，该方法在Car Hacking数据集上的最高得分为100%，在CICEVSE数据集上的最高得分为99.29%，反映出最佳的准确率。

{"title":"Securing smart city Internet of Vehicles via transformer integrated consensus ensemble learning and bio-inspired metaheuristics","authors":"Hamad Naeem , Farhan Ullah , Faheem Mazhar , Muhammad Aasim Rafique","doi":"10.1016/j.ijcip.2026.100829","DOIUrl":"10.1016/j.ijcip.2026.100829","url":null,"abstract":"<div><div>The Internet of Vehicles (IoV), an extension of the Internet of Things (IoT) concept, facilitates online communication and connectivity among smart vehicles. The advanced features of smart vehicles have drawn customer interest in electric vehicle technology. The rapid development of the Internet of Vehicles (IoV) raises important privacy and security issues that could lead to dangerous events. Many researchers have developed deep learning based systems for IoT network intrusion detection. These models aim to reduce smart vehicle accidents and identify compromising network attacks. In this paper, a consensus-driven ensemble of classifiers, Ant Colony Optimization (ACO) for feature selection, and vision transformer-based feature extraction are all included in the proposed system. Initially, the CLIP vision transformer model is used to extract semantic features from vehicle network data. After that, ACO selects the best feature subset to increase accuracy and decrease complexity. Predictions are integrated using a consensus ensemble of Support Vector Machine (SVM), K Nearest Neighbor (KNN), and Logistic Regression (LR), which selectively applies stacking to improve multiclass intrusion detection. The evaluations were conducted using two data sets: the CICEVSE dataset, which contains 22,086 samples from eight different intrusion categories, and the publicly available Car Hacking dataset, which contains 29,228 samples from five different intrusion categories. The experimental results demonstrate that the proposed approach achieved a maximum score of 100% on the Car Hacking dataset and 99.29% on the CICEVSE dataset, reflecting optimum accuracy.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"52 ","pages":"Article 100829"},"PeriodicalIF":5.3,"publicationDate":"2026-01-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145926418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A structured approach to cyber–physical attacks on digital substations 对数字变电站进行网络物理攻击的结构化方法

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-12-10 DOI: 10.1016/j.ijcip.2025.100827

János Csatár , Tamás Holczer , Roland Nádor , Máté Rózsa

The electric power grid constitutes a foundational component of critical infrastructure; a sustained disruption in electrical supply could cause severe societal consequences. Among the various threats to grid reliability, cybersecurity has become increasingly prominent due to the ongoing digitalization of grid operations. As substations incorporate more digital and networked systems, forming digital substations, the potential impact of cyberattacks on grid stability grows significantly. This paper investigates the cybersecurity threat landscape from the perspective of a potential adversary. We present a novel structured methodology for identifying and formulating effective cyberattacks on digital substations, with the objective of advancing defensive capabilities through a deeper understanding of offensive techniques. Key elements of the methodology include a holistic cyber–physical approach that leverages multi-domain knowledge and utilizes iterative, simulation-based steps. To evaluate the proposed methodology, we designed and implemented three representative cyberattacks using it against a notional substation architecture (leveraging IEC 61850 sampled value (SV), and generic object oriented substation event (GOOSE); and IEEE 1588 precision time protocol (PTP)). We also proposed and developed a dedicated, real-time co-simulation testbed with hardware-in-the-loop capability, specifically designed to emulate realistic substation environments, including detailed protection functions, and subsequently tested these attacks on it. The results demonstrated specific weaknesses in digital substations; for example, a sophisticated cyberattack against PTP might result in a phase-shifted measurement as seen by the protection algorithm.

电网是关键基础设施的基础性组成部分；电力供应的持续中断可能会造成严重的社会后果。在对电网可靠性的各种威胁中，由于电网运营的不断数字化，网络安全问题日益突出。随着变电站整合越来越多的数字化和网络化系统，形成数字化变电站，网络攻击对电网稳定性的潜在影响显著增长。本文从潜在对手的角度研究了网络安全威胁景观。我们提出了一种新的结构化方法，用于识别和制定对数字变电站的有效网络攻击，目的是通过更深入地了解攻击技术来提高防御能力。该方法的关键要素包括利用多领域知识和利用迭代、基于仿真的步骤的整体网络物理方法。为了评估所提出的方法，我们设计并实施了三种具有代表性的网络攻击，使用它来对付概念变电站架构(利用IEC 61850采样值（SV）和通用面向对象的变电站事件（GOOSE）；和IEEE 1588精确时间协议（PTP）)。我们还提出并开发了一个专用的实时联合仿真试验台，具有硬件在环功能，专门用于模拟真实的变电站环境，包括详细的保护功能，并随后在其上测试了这些攻击。结果显示了数字变电站的具体弱点；例如，针对PTP的复杂网络攻击可能会导致保护算法所看到的相移测量。

{"title":"A structured approach to cyber–physical attacks on digital substations","authors":"János Csatár , Tamás Holczer , Roland Nádor , Máté Rózsa","doi":"10.1016/j.ijcip.2025.100827","DOIUrl":"10.1016/j.ijcip.2025.100827","url":null,"abstract":"<div><div>The electric power grid constitutes a foundational component of critical infrastructure; a sustained disruption in electrical supply could cause severe societal consequences. Among the various threats to grid reliability, cybersecurity has become increasingly prominent due to the ongoing digitalization of grid operations. As substations incorporate more digital and networked systems, forming digital substations, the potential impact of cyberattacks on grid stability grows significantly. This paper investigates the cybersecurity threat landscape from the perspective of a potential adversary. We present a novel structured methodology for identifying and formulating effective cyberattacks on digital substations, with the objective of advancing defensive capabilities through a deeper understanding of offensive techniques. Key elements of the methodology include a holistic cyber–physical approach that leverages multi-domain knowledge and utilizes iterative, simulation-based steps. To evaluate the proposed methodology, we designed and implemented three representative cyberattacks using it against a notional substation architecture (leveraging IEC 61850 sampled value (SV), and generic object oriented substation event (GOOSE); and IEEE 1588 precision time protocol (PTP)). We also proposed and developed a dedicated, real-time co-simulation testbed with hardware-in-the-loop capability, specifically designed to emulate realistic substation environments, including detailed protection functions, and subsequently tested these attacks on it. The results demonstrated specific weaknesses in digital substations; for example, a sophisticated cyberattack against PTP might result in a phase-shifted measurement as seen by the protection algorithm.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"52 ","pages":"Article 100827"},"PeriodicalIF":5.3,"publicationDate":"2025-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145791447","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SG-StackSecure: An intelligent and robust stacking ensemble model for smart grid intrusion detection SG-StackSecure：一种用于智能电网入侵检测的智能鲁棒堆栈集成模型

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-12-03 DOI: 10.1016/j.ijcip.2025.100816

Muhammad Mobeen Aslam , Umar Saleem , Usman Ahmed , Weilin Li , Wenjie Liu

The integration of advanced Information and Communication Technologies (ICTs) and Internet of Things (IoT) devices into traditional power infrastructure has significantly improved efficiency, reliability, and remote controllability. However, this integration has also introduced cybersecurity challenges, particularly in Supervisory Control and Data Acquisition (SCADA) systems. To address these emerging threats with real-time, scalable, and interpretable detection, this study presents a SG-StackSecure, a novel stacked ensemble framework for Smart Grids (SGs) intrusion detection. The framework combines Random Forest, XGBoost, and LightGBM as base learners, and Logistic Regression serving as the metaclassifier. It also used a Random Forest-based feature selection mechanism to enhance detection while reducing model dimensionality. SG-StackSecure model was trained and validated on the power system industrial control system (ICS) cyberattack datasets using 10-fold stratified cross-validation, achieving an average accuracy of 99.15% ± 0.18% and F1-scores of 0.9912 (binary classification) and 99.07% ± 0.29% and 0.9907 (three-class classification). SG-StackSecure achieves up to 8.67% higher accuracy, 96.16% reduction in feature selection time, and 89.34% reduction in training time as compared to state-of-the-art models. SG-StackSecure was also evaluated for its real-time deployment feasibility through model compression and stress testing under high-load scenarios. These results, along with a survey of SHAP and LIME for expert usability, underscore SG-StackSecure's robustness, scalability, and practical applicability for securing critical power infrastructures against evolving cyber-physical threats.

先进的信息通信技术（ict）和物联网（IoT）设备与传统电力基础设施的融合，大大提高了效率、可靠性和远程可控性。然而，这种集成也带来了网络安全挑战，特别是在监控和数据采集（SCADA）系统中。为了通过实时、可扩展和可解释的检测来解决这些新出现的威胁，本研究提出了SG-StackSecure，这是一种用于智能电网（SGs）入侵检测的新型堆叠集成框架。该框架结合了Random Forest、XGBoost和LightGBM作为基础学习器，以及Logistic Regression作为元分类器。它还使用基于随机森林的特征选择机制来增强检测，同时降低模型维数。SG-StackSecure模型在电力系统工业控制系统（ICS）网络攻击数据集上进行10次分层交叉验证，平均准确率为99.15%±0.18%，f1得分为0.9912（二分类），平均准确率为99.07%±0.29%，f1得分为0.9907（三分类）。与最先进的模型相比，SG-StackSecure的准确率提高了8.67%，特征选择时间减少了96.16%，训练时间减少了89.34%。SG-StackSecure还通过模型压缩和高负载场景下的压力测试评估了其实时部署的可行性。这些结果，以及对SHAP和LIME专家可用性的调查，强调了SG-StackSecure在保护关键电力基础设施免受不断发展的网络物理威胁方面的稳健性、可扩展性和实用性。©Elsevier Inc.版权所有。

{"title":"SG-StackSecure: An intelligent and robust stacking ensemble model for smart grid intrusion detection","authors":"Muhammad Mobeen Aslam , Umar Saleem , Usman Ahmed , Weilin Li , Wenjie Liu","doi":"10.1016/j.ijcip.2025.100816","DOIUrl":"10.1016/j.ijcip.2025.100816","url":null,"abstract":"<div><div>The integration of advanced Information and Communication Technologies (ICTs) and Internet of Things (IoT) devices into traditional power infrastructure has significantly improved efficiency, reliability, and remote controllability. However, this integration has also introduced cybersecurity challenges, particularly in Supervisory Control and Data Acquisition (SCADA) systems. To address these emerging threats with real-time, scalable, and interpretable detection, this study presents a SG-StackSecure, a novel stacked ensemble framework for Smart Grids (SGs) intrusion detection. The framework combines Random Forest, XGBoost, and LightGBM as base learners, and Logistic Regression serving as the metaclassifier. It also used a Random Forest-based feature selection mechanism to enhance detection while reducing model dimensionality. SG-StackSecure model was trained and validated on the power system industrial control system (ICS) cyberattack datasets using 10-fold stratified cross-validation, achieving an average accuracy of 99.15% ± 0.18% and F1-scores of 0.9912 (binary classification) and 99.07% ± 0.29% and 0.9907 (three-class classification). SG-StackSecure achieves up to 8.67% higher accuracy, 96.16% reduction in feature selection time, and 89.34% reduction in training time as compared to state-of-the-art models. SG-StackSecure was also evaluated for its real-time deployment feasibility through model compression and stress testing under high-load scenarios. These results, along with a survey of SHAP and LIME for expert usability, underscore SG-StackSecure's robustness, scalability, and practical applicability for securing critical power infrastructures against evolving cyber-physical threats.</div><div>© Elsevier Inc. All rights reserved.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"52 ","pages":"Article 100816"},"PeriodicalIF":5.3,"publicationDate":"2025-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145697735","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Operational technologies is the blend spot of the critical Infrastrutcturte 运营技术是关键基础设施的融合点

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-12-01 DOI: 10.1016/S1874-5482(25)00082-4

Roberto Setola

引用次数: 0

Feature extraction and selection for flooding-based multi-class DDoS attacks detection in IoT network 物联网网络中基于洪水的多类DDoS攻击检测特征提取与选择

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-12-01 DOI: 10.1016/j.ijcip.2025.100815

Hayelom Gebrye , Yong Wang , Fagen Li , Birhanu Kahsay

In the realm of IoT network security, feature selection and machine learning driven DDoS detection acquired appeal due to their capacity for tracking traffic and recognize threats. Nevertheless, recent studies have demonstrated that these attacks can be identified using outdated datasets, which could not appropriately reflect modern network threats and degrade the accuracy of detection. Few ML applications employed over 40 features in the past; today, there are tens or even hundreds of features available. This makes processing the information complex and requires more resources and time. In order to facilitate the multi-class detection of DDoS flooding attacks, we made available the PCAP extractor, which allows for the extraction and processing of raw network data into a ML suitable format. Next, we generated flooding-based DDoS attack dataset specifically intended for classification into multiple classes, and we assessed the efficacy of adaptable ML models. We conducted three systematic experimental analysis. The flooding-based DDoS multi-class dataset that was produced for the study was used in the preliminary experiment. To evaluate the effectiveness of our efforts, we conducted the second and third experiments using the IoTID20 and CIC-IoT23, which are the most modern, up-to-date and incorporates variety DDoS attack datasets. Finally, Boruta outperforms RFE in terms of choosing important features and time to complete the task in all datasets. We showed that across all experiment groups, the random forest model exhibited an accuracy of greater than 90%.

在物联网网络安全领域，特征选择和机器学习驱动的DDoS检测因其跟踪流量和识别威胁的能力而获得了吸引力。然而，最近的研究表明，这些攻击可以使用过时的数据集来识别，这些数据集不能适当地反映现代网络威胁，并降低了检测的准确性。过去很少有机器学习应用程序使用超过40个功能；今天，有数十甚至数百个可用的功能。这使得处理信息变得复杂，需要更多的资源和时间。为了方便对DDoS洪水攻击的多类检测，我们提供了PCAP提取器，它允许将原始网络数据提取和处理为ML合适的格式。接下来，我们生成了基于洪水的DDoS攻击数据集，专门用于分类为多个类别，并评估了适应性机器学习模型的有效性。我们进行了三次系统的实验分析。为本研究生成的基于洪水的DDoS多类数据集用于初步实验。为了评估我们努力的有效性，我们使用最现代、最新并包含各种DDoS攻击数据集的IoTID20和CIC-IoT23进行了第二次和第三次实验。最后，Boruta在所有数据集中选择重要特征和完成任务的时间方面优于RFE。我们发现，在所有的实验组中，随机森林模型的准确率都大于90%。

{"title":"Feature extraction and selection for flooding-based multi-class DDoS attacks detection in IoT network","authors":"Hayelom Gebrye , Yong Wang , Fagen Li , Birhanu Kahsay","doi":"10.1016/j.ijcip.2025.100815","DOIUrl":"10.1016/j.ijcip.2025.100815","url":null,"abstract":"<div><div>In the realm of IoT network security, feature selection and machine learning driven DDoS detection acquired appeal due to their capacity for tracking traffic and recognize threats. Nevertheless, recent studies have demonstrated that these attacks can be identified using outdated datasets, which could not appropriately reflect modern network threats and degrade the accuracy of detection. Few ML applications employed over 40 features in the past; today, there are tens or even hundreds of features available. This makes processing the information complex and requires more resources and time. In order to facilitate the multi-class detection of DDoS flooding attacks, we made available the PCAP extractor, which allows for the extraction and processing of raw network data into a ML suitable format. Next, we generated flooding-based DDoS attack dataset specifically intended for classification into multiple classes, and we assessed the efficacy of adaptable ML models. We conducted three systematic experimental analysis. The flooding-based DDoS multi-class dataset that was produced for the study was used in the preliminary experiment. To evaluate the effectiveness of our efforts, we conducted the second and third experiments using the IoTID20 and CIC-IoT23, which are the most modern, up-to-date and incorporates variety DDoS attack datasets. Finally, Boruta outperforms RFE in terms of choosing important features and time to complete the task in all datasets. We showed that across all experiment groups, the random forest model exhibited an accuracy of greater than 90%.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100815"},"PeriodicalIF":5.3,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145693246","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Robust trust management in Intelligent Transportation System: A machine learning approach 智能交通系统中的稳健信任管理：一种机器学习方法

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-12-01 DOI: 10.1016/j.ijcip.2025.100812

Ahmed Danladi Abdullahi , Erfan Bahrami , Tooska Dargahi , Mohammed Al-Khalidi , Mohammad Hammoudeh

Intelligent Transportation Systems (ITS) are revolutionising modern mobility by leveraging advancements in 5G technology, smart sensors, and sophisticated data analytics. These advancements facilitate the exchange and decision making of information in real time, improving safety and efficiency. However, the heterogeneous and loosely connected nature of the ITS components presents significant challenges in evaluating and managing trust within the ecosystem. Traditional approaches, such as blockchain-based consensus mechanisms, peer-to-peer voting systems, and static rule-based trust models, struggle to evaluate trust uniformly across diverse components and data types in real time, leaving the system vulnerable to various threats. Recent studies explored Machine Learning (ML) techniques to address trust management in ITS. These advanced approaches offer promising solutions for processing large volumes of heterogeneous data, identifying complex patterns, and adapting to dynamic environments. However, most existing ML-based solutions focus on assessing trust for particular components, such as vehicles and roadside units (RSUs), rather than addressing the collective trust of the entire ITS ecosystem.

This paper proposes a novel ML-based dynamic trust management system termed MLT. It employs a feedforward neural network and the Levenberg–Marquardt Algorithm to dynamically assess the trustworthiness of ITS components. The system incorporates a dynamic time decay factor and continuously updates the trust scores, allowing effective identification and isolation of malicious actors. Through extensive simulations, MLT outperforms baseline models by up to 10% in precision and 9% in F-measure across various attack scenarios. These results highlight the superior performance of MLT in accuracy and robustness compared to existing trust management models.

智能交通系统（ITS）通过利用5G技术、智能传感器和复杂的数据分析技术，正在彻底改变现代交通。这些进步促进了信息的实时交换和决策，提高了安全性和效率。然而，ITS组件的异构和松散连接的性质在评估和管理生态系统中的信任方面提出了重大挑战。传统的方法，如基于区块链的共识机制、点对点投票系统和基于静态规则的信任模型，很难实时地统一评估不同组件和数据类型的信任，这使得系统容易受到各种威胁。最近的研究探索了机器学习（ML）技术来解决ITS中的信任管理问题。这些高级方法为处理大量异构数据、识别复杂模式和适应动态环境提供了有前途的解决方案。然而，大多数现有的基于机器学习的解决方案侧重于评估特定组件（如车辆和路边单元（rsu））的信任，而不是解决整个ITS生态系统的集体信任问题。本文提出了一种基于机器学习的动态信任管理系统MLT。采用前馈神经网络和Levenberg-Marquardt算法对ITS组件的可信度进行动态评估。该系统采用动态时间衰减因子，并不断更新信任分数，从而有效识别和隔离恶意行为者。通过广泛的模拟，MLT在各种攻击场景中的精度和F-measure分别比基线模型高出10%和9%。这些结果突出了与现有信任管理模型相比，MLT在准确性和鲁棒性方面的优越性能。

{"title":"Robust trust management in Intelligent Transportation System: A machine learning approach","authors":"Ahmed Danladi Abdullahi , Erfan Bahrami , Tooska Dargahi , Mohammed Al-Khalidi , Mohammad Hammoudeh","doi":"10.1016/j.ijcip.2025.100812","DOIUrl":"10.1016/j.ijcip.2025.100812","url":null,"abstract":"<div><div>Intelligent Transportation Systems (ITS) are revolutionising modern mobility by leveraging advancements in 5G technology, smart sensors, and sophisticated data analytics. These advancements facilitate the exchange and decision making of information in real time, improving safety and efficiency. However, the heterogeneous and loosely connected nature of the ITS components presents significant challenges in evaluating and managing trust within the ecosystem. Traditional approaches, such as blockchain-based consensus mechanisms, peer-to-peer voting systems, and static rule-based trust models, struggle to evaluate trust uniformly across diverse components and data types in real time, leaving the system vulnerable to various threats. Recent studies explored Machine Learning (ML) techniques to address trust management in ITS. These advanced approaches offer promising solutions for processing large volumes of heterogeneous data, identifying complex patterns, and adapting to dynamic environments. However, most existing ML-based solutions focus on assessing trust for particular components, such as vehicles and roadside units (RSUs), rather than addressing the collective trust of the entire ITS ecosystem.</div><div>This paper proposes a novel ML-based dynamic trust management system termed MLT. It employs a feedforward neural network and the Levenberg–Marquardt Algorithm to dynamically assess the trustworthiness of ITS components. The system incorporates a dynamic time decay factor and continuously updates the trust scores, allowing effective identification and isolation of malicious actors. Through extensive simulations, MLT outperforms baseline models by up to 10% in precision and 9% in F-measure across various attack scenarios. These results highlight the superior performance of MLT in accuracy and robustness compared to existing trust management models.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"51 ","pages":"Article 100812"},"PeriodicalIF":5.3,"publicationDate":"2025-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145623564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

An integrated intuitionistic fuzzy framework for emergency response center location planning in industrial areas 工业区域应急响应中心选址规划的综合直觉模糊框架

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-11-30 DOI: 10.1016/j.ijcip.2025.100813

Ertugrul Ayyildiz , Melike Erdogan , Muhammet Gul

Emergency response centers are critical facilities for managing emergencies caused by both natural and man-made disasters, particularly in industrial zones where risks such as fires, toxic substance exposure, and explosions are prevalent. The selection of an appropriate location for emergency response centers is vital to ensuring rapid and effective emergency responses while addressing the inherent uncertainties and complexities of multi-criteria decision-making (MCDM) processes. This study presents a comprehensive location selection analysis for emergency response centers in industrial zones, leveraging intuitionistic fuzzy sets to incorporate uncertainty and expert hesitation in the decision-making process. Using Intuitionistic Fuzzy SWARA (Step-by-Step Weight Assessment Ratio Analysis) to determine criteria weights and Intuitionistic Fuzzy EDAS (Evaluation Based on Distance from Average Solution) to evaluate alternative locations, the study identifies the optimal site for establishing emergency response centers under conflicting criteria. The proposed approach effectively integrates linguistic expert judgments and quantitative assessments, offering a robust framework for addressing the challenges of emergency response center selection. The results provide actionable insights for emergency management and urban planning while contributing to the growing body of research on fuzzy MCDM techniques for critical facility location problems. This methodology ensures a realistic and practical solution to the emergency response center location selection problem.

应急响应中心是管理由自然灾害和人为灾害引起的紧急情况的关键设施，特别是在火灾、有毒物质接触和爆炸等风险普遍存在的工业区。为应急响应中心选择合适的位置对于确保快速有效的应急响应，同时解决多标准决策（MCDM）过程固有的不确定性和复杂性至关重要。本研究提出工业园区应急响应中心的综合选址分析，利用直觉模糊集纳入决策过程中的不确定性和专家犹豫。采用逐级权重评价比分析法（直觉模糊SWARA）确定标准权重，采用与平均解决方案距离评价法（直觉模糊EDAS）评价备选地点，确定了冲突条件下建立应急响应中心的最优地点。所提出的方法有效地整合了语言专家判断和定量评估，为解决应急响应中心选择的挑战提供了一个强大的框架。研究结果为应急管理和城市规划提供了可操作的见解，同时有助于对关键设施选址问题的模糊MCDM技术的研究。该方法为应急响应中心选址问题提供了现实可行的解决方案。

{"title":"An integrated intuitionistic fuzzy framework for emergency response center location planning in industrial areas","authors":"Ertugrul Ayyildiz , Melike Erdogan , Muhammet Gul","doi":"10.1016/j.ijcip.2025.100813","DOIUrl":"10.1016/j.ijcip.2025.100813","url":null,"abstract":"<div><div>Emergency response centers are critical facilities for managing emergencies caused by both natural and man-made disasters, particularly in industrial zones where risks such as fires, toxic substance exposure, and explosions are prevalent. The selection of an appropriate location for emergency response centers is vital to ensuring rapid and effective emergency responses while addressing the inherent uncertainties and complexities of multi-criteria decision-making (MCDM) processes. This study presents a comprehensive location selection analysis for emergency response centers in industrial zones, leveraging intuitionistic fuzzy sets to incorporate uncertainty and expert hesitation in the decision-making process. Using Intuitionistic Fuzzy SWARA (Step-by-Step Weight Assessment Ratio Analysis) to determine criteria weights and Intuitionistic Fuzzy EDAS (Evaluation Based on Distance from Average Solution) to evaluate alternative locations, the study identifies the optimal site for establishing emergency response centers under conflicting criteria. The proposed approach effectively integrates linguistic expert judgments and quantitative assessments, offering a robust framework for addressing the challenges of emergency response center selection. The results provide actionable insights for emergency management and urban planning while contributing to the growing body of research on fuzzy MCDM techniques for critical facility location problems. This methodology ensures a realistic and practical solution to the emergency response center location selection problem.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"52 ","pages":"Article 100813"},"PeriodicalIF":5.3,"publicationDate":"2025-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145791432","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Critical thinking: exploring the expansion of critical infrastructure 批判性思维：探索关键基础设施的扩张

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-11-29 DOI: 10.1016/j.ijcip.2025.100814

Russell Lundberg

The concept of critical infrastructure (CI) has evolved significantly across developed nations since the early 2000s, with the United States providing a particularly illustrative example of this global trend. Initially focused on assets whose incapacitation would cause debilitating national impacts, the U.S. framework expanded after September 11th, 2001 to encompass a broader array of sectors and assets, diluting the meaning of criticality. Even among the most vital lifeline sectors— energy, communications, water, and transportation—analysis reveals that the resilience of these systems often precludes national-level consequences from isolated failures. To address these issues, CI policy should transition from viewing assets as inherently critical to evaluating their criticality in relation to systemic risks posed by specific threats. This shift would enable more effective prioritization, focusing resources on protecting assets most vulnerable to realistic, high-impact scenarios while reducing the inefficiencies of over-inclusiveness. By re-centering the concept of criticality, CI policy can better align with its original intent of safeguarding national security and resilience.

自21世纪初以来，关键基础设施（CI）的概念在发达国家发生了重大变化，美国是这一全球趋势的一个特别说明问题的例子。最初的重点是那些丧失能力会对国家造成破坏性影响的资产，2001年9月11日之后，美国的框架扩大到包括更广泛的部门和资产，淡化了“临界”的含义。甚至在最重要的生命线部门——能源、通信、水和交通——分析表明，这些系统的弹性往往排除了孤立故障造成的全国性后果。为了解决这些问题，CI政策应该从将资产视为固有的关键转变为评估它们与特定威胁构成的系统风险相关的重要性。这一转变将使优先次序更加有效，将资源集中在保护最容易受到现实、高影响情景影响的资产上，同时减少过度包容带来的低效率。通过重新定位临界概念，CI政策可以更好地符合其维护国家安全和弹性的初衷。

{"title":"Critical thinking: exploring the expansion of critical infrastructure","authors":"Russell Lundberg","doi":"10.1016/j.ijcip.2025.100814","DOIUrl":"10.1016/j.ijcip.2025.100814","url":null,"abstract":"<div><div>The concept of critical infrastructure (CI) has evolved significantly across developed nations since the early 2000s, with the United States providing a particularly illustrative example of this global trend. Initially focused on assets whose incapacitation would cause debilitating national impacts, the U.S. framework expanded after September 11th, 2001 to encompass a broader array of sectors and assets, diluting the meaning of criticality. Even among the most vital lifeline sectors— energy, communications, water, and transportation—analysis reveals that the resilience of these systems often precludes national-level consequences from isolated failures. To address these issues, CI policy should transition from viewing assets as inherently critical to evaluating their criticality in relation to systemic risks posed by specific threats. This shift would enable more effective prioritization, focusing resources on protecting assets most vulnerable to realistic, high-impact scenarios while reducing the inefficiencies of over-inclusiveness. By re-centering the concept of criticality, CI policy can better align with its original intent of safeguarding national security and resilience.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"52 ","pages":"Article 100814"},"PeriodicalIF":5.3,"publicationDate":"2025-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145791448","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0