International Journal of Critical Infrastructure Protection最新文献_第5页

Critical entities resilience strengthening tools to small-scale disasters 关键实体复原力加强工具，以小规模灾害

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-04-23 DOI: 10.1016/j.ijcip.2025.100766

David Rehak , Alena Splichalova , Heidi Janeckova , Ondrej Ryska , Alena Oulehlova , Lenka Michalcova , Martin Hromada , Miltiadis Kontogeorgos , Jozef Ristvej

The issue of critical infrastructure protection is still largely based on the concept of critical infrastructure resilience. However, it is already clear that this concept must be restructured, primarily due to the adoption of a new European Union directive that focuses on the resilience of critical entities that are owners or operators of individual critical infrastructures. This directive stipulates, among other things, an obligation for critical entities to provide unlimited services necessary for maintaining the most important functions of the state. For this reason, it is necessary to pay increased attention not only to strengthening the resilience of infrastructures, but also to the management processes of critical entities. Based on these facts, 161 tools suitable for strengthening the critical entities internal resilience against small-scale disasters are classified and defined in this article. These strengthening tools are defined for both entities and infrastructural resilience. The article further defines the environment and procedure for strengthening the critical entities internal resilience, thus expanding the application of the existing CERA method, which was originally designed for the purpose of assessing the critical entities resilience to small-scale disasters. The design part of the article also includes a presentation of an example of a practical application of the proposed procedure.

关键基础设施保护问题在很大程度上仍然基于关键基础设施弹性的概念。然而，很明显，这一概念必须重新构建，主要是由于采用了新的欧盟指令，该指令侧重于作为单个关键基础设施所有者或运营商的关键实体的弹性。该指令规定，除其他事项外，关键实体有义务提供维持国家最重要职能所需的无限服务。因此，有必要不仅更加注意加强基础设施的复原力，而且还要注意关键实体的管理过程。基于这些事实，本文对161种适用于增强关键实体内部抗灾能力的工具进行了分类和定义。这些加强工具是为实体和基础设施的复原力而定义的。本文进一步定义了加强关键实体内部复原力的环境和程序，从而扩大了现有CERA方法的应用范围，该方法最初是为评估关键实体对小规模灾害的复原力而设计的。文章的设计部分还包括对所提出程序的实际应用的一个示例的介绍。

{"title":"Critical entities resilience strengthening tools to small-scale disasters","authors":"David Rehak , Alena Splichalova , Heidi Janeckova , Ondrej Ryska , Alena Oulehlova , Lenka Michalcova , Martin Hromada , Miltiadis Kontogeorgos , Jozef Ristvej","doi":"10.1016/j.ijcip.2025.100766","DOIUrl":"10.1016/j.ijcip.2025.100766","url":null,"abstract":"<div><div>The issue of critical infrastructure protection is still largely based on the concept of critical infrastructure resilience. However, it is already clear that this concept must be restructured, primarily due to the adoption of a new European Union directive that focuses on the resilience of critical entities that are owners or operators of individual critical infrastructures. This directive stipulates, among other things, an obligation for critical entities to provide unlimited services necessary for maintaining the most important functions of the state. For this reason, it is necessary to pay increased attention not only to strengthening the resilience of infrastructures, but also to the management processes of critical entities. Based on these facts, 161 tools suitable for strengthening the critical entities internal resilience against small-scale disasters are classified and defined in this article. These strengthening tools are defined for both entities and infrastructural resilience. The article further defines the environment and procedure for strengthening the critical entities internal resilience, thus expanding the application of the existing CERA method, which was originally designed for the purpose of assessing the critical entities resilience to small-scale disasters. The design part of the article also includes a presentation of an example of a practical application of the proposed procedure.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100766"},"PeriodicalIF":4.1,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143881346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

STADe: An unsupervised time-windows method of detecting anomalies in oil and gas Industrial Cyber-Physical Systems (ICPS) networks STADe：一种检测油气工业网络物理系统（ICPS）网络异常的无监督时间窗方法

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-04-23 DOI: 10.1016/j.ijcip.2025.100762

Abubakar Sadiq Mohammed, Eirini Anthi, Omer Rana, Pete Burnap, Andrew Hood

Critical infrastructure and Operational Technology (OT) are becoming more exposed to cyber attacks due to the integration of OT networks to enterprise networks especially in the case of Industrial Cyber-Physical Systems (ICPS). These technologies that are a huge part of our daily lives usually operate by having sensors and actuators constantly communicating through an industrial network. To secure these industrial networks from cyber attacks, researchers have utilised misuse detection and Anomaly Detection (AD) techniques to detect potential attacks. Misuse detection methods are unable to detect zero-day attacks while AD methods can, but with high false positive rates and high computational overheads. In this paper, we present STADe, a novel Sliding Time-window Anomaly Detection method that uses a sole feature of network packet inter-arrival times to detect anomalous network communications. This work aims to explore a mechanism for detecting breaks in periodicity to flag anomalies. The method was validated using data from a real oil and gas wellhead monitoring testbed containing field flooding, SYN flooding, and Man-in-the-Middle (MITM) attacks — which are attacks that are popularly used to target the availability and integrity of oil and gas critical infrastructure. The results from STADe proved to be effective in detecting these attacks with zero false positives and F1 scores of 0.97, 0.923, and 0.8 respectively. Further experiments carried out to compare STADe with other unsupervised machine learning algorithms – KNN, isolation forest, and Local Outlier Factor (LOF) – resulted in F1 scores of 0.55, 0.673, and 0.408 respectively. STADe outperformed them with an F1 score of 0.933 using the same dataset.

由于OT网络与企业网络的集成，特别是在工业网络物理系统（ICPS）的情况下，关键基础设施和运营技术（OT）越来越容易受到网络攻击。这些技术是我们日常生活的重要组成部分，通常通过传感器和执行器通过工业网络不断通信来运行。为了保护这些工业网络免受网络攻击，研究人员利用误用检测和异常检测（AD）技术来检测潜在的攻击。误用检测方法无法检测零日攻击，而AD方法可以，但假阳性率高，计算开销大。在本文中，我们提出了一种新的滑动时间窗异常检测方法STADe，它利用网络数据包到达时间的唯一特征来检测异常网络通信。这项工作旨在探索一种检测周期性中断以标记异常的机制。该方法通过一个真实的油气井口监测试验台的数据进行了验证，该试验台包含油田注水、SYN注水和中间人（MITM）攻击，这些攻击通常用于针对油气关键基础设施的可用性和完整性。结果表明，STADe检测这些攻击是有效的，假阳性为零，F1得分分别为0.97、0.923和0.8。进一步的实验将STADe与其他无监督机器学习算法——KNN、隔离森林和局部离群因子（LOF）——进行比较，结果F1得分分别为0.55、0.673和0.408。使用相同的数据集，STADe的F1得分为0.933，优于它们。

{"title":"STADe: An unsupervised time-windows method of detecting anomalies in oil and gas Industrial Cyber-Physical Systems (ICPS) networks","authors":"Abubakar Sadiq Mohammed, Eirini Anthi, Omer Rana, Pete Burnap, Andrew Hood","doi":"10.1016/j.ijcip.2025.100762","DOIUrl":"10.1016/j.ijcip.2025.100762","url":null,"abstract":"<div><div>Critical infrastructure and Operational Technology (OT) are becoming more exposed to cyber attacks due to the integration of OT networks to enterprise networks especially in the case of Industrial Cyber-Physical Systems (ICPS). These technologies that are a huge part of our daily lives usually operate by having sensors and actuators constantly communicating through an industrial network. To secure these industrial networks from cyber attacks, researchers have utilised misuse detection and Anomaly Detection (AD) techniques to detect potential attacks. Misuse detection methods are unable to detect zero-day attacks while AD methods can, but with high false positive rates and high computational overheads. In this paper, we present STADe, a novel Sliding Time-window Anomaly Detection method that uses a sole feature of network packet inter-arrival times to detect anomalous network communications. This work aims to explore a mechanism for detecting breaks in periodicity to flag anomalies. The method was validated using data from a real oil and gas wellhead monitoring testbed containing field flooding, SYN flooding, and Man-in-the-Middle (MITM) attacks — which are attacks that are popularly used to target the availability and integrity of oil and gas critical infrastructure. The results from STADe proved to be effective in detecting these attacks with zero false positives and F1 scores of 0.97, 0.923, and 0.8 respectively. Further experiments carried out to compare STADe with other unsupervised machine learning algorithms – KNN, isolation forest, and Local Outlier Factor (LOF) – resulted in F1 scores of 0.55, 0.673, and 0.408 respectively. STADe outperformed them with an F1 score of 0.933 using the same dataset.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100762"},"PeriodicalIF":4.1,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143882059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Evaluating regional emergency response capabilities using entropy weight and matter-element extension theory 利用熵权和物元可拓理论评价区域应急响应能力

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-04-18 DOI: 10.1016/j.ijcip.2025.100763

Peijian Jin , Haohao Qu , Pengzhen Fan , Suling Ge

To accurately evaluate regional emergency response capacity, this paper establishes an indicator system based on measurable and quantifiable indicators, aligning with China's national laws, regulations, standards, and regional development data. The system comprises targets, guidelines, sub-criteria, and indicator levels. The target layer represents the evaluation focus, i.e., regional emergency response capacity. The guideline and sub-criteria layers include four guidelines and 12 sub-criteria, respectively. The indicator layer includes 28 quantifiable indicators, such as the rate of preparation of emergency plans, the frequency of emergency drills, the emergency response team, the number of financial allocations from the general public budget, and the percentage of social security and employment expenditures. The entropy weighting method is employed to determine index weights, while the material element topable theory quantitatively evaluates regional emergency response capacity. Subsequently, the model is utilized to assess the emergency response capacity of 31 provincial administrative regions in mainland China, confirming its validity.

为准确评价区域应急响应能力，本文结合中国国家法律、法规、标准和区域发展数据，建立了以可测量和可量化指标为基础的指标体系。该系统包括目标、指引、子准则和指标水平。目标层代表评价重点，即区域应急能力。指南和子标准层分别包括4个指南和12个子标准。指标层包括28个可量化的指标，如应急计划的编制率、应急演习的频率、应急小组、一般公共预算的财政拨款数量以及社会保障和就业支出的百分比。采用熵权法确定指标权重，采用物质元toptable理论定量评价区域应急响应能力。随后，利用该模型对中国大陆31个省级行政区的应急响应能力进行了评估，验证了模型的有效性。

{"title":"Evaluating regional emergency response capabilities using entropy weight and matter-element extension theory","authors":"Peijian Jin , Haohao Qu , Pengzhen Fan , Suling Ge","doi":"10.1016/j.ijcip.2025.100763","DOIUrl":"10.1016/j.ijcip.2025.100763","url":null,"abstract":"<div><div>To accurately evaluate regional emergency response capacity, this paper establishes an indicator system based on measurable and quantifiable indicators, aligning with China's national laws, regulations, standards, and regional development data. The system comprises targets, guidelines, sub-criteria, and indicator levels. The target layer represents the evaluation focus, i.e., regional emergency response capacity. The guideline and sub-criteria layers include four guidelines and 12 sub-criteria, respectively. The indicator layer includes 28 quantifiable indicators, such as the rate of preparation of emergency plans, the frequency of emergency drills, the emergency response team, the number of financial allocations from the general public budget, and the percentage of social security and employment expenditures. The entropy weighting method is employed to determine index weights, while the material element topable theory quantitatively evaluates regional emergency response capacity. Subsequently, the model is utilized to assess the emergency response capacity of 31 provincial administrative regions in mainland China, confirming its validity.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100763"},"PeriodicalIF":4.1,"publicationDate":"2025-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143874438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Measuring spatial accessibility to critical infrastructure: The Access Road Identification model 测量关键基础设施的空间可达性：通路识别模式

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-04-03 DOI: 10.1016/j.ijcip.2025.100760

Ana Maria Mager Pozo , Peter Priesmeier , Alexander Fekete

Natural hazards such as earthquakes or floods can severely disrupt transportation networks and lead to cascading effects to other critical infrastructure (CI). A functioning road network is crucial to maintain spatial accessibility of CI such as hospitals or fire stations, especially during disaster scenarios. In the present study, we introduce a geographic information system (GIS)-based model that is able to identify and quantify the access roads to CI facilities through shortest path analysis, namely the Access Road Identification (ARI)-model. Including hazard maps into the model allows comparing CI accessibility in a baseline scenario with a hazard scenario. We exemplary apply the elaborated model to two case studies considering the accessibility of hospitals during floods in Hamburg, Germany and fire stations during an earthquake event in the Tehran-Karaj metropolitan region, Iran.

The results show significant differences between the two case studies: Floods have an overall low impact on the accessibility of hospitals in Hamburg, but single hospitals lose up to 40 % of their access roads during the flood. In Tehran-Karaj however the model indicates that about 38 % of the fire stations have access roads exposed to the earthquake hazard, while a fifth of them lose over 50 % of their access roads and four facilities are completely inaccessible.

These findings highlight the need for robust contingency planning by identifying and prioritizing CI facilities that are most at risk. The novelty of the ARI-model consists in its facility-centered approach to measure spatial accessibility of single CI services, thus unveiling valuable insights regarding the potential loss of direct access roads. The transferability of the model allows to adapt it to various use cases, where different hazards or CI facility types are considered. The model can serve relevant stakeholders as a decision-making tool for prioritizing resource allocation, planning evacuation measures and enhancing disaster preparedness based on CI accessibility, thus being applicable both to the preparation and response phase of disaster management. In the future, an extension of the ARI-model is planned by implementing dynamic hazard maps, data on traffic demand and additional weighting of the results.

地震或洪水等自然灾害可能严重破坏交通网络，并导致对其他关键基础设施（CI）的级联效应。有效的道路网络对于维持医院或消防站等公共设施的空间可达性至关重要，尤其是在发生灾害的情况下。在本研究中，我们引入了一个基于地理信息系统（GIS）的模型，该模型能够通过最短路径分析来识别和量化CI设施的通道，即通道识别（ARI）模型。在模型中包含危险图可以比较基线场景和危险场景中的CI可访问性。我们将详细阐述的模型应用于两个案例研究，分别考虑德国汉堡洪水期间医院的可及性和伊朗德黑兰-卡拉伊大都市区地震期间消防站的可及性。结果显示了两个案例研究之间的显著差异：洪水对汉堡医院可达性的总体影响较低，但单个医院在洪水期间失去了高达40%的通道。然而，在德黑兰卡拉杰，该模型表明，大约38%的消防站的通道暴露在地震危险中，而五分之一的消防站失去了50%以上的通道，四个设施完全无法进入。这些发现强调了通过确定风险最大的CI设施并对其进行优先排序来制定强有力的应急计划的必要性。ari模型的新颖之处在于其以设施为中心的方法来衡量单个CI服务的空间可达性，从而揭示了关于直接通道的潜在损失的有价值的见解。模型的可移植性允许将其适应各种用例，其中考虑了不同的危害或CI设施类型。该模型可以作为基于CI可及性的资源优先分配、疏散措施规划和加强灾备的决策工具，为相关利益相关者服务，适用于灾害管理的准备和响应阶段。未来，计划通过实施动态危险地图、交通需求数据和对结果进行额外加权来扩展ari模型。

{"title":"Measuring spatial accessibility to critical infrastructure: The Access Road Identification model","authors":"Ana Maria Mager Pozo , Peter Priesmeier , Alexander Fekete","doi":"10.1016/j.ijcip.2025.100760","DOIUrl":"10.1016/j.ijcip.2025.100760","url":null,"abstract":"<div><div>Natural hazards such as earthquakes or floods can severely disrupt transportation networks and lead to cascading effects to other critical infrastructure (CI). A functioning road network is crucial to maintain spatial accessibility of CI such as hospitals or fire stations, especially during disaster scenarios. In the present study, we introduce a geographic information system (GIS)-based model that is able to identify and quantify the access roads to CI facilities through shortest path analysis, namely the Access Road Identification (ARI)-model. Including hazard maps into the model allows comparing CI accessibility in a baseline scenario with a hazard scenario. We exemplary apply the elaborated model to two case studies considering the accessibility of hospitals during floods in Hamburg, Germany and fire stations during an earthquake event in the Tehran-Karaj metropolitan region, Iran.</div><div>The results show significant differences between the two case studies: Floods have an overall low impact on the accessibility of hospitals in Hamburg, but single hospitals lose up to 40 % of their access roads during the flood. In Tehran-Karaj however the model indicates that about 38 % of the fire stations have access roads exposed to the earthquake hazard, while a fifth of them lose over 50 % of their access roads and four facilities are completely inaccessible.</div><div>These findings highlight the need for robust contingency planning by identifying and prioritizing CI facilities that are most at risk. The novelty of the ARI-model consists in its facility-centered approach to measure spatial accessibility of single CI services, thus unveiling valuable insights regarding the potential loss of direct access roads. The transferability of the model allows to adapt it to various use cases, where different hazards or CI facility types are considered. The model can serve relevant stakeholders as a decision-making tool for prioritizing resource allocation, planning evacuation measures and enhancing disaster preparedness based on CI accessibility, thus being applicable both to the preparation and response phase of disaster management. In the future, an extension of the ARI-model is planned by implementing dynamic hazard maps, data on traffic demand and additional weighting of the results.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100760"},"PeriodicalIF":4.1,"publicationDate":"2025-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143824271","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

SPARK and SAD: Leading-edge deep learning frameworks for robust and effective intrusion detection in SCADA systems SPARK和SAD：在SCADA系统中用于鲁棒和有效入侵检测的前沿深度学习框架

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-03-30 DOI: 10.1016/j.ijcip.2025.100759

Raghuram Bhukya , Syed Abdul Moeed , Anusha Medavaka , Alaa O. Khadidos , Adil O. Khadidos , Shitharth Selvarajan

Considering SCADA systems operate and manage critical infrastructure and industrial processes, the need for robust intrusion detection systems-IDSs cannot be overemphasized. The complexity of these systems, added to their increased exposure to more sophisticated cyber-attacks, creates significant challenges for continuous, secure operations. Traditional approaches to intrusion detection usually fail to cope, scale, or be as accurate as is necessary when dealing with the modern, multi-faceted problem of an attack vector against SCADA networks and IIoT environments. Past works have generally proposed the use of different machine learning and deep learning anomaly detection strategies to find possible intrusions. While these methods have, in fact, been promising, their effects are not without their own set of problems, including high false positives, poor generalization to new types of attacks, and performance inefficiencies in large-scale data environments. In this work, against this background, two novel IDS models are put forward: SPARK (Scalable Predictive Anomaly Response Kernel) and SAD (Scented Alpine Descent), to further improve the security landscape in SCADA systems. SPARK enables an ensemble-based deep learning framework combining strategic feature extraction with adaptive learning mechanisms for volume data processing at high accuracy and efficiency. This architecture has stringent anomaly detection through a multi-layered deep network adapting to ever-evolving contexts in operational environments, allowing for low latency and high precision in the detections. The SAD model works in concert with SPARK by adopting a synergistic approach that embeds deep learning into anomaly scoring algorithms, enabled to detect subtle attack patterns and further reduce false-positive rates.

考虑到SCADA系统操作和管理关键基础设施和工业过程，对强大的入侵检测系统（ids）的需求再怎么强调也不为过。这些系统的复杂性，再加上它们越来越容易受到更复杂的网络攻击，为持续、安全的运营带来了重大挑战。传统的入侵检测方法在处理针对SCADA网络和IIoT环境的攻击向量的现代、多方面问题时，通常无法应对、扩展或准确。过去的工作通常提出使用不同的机器学习和深度学习异常检测策略来发现可能的入侵。虽然这些方法实际上很有前途，但它们的效果也存在一些问题，包括误报率高、对新攻击类型的泛化能力差以及在大规模数据环境中的性能低下。在此背景下，本文提出了两种新的入侵检测模型：SPARK （Scalable Predictive Anomaly Response Kernel）和SAD (Scented Alpine Descent)，以进一步改善SCADA系统的安全环境。SPARK支持基于集成的深度学习框架，将战略特征提取与自适应学习机制相结合，以高精度和高效率地处理大量数据。该体系结构通过多层深度网络进行严格的异常检测，以适应操作环境中不断变化的上下文，从而实现低延迟和高精度检测。SAD模型通过将深度学习嵌入到异常评分算法中的协同方法与SPARK协同工作，能够检测到微妙的攻击模式，并进一步降低误报率。

{"title":"SPARK and SAD: Leading-edge deep learning frameworks for robust and effective intrusion detection in SCADA systems","authors":"Raghuram Bhukya , Syed Abdul Moeed , Anusha Medavaka , Alaa O. Khadidos , Adil O. Khadidos , Shitharth Selvarajan","doi":"10.1016/j.ijcip.2025.100759","DOIUrl":"10.1016/j.ijcip.2025.100759","url":null,"abstract":"<div><div>Considering SCADA systems operate and manage critical infrastructure and industrial processes, the need for robust intrusion detection systems-IDSs cannot be overemphasized. The complexity of these systems, added to their increased exposure to more sophisticated cyber-attacks, creates significant challenges for continuous, secure operations. Traditional approaches to intrusion detection usually fail to cope, scale, or be as accurate as is necessary when dealing with the modern, multi-faceted problem of an attack vector against SCADA networks and IIoT environments. Past works have generally proposed the use of different machine learning and deep learning anomaly detection strategies to find possible intrusions. While these methods have, in fact, been promising, their effects are not without their own set of problems, including high false positives, poor generalization to new types of attacks, and performance inefficiencies in large-scale data environments. In this work, against this background, two novel IDS models are put forward: SPARK (Scalable Predictive Anomaly Response Kernel) and SAD (Scented Alpine Descent), to further improve the security landscape in SCADA systems. SPARK enables an ensemble-based deep learning framework combining strategic feature extraction with adaptive learning mechanisms for volume data processing at high accuracy and efficiency. This architecture has stringent anomaly detection through a multi-layered deep network adapting to ever-evolving contexts in operational environments, allowing for low latency and high precision in the detections. The SAD model works in concert with SPARK by adopting a synergistic approach that embeds deep learning into anomaly scoring algorithms, enabled to detect subtle attack patterns and further reduce false-positive rates.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100759"},"PeriodicalIF":4.1,"publicationDate":"2025-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143783593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Assessing earthquake risks to lifeline infrastructure systems in the United States 评估美国生命线基础设施系统的地震风险

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-03-24 DOI: 10.1016/j.ijcip.2025.100758

N. Simon Kwong , Kishor S. Jaiswal

The security and economic stability of the United States rely heavily on robust lifeline infrastructure systems and yet the risks to such systems are seldom quantified at the national scale. For example, while earthquake risks to buildings in the United States have been investigated at the national scale regularly, such risks to gas pipelines have rarely been investigated nationally. In this paper, we use examples from two critical infrastructure sectors to demonstrate (1) the nature of earthquake risks to lifeline infrastructure systems, (2) complexities involved in regional seismic risk assessments, and (3) how such risks change with time. We found that bridge risks can be underestimated by at least 64 % when viewed from repair costs instead of traffic demands and that regional risks can be underestimated by 19 % when spatial correlations of ground motion are ignored. Further, exceedance of traffic demand can be 50 times more likely to occur when viewed at the regional scale than when viewed at an individual bridge. Similarly, exceedance of repairs can be 180 times more likely to occur when viewed at the pipeline network level than at a segment-specific level. Finally, sensitivity analyses with the 2018 and 2023 USGS National Seismic Hazard Models indicate an increase in bridge risk of at least 24 % and an increase in exposed gas pipeline mileage of 43 %. The evolution of risks, complexities involved in assessments, and limited resources jointly underscore the need for more routine updates to nationwide seismic risk assessments of lifeline systems in the United States.

美国的安全和经济稳定在很大程度上依赖于强大的生命线基础设施系统，但这些系统所面临的风险却很少在全国范围内进行量化。例如，美国定期在全国范围内调查建筑物的地震风险，但却很少在全国范围内调查天然气管道的此类风险。在本文中，我们用两个关键基础设施部门的例子来说明：(1) 生命线基础设施系统地震风险的性质；(2) 区域地震风险评估的复杂性；(3) 这种风险如何随时间变化。我们发现，如果从维修成本而非交通需求的角度来看，桥梁风险可能被低估至少 64%；如果忽略地动的空间相关性，区域风险可能被低估 19%。此外，从区域范围来看，交通需求超标的可能性是单座桥梁的 50 倍。同样，从管网层面来看，维修费用超标的可能性是分段层面的 180 倍。最后，使用 2018 年和 2023 年 USGS 国家地震灾害模型进行的敏感性分析表明，桥梁风险至少增加 24%，暴露的天然气管道里程增加 43%。风险的演变、评估的复杂性和有限的资源共同强调了对美国全国生命线系统地震风险评估进行更多例行更新的必要性。

{"title":"Assessing earthquake risks to lifeline infrastructure systems in the United States","authors":"N. Simon Kwong , Kishor S. Jaiswal","doi":"10.1016/j.ijcip.2025.100758","DOIUrl":"10.1016/j.ijcip.2025.100758","url":null,"abstract":"<div><div>The security and economic stability of the United States rely heavily on robust lifeline infrastructure systems and yet the risks to such systems are seldom quantified at the national scale. For example, while earthquake risks to buildings in the United States have been investigated at the national scale regularly, such risks to gas pipelines have rarely been investigated nationally. In this paper, we use examples from two critical infrastructure sectors to demonstrate (1) the nature of earthquake risks to lifeline infrastructure systems, (2) complexities involved in regional seismic risk assessments, and (3) how such risks change with time. We found that bridge risks can be underestimated by at least 64 % when viewed from repair costs instead of traffic demands and that regional risks can be underestimated by 19 % when spatial correlations of ground motion are ignored. Further, exceedance of traffic demand can be 50 times more likely to occur when viewed at the regional scale than when viewed at an individual bridge. Similarly, exceedance of repairs can be 180 times more likely to occur when viewed at the pipeline network level than at a segment-specific level. Finally, sensitivity analyses with the 2018 and 2023 USGS National Seismic Hazard Models indicate an increase in bridge risk of at least 24 % and an increase in exposed gas pipeline mileage of 43 %. The evolution of risks, complexities involved in assessments, and limited resources jointly underscore the need for more routine updates to nationwide seismic risk assessments of lifeline systems in the United States.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100758"},"PeriodicalIF":4.1,"publicationDate":"2025-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143738890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Situation Awareness for Cyber Resilience: A review 网络弹性的态势感知：综述

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-03-04 DOI: 10.1016/j.ijcip.2025.100755

Emanuele Bellini , Giuseppe D’Aniello , Francesco Flammini , Rosario Gaeta

Cyber resilience is increasingly crucial in critical infrastructure protection. Central to achieving cyber resilience is Situation Awareness (SA), the comprehension of the current state of cyber environments, and the ability to anticipate future developments. This paper reviews the intersection of cyber resilience and SA, highlighting the most important features of SA to address the resilience objectives in cyber–physical systems. The survey synthesizes recent research findings, highlights trends, and offers insights into its importance across various domains. By synthesizing diverse perspectives and recent developments in the field, this survey serves as a valuable resource for researchers, practitioners, and policymakers engaged in cyber resilience and SA operations, providing a foundation for further research and practical implementations in the field.

网络弹性在关键基础设施保护中越来越重要。实现网络弹性的核心是态势感知（SA），对网络环境当前状态的理解以及预测未来发展的能力。本文回顾了网络弹性和SA的交叉，强调了SA的最重要特征，以解决网络物理系统中的弹性目标。该调查综合了最近的研究成果，突出了趋势，并提供了其在各个领域的重要性的见解。通过综合不同的观点和该领域的最新发展，本调查为从事网络弹性和SA操作的研究人员、从业者和政策制定者提供了宝贵的资源，为该领域的进一步研究和实际实施奠定了基础。

引用次数: 0

Interdependencies and third parties 相互依赖和第三方

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-03-01 DOI: 10.1016/S1874-5482(25)00011-3

Roberto Setola

引用次数: 0

Optimizing vehicle security: A multiclassification framework using deep transfer learning and metaheuristic-based genetic algorithm optimization 优化车辆安全：一个使用深度迁移学习和基于元启发式的遗传算法优化的多分类框架

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-02-24 DOI: 10.1016/j.ijcip.2025.100745

Hamad Naeem , Farhan Ullah , Ondrej Krejcar , Deguang Li , Danish Vasan

An extension of the Internet of Things (IoT) paradigm, the Internet of Vehicles (IoV) makes it easier for smart cars to connect to the Internet and communicate with one another. Consumer interest in IoV technology has grown significantly as a result of the increased capabilities of smart vehicles. However, the rapid growth of IoV raises serious privacy and security issues that can lead to dangerous accidents. To detect intrusions into IoT networks, several academics have developed deep learning-based algorithms. Detecting malicious assaults inside vehicle networks and lowering the frequency of smart vehicle accidents are the goals of these models. The proposed approach makes use of an advanced three-layer design that combines ensemble approaches, Genetic Algorithms (GA), and Convolutional Neural Networks (CNNs). Three essential steps are used to execute this methodology: In order to perform CNN-based analysis, we first convert high-level IoV data into image format. The hyperparameters of each base learning model are then optimized via GA, which improves the performance and adaptability of the models. Lastly, we combine the outputs of the three CNN models using ensemble approaches, which greatly improves the intrusion detection system’s (IDS) long-term robustness. Two data sets were used for the evaluations: the CICEVSE dataset, which contains 22,086 samples from 12 distinct intrusion categories, and the publicly accessible Car Hacking dataset, which contains 29,228 samples from five different intrusion categories. According to the experimental findings, the proposed strategy obtained an optimal score of 100% on the Car Hacking images and 93% on the CICEVSE images, demonstrating excellent accuracy. The findings have substantial implications for the development of safe, effective, and flexible intrusion detection systems in the complicated environment of the Internet of Vehicles.

作为物联网（IoT）范式的延伸，车联网（IoV）使智能汽车更容易连接到互联网并相互通信。由于智能汽车功能的增强，消费者对车联网技术的兴趣显著增长。然而，车联网的快速发展引发了严重的隐私和安全问题，可能导致危险的事故。为了检测对物联网网络的入侵，一些学者开发了基于深度学习的算法。这些模型的目标是检测车辆网络内部的恶意攻击，降低智能车辆事故的频率。该方法采用了一种先进的三层设计，结合了集成方法、遗传算法（GA）和卷积神经网络（cnn）。为了执行基于cnn的分析，我们首先将高级车联网数据转换为图像格式。然后通过遗传算法对每个基学习模型的超参数进行优化，提高了模型的性能和自适应性。最后，我们使用集成方法将三种CNN模型的输出结合起来，大大提高了入侵检测系统的长期鲁棒性。评估使用了两个数据集：CICEVSE数据集，其中包含来自12个不同入侵类别的22,086个样本；以及可公开访问的汽车黑客数据集，其中包含来自5个不同入侵类别的29,228个样本。实验结果表明，该策略在Car Hacking图像上的最优得分为100%，在CICEVSE图像上的最优得分为93%，具有良好的准确率。研究结果对在复杂的车联网环境下开发安全、有效、灵活的入侵检测系统具有重要意义。

{"title":"Optimizing vehicle security: A multiclassification framework using deep transfer learning and metaheuristic-based genetic algorithm optimization","authors":"Hamad Naeem , Farhan Ullah , Ondrej Krejcar , Deguang Li , Danish Vasan","doi":"10.1016/j.ijcip.2025.100745","DOIUrl":"10.1016/j.ijcip.2025.100745","url":null,"abstract":"<div><div>An extension of the Internet of Things (IoT) paradigm, the Internet of Vehicles (IoV) makes it easier for smart cars to connect to the Internet and communicate with one another. Consumer interest in IoV technology has grown significantly as a result of the increased capabilities of smart vehicles. However, the rapid growth of IoV raises serious privacy and security issues that can lead to dangerous accidents. To detect intrusions into IoT networks, several academics have developed deep learning-based algorithms. Detecting malicious assaults inside vehicle networks and lowering the frequency of smart vehicle accidents are the goals of these models. The proposed approach makes use of an advanced three-layer design that combines ensemble approaches, Genetic Algorithms (GA), and Convolutional Neural Networks (CNNs). Three essential steps are used to execute this methodology: In order to perform CNN-based analysis, we first convert high-level IoV data into image format. The hyperparameters of each base learning model are then optimized via GA, which improves the performance and adaptability of the models. Lastly, we combine the outputs of the three CNN models using ensemble approaches, which greatly improves the intrusion detection system’s (IDS) long-term robustness. Two data sets were used for the evaluations: the CICEVSE dataset, which contains 22,086 samples from 12 distinct intrusion categories, and the publicly accessible Car Hacking dataset, which contains 29,228 samples from five different intrusion categories. According to the experimental findings, the proposed strategy obtained an optimal score of 100% on the Car Hacking images and 93% on the CICEVSE images, demonstrating excellent accuracy. The findings have substantial implications for the development of safe, effective, and flexible intrusion detection systems in the complicated environment of the Internet of Vehicles.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100745"},"PeriodicalIF":4.1,"publicationDate":"2025-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143534114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Advances in UAV detection: integrating multi-sensor systems and AI for enhanced accuracy and efficiency 无人机探测的进展：集成多传感器系统和人工智能以提高精度和效率

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection

Pub Date : 2025-02-11 DOI: 10.1016/j.ijcip.2025.100744

Vladislav Semenyuk , Ildar Kurmashev , Alberto Lupidi , Dmitriy Alyoshin , Liliya Kurmasheva , Alessandro Cantelli-Forti

This review critically examines the progress in unmanned aerial vehicle (UAV) detection and classification technologies from 2020 to the present. It highlights a range of detection methods, including radar, radio frequency (RF), optical, and acoustic sensors, with particular emphasis on the integration of these technologies through advanced sensor fusion techniques. The paper explores the core technologies driving improvements in detection accuracy, range, and reliability, with a special focus on the transformative role of artificial intelligence and machine learning. These innovations have significantly enhanced system performance, enabling more precise and efficient UAV detection. The review concludes with insights into emerging trends and future developments that promise to further refine UAV detection technologies, ensuring greater security and operational reliability.

本文综述了2020年至今无人飞行器（UAV）检测和分类技术的进展。它强调了一系列检测方法，包括雷达、射频（RF）、光学和声学传感器，特别强调了通过先进的传感器融合技术将这些技术集成在一起。本文探讨了推动检测精度、范围和可靠性提高的核心技术，特别关注人工智能和机器学习的变革作用。这些创新显著增强了系统性能，使无人机探测更加精确和高效。该评估总结了新兴趋势和未来发展的见解，有望进一步完善无人机探测技术，确保更高的安全性和操作可靠性。

引用次数: 0