An edge–cloud sparse autoencoder based cyber attack detection and measurement reconstruction for industrial cyber–physical systems

•Data driven based edge-cloud approach for discriminating cyber-attack and fault.•Edge SAE is for fault identification and cloud SAE is for attack detection.•Free from system model and labelled data due to unsupervised data driven technique.•Validated effectiveness on a nonlinear simulated vehicle m...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Measurement : journal of the International Measurement Confederation Ročník 259; s. 119673
Hlavní autoři: Santhi, Thulasi M., Srinivasan, K.
Médium: Journal Article
Jazyk:angličtina
Vydáno: Elsevier Ltd 01.02.2026
Témata:
Attack detection
Cyber physical system
Edge-cloud approach
Sparse autoencoder
Unsupervised learning
Edge-cloud approach
Sparse autoencoder
Attack detection
Cyber physical system
Unsupervised learning
ISSN:0263-2241
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:•Data driven based edge-cloud approach for discriminating cyber-attack and fault.•Edge SAE is for fault identification and cloud SAE is for attack detection.•Free from system model and labelled data due to unsupervised data driven technique.•Validated effectiveness on a nonlinear simulated vehicle model and real-time system.•Overcome the computational limitation of edge server by employing trained SAE. Cyber physical systems (CPSs) are transforming industrial technology by merging physical and cyber realms resulting voluminous data and enhanced communication, but it also raises the risk of cyber attacks. However, distinguishing between malicious attacks and faults is challenging. This research proposes an innovative edge-cloud collaborative unsupervised cyber attack detection approach using two sparse autoencoders(SAEs) deployed at the edge and cloud levels. The edge-based SAE identifies faults meanwhile the cloud-based SAE detects cyber attacks. The residuals comparison accurately discerns between faults, cyber attacks and coordinated threats without relying on system models or labelled data. The method reconstructs measurements, identifies affected signals, distinguish cyber attacks from fault, and retrieves attack signals. The effectiveness of the technique is demonstrated on simulation and real-time system to promise practical application.
ISSN:0263-2241
DOI:10.1016/j.measurement.2025.119673