ML-Based Threat Severity Detection in Cyber-Physical Systems for Smart Environments Using Behavioral Analysis
摘要
The extensive adoption of cyber-physical systems (CPS) in daily life has led to an increase in cybersecurity vulnerabilities in both physical and digital domains. Traditional rule-based and signature defenses are inadequate for safeguarding against emerging technologies and zero-day threats. This paper introduces a methodology for threat detection in CPS that is driven by behavioral analysis and utilizes machine learning, illustrated through a case study of a Smart Home System. User interaction and environmental signals undergo normalization via rule-based deviation detection (including after-hours access, rapid toggling, and multi-location/IP flags). These normalized signals are subsequently combined with temporal and contextual features and input into an XGBoost classifier, which includes probability calibration for the classification of anomaly severity (Low vs. High). This study employs STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) for systematic threat analysis, achieving a balance between detection accuracy and privacy by relying on behavioral cues rather than extensive personal information. In a held-out test set, the classification model demonstrated an accuracy of 0.91, ROC-AUC of 0.94, PR-AUC (High) of 0.88, precision (High) of 0.84, recall (High) of 0.86, F1 (High) of 0.85, and a Brier score of 0.12, indicating robust discrimination and well-calibrated probabilities. The proposed approach is systematic and reproducible, enabling rapid, transparent, and flexible mitigation while enhancing the resilience of CPS against emerging attack vectors in practical applications.