<p>The extensive adoption of cyber-physical systems (CPS) in daily life has led to an increase in cybersecurity vulnerabilities in both physical and digital domains. Traditional rule-based and signature defenses are inadequate for safeguarding against emerging technologies and zero-day threats. This paper introduces a methodology for threat detection in CPS that is driven by behavioral analysis and utilizes machine learning, illustrated through a case study of a Smart Home System. User interaction and environmental signals undergo normalization via rule-based deviation detection (including after-hours access, rapid toggling, and multi-location/IP flags). These normalized signals are subsequently combined with temporal and contextual features and input into an XGBoost classifier, which includes probability calibration for the classification of anomaly severity (Low vs. High). This study employs STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) for systematic threat analysis, achieving a balance between detection accuracy and privacy by relying on behavioral cues rather than extensive personal information. In a held-out test set, the classification model demonstrated an accuracy of 0.91, ROC-AUC of 0.94, PR-AUC (High) of 0.88, precision (High) of 0.84, recall (High) of 0.86, F1 (High) of 0.85, and a Brier score of 0.12, indicating robust discrimination and well-calibrated probabilities. The proposed approach is systematic and reproducible, enabling rapid, transparent, and flexible mitigation while enhancing the resilience of CPS against emerging attack vectors in practical applications.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

ML-Based Threat Severity Detection in Cyber-Physical Systems for Smart Environments Using Behavioral Analysis

  • Ahmad Khawaji,
  • R. John Martin

摘要

The extensive adoption of cyber-physical systems (CPS) in daily life has led to an increase in cybersecurity vulnerabilities in both physical and digital domains. Traditional rule-based and signature defenses are inadequate for safeguarding against emerging technologies and zero-day threats. This paper introduces a methodology for threat detection in CPS that is driven by behavioral analysis and utilizes machine learning, illustrated through a case study of a Smart Home System. User interaction and environmental signals undergo normalization via rule-based deviation detection (including after-hours access, rapid toggling, and multi-location/IP flags). These normalized signals are subsequently combined with temporal and contextual features and input into an XGBoost classifier, which includes probability calibration for the classification of anomaly severity (Low vs. High). This study employs STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) for systematic threat analysis, achieving a balance between detection accuracy and privacy by relying on behavioral cues rather than extensive personal information. In a held-out test set, the classification model demonstrated an accuracy of 0.91, ROC-AUC of 0.94, PR-AUC (High) of 0.88, precision (High) of 0.84, recall (High) of 0.86, F1 (High) of 0.85, and a Brier score of 0.12, indicating robust discrimination and well-calibrated probabilities. The proposed approach is systematic and reproducible, enabling rapid, transparent, and flexible mitigation while enhancing the resilience of CPS against emerging attack vectors in practical applications.