Using Kolmogorov–Arnold network for cyber–physical system security: A fast and efficient approach

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection Pub Date : 2025-06-04 DOI:10.1016/j.ijcip.2025.100768

Mohammadmahdi Ghorbani , Alimohammad Ghassemi , Mohammad Alikhani, Hamid Khaloozadeh, Amirhossein Nikoofard

{"title":"Using Kolmogorov–Arnold network for cyber–physical system security: A fast and efficient approach","authors":"Mohammadmahdi Ghorbani , Alimohammad Ghassemi , Mohammad Alikhani, Hamid Khaloozadeh, Amirhossein Nikoofard","doi":"10.1016/j.ijcip.2025.100768","DOIUrl":null,"url":null,"abstract":"<div><div>A cyber–physical system (CPS) is the foundation of modern industrial infrastructures but is vulnerable to cyber attacks due to its connectivity. Detecting these attacks is crucial, driving research into machine learning and deep learning-based models for intrusion detection systems. Many of these models, though effective, suffer from high computational complexity and large parameter counts, limiting their practicality for real-time deployment. Additionally, extensive data preprocessing, commonly used in attack detection, can introduce drawbacks such as loss of critical information, reduced interpretability, and increased latency. This paper employs the Kolmogorov–Arnold network (KAN) as a lightweight and efficient alternative to conventional models for attack detection in CPSs. With a compact architecture and significantly fewer parameters, KAN achieves high classification accuracy while minimizing computational overhead. It eliminates the need for complex feature extraction and preprocessing, preserving data integrity and enabling faster decision-making. Evaluated on the SWaT, WADI, and ICS-Flow datasets, KAN demonstrates superior performance in detecting cyber attacks across binary and multi-class tasks on both physical and network data. Its low inference time and minimal resource requirements make it a practical solution for real-time CPS security.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100768"},"PeriodicalIF":5.3000,"publicationDate":"2025-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548225000290","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

A cyber–physical system (CPS) is the foundation of modern industrial infrastructures but is vulnerable to cyber attacks due to its connectivity. Detecting these attacks is crucial, driving research into machine learning and deep learning-based models for intrusion detection systems. Many of these models, though effective, suffer from high computational complexity and large parameter counts, limiting their practicality for real-time deployment. Additionally, extensive data preprocessing, commonly used in attack detection, can introduce drawbacks such as loss of critical information, reduced interpretability, and increased latency. This paper employs the Kolmogorov–Arnold network (KAN) as a lightweight and efficient alternative to conventional models for attack detection in CPSs. With a compact architecture and significantly fewer parameters, KAN achieves high classification accuracy while minimizing computational overhead. It eliminates the need for complex feature extraction and preprocessing, preserving data integrity and enabling faster decision-making. Evaluated on the SWaT, WADI, and ICS-Flow datasets, KAN demonstrates superior performance in detecting cyber attacks across binary and multi-class tasks on both physical and network data. Its low inference time and minimal resource requirements make it a practical solution for real-time CPS security.

查看原文本刊更多论文

利用Kolmogorov-Arnold网络实现网络物理系统安全：一种快速有效的方法

网络物理系统（CPS）是现代工业基础设施的基础，但由于其连通性，容易受到网络攻击。检测这些攻击至关重要，这将推动对入侵检测系统的机器学习和基于深度学习的模型的研究。其中许多模型虽然有效，但由于计算复杂度高和参数数量大，限制了它们在实时部署中的实用性。此外，广泛的数据预处理（通常用于攻击检测）可能会带来一些缺点，例如丢失关键信息、可解释性降低和延迟增加。本文采用Kolmogorov-Arnold网络（KAN）作为一种轻量级和高效的替代传统的攻击检测模型。凭借紧凑的体系结构和显著减少的参数，KAN实现了高分类精度，同时最大限度地减少了计算开销。它消除了复杂的特征提取和预处理的需要，保持了数据的完整性并实现了更快的决策。在SWaT、WADI和ICS-Flow数据集上进行评估后，KAN在检测物理和网络数据上的二进制和多类任务的网络攻击方面表现出了卓越的性能。其较低的推理时间和最小的资源需求使其成为实时CPS安全的实用解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY

CiteScore

8.90

自引率

5.60%

发文量

审稿时长

>12 weeks

期刊介绍： The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.