International Journal of Critical Infrastructure Protection最新文献

{"title":"AI-enhanced intrusion detection in smart renewable energy grids: A novel industry 4.0 cyber threat management approach","authors":"Umar Islam ,&nbsp;Hanif Ullah ,&nbsp;Naveed Khan ,&nbsp;Kashif Saleem ,&nbsp;Iftikhar Ahmad","doi":"10.1016/j.ijcip.2025.100769","DOIUrl":"10.1016/j.ijcip.2025.100769","url":null,"abstract":"<div><div>The rapid adoption of Industry 4.0 technologies in renewable energy grids has significantly improved efficiency and scalability. However, this integration has also amplified cybersecurity risks, making conventional Intrusion Detection Systems (IDS) insufficient against evolving cyber threats. This study proposes a novel AI-enhanced Intrusion Detection System (IDS) tailored for smart renewable energy grids, leveraging a multi-stage detection framework that integrates both supervised and unsupervised learning techniques. The proposed IDS combines Random Forest for signature-based detection and Autoencoders for anomaly-based threat identification, enabling real-time detection of both known and zero-day cyber threats. A comprehensive evaluation using real-world cyberattack datasets demonstrates that the system achieves a detection accuracy of 97.8 %, significantly reducing false positives compared to traditional IDS solutions. This work not only enhances the security and resilience of smart grids but also offers a scalable and adaptable cybersecurity framework for Industry 4.0 applications. The findings contribute to the advancement of AI-driven security mechanisms, ensuring the reliability of critical energy infrastructure in the face of sophisticated cyber threats.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100769"},"PeriodicalIF":4.1,"publicationDate":"2025-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144139400","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"IPSMInfer: Industrial proprietary protocol state machine inference from network traces","authors":"Yahui Yang,&nbsp;Yangyang Geng,&nbsp;Qiang Wei,&nbsp;Rongkuan Ma,&nbsp;Zihan Wei","doi":"10.1016/j.ijcip.2025.100765","DOIUrl":"10.1016/j.ijcip.2025.100765","url":null,"abstract":"<div><div>Industrial protocols are ubiquitous in industrial control systems (ICS), and their security is intimately tied to the entire industrial infrastructure. Analyzing industrial protocol state machines can assist researchers in understanding the protocol’s state transition rules, event-triggering conditions, and behavioral characteristics. However, the proprietary nature of many industrial protocols and the lack of knowledge about their state machines significantly impede the implementation of related protection measures in ICS. While several protocol state machine inference methods have been proposed, few are practically and widely applicable to industrial protocols. This is primarily attributed to the unique structure of industrial protocols, which poses challenges for protocol state machine inference.</div><div>This paper introduces IPSMInfer, a framework that automatically infers industrial proprietary protocol state machines from network traffic. IPSMInfer labels message types based on the length of preprocessed request–response messages, which eliminates the need to identify key protocol fields and restore the original protocol formats. Subsequently, a directed graph is created using the message type labeling results along with their timing relationships to generate a protocol state machine. Finally, the generated protocol state machine is optimized by replaying captured protocol messages and actively interacting with protocol entities to ensure its accuracy and efficiency. We evaluated IPSMInfer using seven programmable logic controllers (PLCs) from five different industrial manufacturers, applying five distinct industrial proprietary protocols. The experimental results clearly demonstrate that IPSMInfer can accurately infer the state machines of these industrial proprietary protocols. It outperforms open-source tools such as ReverX and Netzob by an average of 19.8% and 8.8%, respectively, in terms of protocol state labeling perfection.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100765"},"PeriodicalIF":4.1,"publicationDate":"2025-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143928466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"International perspectives on critical infrastructure: Evaluation criteria and definitions","authors":"EdvanGomes da Silva ,&nbsp;MarcusAurélioCarvalho Georg ,&nbsp;LuizAntônioRibeiro Júnior ,&nbsp;LeonardoRodrigo Ferreira ,&nbsp;LaertePeotta de Melo ,&nbsp;RafaelRabelo Nunes","doi":"10.1016/j.ijcip.2025.100761","DOIUrl":"10.1016/j.ijcip.2025.100761","url":null,"abstract":"<div><div>Contemporary society heavily relies on systems that process, store, and transmit sensitive and confidential information. However, defining what constitutes critical assets and how to categorize them presents challenges. In this context, applying criteria for classifying Critical Infrastructures (<em>CIs</em>) is essential to determine their criticality for information owners. This study aims to identify which criteria are used to classify an asset as part of <em>CIs</em> based on data from various nations. The methodology adopted involved analyzing public documents that evaluated the definitions and assessment criteria of <em>CIs</em> from 12 countries and organizations. The study’s results provide a technical understanding of the criteria used to define Critical Infrastructures <em>CIs</em> among the analyzed countries, highlighting a predominance of criteria related to people, social aspects, economic factors, geographic considerations, and interdependencies. These findings indicate a consistent alignment among the studied nations regarding the criteria that define their respective <em>CIs</em>. These findings have practical implications for risk and asset managers, equipping them with the necessary knowledge to apply CI assessment methodologies effectively.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100761"},"PeriodicalIF":4.1,"publicationDate":"2025-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144084681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Resilience in cogeneration systems: Graphical analysis of novel indexes and system behavior under failure scenarios","authors":"Fellipe Sartori da Silva ,&nbsp;Thiago Magalhães Lessa ,&nbsp;José Alexandre Matelli","doi":"10.1016/j.ijcip.2025.100764","DOIUrl":"10.1016/j.ijcip.2025.100764","url":null,"abstract":"<div><div>With the increasing frequency and severity of disasters threatening energy systems, resilience has emerged as a crucial concept in the energy field, addressing the consequences of high-impact, low-probability (HILP) events. Despite its importance, there remains a lack of consensus on how to assess resilience, with energy generation systems, particularly thermal power plants, receiving limited attention in existing investigations. This study advances the development of a robust method for resilience evaluation in energy generation systems through an innovative graphical analysis applied to four cogeneration plants. The proposed method introduces two novel parameters: operability and generation indexes. The decay curves of the operability index reveal an initial downward curvature followed by an inflection point, while the generation index exhibits a sharp decline during the first hours of operation. Efforts to enhance resilience in the early design phase should focus on mitigating these patterns. The derivatives of the curves identified key periods of operational instability, specifically, the initial phase and the most degrading periods. Improved system conditions reduced these instabilities by minimizing the amplitude of the derivative peaks. By integrating the curves, the relative area under the graphs was quantified, revealing that the studied configurations utilizing gas turbines experienced greater sensitivity to HILP events. These findings underscore the importance of proactive resilience strategies tailored to the design and operational characteristics of energy systems.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100764"},"PeriodicalIF":4.1,"publicationDate":"2025-05-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143928465","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Critical entities resilience strengthening tools to small-scale disasters","authors":"David Rehak ,&nbsp;Alena Splichalova ,&nbsp;Heidi Janeckova ,&nbsp;Ondrej Ryska ,&nbsp;Alena Oulehlova ,&nbsp;Lenka Michalcova ,&nbsp;Martin Hromada ,&nbsp;Miltiadis Kontogeorgos ,&nbsp;Jozef Ristvej","doi":"10.1016/j.ijcip.2025.100766","DOIUrl":"10.1016/j.ijcip.2025.100766","url":null,"abstract":"<div><div>The issue of critical infrastructure protection is still largely based on the concept of critical infrastructure resilience. However, it is already clear that this concept must be restructured, primarily due to the adoption of a new European Union directive that focuses on the resilience of critical entities that are owners or operators of individual critical infrastructures. This directive stipulates, among other things, an obligation for critical entities to provide unlimited services necessary for maintaining the most important functions of the state. For this reason, it is necessary to pay increased attention not only to strengthening the resilience of infrastructures, but also to the management processes of critical entities. Based on these facts, 161 tools suitable for strengthening the critical entities internal resilience against small-scale disasters are classified and defined in this article. These strengthening tools are defined for both entities and infrastructural resilience. The article further defines the environment and procedure for strengthening the critical entities internal resilience, thus expanding the application of the existing CERA method, which was originally designed for the purpose of assessing the critical entities resilience to small-scale disasters. The design part of the article also includes a presentation of an example of a practical application of the proposed procedure.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100766"},"PeriodicalIF":4.1,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143881346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"STADe: An unsupervised time-windows method of detecting anomalies in oil and gas Industrial Cyber-Physical Systems (ICPS) networks","authors":"Abubakar Sadiq Mohammed,&nbsp;Eirini Anthi,&nbsp;Omer Rana,&nbsp;Pete Burnap,&nbsp;Andrew Hood","doi":"10.1016/j.ijcip.2025.100762","DOIUrl":"10.1016/j.ijcip.2025.100762","url":null,"abstract":"<div><div>Critical infrastructure and Operational Technology (OT) are becoming more exposed to cyber attacks due to the integration of OT networks to enterprise networks especially in the case of Industrial Cyber-Physical Systems (ICPS). These technologies that are a huge part of our daily lives usually operate by having sensors and actuators constantly communicating through an industrial network. To secure these industrial networks from cyber attacks, researchers have utilised misuse detection and Anomaly Detection (AD) techniques to detect potential attacks. Misuse detection methods are unable to detect zero-day attacks while AD methods can, but with high false positive rates and high computational overheads. In this paper, we present STADe, a novel Sliding Time-window Anomaly Detection method that uses a sole feature of network packet inter-arrival times to detect anomalous network communications. This work aims to explore a mechanism for detecting breaks in periodicity to flag anomalies. The method was validated using data from a real oil and gas wellhead monitoring testbed containing field flooding, SYN flooding, and Man-in-the-Middle (MITM) attacks — which are attacks that are popularly used to target the availability and integrity of oil and gas critical infrastructure. The results from STADe proved to be effective in detecting these attacks with zero false positives and F1 scores of 0.97, 0.923, and 0.8 respectively. Further experiments carried out to compare STADe with other unsupervised machine learning algorithms – KNN, isolation forest, and Local Outlier Factor (LOF) – resulted in F1 scores of 0.55, 0.673, and 0.408 respectively. STADe outperformed them with an F1 score of 0.933 using the same dataset.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100762"},"PeriodicalIF":4.1,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143882059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluating regional emergency response capabilities using entropy weight and matter-element extension theory","authors":"Peijian Jin ,&nbsp;Haohao Qu ,&nbsp;Pengzhen Fan ,&nbsp;Suling Ge","doi":"10.1016/j.ijcip.2025.100763","DOIUrl":"10.1016/j.ijcip.2025.100763","url":null,"abstract":"<div><div>To accurately evaluate regional emergency response capacity, this paper establishes an indicator system based on measurable and quantifiable indicators, aligning with China's national laws, regulations, standards, and regional development data. The system comprises targets, guidelines, sub-criteria, and indicator levels. The target layer represents the evaluation focus, i.e., regional emergency response capacity. The guideline and sub-criteria layers include four guidelines and 12 sub-criteria, respectively. The indicator layer includes 28 quantifiable indicators, such as the rate of preparation of emergency plans, the frequency of emergency drills, the emergency response team, the number of financial allocations from the general public budget, and the percentage of social security and employment expenditures. The entropy weighting method is employed to determine index weights, while the material element topable theory quantitatively evaluates regional emergency response capacity. Subsequently, the model is utilized to assess the emergency response capacity of 31 provincial administrative regions in mainland China, confirming its validity.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100763"},"PeriodicalIF":4.1,"publicationDate":"2025-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143874438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Measuring spatial accessibility to critical infrastructure: The Access Road Identification model","authors":"Ana Maria Mager Pozo ,&nbsp;Peter Priesmeier ,&nbsp;Alexander Fekete","doi":"10.1016/j.ijcip.2025.100760","DOIUrl":"10.1016/j.ijcip.2025.100760","url":null,"abstract":"<div><div>Natural hazards such as earthquakes or floods can severely disrupt transportation networks and lead to cascading effects to other critical infrastructure (CI). A functioning road network is crucial to maintain spatial accessibility of CI such as hospitals or fire stations, especially during disaster scenarios. In the present study, we introduce a geographic information system (GIS)-based model that is able to identify and quantify the access roads to CI facilities through shortest path analysis, namely the Access Road Identification (ARI)-model. Including hazard maps into the model allows comparing CI accessibility in a baseline scenario with a hazard scenario. We exemplary apply the elaborated model to two case studies considering the accessibility of hospitals during floods in Hamburg, Germany and fire stations during an earthquake event in the Tehran-Karaj metropolitan region, Iran.</div><div>The results show significant differences between the two case studies: Floods have an overall low impact on the accessibility of hospitals in Hamburg, but single hospitals lose up to 40 % of their access roads during the flood. In Tehran-Karaj however the model indicates that about 38 % of the fire stations have access roads exposed to the earthquake hazard, while a fifth of them lose over 50 % of their access roads and four facilities are completely inaccessible.</div><div>These findings highlight the need for robust contingency planning by identifying and prioritizing CI facilities that are most at risk. The novelty of the ARI-model consists in its facility-centered approach to measure spatial accessibility of single CI services, thus unveiling valuable insights regarding the potential loss of direct access roads. The transferability of the model allows to adapt it to various use cases, where different hazards or CI facility types are considered. The model can serve relevant stakeholders as a decision-making tool for prioritizing resource allocation, planning evacuation measures and enhancing disaster preparedness based on CI accessibility, thus being applicable both to the preparation and response phase of disaster management. In the future, an extension of the ARI-model is planned by implementing dynamic hazard maps, data on traffic demand and additional weighting of the results.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100760"},"PeriodicalIF":4.1,"publicationDate":"2025-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143824271","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SPARK and SAD: Leading-edge deep learning frameworks for robust and effective intrusion detection in SCADA systems","authors":"Raghuram Bhukya ,&nbsp;Syed Abdul Moeed ,&nbsp;Anusha Medavaka ,&nbsp;Alaa O. Khadidos ,&nbsp;Adil O. Khadidos ,&nbsp;Shitharth Selvarajan","doi":"10.1016/j.ijcip.2025.100759","DOIUrl":"10.1016/j.ijcip.2025.100759","url":null,"abstract":"<div><div>Considering SCADA systems operate and manage critical infrastructure and industrial processes, the need for robust intrusion detection systems-IDSs cannot be overemphasized. The complexity of these systems, added to their increased exposure to more sophisticated cyber-attacks, creates significant challenges for continuous, secure operations. Traditional approaches to intrusion detection usually fail to cope, scale, or be as accurate as is necessary when dealing with the modern, multi-faceted problem of an attack vector against SCADA networks and IIoT environments. Past works have generally proposed the use of different machine learning and deep learning anomaly detection strategies to find possible intrusions. While these methods have, in fact, been promising, their effects are not without their own set of problems, including high false positives, poor generalization to new types of attacks, and performance inefficiencies in large-scale data environments. In this work, against this background, two novel IDS models are put forward: SPARK (Scalable Predictive Anomaly Response Kernel) and SAD (Scented Alpine Descent), to further improve the security landscape in SCADA systems. SPARK enables an ensemble-based deep learning framework combining strategic feature extraction with adaptive learning mechanisms for volume data processing at high accuracy and efficiency. This architecture has stringent anomaly detection through a multi-layered deep network adapting to ever-evolving contexts in operational environments, allowing for low latency and high precision in the detections. The SAD model works in concert with SPARK by adopting a synergistic approach that embeds deep learning into anomaly scoring algorithms, enabled to detect subtle attack patterns and further reduce false-positive rates.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100759"},"PeriodicalIF":4.1,"publicationDate":"2025-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143783593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Assessing earthquake risks to lifeline infrastructure systems in the United States","authors":"N. Simon Kwong ,&nbsp;Kishor S. Jaiswal","doi":"10.1016/j.ijcip.2025.100758","DOIUrl":"10.1016/j.ijcip.2025.100758","url":null,"abstract":"<div><div>The security and economic stability of the United States rely heavily on robust lifeline infrastructure systems and yet the risks to such systems are seldom quantified at the national scale. For example, while earthquake risks to buildings in the United States have been investigated at the national scale regularly, such risks to gas pipelines have rarely been investigated nationally. In this paper, we use examples from two critical infrastructure sectors to demonstrate (1) the nature of earthquake risks to lifeline infrastructure systems, (2) complexities involved in regional seismic risk assessments, and (3) how such risks change with time. We found that bridge risks can be underestimated by at least 64 % when viewed from repair costs instead of traffic demands and that regional risks can be underestimated by 19 % when spatial correlations of ground motion are ignored. Further, exceedance of traffic demand can be 50 times more likely to occur when viewed at the regional scale than when viewed at an individual bridge. Similarly, exceedance of repairs can be 180 times more likely to occur when viewed at the pipeline network level than at a segment-specific level. Finally, sensitivity analyses with the 2018 and 2023 USGS National Seismic Hazard Models indicate an increase in bridge risk of at least 24 % and an increase in exposed gas pipeline mileage of 43 %. The evolution of risks, complexities involved in assessments, and limited resources jointly underscore the need for more routine updates to nationwide seismic risk assessments of lifeline systems in the United States.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100758"},"PeriodicalIF":4.1,"publicationDate":"2025-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143738890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}