A Multi-Layer Intelligent Cyber-Physical Security Architecture for Distributed Device Networks with Adaptive Signal Transformation and Trust-Aware Logging

Main article

Rohan A. Deshpande*
Faculty of Engineering and Applied Science, Ontario Tech University, Oshawa, Canada
rohan.deshpande@ontariotechu.ca
Mei Lin Chau
Department of Electrical and Computer Engineering, Concordia University, Montreal, Canada
Viktor S. Brandt
Faculty of Engineering and Applied Science, Ontario Tech University, Oshawa, Canada
Amara N. Okoye
School of Computer Science, University of Windsor, Windsor, Canada

DOI: https://doi.org/10.63646/QLON3255

Abstract

Distributed device networks now underpin critical cyber-physical infrastructure, yet their scale, heterogeneity, and physical exposure make them difficult to defend with monolithic tools. This paper presents an end-to-end security architecture that treats protection as a pipeline of five cooperating layers rather than a single detector. A distributed device network supplies raw measurements; an adaptive signal-transformation layer denoises and embeds those measurements into features that remain discriminative under noise and drift; a secure communication and aggregation layer moves features without tampering; a trust-aware anomaly-detection layer combines machine-learned detectors with continuous per-device trust scoring and cross-device correlation; and a tamper-evident logging and response layer commits findings to an append-only record and orchestrates containment. Two feedback loops couple the layers: trust flows back to gate signal admission, and containment flows back to the devices. Evaluated on a heterogeneous testbed of 240 devices and roughly 14.2 million labelled observations spanning six attack families, the full pipeline reaches an F1 score of 0.91, with each layer contributing a distinct and measurable increment. Trust-awareness yields its largest gains on the stealthy attacks, false-data injection, spoofing, and exfiltration, that are most dangerous in cyber-physical settings, improving their detection by between thirteen and seventeen points. The architecture degrades gracefully under adversarial signal perturbation, and its tamper-evident logging imposes per-operation latency well within the budget of edge hardware even at a hundred million records. We argue that robustness, continuous trust, and accountability are constitutive requirements for cyber-physical security rather than optional additions.

Article details