A Multi-Layer Intelligent Cyber-Physical Security Architecture for Distributed Device Networks with Adaptive Signal Transformation and Trust-Aware Logging
Main article
Abstract
Distributed device networks now underpin critical cyber-physical infrastructure, yet their scale, heterogeneity, and physical exposure make them difficult to defend with monolithic tools. This paper presents an end-to-end security architecture that treats protection as a pipeline of five cooperating layers rather than a single detector. A distributed device network supplies raw measurements; an adaptive signal-transformation layer denoises and embeds those measurements into features that remain discriminative under noise and drift; a secure communication and aggregation layer moves features without tampering; a trust-aware anomaly-detection layer combines machine-learned detectors with continuous per-device trust scoring and cross-device correlation; and a tamper-evident logging and response layer commits findings to an append-only record and orchestrates containment. Two feedback loops couple the layers: trust flows back to gate signal admission, and containment flows back to the devices. Evaluated on a heterogeneous testbed of 240 devices and roughly 14.2 million labelled observations spanning six attack families, the full pipeline reaches an F1 score of 0.91, with each layer contributing a distinct and measurable increment. Trust-awareness yields its largest gains on the stealthy attacks, false-data injection, spoofing, and exfiltration, that are most dangerous in cyber-physical settings, improving their detection by between thirteen and seventeen points. The architecture degrades gracefully under adversarial signal perturbation, and its tamper-evident logging imposes per-operation latency well within the budget of edge hardware even at a hundred million records. We argue that robustness, continuous trust, and accountability are constitutive requirements for cyber-physical security rather than optional additions.
