@Article{cmes.2025.070426,
AUTHOR = {Tamara Zhukabayeva, Zulfiqar Ahmad, Nurbolat Tasbolatuly, Makpal Zhartybayeva, Yerik Mardenov, Nurdaulet Karabayev, Dilaram Baumuratova},
TITLE = {An Impact-Aware and Taxonomy-Driven Explainable Machine Learning Framework with Edge Computing for Security in Industrial IoT–Cyber Physical Systems},
JOURNAL = {Computer Modeling in Engineering \& Sciences},
VOLUME = {145},
YEAR = {2025},
NUMBER = {2},
PAGES = {2573--2599},
URL = {http://www.techscience.com/CMES/v145n2/64556},
ISSN = {1526-1506},
ABSTRACT = {The Industrial Internet of Things (IIoT), combined with the Cyber-Physical Systems (CPS), is transforming industrial automation but also poses great cybersecurity threats because of the complexity and connectivity of the systems. There is a lack of explainability, challenges with imbalanced attack classes, and limited consideration of practical edge–cloud deployment strategies in prior works. In the proposed study, we suggest an Impact-Aware Taxonomy-Driven Machine Learning Framework with Edge Deployment and SHapley Additive exPlanations (SHAP)-based Explainable AI (XAI) to attack detection and classification in IIoT-CPS settings. It includes not only unsupervised clustering (K-Means and DBSCAN) to extract latent traffic patterns but also supervised classification based on taxonomy to classify 33 different kinds of attacks into seven high-level categories: Flood Attacks, Botnet/Mirai, Reconnaissance, Spoofing/Man-In-The-Middle (MITM), Injection Attacks, Backdoors/Exploits, and Benign. The three machine learning algorithms, Random Forest, XGBoost, and Multi-Layer Perceptron (MLP), were trained on a real-world dataset of more than 1 million network traffic records, with overall accuracy of 99.4% (RF), 99.5% (XGBoost), and 99.1% (MLP). Rare types of attacks, such as injection attacks and backdoors, were examined even in the case of extreme imbalance between the classes. SHAP-based XAI was performed on every model to help gain transparency and trust in the model and identify important features that drive the classification decisions, such as inter-arrival time, TCP flags, and protocol type. A workable edge-computing implementation strategy is proposed, whereby lightweight computing is performed at the edge devices and heavy, computation-intensive analytics is performed at the cloud. This framework is highly accurate, interpretable, and has real-time application, hence a robust and scalable solution to securing IIoT-CPS infrastructure against dynamic cyber-attacks.},
DOI = {10.32604/cmes.2025.070426}
}