TY  - EJOU
AU  - Zhukabayeva, Tamara 
AU  - Ahmad, Zulfiqar 
AU  - Tasbolatuly, Nurbolat 
AU  - Zhartybayeva, Makpal 
AU  - Mardenov, Yerik 
AU  - Karabayev, Nurdaulet 
AU  - Baumuratova, Dilaram 

TI  - An Impact-Aware and Taxonomy-Driven Explainable Machine Learning Framework with Edge Computing for Security in Industrial IoT–Cyber Physical Systems
T2  - Computer Modeling in Engineering \& Sciences

PY  - 2025
VL  - 145
IS  - 2
SN  - 1526-1506

AB  - The Industrial Internet of Things (IIoT), combined with the Cyber-Physical Systems (CPS), is transforming industrial automation but also poses great cybersecurity threats because of the complexity and connectivity of the systems. There is a lack of explainability, challenges with imbalanced attack classes, and limited consideration of practical edge–cloud deployment strategies in prior works. In the proposed study, we suggest an Impact-Aware Taxonomy-Driven Machine Learning Framework with Edge Deployment and SHapley Additive exPlanations (SHAP)-based Explainable AI (XAI) to attack detection and classification in IIoT-CPS settings. It includes not only unsupervised clustering (K-Means and DBSCAN) to extract latent traffic patterns but also supervised classification based on taxonomy to classify 33 different kinds of attacks into seven high-level categories: Flood Attacks, Botnet/Mirai, Reconnaissance, Spoofing/Man-In-The-Middle (MITM), Injection Attacks, Backdoors/Exploits, and Benign. The three machine learning algorithms, Random Forest, XGBoost, and Multi-Layer Perceptron (MLP), were trained on a real-world dataset of more than 1 million network traffic records, with overall accuracy of 99.4% (RF), 99.5% (XGBoost), and 99.1% (MLP). Rare types of attacks, such as injection attacks and backdoors, were examined even in the case of extreme imbalance between the classes. SHAP-based XAI was performed on every model to help gain transparency and trust in the model and identify important features that drive the classification decisions, such as inter-arrival time, TCP flags, and protocol type. A workable edge-computing implementation strategy is proposed, whereby lightweight computing is performed at the edge devices and heavy, computation-intensive analytics is performed at the cloud. This framework is highly accurate, interpretable, and has real-time application, hence a robust and scalable solution to securing IIoT-CPS infrastructure against dynamic cyber-attacks.
KW  - Industrial IoT; CPS; edge computing; machine learning; XAI; attack taxonomy

DO  - 10.32604/cmes.2025.070426