A Privacy-Preserving Polymorphic Heterogeneous Security Architecture for Cloud–Edge Collaboration Industrial Control Systems
Cloud–edge collaboration industrial control systems (ICSs) face critical security and privacy challenges that existing dynamic heterogeneous redundancy (DHR) architectures inadequately address due to two fundamental limitations: event-triggered scheduling approaches that amplify common-mode escape i...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-07-01
|
| Series: | Applied Sciences |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2076-3417/15/14/8032 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849246425970376704 |
|---|---|
| author | Yukun Niu Xiaopeng Han Chuan He Yunfan Wang Zhigang Cao Ding Zhou |
| author_facet | Yukun Niu Xiaopeng Han Chuan He Yunfan Wang Zhigang Cao Ding Zhou |
| author_sort | Yukun Niu |
| collection | DOAJ |
| description | Cloud–edge collaboration industrial control systems (ICSs) face critical security and privacy challenges that existing dynamic heterogeneous redundancy (DHR) architectures inadequately address due to two fundamental limitations: event-triggered scheduling approaches that amplify common-mode escape impacts in resource-constrained environments, and insufficient privacy-preserving arbitration mechanisms for sensitive industrial data processing. In contrast to existing work that treats scheduling and privacy as separate concerns, this paper proposes a unified polymorphic heterogeneous security architecture that integrates hybrid event–time triggered scheduling with adaptive privacy-preserving arbitration, specifically designed to address the unique challenges of cloud–edge collaboration ICSs where both security resilience and privacy preservation are paramount requirements. The architecture introduces three key innovations: (1) a hybrid event–time triggered scheduling algorithm with credibility assessment and heterogeneity metrics to mitigate common-mode escape scenarios, (2) an adaptive privacy budget allocation mechanism that balances privacy protection effectiveness with system availability based on attack activity levels, and (3) a unified framework that organically integrates privacy-preserving arbitration with heterogeneous redundancy management. Comprehensive evaluations using natural gas pipeline pressure control and smart grid voltage control systems demonstrate superior performance: the proposed method achieves 100% system availability compared to 62.57% for static redundancy and 86.53% for moving target defense, maintains 99.98% availability even under common-mode attacks (<inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><msup><mn>10</mn><mrow><mo>−</mo><mn>2</mn></mrow></msup></semantics></math></inline-formula> probability), and consistently outperforms moving target defense methods integrated with state-of-the-art detection mechanisms (99.7790% and 99.6735% average availability when false data deviations from true values are 5% and 3%, respectively) across different attack detection scenarios, validating its effectiveness in defending against availability attacks and privacy leakage threats in cloud–edge collaboration environments. |
| format | Article |
| id | doaj-art-bb730845be3c49c88b787e781f7ee1d5 |
| institution | Kabale University |
| issn | 2076-3417 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Applied Sciences |
| spelling | doaj-art-bb730845be3c49c88b787e781f7ee1d52025-08-20T03:58:30ZengMDPI AGApplied Sciences2076-34172025-07-011514803210.3390/app15148032A Privacy-Preserving Polymorphic Heterogeneous Security Architecture for Cloud–Edge Collaboration Industrial Control SystemsYukun Niu0Xiaopeng Han1Chuan He2Yunfan Wang3Zhigang Cao4Ding Zhou5Purple Mountain Laboratories, No. 9 Mozhou East Road, Nanjing 211111, ChinaPurple Mountain Laboratories, No. 9 Mozhou East Road, Nanjing 211111, ChinaSchool of Cyber Science and Engineering, Southeast University, Nanjing 211189, ChinaSchool of Cyber Science and Engineering, Southeast University, Nanjing 211189, ChinaPurple Mountain Laboratories, No. 9 Mozhou East Road, Nanjing 211111, ChinaPurple Mountain Laboratories, No. 9 Mozhou East Road, Nanjing 211111, ChinaCloud–edge collaboration industrial control systems (ICSs) face critical security and privacy challenges that existing dynamic heterogeneous redundancy (DHR) architectures inadequately address due to two fundamental limitations: event-triggered scheduling approaches that amplify common-mode escape impacts in resource-constrained environments, and insufficient privacy-preserving arbitration mechanisms for sensitive industrial data processing. In contrast to existing work that treats scheduling and privacy as separate concerns, this paper proposes a unified polymorphic heterogeneous security architecture that integrates hybrid event–time triggered scheduling with adaptive privacy-preserving arbitration, specifically designed to address the unique challenges of cloud–edge collaboration ICSs where both security resilience and privacy preservation are paramount requirements. The architecture introduces three key innovations: (1) a hybrid event–time triggered scheduling algorithm with credibility assessment and heterogeneity metrics to mitigate common-mode escape scenarios, (2) an adaptive privacy budget allocation mechanism that balances privacy protection effectiveness with system availability based on attack activity levels, and (3) a unified framework that organically integrates privacy-preserving arbitration with heterogeneous redundancy management. Comprehensive evaluations using natural gas pipeline pressure control and smart grid voltage control systems demonstrate superior performance: the proposed method achieves 100% system availability compared to 62.57% for static redundancy and 86.53% for moving target defense, maintains 99.98% availability even under common-mode attacks (<inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><msup><mn>10</mn><mrow><mo>−</mo><mn>2</mn></mrow></msup></semantics></math></inline-formula> probability), and consistently outperforms moving target defense methods integrated with state-of-the-art detection mechanisms (99.7790% and 99.6735% average availability when false data deviations from true values are 5% and 3%, respectively) across different attack detection scenarios, validating its effectiveness in defending against availability attacks and privacy leakage threats in cloud–edge collaboration environments.https://www.mdpi.com/2076-3417/15/14/8032cloud–edge collaborationindustrial control systemsdynamic heterogeneous redundancyprivacy-preserving arbitrationhybrid scheduling strategy |
| spellingShingle | Yukun Niu Xiaopeng Han Chuan He Yunfan Wang Zhigang Cao Ding Zhou A Privacy-Preserving Polymorphic Heterogeneous Security Architecture for Cloud–Edge Collaboration Industrial Control Systems Applied Sciences cloud–edge collaboration industrial control systems dynamic heterogeneous redundancy privacy-preserving arbitration hybrid scheduling strategy |
| title | A Privacy-Preserving Polymorphic Heterogeneous Security Architecture for Cloud–Edge Collaboration Industrial Control Systems |
| title_full | A Privacy-Preserving Polymorphic Heterogeneous Security Architecture for Cloud–Edge Collaboration Industrial Control Systems |
| title_fullStr | A Privacy-Preserving Polymorphic Heterogeneous Security Architecture for Cloud–Edge Collaboration Industrial Control Systems |
| title_full_unstemmed | A Privacy-Preserving Polymorphic Heterogeneous Security Architecture for Cloud–Edge Collaboration Industrial Control Systems |
| title_short | A Privacy-Preserving Polymorphic Heterogeneous Security Architecture for Cloud–Edge Collaboration Industrial Control Systems |
| title_sort | privacy preserving polymorphic heterogeneous security architecture for cloud edge collaboration industrial control systems |
| topic | cloud–edge collaboration industrial control systems dynamic heterogeneous redundancy privacy-preserving arbitration hybrid scheduling strategy |
| url | https://www.mdpi.com/2076-3417/15/14/8032 |
| work_keys_str_mv | AT yukunniu aprivacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems AT xiaopenghan aprivacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems AT chuanhe aprivacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems AT yunfanwang aprivacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems AT zhigangcao aprivacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems AT dingzhou aprivacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems AT yukunniu privacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems AT xiaopenghan privacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems AT chuanhe privacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems AT yunfanwang privacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems AT zhigangcao privacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems AT dingzhou privacypreservingpolymorphicheterogeneoussecurityarchitectureforcloudedgecollaborationindustrialcontrolsystems |