An Impact-Aware and Taxonomy-Driven Explainable Machine Learning Framework with Edge Computing for Security in Industrial IoT–Cyber Physical Systems

Zhukabayeva T. Ahmad Z. Tasbolatuly N. Zhartybayeva M. Mardenov Y. Karabayev N. Baumuratova D.
2025 Tech Science Press

CMES - Computer Modeling in Engineering and Sciences
2025 #145 Issue 2 2573 - 2599 pp.

The Industrial Internet of Things (IIoT), combined with the Cyber-Physical Systems (CPS), is transforming industrial automation but also poses great cybersecurity threats because of the complexity and connectivity of the systems. There is a lack of explainability, challenges with imbalanced attack classes, and limited consideration of practical edge–cloud deployment strategies in prior works. In the proposed study, we suggest an Impact-Aware Taxonomy-Driven Machine Learning Framework with Edge Deployment and SHapley Additive exPlanations (SHAP)based Explainable AI (XAI) to attack detection and classification in IIoT-CPS settings. It includes not only unsupervised clustering (K-Means and DBSCAN) to extract latent traffic patterns but also supervised classification based on taxonomy to classify 33 different kinds of attacks into seven high-level categories: Flood Attacks, Botnet/Mirai, Reconnaissance, Spoofing/Man-In-The-Middle (MITM), Injection Attacks, Backdoors/Exploits, and Benign. The three machine learning algorithms, Random Forest, XGBoost, and Multi-Layer Perceptron (MLP), were trained on a real-world dataset of more than 1 million network traffic records, with overall accuracy of 99.4% (RF), 99.5% (XGBoost), and 99.1% (MLP). Rare types of attacks, such as injection attacks and backdoors, were examined even in the case of extreme imbalance between the classes. SHAP-based XAI was performed on every model to help gain transparency and trust in the model and identify important features that drive the classification decisions, such as inter-arrival time, TCP flags, and protocol type. A workable edge-computing implementation strategy is proposed, whereby lightweight computing is performed at the edge devices and heavy, computation-intensive analytics is performed at the cloud. This framework is highly accurate, interpretable, and has real-time application, hence a robust and scalable solution to securing IIoT-CPS infrastructure against dynamic cyber-attacks. Copyright

attack taxonomy , CPS , edge computing , Industrial IoT , machine learning , XAI

Text of the article Перейти на текст статьи

Faculty of Information Technology, L.N. Gumilyov Eurasian National University, Astana, 010000, Kazakhstan
Department of Computer Engineering, Astana IT University, Astana, 010000, Kazakhstan
Department of Computer Science and Information Technology, Hazara University, Mansehra, 21300, Pakistan
Higher School of Information Technology and Engineering, Astana International University, Astana, 010000, Kazakhstan

Faculty of Information Technology
Department of Computer Engineering
Department of Computer Science and Information Technology
Higher School of Information Technology and Engineering

10 лет помогаем публиковать статьи Международный издатель

Книга Публикация научной статьи Волощук 2026 Book Publication of a scientific article 2026