{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,22]],"date-time":"2026-02-22T23:58:12Z","timestamp":1771804692537,"version":"3.50.1"},"reference-count":24,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,2,22]],"date-time":"2026-02-22T00:00:00Z","timestamp":1771718400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,2,22]],"date-time":"2026-02-22T00:00:00Z","timestamp":1771718400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>\n                    Cyber-Physical Systems (CPS) operate in increasingly complex and security-critical environments where system faults, misconfigurations, and cyberattacks can compromise safety, availability, and operational integrity. This paper presents CROSS (Cross-platform Remediation and Observability Self-Healing System), a cloud-native, cross-platform approach that extends the self-healing paradigm beyond anomaly detection to encompass autonomous, security-aware remediation. Building upon the Log Intelligence and Self-Healing System (\n                    <jats:sc>LISH<\/jats:sc>\n                    )\u00a0(Johnphill et\u00a0al. 2023a), which utilised CountVectorizer and Multinomial Naive Bayes (\n                    <jats:sc>MNB<\/jats:sc>\n                    ) for log-based anomaly classification,\n                    <jats:sc>CROSS<\/jats:sc>\n                    introduces a policy-driven remediation layer that executes context-specific recovery actions such as service restarts, system updates, device reboots, and configuration enforcement across Android, Linux, macOS, and Windows. Prometheus-based observability\u00a0(Pai and Srinivas 2024) provides fine-grained telemetry on anomalies and remedial actions, enabling continuous monitoring, auditability, and adaptive security governance. Experimental evaluation demonstrates measurable reductions in mean time to recovery (MTTR) and improvements in anomaly containment and resilience across heterogeneous CPS environments.\n                    <jats:disp-quote>\n                      <jats:p>Although CROSS includes mechanisms that are applicable to cybersecurity scenarios, the present evaluation focuses on operational anomalies rather than explicit attack-induced behaviours. Accordingly, its cybersecurity relevance is framed as an architectural capability, with empirical security benchmarking identified as future work. The proposed approach bridges the gap between anomaly detection and active cyber defence, embedding explainable, automated remediation within the operational lifecycle of CPS.<\/jats:p>\n                    <\/jats:disp-quote>\n                  <\/jats:p>","DOI":"10.1186\/s42400-026-00549-8","type":"journal-article","created":{"date-parts":[[2026,2,22]],"date-time":"2026-02-22T23:03:57Z","timestamp":1771801437000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Cross: a cloud-native approach to automated remediation and self-healing in cyber-physical systems"],"prefix":"10.1186","volume":"9","author":[{"given":"Obinna","family":"Johnphill","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5746-0257","authenticated-orcid":false,"given":"Ali Safaa","family":"Sadiq","sequence":"additional","affiliation":[]},{"given":"Omprakash","family":"Kaiwartya","sequence":"additional","affiliation":[]},{"given":"Mohammed Adam","family":"Taheir","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,22]]},"reference":[{"issue":"2","key":"549_CR1","doi-asserted-by":"publisher","first-page":"74","DOI":"10.30574\/wjaets.2024.13.2.0543","volume":"13","author":"TJ Akinbolaji","year":"2024","unstructured":"Akinbolaji TJ, Nzeako G, Akokodaripon D, Aderoju AV (2024) Proactive monitoring and security in cloud infrastructure: leveraging tools like prometheus, grafana, and hashicorp vault. World J Adv Eng Technol Sci 13(2):74\u201389","journal-title":"World J Adv Eng Technol Sci"},{"issue":"3","key":"549_CR2","first-page":"302","volume":"3","author":"T Ali","year":"2025","unstructured":"Ali T, Iqbal R, Ansari NM, Tariq T, Rafique AA (2025) Ai-powered anomaly detection in software logs: a machine learning approach for proactive fault diagnosis and self-healing systems. Spectr Eng Sci 3(3):302\u2013322","journal-title":"Spectr Eng Sci"},{"issue":"6","key":"549_CR3","doi-asserted-by":"publisher","first-page":"1719","DOI":"10.35833\/MPCE.2022.000032","volume":"11","author":"SA Arefifar","year":"2023","unstructured":"Arefifar SA, Alam MS, Hamadi A (2023) A review on self-healing in modern power distribution systems. J Mod Power Syst Clean Energy 11(6):1719\u20131733","journal-title":"J Mod Power Syst Clean Energy"},{"key":"549_CR4","unstructured":"Cheng Y, Zhang W, Shen H, Tang C (2023) AI for IT operations (AIOps) on cloud platforms: reviews, opportunities and challenges"},{"key":"549_CR5","unstructured":"Cloud native computing foundation: CNCF. Accessed 2 Jan 2025 (2025). https:\/\/www.cncf.io\/"},{"key":"549_CR6","doi-asserted-by":"crossref","unstructured":"Georgiou MA, Paphitis A, Sirivianos M, Herodotou H (2019) Towards auto-scaling existing transactional databases with strong consistency. In: Proc. IEEE 35th ICDE Workshops (ICDEW), pp. 107\u2013112","DOI":"10.1109\/ICDEW.2019.00-26"},{"issue":"10","key":"549_CR7","first-page":"602","volume":"13","author":"J Hallur","year":"2022","unstructured":"Hallur J (2022) From monitoring to observability: enhancing system reliability and team productivity. Int J Sci Res(IJSR) 13(10):602\u2013606","journal-title":"Int J Sci Res(IJSR)"},{"key":"549_CR8","doi-asserted-by":"crossref","unstructured":"He P, Zhu J, Zheng S, Li Z, Lyu MR (2023) Loghub: a large collection of system log datasets for ai-driven log analytics. In: Proc. IEEE ISSRE, pp. 1\u201311 IEEE. https:\/\/github.com\/logpai\/loghub","DOI":"10.1109\/ISSRE59848.2023.00071"},{"key":"549_CR9","doi-asserted-by":"crossref","unstructured":"Jhuang C, Wu Q (2022) Container-based voip failover design on kubernetes overlay networks. In: Proc. CSCI, pp. 1317\u20131322","DOI":"10.1109\/CSCI58124.2022.00237"},{"key":"549_CR10","doi-asserted-by":"publisher","unstructured":"Johnphill O, Sadiq AS, Kaiwartya O (2024) Preprocessed log dataset for cross-platform remedial actions in cyber-physical systems. https:\/\/doi.org\/10.5281\/zenodo.15249598","DOI":"10.5281\/zenodo.15249598"},{"key":"549_CR11","doi-asserted-by":"publisher","first-page":"657","DOI":"10.3390\/info15100657","volume":"15","author":"O Johnphill","year":"2024","unstructured":"Johnphill O, Sadiq AS, Kaiwartya O, Aljaidi M (2024) An intelligent approach to automated operating systems log analysis for enhanced security. Information 15:657","journal-title":"Information"},{"issue":"7","key":"549_CR12","doi-asserted-by":"publisher","first-page":"244","DOI":"10.3390\/fi15070244","volume":"15","author":"O Johnphill","year":"2023","unstructured":"Johnphill O, Sadiq AS, Pillai P, Taheir MA, Kaiwartya O (2023) Self-healing in cyber-physical systems using machine learning: a critical analysis of theories and tools. Futur Internet 15(7):244","journal-title":"Futur Internet"},{"key":"549_CR13","unstructured":"LOGPAI: Loghub: a large collection of system log datasets for AI-driven log analytics (2023). https:\/\/github.com\/logpai\/loghub"},{"key":"549_CR14","doi-asserted-by":"crossref","unstructured":"Loh R, Thing VLL (2023) Enhancing cyber-resilience in self-healing cyber-physical systems with implicit guarantees. In: Proc. IEEE International Conference on Cyber Security and Resilience (CSR), pp. 359\u2013366","DOI":"10.1109\/CSR57506.2023.10224943"},{"key":"549_CR15","doi-asserted-by":"publisher","first-page":"85384","DOI":"10.1109\/ACCESS.2023.3303430","volume":"11","author":"A Malhotra","year":"2023","unstructured":"Malhotra A, Elsayed A, Torres R, Venkatraman S (2023) Evaluate solutions for achieving high availability or near zero downtime for cloud native enterprise applications. IEEE Access 11:85384\u201385394","journal-title":"IEEE Access"},{"issue":"1","key":"549_CR16","first-page":"94","volume":"9","author":"CSS Marinho","year":"2018","unstructured":"Marinho CSS, Moreira LO, Coutinho EF, Costa Filho JS, Sousa FRC, Machado JC (2018) Labareda: a predictive and elastic load balancing service for cloud-replicated databases. J Inf Data Manag 9(1):94\u2013106","journal-title":"J Inf Data Manag"},{"key":"549_CR17","doi-asserted-by":"crossref","unstructured":"Naqvi S, Ahmed T, Ullah M (2022) On evaluating self-adaptive and self-healing systems using chaos engineering. In: Proc. IEEE international conference on autonomic computing and self-organizing systems (ACSOS), pp. 1\u201310","DOI":"10.1109\/ACSOS55765.2022.00018"},{"key":"549_CR18","doi-asserted-by":"crossref","unstructured":"Nugroho MA, Abdurohman M, Erfianto B (2023) Increasing automatic proctoring system performance using distributed round-robin load balancer. In: Proc. IEEE IAICT, pp. 377\u2013382","DOI":"10.1109\/IAICT59002.2023.10205750"},{"issue":"6","key":"549_CR19","first-page":"1","volume":"8","author":"K Pai","year":"2024","unstructured":"Pai K, Srinivas BK (2024) Enhanced visibility for real-time monitoring and alerting in kubernetes by integrating prometheus, grafana, loki, and alerta. Int J Sci Res Eng Manag IJSREM 8(6):1\u20135","journal-title":"Int J Sci Res Eng Manag IJSREM"},{"key":"549_CR20","doi-asserted-by":"crossref","unstructured":"Pakrijauskas K, Mazeika D (2022) Investigation of stateful microservice availability during failover. In: Proc. 8th International Conference on Control, Decision and Information Technologies (CoDIT), pp. 286\u2013290","DOI":"10.1109\/CoDIT55151.2022.9804162"},{"key":"549_CR21","doi-asserted-by":"crossref","unstructured":"Shabariram CP, Vrinda S, Srivastan S, Manimeghalai R (2024) Case study based investigation on self-healing cloud deployments for edge-based software development. In: Proc. ICSSEECC, pp. 85\u201390","DOI":"10.1109\/ICSSEECC61126.2024.10649487"},{"key":"549_CR22","doi-asserted-by":"crossref","unstructured":"Siddiqui I, Pandey A, Jain S, Kothadia H, Agrawal R, Chankhore N (2023) Comprehensive monitoring and observability with jenkins and grafana. In: Proc. ISMSIT, pp. 1\u20135","DOI":"10.1109\/ISMSIT58785.2023.10304904"},{"key":"549_CR23","doi-asserted-by":"crossref","unstructured":"Vervaet A (2021) Monilog: An automated log-based anomaly detection system for cloud computing infrastructures. In: Proc. IEEE 37th international conference on data engineering (ICDE), pp. 2739\u20132743","DOI":"10.1109\/ICDE51399.2021.00317"},{"issue":"5","key":"549_CR24","doi-asserted-by":"publisher","first-page":"5781","DOI":"10.1109\/TSG.2019.2891515","volume":"10","author":"Y Wang","year":"2019","unstructured":"Wang Y, Xu Y, He J, Liu C, Schneider KP, Hong M, Ton DT (2019) Coordinating multiple sources for service restoration to enhance resilience of distribution systems. IEEE Trans Smart Grid 10(5):5781\u20135793","journal-title":"IEEE Trans Smart Grid"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00549-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-026-00549-8","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00549-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,22]],"date-time":"2026-02-22T23:03:59Z","timestamp":1771801439000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-026-00549-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,22]]},"references-count":24,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["549"],"URL":"https:\/\/doi.org\/10.1186\/s42400-026-00549-8","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,22]]},"assertion":[{"value":"6 November 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 January 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 February 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"The authors declare that they have no Competing  interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"124"}}