{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T21:28:11Z","timestamp":1776374891161,"version":"3.51.2"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"published-print":{"date-parts":[[2022,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Designing and developing distributed cyber-physical production systems (CPPS) is a time-consuming, complex, and error-prone process. These systems are typically heterogeneous, i.e., they consist of multiple components implemented with different languages and development tools. One of the main problems nowadays in CPPS implementation is enabling security mechanisms by design while reducing the complexity and increasing the system\u2019s maintainability. Adopting the IEC 61499 standard is an excellent approach to tackle these challenges by enabling the design, deployment, and management of CPPS in a model-based engineering methodology. We propose a method for CPPS design based on the IEC 61499 standard. The method allows designers to embed a bio-inspired anomaly-based host intrusion detection system (A-HIDS) in Edge devices. This A-HIDS is based on the incremental Dendritic Cell Algorithm\u00a0(iDCA) and can analyze OPC UA network data exchanged between the Edge devices and detect attacks that target the CPPS\u2019 Edge layer. This study\u2019s findings have practical implications on the industrial security community by making novel contributions to the intrusion detection problem in CPPS considering immune-inspired solutions, and cost-effective security by design system implementation. According to the experimental data, the proposed solution can dramatically reduce design and code complexity while improving application maintainability and successfully detecting network attacks without negatively impacting the performance of the CPPS Edge devices.<\/jats:p>","DOI":"10.1186\/s42400-022-00114-z","type":"journal-article","created":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T04:02:35Z","timestamp":1651377755000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":24,"title":["Enabling data-driven anomaly detection by design in cyber-physical production systems"],"prefix":"10.1186","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0345-1208","authenticated-orcid":false,"given":"Rui","family":"Pinto","sequence":"first","affiliation":[]},{"given":"Gil","family":"Gon\u00e7alves","sequence":"additional","affiliation":[]},{"given":"Jerker","family":"Delsing","sequence":"additional","affiliation":[]},{"given":"Eduardo","family":"Tovar","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,5,1]]},"reference":[{"key":"114_CR1","doi-asserted-by":"crossref","unstructured":"Aickelin U, Cayzer S, Qz B (2002) The danger theory and its application to artificial immune systems. In: Proceedings of the 1st international conference on artificial immune systems (ICARIS \u201902), pp 141\u2013148","DOI":"10.2139\/ssrn.2832054"},{"key":"114_CR2","unstructured":"Baezner M, Robin P (2017) Stuxnet. Technical report, ETH Zurich"},{"issue":"1","key":"114_CR3","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1109\/SURV.2013.050113.00191","volume":"16","author":"I Butun","year":"2014","unstructured":"Butun I, Morgera SD, Sankar R (2014) A survey of intrusion detection systems in wireless sensor networks. IEEE Commun Surv Tutor 16(1):266\u2013282. https:\/\/doi.org\/10.1109\/SURV.2013.050113.00191","journal-title":"IEEE Commun Surv Tutor"},{"key":"114_CR4","unstructured":"Commission IE et al. (2005) International standard iec61499, function blocks, part 1-part 4. IEC http:\/\/www.iec.ch"},{"key":"114_CR5","unstructured":"Costin A, Zaddach J, Francillon A, Balzarotti D (2014) A large-scale analysis of the security of embedded firmwares. In: 23rd USENIX security symposium (USENIX Security 14), pp 95\u2013110. USENIX Association, San Diego, CA. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/costin"},{"key":"114_CR6","doi-asserted-by":"publisher","unstructured":"Cui A, Stolfo SJ (2010) A quantitative analysis of the insecurity of embedded network devices: Results of a wide-area scan. In: Proceedings of the 26th annual computer security applications conference. ACSAC \u201910, pp 97\u2013106. Association for Computing Machinery, New York, NY, USA. https:\/\/doi.org\/10.1145\/1920261.1920276","DOI":"10.1145\/1920261.1920276"},{"issue":"2","key":"114_CR7","doi-asserted-by":"publisher","first-page":"1574","DOI":"10.1016\/j.asoc.2010.08.024","volume":"11","author":"D Dasgupta","year":"2011","unstructured":"Dasgupta D, Yu S, Nino F (2011) Recent advances in artificial immune systems: models and applications. Appl Soft Comput 11(2):1574\u20131587. https:\/\/doi.org\/10.1016\/j.asoc.2010.08.024","journal-title":"Appl Soft Comput"},{"key":"114_CR8","unstructured":"DIGI2-FEUP: DINASORE (2021). https:\/\/digi2-feup.github.io\/dinasore\/. Aaccessed Nov 2021"},{"key":"114_CR9","doi-asserted-by":"publisher","unstructured":"Dowdeswell B, Sinha R, MacDonell SG (2020a) Diagnosable-by-design model-driven development for IEC 61499 industrial cyber-physical systems. In: IECON 2020 the 46th annual conference of the IEEE industrial electronics society, pp 2183\u20132188. https:\/\/doi.org\/10.1109\/IECON43393.2020.9254620","DOI":"10.1109\/IECON43393.2020.9254620"},{"key":"114_CR10","doi-asserted-by":"publisher","unstructured":"Dowdeswell B, Sinha R, Jarvis D, Jarvis J, MacDonell SG (2020b) Employing agent beliefs during fault diagnosis for IEC 61499 industrial cyber-physical systems. In: IECON 2020 the 46th annual conference of the IEEE industrial electronics society, pp 2189\u20132194. https:\/\/doi.org\/10.1109\/IECON43393.2020.9254877","DOI":"10.1109\/IECON43393.2020.9254877"},{"key":"114_CR11","unstructured":"Foundation E (2021a) 4diac FORTE\u2014IEC 61499 Runtime Environment. https:\/\/www.eclipse.org\/4diac\/en_rte.php. Accessed Nov 2021"},{"key":"114_CR12","unstructured":"Foundation E (2021b) Eclipse 4diac. https:\/\/www.eclipse.org\/4diac\/. Accessed Nov 2021"},{"key":"114_CR13","doi-asserted-by":"crossref","unstructured":"Greensmith J (2007) The dendritic cell algorithm. Ph.D. Thesis, Citeseer","DOI":"10.2139\/ssrn.2831280"},{"key":"114_CR14","unstructured":"Griffiths N (2020) nmon: a free tool to analyze AIX and Linux performance. https:\/\/developer.ibm.com\/articles\/au-nmon_analyser\/. Accessed Nov 2021"},{"key":"114_CR15","doi-asserted-by":"publisher","unstructured":"Jazdi N (2014) Cyber physical systems in the context of industry 4.0. In: 2014 IEEE international conference on automation, quality and testing, robotics, pp 1\u20134. https:\/\/doi.org\/10.1109\/AQTR.2014.6857843","DOI":"10.1109\/AQTR.2014.6857843"},{"issue":"4","key":"114_CR16","doi-asserted-by":"publisher","first-page":"413","DOI":"10.1007\/s11047-006-9026-4","volume":"6","author":"J Kim","year":"2007","unstructured":"Kim J, Bentley PJ, Aickelin U, Greensmith J, Tedesco G, Twycross J (2007) Immune system approaches to intrusion detection\u2014a review. Nat Comput 6(4):413\u2013466. https:\/\/doi.org\/10.1007\/s11047-006-9026-4","journal-title":"Nat Comput"},{"key":"114_CR17","unstructured":"KimiNewt: Python packet parser using wireshark\u2019s tshark (2021). https:\/\/github.com\/KimiNewt\/pyshark\/. Accessed Nov 2021"},{"key":"114_CR18","volume-title":"Intrusion detection with snort","author":"J Koziol","year":"2003","unstructured":"Koziol J (2003) Intrusion detection with snort. Sams Publishing, Carmel"},{"issue":"4","key":"114_CR19","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/s12599-014-0334-4","volume":"6","author":"H Lasi","year":"2014","unstructured":"Lasi H, Fettke P, Kemper H-G, Feld T, Hoffmann M (2014) Industry 4.0. Bus Inf Syst Eng 6(4):239\u2013242. https:\/\/doi.org\/10.1007\/s12599-014-0334-4","journal-title":"Bus Inf Syst Eng"},{"key":"114_CR20","first-page":"62","volume":"30","author":"RM Lee","year":"2014","unstructured":"Lee RM, Assante MJ, Conway T (2014) German steel mill cyber attack. Ind Control Syst 30:62","journal-title":"Ind Control Syst"},{"key":"114_CR21","doi-asserted-by":"publisher","unstructured":"Lindgren P, Lindner M, Lindner A, Eriksson J, Vyatkin V (2014) Real-time execution of function blocks for internet of things using the rtfm-kernel. In: Proceedings of the 2014 IEEE emerging technology and factory automation (ETFA), pp 1\u20136. https:\/\/doi.org\/10.1109\/ETFA.2014.7005232","DOI":"10.1109\/ETFA.2014.7005232"},{"key":"114_CR22","volume-title":"Cyber-physical attacks: a growing invisible threat","author":"G Loukas","year":"2015","unstructured":"Loukas G (2015) Cyber-physical attacks: a growing invisible threat. Butterworth-Heinemann, Oxford"},{"key":"114_CR23","doi-asserted-by":"publisher","first-page":"156790","DOI":"10.1155\/2014\/156790","volume":"2014","author":"AK Misra","year":"2014","unstructured":"Misra AK, Mishra KK, Yang H, Li T, Hu X, Wang F, Zou Y (2014) A survey of artificial immune system based intrusion detection. Sci World J 2014:156790. https:\/\/doi.org\/10.1155\/2014\/156790","journal-title":"Sci World J"},{"issue":"110","key":"114_CR24","first-page":"1","volume":"22","author":"J Montiel","year":"2021","unstructured":"Montiel J, Halford M, Mastelini SM, Bolmier G, Sourty R, Vaysse R, Zouitine A, Gomes HM, Read J, Abdessalem T, Bifet A (2021) River: machine learning for streaming data in python. J Mach Learn Res 22(110):1\u20138","journal-title":"J Mach Learn Res"},{"key":"114_CR25","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1016\/j.future.2018.12.012","volume":"95","author":"N Muthukumar","year":"2019","unstructured":"Muthukumar N, Srinivasan S, Ramkumar K, Pal D, Vain J, Ramaswamy S (2019) A model-based approach for design and verification of industrial Internet of Things. Fut Gen Comput Syst 95:354\u2013363. https:\/\/doi.org\/10.1016\/j.future.2018.12.012","journal-title":"Fut Gen Comput Syst"},{"issue":"4","key":"114_CR26","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1109\/MIE.2009.934793","volume":"3","author":"A Otto","year":"2009","unstructured":"Otto A, Hellmann K (2009) Iec 61131: a general overview and emerging trends. IEEE Ind Electron Mag 3(4):27\u201331. https:\/\/doi.org\/10.1109\/MIE.2009.934793","journal-title":"IEEE Ind Electron Mag"},{"key":"114_CR27","unstructured":"Pereira EM, dos Reis JPC, Gon\u00e7alves G (2020) Dinasore: a dynamic intelligent reconfiguration tool for cyber-physical production systems. In: 1st Eclipse international conference on security, artificial intelligence and modeling for the next generation Internet of Things (SAM IoT), pp 63\u201371. http:\/\/ceur-ws.org\/Vol-2739\/#paper_9"},{"key":"114_CR28","doi-asserted-by":"publisher","unstructured":"Pinto R (2020) M2M using OPC UA. IEEE Dataport. https:\/\/doi.org\/10.21227\/ychv-6c68","DOI":"10.21227\/ychv-6c68"},{"key":"114_CR29","doi-asserted-by":"publisher","unstructured":"Pinto R, Gon\u00e7alves G, Tovar E, Delsing J (2020) Attack detection in cyber-physical production systems using the deterministic dendritic cell algorithm. In: 2020 25th IEEE international conference on emerging technologies and factory automation (ETFA), vol 1, pp 1552\u20131559. https:\/\/doi.org\/10.1109\/ETFA46521.2020.9212021","DOI":"10.1109\/ETFA46521.2020.9212021"},{"key":"114_CR30","doi-asserted-by":"publisher","first-page":"664","DOI":"10.1007\/978-3-030-80129-8_47","volume-title":"Intelligent computing","author":"R Pinto","year":"2021","unstructured":"Pinto R, Gon\u00e7alves G, Delsing J, Tovar E (2021) Incremental dendritic cell algorithm for intrusion detection in cyber-physical production systems. In: Arai K (ed) Intelligent computing. Springer, Cham, pp 664\u2013680"},{"key":"114_CR31","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/978-3-030-45096-0_55","volume-title":"Computer aided systems theory\u2013EUROCAST 2019","author":"L Prenzel","year":"2020","unstructured":"Prenzel L, Zoitl A, Provost J (2020) IEC 61499 runtime environments: a state of the art comparison. In: Moreno-D\u00edaz R, Pichler F, Quesada-Arencibia A (eds) Computer aided systems theory\u2013EUROCAST 2019. Springer, Cham, pp 453\u2013460"},{"key":"114_CR32","doi-asserted-by":"publisher","unstructured":"Querol E, Romero JA, Serrano J, Sanchis R (2016) Evaluation of closed loop control applications using different event management strategies under IEC 61499. In: 2016 Second international conference on event-based control, communication, and signal processing (EBCCSP), pp 1\u20138. https:\/\/doi.org\/10.1109\/EBCCSP.2016.7605263","DOI":"10.1109\/EBCCSP.2016.7605263"},{"key":"114_CR33","unstructured":"Sekar R, Bowen T (1999) On preventing intrusions by process behavior monitoring. In: 1st Workshop on intrusion detection and network monitoring (ID 99). USENIX Association, Santa Clara, CA. https:\/\/www.usenix.org\/conference\/id-99\/preventing-intrusions-process-behavior-monitoring"},{"key":"114_CR34","doi-asserted-by":"publisher","unstructured":"Sierla S, Hurkala M, Charitoudi K, Yang C-W, Vyatkin V (2014) Security risk analysis for smart grid automation. In: 2014 IEEE 23rd international symposium on industrial electronics (ISIE), pp 1737\u20131744 . https:\/\/doi.org\/10.1109\/ISIE.2014.6864877","DOI":"10.1109\/ISIE.2014.6864877"},{"key":"114_CR35","first-page":"73","volume-title":"Critical infrastructure protection","author":"J Slay","year":"2008","unstructured":"Slay J, Miller M (2008) Lessons learned from the Maroochy water breach. In: Goetz E, Shenoi S (eds) Critical infrastructure protection. Springer, Boston, pp 73\u201382"},{"issue":"6","key":"114_CR36","doi-asserted-by":"publisher","first-page":"3992","DOI":"10.1109\/TII.2020.3009133","volume":"17","author":"A Tanveer","year":"2021","unstructured":"Tanveer A, Sinha R, Kuo MMY (2021) Secure links: secure-by-design communications in IEC 61499 industrial control applications. IEEE Trans Ind Inform 17(6):3992\u20134002. https:\/\/doi.org\/10.1109\/TII.2020.3009133","journal-title":"IEEE Trans Ind Inform"},{"key":"114_CR37","doi-asserted-by":"publisher","unstructured":"Tanveer A, Sinha R, MacDonell SG, Leitao P, Vyatkin V (2019) Designing actively secure, highly available industrial automation applications. In: 2019 IEEE 17th international conference on industrial informatics (INDIN), vol 1, pp 374\u2013379. https:\/\/doi.org\/10.1109\/INDIN41052.2019.8972262","DOI":"10.1109\/INDIN41052.2019.8972262"},{"key":"114_CR38","doi-asserted-by":"publisher","unstructured":"Tanveer A, Sinha R, MacDonell SG (2018) On design-time security in IEC 61499 systems: conceptualisation, implementation, and feasibility. In: 2018 IEEE 16th international conference on industrial informatics (INDIN), pp 778\u2013785. https:\/\/doi.org\/10.1109\/INDIN.2018.8472093","DOI":"10.1109\/INDIN.2018.8472093"},{"issue":"1","key":"114_CR39","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1109\/TII.2005.844427","volume":"1","author":"K Thramboulidis","year":"2005","unstructured":"Thramboulidis K (2005) Model-integrated mechatronics\u2014toward a new paradigm in the development of manufacturing systems. IEEE Trans Ind Inform 1(1):54\u201361. https:\/\/doi.org\/10.1109\/TII.2005.844427","journal-title":"IEEE Trans Ind Inform"},{"issue":"1","key":"114_CR40","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1016\/j.jfranklin.2019.03.037","volume":"358","author":"C Vargas Martinez","year":"2021","unstructured":"Vargas Martinez C, Vogel-Heuser B (2021) A host intrusion detection system architecture for embedded industrial devices. J Frankl Inst 358(1):210\u2013236. https:\/\/doi.org\/10.1016\/j.jfranklin.2019.03.037","journal-title":"J Frankl Inst"},{"key":"114_CR41","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1016\/j.future.2020.07.012","volume":"113","author":"Mishra L Vikash","year":"2020","unstructured":"Vikash Mishra L, Varma S (2020) Performance evaluation of real-time stream processing systems for internet of things applications. Fut Gen Comput Syst 113:207\u2013217. https:\/\/doi.org\/10.1016\/j.future.2020.07.012","journal-title":"Fut Gen Comput Syst"},{"issue":"4","key":"114_CR42","doi-asserted-by":"publisher","first-page":"768","DOI":"10.1109\/TII.2011.2166785","volume":"7","author":"V Vyatkin","year":"2011","unstructured":"Vyatkin V (2011) IEC 61499 as enabler of distributed and intelligent automation: state-of-the-art review. IEEE Trans Ind Inform 7(4):768\u2013781. https:\/\/doi.org\/10.1109\/TII.2011.2166785","journal-title":"IEEE Trans Ind Inform"},{"issue":"3","key":"114_CR43","doi-asserted-by":"publisher","first-page":"1234","DOI":"10.1109\/TII.2013.2258165","volume":"9","author":"V Vyatkin","year":"2013","unstructured":"Vyatkin V (2013) Software engineering in industrial automation: state-of-the-art review. IEEE Trans Ind Inform 9(3):1234\u20131249. https:\/\/doi.org\/10.1109\/TII.2013.2258165","journal-title":"IEEE Trans Ind Inform"},{"key":"114_CR44","doi-asserted-by":"publisher","unstructured":"Zhabelova G, Vyatkin V (2015) Towards software metrics for evaluating quality of iec 61499 automation software. In: 2015 IEEE 20th conference on emerging technologies factory automation (ETFA), pp 1\u20138. https:\/\/doi.org\/10.1109\/ETFA.2015.7301502","DOI":"10.1109\/ETFA.2015.7301502"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-022-00114-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-022-00114-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-022-00114-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T04:02:48Z","timestamp":1651377768000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-022-00114-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5,1]]},"references-count":44,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,12]]}},"alternative-id":["114"],"URL":"https:\/\/doi.org\/10.1186\/s42400-022-00114-z","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,5,1]]},"assertion":[{"value":"20 July 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 January 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 May 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"9"}}