{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,27]],"date-time":"2026-05-27T21:35:04Z","timestamp":1779917704446,"version":"3.53.1"},"reference-count":32,"publisher":"MDPI AG","issue":"21","license":[{"start":{"date-parts":[[2021,10,20]],"date-time":"2021-10-20T00:00:00Z","timestamp":1634688000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"Critical Infrastructures (CIs) are sensible targets. They could be physically damaged by natural or human actions, causing service disruptions, economic losses, and, in some extreme cases, harm to people. They, therefore, need a high level of protection against possible unintentional and intentional events. In this paper, we show a logical architecture that exploits information from both physical and cybersecurity systems to improve the overall security in a power plant scenario. We propose a Machine Learning (ML)-based anomaly detection approach to detect possible anomaly events by jointly correlating data related to both the physical and cyber domains. The performance evaluation showed encouraging results\u2014obtained by different ML algorithms\u2014which highlights how our proposed approach is able to detect possible abnormal situations that could not have been detected by using only information from either the physical or cyber domain.<\/jats:p>","DOI":"10.3390\/s21216970","type":"journal-article","created":{"date-parts":[[2021,10,20]],"date-time":"2021-10-20T21:31:26Z","timestamp":1634765486000},"page":"6970","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":28,"title":["Toward the Integration of Cyber and Physical Security Monitoring Systems for Critical Infrastructures"],"prefix":"10.3390","volume":"21","author":[{"given":"Alessandro","family":"Fausto","sequence":"first","affiliation":[{"name":"DITEN Department, University of Genoa, 16145 Genoa, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6404-2451","authenticated-orcid":false,"given":"Giovanni Battista","family":"Gaggero","sequence":"additional","affiliation":[{"name":"DITEN Department, University of Genoa, 16145 Genoa, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0983-9131","authenticated-orcid":false,"given":"Fabio","family":"Patrone","sequence":"additional","affiliation":[{"name":"DITEN Department, University of Genoa, 16145 Genoa, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Paola","family":"Girdinio","sequence":"additional","affiliation":[{"name":"DITEN Department, University of Genoa, 16145 Genoa, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9626-3483","authenticated-orcid":false,"given":"Mario","family":"Marchese","sequence":"additional","affiliation":[{"name":"DITEN Department, University of Genoa, 16145 Genoa, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2021,10,20]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Shirey, R. (2021, October 12). Internet Security Glossary, Version 2; RFC 4949; 2007. Available online: https:\/\/www.hjp.at\/doc\/rfc\/rfc4949.html.","DOI":"10.17487\/rfc4949"},{"key":"ref_2","unstructured":"Crowell, W.P., Contos, B.T., DeRodeff, C., and Dunkel, D. (2011). Physical and Logical Security Convergence: Powered by Enterprise Security Management, Syngress."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Setola, R., Luiijf, E., and Theocharidou, M. (2016). Critical infrastructures, protection and resilience. Managing the Complexity of Critical Infrastructures, Springer.","DOI":"10.1007\/978-3-319-51043-9_1"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"210","DOI":"10.1109\/JPROC.2011.2165269","article-title":"Cyber\u2013physical system security for the electric power grid","volume":"100","author":"Sridhar","year":"2011","journal-title":"Proc. IEEE"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Colbert, E.J., and Kott, A. (2016). Cyber-Security of SCADA and Other Industrial Control Systems, Springer.","DOI":"10.1007\/978-3-319-32125-7"},{"key":"ref_6","unstructured":"Knapp, E.D., and Langill, J. (2014). Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, Syngress."},{"key":"ref_7","first-page":"116","article-title":"Guidelines for the Use of PIV Credentials in Facility Access","volume":"800","author":"Ferraiolo","year":"2018","journal-title":"NIST Spec. Publ."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1186\/s40537-019-0212-5","article-title":"Intelligent video surveillance: A review through deep learning techniques for crowd analysis","volume":"6","author":"Sreenu","year":"2019","journal-title":"J. Big Data"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Song, H., Fink, G., and Jeschke, S. (2017). Security and Privacy in Cyber-Physical Systems, Wiley.","DOI":"10.1002\/9781119226079"},{"key":"ref_10","first-page":"29","article-title":"W32. Stuxnet Dossier","volume":"5","author":"Falliere","year":"2011","journal-title":"Symantec Corp. Secur. Response"},{"key":"ref_11","unstructured":"Miller, D.R., Harris, S., Harper, A., VanDyke, S., and Blask, C. (2010). Security Information and Event Management (SIEM) Implementation, McGraw Hill Professional."},{"key":"ref_12","first-page":"1","article-title":"Guide to computer security log management","volume":"92","author":"Kent","year":"2006","journal-title":"NIST Spec. Publ."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"93083","DOI":"10.1109\/ACCESS.2020.2994961","article-title":"A review of research work on network-based scada intrusion detection systems","volume":"8","author":"Rakas","year":"2020","journal-title":"IEEE Access"},{"key":"ref_14","first-page":"1","article-title":"Host-based intrusion detection system with system calls: Review and future trends","volume":"51","author":"Liu","year":"2018","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"e4150","DOI":"10.1002\/ett.4150","article-title":"Network intrusion detection system: A systematic study of machine learning and deep learning approaches","volume":"32","author":"Ahmad","year":"2021","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"46595","DOI":"10.1109\/ACCESS.2019.2909807","article-title":"Securing the smart grid: A comprehensive compilation of intrusion detection and prevention systems","volume":"7","author":"Sarigiannidis","year":"2019","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3203245","article-title":"A survey of physics-based attack detection in cyber-physical systems","volume":"51","author":"Giraldo","year":"2018","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Gaggero, G.B., Girdinio, P., and Marchese, M. (2021). Advancements and Research Trends in Microgrids Cybersecurity. Appl. Sci., 11.","DOI":"10.3390\/app11167363"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Gaggero, G.B., Rossi, M., Girdinio, P., and Marchese, M. (2020). Detecting System Fault\/Cyberattack within a Photovoltaic System Connected to the Grid: A Neural Network-Based Solution. J. Sens. Actuator Netw., 9.","DOI":"10.3390\/jsan9020020"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1016\/j.sigpro.2013.12.026","article-title":"A review of novelty detection","volume":"99","author":"Pimentel","year":"2014","journal-title":"Signal Process."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"2481","DOI":"10.1016\/j.sigpro.2003.07.018","article-title":"Novelty detection: A review\u2014Part 1: Statistical approaches","volume":"83","author":"Markou","year":"2003","journal-title":"Signal Process."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"2499","DOI":"10.1016\/j.sigpro.2003.07.019","article-title":"Novelty detection: A review\u2014Part 2: Neural network based approaches","volume":"83","author":"Markou","year":"2003","journal-title":"Signal Process."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Sekharan, S.S., and Kandasamy, K. (2017, January 22\u201324). Profiling SIEM tools and correlation engines for security analytics. Proceedings of the International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, India.","DOI":"10.1109\/WiSPNET.2017.8299855"},{"key":"ref_24","unstructured":"Granadillo, G.G., El-Barbori, M., and Debar, H. (2016, January 21\u201323). New types of alert correlation for security information and event management systems. Proceedings of the 8th International Conference on New Technologies, Mobility and Security (NTMS), Larnaca, Cyprus."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Kotenko, I.V., Levshun, D.S., and Chechulin, A.A. (2016, January 25\u201327). Event correlation in the integrated cyber-physical security system. Proceedings of the 19th International Conference on Soft Computing and Measurements (SCM), St. Petersburg, Russiam.","DOI":"10.1109\/SCM.2016.7519820"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1016\/j.sysarc.2015.11.010","article-title":"A framework for mastering heterogeneity in multi-layer security information and event correlation","volume":"62","author":"Coppolino","year":"2016","journal-title":"J. Syst. Archit."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Frattini, F., Giordano, U., and Conti, V. (2019, January 17\u201320). Facing Cyber-Physical Security Threats by PSIM-SIEM Integration. Proceedings of the 15th European Dependable Computing Conference (EDCC), Naples, Italy.","DOI":"10.1109\/EDCC.2019.00026"},{"key":"ref_28","first-page":"102544","article-title":"synERGY: Cross-correlation of operational and contextual data to timely detect and mitigate attacks to cyber-physical systems","volume":"54","author":"Skopik","year":"2020","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Breunig, M.M., Kriegel, H.P., Ng, R.T., and Sander, J. (2000, January 15\u201318). LOF: Identifying density-based local outliers. Proceedings of the International Conference on Management of Data, Dallas, TX, USA.","DOI":"10.1145\/342009.335388"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Liu, F.T., Ting, K.M., and Zhou, Z.H. (2008, January 15\u201319). Isolation forest. Proceedings of the 8th International Conference on Data Mining, Pisa, Italy.","DOI":"10.1109\/ICDM.2008.17"},{"key":"ref_31","unstructured":"Sch\u00f6lkopf, B., Williamson, R.C., Smola, A.J., Shawe-Taylor, J., and Platt, J.C. (2000). Support vector method for novelty detection. Advances in Neural Information Processing Systems, MIT Press."},{"key":"ref_32","first-page":"2825","article-title":"Scikit-learn: Machine learning in Python","volume":"12","author":"Pedregosa","year":"2011","journal-title":"J. Mach. Learn. Res."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/21\/6970\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T07:19:38Z","timestamp":1760167178000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/21\/6970"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,20]]},"references-count":32,"journal-issue":{"issue":"21","published-online":{"date-parts":[[2021,11]]}},"alternative-id":["s21216970"],"URL":"https:\/\/doi.org\/10.3390\/s21216970","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,10,20]]}}}