Mitigating Cyber-Physical Attacks in ERP-Controlled Infrastructures through AI-Based Intrusion Response Systems
DOI:
https://doi.org/10.63282/3050-9416.IJAIBDCMS-V6I1P115Keywords:
Industrial Control Systems (ICS), Intrusion Detection and Response (IDR), Reinforcement Learning, Safety ShieldsAbstract
Enterprise Resource Planning (ERP) systems are increasingly acting as the conductor of cyber-physical operations in the manufacturing, utilities, logistics, and healthcare sectors. This tight OT-IT integration enhances effectiveness but increases the attack surface: an attacker can use ERP identities and APIs and switch to plant-floor controllers or pollute master data to create recipes with wrong proportions or schedule so as to cause unsafe conditions. Suggest an AI-Based Intrusion Response System (AIRS) to be placed at the ERP-operations border and identify, describe, and securely handle multi-stage attacks on the fly. AIRS unites diverse telemetry ERP audit trails, identity and API activity, network/flow, PLC/SCADA tags and process KPIs into a graph-temporal model that maintains a relationship between users, assets, and work orders. Supervised and unsupervised detectors raise known and unknown behaviors and specification checks check control invariants. A reinforcement policy based on safety-shielded learning identifies the least disruptive moves e.g. isolating interface accounts, throttling risky releases of orders, reverting controllers to safe set-points the process and service constraints. Digital-twin sandbox is continually trained and tested, policies against realistic attack playbooks and faults, and SOAR translates to auditable runbooks that are compliant with IEC 62443 and MITRE ATT&CK applied to ICS. Trust and compliance are guaranteed by human-in-the-loop controls, counterfactual explanations as well as rollback plans. The tests of a hybrid ERP/ICS testbed show that the faster lateral-movement detection, lower MTTD/MTTR, and sustained availability with a small number of false-positive actions are feasible and offer a viable standards-preferred road to resilient ERP-controlled infrastructures
References
1. Hasan, M. K., Abdulkadir, R. A., Islam, S., Gadekallu, T. R., & Safie, N. (2024). A review on machine learning techniques for secured cyber-physical systems in smart grid networks. Energy Reports, 11, 1268-1290.
2. ERP Security Best Practices for Sensitive Data, online. https://www.top10erp.org/blog/erp-security
3. Anica-Popa, L. E., Vrîncianu, M., Pugna, I. B., & Boldeanu, D. M. (2024). Addressing cybersecurity issues in ERP systems–Emerging trends. In Proceedings of the International Conference on Cybersecurity. Sciendo.
4. Roy, S., Sankaran, S., & Zeng, M. (2024). Green intrusion detection systems: A comprehensive review and directions. Sensors, 24(17), 5516.
5. Kaur, R., Gabrijelčič, D., & Klobučar, T. (2023). Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion, 97, 101804.
6. Wang, K. (2024). Leveraging Deep Learning for Enhanced Information Security: A Comprehensive Approach to Threat Detection and Mitigation. International Journal of Advanced Computer Science & Applications, 15(12).
7. The Latest OT/IoT Cybersecurity Threat Landscape – 2H 2024 Review, nozominetworks, online. https://www.nozominetworks.com/resources/ot-iot-cybersecurity-threat-landscape-2h-2024-review
8. Mathieu, R. G., & Turovlin, A. E. (2023). Lost in the middle–a pragmatic approach for ERP managers to prioritize known vulnerabilities by applying classification and regression trees (CART). Information & Computer Security, 31(5), 655-674.
9. Meland, P. H., Bernsmed, K., Wille, E., Rødseth, Ø. J., & Nesheim, D. A. (2021). A retrospective analysis of maritime cyber security incidents. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, 15(3), 519-530.
10. 2024 in retrospect: Lessons learned and cyber strategies shaping future of critical infrastructure, industrialcyber, online. https://industrialcyber.co/features/2024-in-retrospect-lessons-learned-and-cyber-strategies-shaping-future-of-critical-infrastructure/
11. ICS Threat Landscape - 2024, kpmg, online. https://kpmg.com/in/en/insights/2024/04/ics-threat-landscape-2024.html
12. Sowmya, T., & Anita, E. M. (2023). A comprehensive review of AI based intrusion detection system. Measurement: Sensors, 28, 100827.
13. Meland, P. H., Bernsmed, K., Wille, E., Rødseth, Ø. J., & Nesheim, D. A. (2021). A retrospective analysis of maritime cyber security incidents. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, 15(3), 519-530.
14. Huang, S., Zhou, C.-J., Yang, S.-H., & Qin, Y.-Q. (2015). Cyber-physical system security for networked industrial processes. International Journal of Automation and Computing, 12(6), 567-578. DOI:10.1007/s11633-015-0923-9.
15. Mishra, R. (2020). Evolution of ERP Cybersecurity. International Journal of Engineering Research & Technology (IJERT), Vol.9, Issue 04 (April-2020).
16. Zizzo, G., Hankin, C., Maffeis, S., & Jones, K. (2019). Adversarial Attacks on Time-Series Intrusion Detection for Industrial Control Systems.
17. Beretas, C. P. (2020). Industrial control systems: The biggest cyber threat. Ann Civil Environ Eng. 4:044-046. DOI:10.29328/journal.acee.1001026.
18. Shahzad, A., Musa, S., Aborujilah, A., & Irfan, M. (2014). A REVIEW: Industrial Control System (ICS) and their security issues. American Journal of Applied Sciences, 11(8), 1398-1404.
19. Convolutional Neural Network for Intrusion Detection System in Cyber Physical Systems.” (2019). De Teyou, G. K., & Ziazet, J.
20. Detecting Cyberattacks in Industrial Control Systems Using Convolutional Neural Networks.” (2018). Kravchik, M., & Shabtai, A.
21. A deep learning-based framework for conducting stealthy attacks in industrial control systems.” (2017). Feng, C., Li, T., Zhu, Z., & Chana, D.
22. Giraldo, J., Urbina, D., Cárdenas, A., Valente, J., Faisal, M., Ruths, J., Tippenhauer, N., & Sandberg, H. (2018). A survey of physics-based attack detection in cyber-physical systems. ACM Computing Surveys, 51(4), Article 76.
23. Acharya, V., Jethava, S., & Patel, A. (2013). Case Study of Database Security in Campus ERP System. International Journal of Computer Applications, 79(15), October 2013, pp. 1-4. DOI:10.5120/13814-1546.
24. Xu, H., Yu, W., Griffith, D., & Golmie, N. (2018). A Survey on Industrial Internet of Things: A Cyber-Physical Systems Perspective. IEEE Access, 6, 78238-78259. DOI:10.1109/ACCESS.2018.2884906
