Dual-Horizon Bayesian Defense for CPS: Proactive Training + Reactive Purification

Build on Arce et al.’s (2025) unified Bayesian framework that explicitly models adversarial uncertainty. Train CPS/ICS detectors with two components: (1) proactive robustification via expected-risk minimization over an adversarial channel distribution estimated per-feature (e.g., perturbation budgets vary by sensor) and (2) a reactive purifier at inference that samples from the posterior over possible clean inputs given observed corrupted features. Learn both modules end-to-end to optimize a combined risk that penalizes clean accuracy loss. Papangelo et al. (IEEE Comm. Mag. 2024) show adversarial training boosts robustness in image-based RFF but hurts clean accuracy. The dual-horizon strategy uses the Bayesian channel to share burden: the classifier is less over-regularized because the purifier absorbs part of the adversarial mass during operations. Wang et al. (IEEE CST 2024) call for defenses spanning inputs-to-outputs; this formalizes that span with a calibrated probabilistic bridge. Unifies proactive training and reactive purification in CPS contexts (e.g., DR FDI from Zhang & Sikdar 2024 and O-RAN threats), where feature-wise perturbation priors are domain-informed (sensor physics, network constraints). Explicit uncertainty modeling reduces overfitting to worst-case budgets and offers graceful degradation under unknown attacks—a key pain point noted across surveys. Impact: A principled, deployable way to get robustness without paying excessive accuracy tax, tailored to CPS where the attack surface and feature semantics are heterogeneous.

References:

1. Evasion Attack and Defense on Machine Learning Models in Cyber-Physical Systems: A Survey. Shunyao Wang, Ryan K. L. Ko, Guangdong Bai, Naipeng Dong, Taejun Choi, Yanjun Zhang (2024). IEEE Communications Surveys and Tutorials.
2. A unified Bayesian framework for adversarial robustness. Pablo G. Arce, Roi Naveiro, David R'ios Insua (2025).
3. Adversarial Machine Learning for Image-Based Radio Frequency Fingerprinting: Attacks and Defenses. Lorenzo Papangelo, Maurizio Pistilli, Savio Sciancalepore, G. Oligeri, G. Piro, G. Boggia (2024). IEEE Communications Magazine.
4. A Novel Adversarial FDI Attack and Defense Mechanism for Smart Grid Demand-Response Mechanisms. Guihai Zhang, Biplab Sikdar (2024). IEEE Transactions on Industrial Cyber-Physical Systems.