Industrial Cyber-Physical Systems (ICPS) are driving the 4th Industrial Revolution, significantly impacting the productivity and efficiency of all sectors, including industrial automation. Central to this revolution is the networking and digitisation of multi-domain and large-scale physical systems within the industrial context. However, the seamless convergence of the digital and physical world has made ICPS vulnerable to new and sophisticated security threats. Ensuring the security requirements of ICPS is paramount, especially against cyber attacks that can significantly impact the availability of critical ICPS applications. The ICPS applications traditionally execute on resource-constrained devices like PLCs. These devices have limited resources, and standard security measures are inadequate to safeguard them due to the resource limitations. Balancing security requirements with distinctive characteristics of resource-constrained ICPS is pivotal for maintaining the performance, availability, and robustness of ICPS applications.

In this research, the significant contributions of our works are framed as research objectives and achieved using design science research methodology. We have presented several novel light-weight active security solutions developed to address the current gaps against cyber attacks, specifically Distributed Denial of Service (DDoS) attacks on the resource-constrained ICPS. DDoS attacks are the most reported attacks that disrupt or degrade the availability of systems, either by overloading them with a flood of packets or exploiting vulnerabilities. Considering the disruptive and degrading impacts of DDoS attacks on the normal operations of the resource-constrained ICPS, this thesis focuses on detecting such attacks using light-weight active security solutions. The light-weight active security solutions are considered generic and programmable security measures that can proactively protect the devices with minimal overhead on their performance.

Systematic Mapping Study (SMS) and Systematic Literature Review (SLR) results have shown that light-weight active security solutions are crucial for resource-constrained ICPS to deal with DDoS attacks. We have also proposed the generic active security technique for detecting DDoS attacks on resourceconstrained ICPS. Moreover, the notable inclusion of a novel multi-vector and cross-domain DDoS attack taxonomy helps us to devise the solutions for multi-scale flooding attacks and attack volumes and binary and multi-class slow-rate attack detection frameworks. The proposed works’ effectiveness was determined using PLCs and publicly available datasets. The evaluations show noteworthy accuracy, low prediction time, and distinguished performance over existing state-of-the-art mechanisms.