Current students | NOW | Staff login

CROSS: a cloud-native approach to automated remediation and self-healing in cyber-physical systems

Tools

Johnphill, O ORCID logoORCID: https://orcid.org/0000-0001-8373-0727, Sadiq, AS ORCID logoORCID: https://orcid.org/0000-0002-5746-0257, Kaiwartya, O ORCID logoORCID: https://orcid.org/0000-0001-9669-8244 and Taheir, MA, 2026. CROSS: a cloud-native approach to automated remediation and self-healing in cyber-physical systems. Journal of Cybersecurity. ISSN 2057-2085 (Forthcoming)

[thumbnail of 2556858_Sadiq.pdf] Text
2556858_Sadiq.pdf - Post-print
Restricted to Repository staff only
Download (2MB)

Abstract

Cyber-Physical Systems (CPS) operate in increasingly complex and security-critical environments where system faults, misconfigurations, and cyberattacks can compromise safety, availability, and operational integrity. This paper presents CROSS (Cross-platform Remediation and Observability Self-Healing System), a cloud-native, cross-platform approach that extends the self-healing paradigm beyond anomaly detection to encompass autonomous, security-aware remedia-tion. Building upon the Log Intelligence and Self-Healing System (LISH) [1, 2], which utilised CountVectorizer and Multinomial Naive Bayes (MNB) for log-based anomaly classification, CROSS introduces a policy-driven remediation layer that executes context-specific recovery actions such as service restarts, system updates, device reboots, and configuration enforcement across Android, Linux, macOS, and Windows. Prometheus-based observability [3] provides fine-grained telemetry on anomalies and remedial actions, enabling continuous 1 monitoring, auditability, and adaptive security governance. Experimental evaluation demonstrates measurable reductions in mean time to recovery (MTTR) and improvements in anomaly containment and resilience across heterogeneous CPS environments. Although CROSS includes mechanisms that are applicable to cybersecurity scenarios, the present evaluation focuses on operational anomalies rather than explicit attack-induced behaviours. Accordingly, its cybersecurity relevance is framed as an architectural capability, with empirical security benchmarking identified as future work. The proposed approach bridges the gap between anomaly detection and active cyber defence, embedding explainable, automated remediation within the operational lifecycle of CPS.

Item Type: Journal article
Publication Title: Journal of Cybersecurity
Creators: Johnphill, O., Sadiq, A.S., Kaiwartya, O. and Taheir, M.A.
Publisher: Oxford University Press (OUP)
Date: 12 January 2026
ISSN: 2057-2085
Identifiers:
Number
Type
2556858
Other
Divisions: Schools > School of Science and Technology
Record created by: Laura Borcherds
Date Added: 16 Jan 2026 13:27
Last Modified: 16 Jan 2026 13:27
URI: https://irep.ntu.ac.uk/id/eprint/55071

Actions (login required)

Edit View Edit View

Statistics

Views

Views per month over past year

Downloads

Downloads per month over past year

Find us

Nottingham Trent University
Burton Street
Nottingham
NG1 4BU
+44 (0)115 941 8418

Quick links

Connect with us

Keep up to date with all things NTU

Facebook icon Twitter icon YouTube icon Flickr icon Pinterest icon Instagram icon

Search for a member of staff

© Nottingham Trent University. All rights reserved.
Cookies and privacy | Statements | Accessibility | Sitemap | Site owner