Clear Sky Science
Evidence-based, jargon-light explanations

Clear Sky Science · en

Slow drift aware dynamic risk assessment in cyber physical systems using quantum neutrosophic fuzzy modelling

· Back to index

Why quiet changes in smart hospitals matter

Modern hospitals increasingly rely on connected machines: ventilators, infusion pumps, monitors, and cloud services that together form a cyber physical system. Many threats to these systems are dramatic, like obvious hacking attempts or sudden device failures. But this paper focuses on something subtler and just as dangerous: slow, almost invisible changes in network behavior that build up over time and can undermine patient safety if they are not detected and managed.

Hidden wear and tear in digital hospital networks

In a hospital network, data from medical devices travels constantly between bedside equipment and central servers. Over months or years, this traffic can gradually change: delays creep in, small packet losses become more frequent, and connections behave just a bit differently. These slow shifts, known as drift, may signal aging equipment, configuration problems, or stealthy intrusions that avoid triggering traditional alarms. Existing risk assessment tools tend to look for clear, short term anomalies and often miss this kind of quiet degradation, especially when data is noisy, incomplete, or contradictory.

Figure 1. How connected hospital devices, networks, and protections work together to keep patients safe over time.
Figure 1. How connected hospital devices, networks, and protections work together to keep patients safe over time.

A layered safety net for connected care

The authors propose a full framework to watch over medical cyber physical systems dynamically, rather than relying on one off checks. First, each medical device is registered with a hospital server and its data are streamed to a network intrusion detection system. There, missing values are filled in, measurements are normalized, and key features of communication behavior are extracted. A new approach, called quantum state based exponentially weighted moving average, is then used to track slow drift. By encoding traffic patterns in a way that emphasizes subtle overlaps and long term trends, this method can spot gentle but persistent changes that older statistics overlook.

Smarter intrusion detection and risk scoring

To recognize actual attacks in this evolving environment, the framework uses an advanced neural network model that has been tuned for stability and speed. Special choices of weight initialization and activation function help the network learn from long sequences of traffic without its internal signals fading or getting stuck, which improves both accuracy and training time. Once possible intrusions are flagged, their signals are combined with other anomaly indicators using a technique that explicitly accounts for how different warning signs reinforce or duplicate one another. Instead of simply averaging scores, the method models pairwise and small group dependencies so that multiple weak indicators occurring together can be treated as a serious concern.

Figure 2. How subtle changes in device network signals are analyzed step by step to judge risk and trigger protective actions.
Figure 2. How subtle changes in device network signals are analyzed step by step to judge risk and trigger protective actions.

Facing uncertainty head on

Real hospital data are rarely clear cut. Measurements may be inconsistent, and experts might not fully agree about how risky a pattern is. To cope with this, the authors adopt a logic that represents each situation using three components: evidence that something is wrong, evidence that it is normal, and a third part that captures genuine uncertainty. Before combining these pieces, scores are scaled to a common range so that the final risk measure remains interpretable. The system then explains its own reasoning using an enhanced form of contribution analysis, which highlights which traffic features and anomaly signals pushed the risk up or down, helping clinicians and engineers trust and validate the results.

Turning risk insight into timely action

Knowing that risk is rising is only useful if it leads to sensible action. The final step in the framework uses a structured decision model to choose mitigation strategies, such as tightening access controls, filtering suspicious traffic, or in extreme cases isolating devices and reverting to manual operation. This decision engine is designed to keep the computations manageable even as the number of devices and possible responses grows. Tested on a public network intrusion dataset, the overall system achieved high accuracy in detecting attacks, reliably tracked slow drift, and produced stable, understandable risk scores. In plain terms, the work shows how hospitals can move from reacting to obvious crises to continuously watching for quiet warning signs, while still keeping humans in charge of safety decisions.

Citation: Kiruthika, K., Rajesh, A., Dhapekar, N.K. et al. Slow drift aware dynamic risk assessment in cyber physical systems using quantum neutrosophic fuzzy modelling. Sci Rep 16, 15698 (2026). https://doi.org/10.1038/s41598-026-41732-8

Keywords: cyber physical systems, medical IoT security, network drift, intrusion detection, dynamic risk assessment