AI-Driven Cyber-Physical and Supply-Chain Threat Detection in Mobile and Embedded Ecosystems: A Comprehensive Review

preprint OA: closed
Full text JSON View at publisher

Abstract

Abstract Mobile and embedded devices—smartphones, wearables, industrial IoT, and vehicles—now underpin critical services but also expand the cyber‑physical and supply‑chain attack surface. Heterogeneous hardware, baseband stacks, firmware/OS components, and multi‑vendor build and distribution pipelines create vulnerabilities across manufacturing, provisioning, deployment, operation, and update. This review consolidates threats and defenses through two coupled lenses: (i) AI/ML-driven monitoring for intrusion, tamper, and anomaly detection, and (ii) device trust foundations (secure/measured boot, trusted execution environments, and remote attestation). Using a systematic, criteria-driven screening and appraisal protocol, we synthesize evidence from peer‑reviewed research, standards/specifications, and authoritative platform documentation spanning SUIT-based OTA updates, RATS/EAT and PSA attestation tokens, AVB/dm‑verity integrity, and SBOM/SLSA/Sigstore provenance. We contribute (1) a lifecycle taxonomy linking phases, layers, attack classes, and controls; (2) a cross‑layer synthesis that connects attestation/TEE mechanisms to telemetry pipelines and remediation workflows; (3) a critical appraisal of datasets and evaluation practices for embedded/IoT intrusion detection; and (4) a gap analysis highlighting fleet‑scale attestation, real‑time cyber‑physical tamper sensing, provenance-to-runtime binding, and baseband security. The result is actionable guidance for building verifiable update pipelines and trustworthy, operationally feasible detection at fleet scale.
Full text 12,092 characters · extracted from preprint-html · click to expand
AI-Driven Cyber-Physical and Supply-Chain Threat Detection in Mobile and Embedded Ecosystems: A Comprehensive Review | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Systematic Review AI-Driven Cyber-Physical and Supply-Chain Threat Detection in Mobile and Embedded Ecosystems: A Comprehensive Review Sadeeq Muhammad, Hussain Maharaz Yusuf, Abidina Tijjani Kalarawi, and 1 more This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-8968440/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Mobile and embedded devices—smartphones, wearables, industrial IoT, and vehicles—now underpin critical services but also expand the cyber‑physical and supply‑chain attack surface. Heterogeneous hardware, baseband stacks, firmware/OS components, and multi‑vendor build and distribution pipelines create vulnerabilities across manufacturing, provisioning, deployment, operation, and update. This review consolidates threats and defenses through two coupled lenses: (i) AI/ML-driven monitoring for intrusion, tamper, and anomaly detection, and (ii) device trust foundations (secure/measured boot, trusted execution environments, and remote attestation). Using a systematic, criteria-driven screening and appraisal protocol, we synthesize evidence from peer‑reviewed research, standards/specifications, and authoritative platform documentation spanning SUIT-based OTA updates, RATS/EAT and PSA attestation tokens, AVB/dm‑verity integrity, and SBOM/SLSA/Sigstore provenance. We contribute (1) a lifecycle taxonomy linking phases, layers, attack classes, and controls; (2) a cross‑layer synthesis that connects attestation/TEE mechanisms to telemetry pipelines and remediation workflows; (3) a critical appraisal of datasets and evaluation practices for embedded/IoT intrusion detection; and (4) a gap analysis highlighting fleet‑scale attestation, real‑time cyber‑physical tamper sensing, provenance-to-runtime binding, and baseband security. The result is actionable guidance for building verifiable update pipelines and trustworthy, operationally feasible detection at fleet scale. Artificial Intelligence and Machine Learning Computer Architecture and Engineering Mobile device security embedded systems security cyber‑physical attacks supply‑chain security firmware integrity remote attestation trusted execution environments anomaly detection Full Text Additional Declarations The authors declare no competing interests. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-8968440","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Systematic Review","associatedPublications":[],"authors":[{"id":596972210,"identity":"4303d325-2686-4636-aeee-8f97e8fe9359","order_by":0,"name":"Sadeeq Muhammad","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA80lEQVRIie2PvwrCMBCHEwJ1UXdxyCukiyIovopS0KWCIDgLQlyqrjr5Cu3S2ZLBRZwLN9jJySFuxT9gKwpOqW6C+Ybf3XAfd4eQRvObsFeD1zJJI/eFgoJFqpBvFJFPM0uhE+FFcuhTFlqRqJ99WiQIy5OtWLHtDMzFDkw37DDRm4HJCSKlpa+6yq6UCxywC61EcQAnikEKCoXOj9XLjUPTha4UNQeamQoK7QrBHNou2EygGNqZCgsPg5KzA2u5P/aD6QgsTvBY+QudW56Mh9CYbTdeFF+hsZqMA3lSHfbAeFbMHznKmn9T0PWDYY1Go/k77lESW0uQxVtHAAAAAElFTkSuQmCC","orcid":"https://orcid.org/0009-0006-4355-4734","institution":"Shobhit University","correspondingAuthor":true,"prefix":"","firstName":"Sadeeq","middleName":"","lastName":"Muhammad","suffix":""},{"id":596972211,"identity":"b8d808b2-8d72-4005-a914-292e2586d8a8","order_by":1,"name":"Hussain Maharaz Yusuf","email":"","orcid":"","institution":"Bayero University Kano","correspondingAuthor":false,"prefix":"","firstName":"Hussain","middleName":"Maharaz","lastName":"Yusuf","suffix":""},{"id":596972212,"identity":"26714ad5-f91e-4414-8ef4-0423f55200c2","order_by":2,"name":"Abidina Tijjani Kalarawi","email":"","orcid":"","institution":"Shobhit University","correspondingAuthor":false,"prefix":"","firstName":"Abidina","middleName":"Tijjani","lastName":"Kalarawi","suffix":""},{"id":596972213,"identity":"8c388a14-4ad9-4377-ac7c-28e9967bcec9","order_by":3,"name":"Sandeep Kumar","email":"","orcid":"","institution":"Shobhit University","correspondingAuthor":false,"prefix":"","firstName":"Sandeep","middleName":"","lastName":"Kumar","suffix":""}],"badges":[],"createdAt":"2026-02-25 13:43:15","currentVersionCode":1,"declarations":{"humanSubjects":false,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-8968440/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-8968440/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":104808163,"identity":"ef91871c-0fef-4e3c-9b17-84277c5419d9","added_by":"auto","created_at":"2026-03-17 12:23:54","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1278292,"visible":true,"origin":"","legend":"","description":"","filename":"AIDrivenCyberPhysicalandSupplyChainThreatDetectioninMobileandEmbeddedEcosystemsAComprehensiveReview1X.pdf","url":"https://assets-eu.researchsquare.com/files/rs-8968440/v1_covered_e374da7c-033e-4e9b-bffa-c7eeaee8c893.pdf"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003eAI-Driven Cyber-Physical and Supply-Chain Threat Detection in Mobile and Embedded Ecosystems: A Comprehensive Review\u003c/p\u003e","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"Shobhit University","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Mobile device security, embedded systems security, cyber‑physical attacks, supply‑chain security, firmware integrity, remote attestation, trusted execution environments, anomaly detection","lastPublishedDoi":"10.21203/rs.3.rs-8968440/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-8968440/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eMobile and embedded devices—smartphones, wearables, industrial IoT, and vehicles—now underpin critical services but also expand the cyber‑physical and supply‑chain attack surface. Heterogeneous hardware, baseband stacks, firmware/OS components, and multi‑vendor build and distribution pipelines create vulnerabilities across manufacturing, provisioning, deployment, operation, and update. This review consolidates threats and defenses through two coupled lenses: (i) AI/ML-driven monitoring for intrusion, tamper, and anomaly detection, and (ii) device trust foundations (secure/measured boot, trusted execution environments, and remote attestation). Using a systematic, criteria-driven screening and appraisal protocol, we synthesize evidence from peer‑reviewed research, standards/specifications, and authoritative platform documentation spanning SUIT-based OTA updates, RATS/EAT and PSA attestation tokens, AVB/dm‑verity integrity, and SBOM/SLSA/Sigstore provenance. We contribute (1) a lifecycle taxonomy linking phases, layers, attack classes, and controls; (2) a cross‑layer synthesis that connects attestation/TEE mechanisms to telemetry pipelines and remediation workflows; (3) a critical appraisal of datasets and evaluation practices for embedded/IoT intrusion detection; and (4) a gap analysis highlighting fleet‑scale attestation, real‑time cyber‑physical tamper sensing, provenance-to-runtime binding, and baseband security. The result is actionable guidance for building verifiable update pipelines and trustworthy, operationally feasible detection at fleet scale.\u003c/p\u003e","manuscriptTitle":"AI-Driven Cyber-Physical and Supply-Chain Threat Detection in Mobile and Embedded Ecosystems: A Comprehensive Review","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-02-26 02:47:48","doi":"10.21203/rs.3.rs-8968440/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"a71ac254-9d1f-44cd-ac9f-4ea19246b9af","owner":[],"postedDate":"February 26th, 2026","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[{"id":63523264,"name":"Artificial Intelligence and Machine Learning"},{"id":63523265,"name":"Computer Architecture and Engineering"}],"tags":[],"updatedAt":"2026-03-02T12:41:00+00:00","versionOfRecord":[],"versionCreatedAt":"2026-02-26 02:47:48","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-8968440","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-8968440","identity":"rs-8968440","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}

Text is read by the "Ask this paper" AI Q&A widget below. Extraction quality varies by source — PMC NXML preserves structure cleanly, OA-HTML may include some navigation residue, and OA-PDF can have broken hyphenation. The publisher copy (via DOI) is the canonical version.

My notes (saved in your browser only)

Ask this paper AI returns verbatim quotes from the full text · source: preprint-html

Answers must be backed by verbatim quotes from this paper's full text. Hallucinated quotes are dropped automatically; if no verbatim passage answers the question, we say so. How this works

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2026) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00