Autonomous Cyber-Physical Security Middleware for IoT: Anomaly Detection and Adaptive Response in Hybrid Environments

William Villegas^1*IVAN ORTIZ-GARCES¹Sergio Luján-Mora²

• ¹University of the Americas, Quito, Ecuador
• ²Universitat d'Alacant, Sant Vicent del Raspeig, Spain

The rapid adoption of Internet of Things (IoT) devices in cyber-physical systems in-troduces significant security challenges, particularly in distributed and heterogeneous environments where operational resilience and real-time threat response are critical. Previous efforts have explored lightweight encryption and modular authentication. Still, few solutions provide a unified framework that integrates real-time anomaly detection, automated mitigation, and performance evaluation under hybrid experimental conditions. This work presents an autonomous multi-layered security architecture for IoT networks, implemented through microservices-based middleware with native support for detection and adaptive response mechanisms. The architecture integrates lightweight anomaly inference models, based on entropy metrics and anomaly scores, with a rule-based engine that executes dynamic containment actions such as node isolation, channel reconfiguration, and key rotation. The system runs on edge hardware (Raspberry Pi, sensors, actuators) and is validated in a hybrid testbed with NS-3 simulations. Experimental results show an F1-Score of 0.931 in physical deployments and 0.912 in simulated scenarios, with anomaly detection latencies below 130 ms and containment actions triggered within 300 ms. Under high-load conditions, CPU usage remains under 60 % and memory consumption below 300 MB. Compared to representative middleware platforms such as BlendSM-DDM and Claimsware, the proposed system uniquely integrates detection, response, and auditability, achieving high scala-bility and resilience for IoT deployments in real-world hybrid environments.