Next Article in Journal
Benchmarking PHP–MySQL Communication: A Comparative Study of MySQLi and PDO Under Varying Query Complexity
Previous Article in Journal
A Fast Two-Stage Analytical Framework for Real-Time Daylight Simulation in Smart Buildings
Previous Article in Special Issue
Balancing Security and Efficiency: A Power Consumption Analysis of a Lightweight Block Cipher
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 15
Issue 1
10.3390/electronics15010020
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Systematic Review

AI-Based Anomaly Detection in Industrial Control and Cyber–Physical Systems: A Data-Type-Oriented Systematic Review

by
Jung Kyu Seo
1,
JuHyeon Lee
1,
Buyoung Kim
2,
Wooseong Shim
2 and
Jung Taek Seo
3,*
1
Department of Information Security, Gachon University, Seongnam-si 13120, Republic of Korea
2
Korea Institute of Ships & Ocean Engineering, Daejeon 34103, Republic of Korea
3
Department of Smart Security, Gachon University, Seongnam-si 13120, Republic of Korea
*
Author to whom correspondence should be addressed.
Electronics 2026, 15(1), 20; https://doi.org/10.3390/electronics15010020 (registering DOI)
Submission received: 14 November 2025 / Revised: 15 December 2025 / Accepted: 17 December 2025 / Published: 20 December 2025
(This article belongs to the Special Issue Recent Advances in Software Security and Cryptographic Protocols Using Machine Learning)
Browse Figure
Versions Notes

Abstract

Industrial Control Systems (ICS) and Cyber–Physical Systems (CPS) are critical infrastructures supporting national sectors, where cyberattacks can directly cause physical process disruptions and safety incidents. Following PRISMA 2020 guidelines, we systematically searched Web of Science, Scopus, IEEE Xplore, and the ACM Digital Library for studies published between 1 January 2021 and 31 October 2025, and finally included 89 primary studies. The literature is categorized into five data modalities—network traffic, operational data, simulation data, hybrid data, and other auxiliary data—and compared in terms of detection objectives, learning paradigms, model families, attack types, and datasets. The analysis shows that network data are effective for detecting cyber-layer attacks such as reconnaissance, DoS, and MITM, while operational data are suited for physical-layer anomalies including process disturbances, FDI, and stealth deviations. Simulation and hybrid data further support rare-scenario generation and cyber–physical consistency checking. However, limitations remain, including reliance on few benchmarks, lack of realistic multi-domain datasets, label sparsity, concept drift, and insufficient consideration of real-time and resource-constrained OT environments. Based on these findings, this review highlights future directions such as multi-domain dataset development, physics- and control-informed model design, hybrid-data-driven integrated detection, and lightweight edge deployment.

1. Introduction

Industrial Control Systems (ICS) and Cyber–Physical Systems (CPS) are critical infrastructures that ensure the safe and reliable operation of national sectors such as energy, water resources, transportation, manufacturing, and chemical plants [1]. Recent digitalization and Industry 4.0 initiatives have increased the connectivity of these systems with enterprise IT networks, remote access channels, and cloud services [2]. This trend has thereby broadened their exposure to cyberattacks. High-profile incidents such as Stuxnet, Industroyer, and Triton have demonstrated that cyber intrusions in ICS/CPS can directly escalate into physical process disruptions and safety hazards [3]. These developments have motivated extensive research on AI-based anomaly detection. Such approaches aim to automatically identify deviations from normal cyber–physical behavior in industrial environments.
Several surveys and review papers have analyzed the literature on AI-based anomaly detection for cyber-attack detection in ICS and CPS environments. Abshari and Sridhar [4] categorize and compare anomaly detection methods across machine-learning, deep-learning, mathematical, invariant-based, and hybrid approaches. Their primary focus is on methodological families and high-level CPS security challenges. Ji et al. [5] conduct a PRISMA-based systematic literature review on AI-based anomaly detection over encrypted traffic. They organize the selected studies along dimensions of the detection pipeline such as dataset, feature extraction and selection, preprocessing, anomaly detection algorithm, and performance indicators. Gaggero et al. [6] present a survey on anomaly detection in the smart grid that concentrates on methods combining artificial intelligence and physics-based modeling. They classify the literature by use-case scenario, validation method, algorithm family and performance level. Taken together, these surveys provide valuable overviews of anomaly detection techniques and research trends. However, they primarily organize the literature along algorithmic, pipeline-oriented, or domain-specific dimensions and do not explicitly structure the ICS/CPS anomaly detection landscape according to the type of data used for detection.
This gap is particularly important because, in ICS/CPS environments, the choice of dataset and data modality fundamentally constrains which attack scenarios can be observed. It also determines which security objectives (detection, classification, prediction) can be addressed and how models can be deployed under strict real-time and availability requirements. Network traffic, operational/process variables, simulation or digital-twin traces, hybrid cyber–physical logs, and auxiliary side-channel data differ significantly in terms of observability, labeling cost, granularity, and sensitivity to process context. Without a data-type-oriented comparison, it is difficult to determine which data sources are most appropriate for different attack categories and operating conditions. It is also challenging to decide how trade-offs between detection performance, practicality, and deployment cost should be managed.
To address this gap, this paper presents a PRISMA-based Systematic Literature Review (SLR) of AI-based cyber-attack anomaly detection in ICS/CPS with a particular focus on the data used for detection. We classify studies published between 1 January 2021 and 31 October 2025 into five dataset categories—network traffic data, process data, simulation data, hybrid cyber–physical data, and auxiliary data—and compare them in terms of detection objectives, learning paradigms, model types, attack coverage, and datasets used. Based on this data-type-oriented taxonomy, we derive cross-cutting observations on which data modalities are best suited for different attack categories, how cyber and physical layers can be combined, and where current approaches are limited in terms of realism, coverage, and real-time applicability. The remainder of this paper is organized as follows. Section 2 introduces the ICS/CPS architecture, summarizes AI-based anomaly detection concepts, and explains the proposed dataset taxonomy. Section 3 describes the research questions and SLR methodology. Section 4 analyzes selected studies by dataset type, Section 5 discusses insights and limitations, and Section 6 concludes the paper and outlines future research directions.

2. Background

This section provides an overview of ICS/CPS and AI-based anomaly detection.

2.1. ICS and CPS

ICS refers to the collection of systems that monitor and control the physical processes of national critical infrastructures and industrial facilities, including power plants, manufacturing sites, and transportation systems. It typically consists of Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), and Programmable Logic Controllers (PLCs) [1]. In these systems, real-time operation and safety are paramount requirements. Traditionally, ICS operated within isolated Operational Technology (OT) environments. However, growing IT/OT convergence has increased connectivity with external networks, amplifying vulnerabilities to cyberattacks.
Attacks on ICS can cause not only information leakage but also direct physical damage, leading to the need for domain-specific security and detection technologies.
CPS represents a system paradigm where computational (cyber) components and physical elements are tightly integrated through networks and interact in real time [7]. CPS is characterized by a closed-loop feedback control structure in which sensing collects physical data. In this structure, high-performance computation and analytics occur in the cyber domain, and actuators exert control back on the physical environment. ICS can be viewed as an industrial application of CPS. With the integration of artificial intelligence and big-data technologies, CPS has evolved into Industrial Cyber-Physical Systems (ICPS), commonly referred to as smart factories. As these environments become increasingly complex and dynamic, the importance of intelligent monitoring continues to grow. Such monitoring must accurately capture system changes and detect subtle anomalies at early stages.

2.2. Anomaly Detection by AI

This subsection presents the background and major methodologies of anomaly detection based on artificial intelligence (AI) and machine learning (ML) for effectively identifying various types of threats and system failures that occur in ICS/CPS environments.
These methods aim to effectively identify diverse threats and system failures in ICS/CPS data. Anomaly detection is the process of identifying data points or patterns that significantly deviate from normal patterns within a dataset. Anomalies found in ICS/CPS data may indicate not only system malfunctions but also signs of cyberattacks, such as an intruder manipulating control commands.
Traditional rule-based detection methods exhibit clear limitations in detecting unknown zero-day attacks or stealthy attacks that exploit dynamic system characteristics [8]. Accordingly, AI-based approaches that can flexibly learn normal operating patterns from data have attracted significant attention.
AI-based anomaly detection models can be broadly classified into three categories depending on the availability of labeled data [9]. First, supervised learning builds classification models using both normal and anomaly labels. However, due to the sparsity of anomaly data, it is difficult to apply supervised learning in real environments. Second, unsupervised learning determines anomalies by analyzing data density or clustering structures without labels. Third, semi-supervised learning or one-class classification (OCC) trains models using only normal data to define the boundary of normal behavior. It is considered the most suitable approach for ICS/CPS environments, where anomaly data are difficult to obtain. Deep learning models such as Autoencoders learn compressed representations of normal data and then use the reconstruction error as an anomaly score, demonstrating effective performance on complex time-series data [10].
To respond to increasingly intelligent threats in ICS/CPS environments, the adoption of AI-based anomaly detection technologies has become essential. Based on this background, this study analyzes how existing anomaly detection research incorporates the specific requirements of ICPS environments. It also aims to present the technical challenges and future research directions that researchers should focus on.

3. Methods

A systematic literature review is a type of secondary study that formulates clear and straightforward research questions (RQs) and investigates, identifies, selects, and evaluates literature using explicit and repeatable procedures while minimizing bias. In this study, we conducted a literature review on AI-based anomaly detection in ICS/CPS environments in accordance with the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines [11]. The PRISMA checklist [Appendix A] consists of seven sections (title, abstract, introduction, methods, results, discussion, and funding) and 27 items. It specifies the tasks and requirements for each stage of the review process and ensures the overall quality of the work. The review protocol was not registered in any database.

3.1. Research Questions

Before reviewing the literature, we established four RQs to analyze recent research on the review topic from a consistent perspective.
  • RQ1: What security objectives and observation scopes does each data type address across the cyber, physical, policy, and cyber–physical integration layers of ICS/CPS, and how do these collectively form a complementary multilayer defense architecture?
  • RQ2: How are the AI models and learning/preprocessing strategies applied to each data type aligned with the domain characteristics of those data, and what performance advantages do they offer?
  • RQ3: What structural limitations do current evaluation methodologies exhibit in terms of detecting unknown or zero-day attacks, and how do proposed approaches—such as physics-based constraints, adversarial learning, and simulation-based methods—improve these weaknesses?
  • RQ4: When integrating detection results across heterogeneous data types, what design principles should be applied in data collection and modeling to ensure cyber–physical consistency in CPS?

3.2. Eligibility Criteria

This stage defines the eligibility conditions that literature must satisfy to identify recent studies relevant to the above RQs from multiple information sources. The inclusion criteria for studies to be reviewed are as follows:
  • Literature written in English: As English is the predominant language in contemporary medical, scientific, and engineering research, this ensures diversity of the reviewed studies.
  • Literature published in peer-reviewed conferences or journals: This ensures a minimum level of quality for the documents analyzed.
  • The collected literature must present an anomaly detection technique based on a specific type of dataset.
  • The collected literature must address cyber-attack anomaly detection techniques (algorithms) for ICS/CPS environments.
However, even if the above criteria are met, studies falling under the following concerns were excluded from this review:
  • Studies that propose a methodology but provide no objective evaluation of the proposal.
  • Studies that fall outside the scope of this review, such as anomaly detection caused by device faults or physical behaviors rather than cyberattacks.
  • Secondary research (e.g., survey papers) rather than primary research on AI-based anomaly detection techniques for ICS/CPS environments.
  • Studies conducted solely in general IT network environments that do not consider ICS (Industrial Control Systems) or OT (Operational Technology) characteristics.

3.3. Information Sources

This study collected papers published between 1 January 2021 and 31 October 2025 to analyze AI-based anomaly detection techniques using datasets relevant to ICS environments. To ensure reliability, literature searches were conducted through Web of Science provided by Clarivate; Scopus, Elsevier’s database platform; IEEE Xplore Digital Library, which provides access to IEEE journals, conference papers, and educational materials; and the ACM Digital Library, which includes ACM journals, conferences, and technical magazines.

3.4. Search and Study Selection

To select studies for analysis, the search queries used in this review were determined based on our experience and domain expertise. When selecting keywords included in the queries, we chose terms that would retrieve studies with broad applicability rather than being restricted to environments or data types. For example, studies using data generated by proprietary encrypted protocols used exclusively in specific environments were excluded. Based on such considerations, we constructed queries centered around keywords such as AI, anomaly detection, and ICS/CPS. Additionally, these criteria were not limited to the paper search stage but were also applied in subsequent study selection. Table 1 presents the queries used to collect literature from each bibliographic database.
Study selection was conducted through the following procedure:
  • All literature identified in the bibliographic databases using the search queries was exported to the reference management software EndNote 21.
  • Duplicate records retrieved from different bibliographic databases were removed.
  • The identified studies were reviewed based on their titles and abstracts according to the previously defined eligibility criteria.
  • To determine which studies should be included in this review, we repeated Steps 2 and 3 and conducted a full-text evaluation of the literature.
We conducted the above procedure by assigning roles to each author, accompanied by multiple meetings and discussions at each stage. Two authors (Jung Kyu Seo and JuHyeon Lee) independently worked to identify studies that met the inclusion criteria. Another two authors (Wooseong Shim and Buyoung Kim) examined the abstracts and full texts of the identified studies to assess their suitability. Finally, one author (Jung Taek Seo) evaluated the appropriateness of the selected studies using a quality assessment tool.

3.5. Data Collection Process

In this review, we developed a data extraction form and collected data from each study according to this form. In addition, to extract data more flexibly from each study, the Evidence-Based Software Engineering (EBSE) guidelines were used to develop the data extraction form [12]. This form includes various information such as author(s), publication year, journal/conference type, impact factor (IF), journal quartile, dataset type, dataset name, dataset usage purpose, model learning method, anomaly detection algorithm, detected cyberattack type, preprocessing techniques, and experimental results. Throughout the process, to minimize bias in data extraction, two authors extracted data from the studies, and the remaining authors cross-validated it.

3.6. Quality Assessment

To control potential reviewer bias regarding the studies included in this review, cross-validation among the authors was conducted. If bias is introduced during the literature review process, the reliability of the research findings may be compromised, potentially leading to incorrect conclusions. Although systematic literature reviews are intended to provide objective and fair answers to the RQs, inadequate bias reduction may cause specific studies to be over- or underestimated. For this reason, cross-validation among the authors was performed, and this procedure verified whether the following elements were included in each study:
  • Review topic: The study must present a method for detecting anomalies or attacks from data generated within ICS/CPS environments.
  • Contextual information: Sufficient contextual details must be provided to properly interpret the results.
  • Data: The study must provide a detailed explanation of how detection is performed using the data employed in the experiments. This is essential for answering RQ1.
  • Details: The study must accurately describe the proposed detection method and provide explanations of network traffic data, operational data, simulation data, hybrid data, and other data types, supporting answers to RQ2–RQ4.
  • Experimental results: Experimental results play a crucial role in validating the study’s effectiveness.

4. Results of Study Selection

4.1. Search and Study Selection Results

A total of 225 studies related to AI-based anomaly detection for ICS were identified from the bibliographic databases Web of Science, Scopus, and Google Scholar for the period from 1 January 2021 to 31 October 2025. Among them, 54 studies from Web of Science, 42 from Scopus, 96 from IEEE Xplore Digital Library, 30 from the ACM Digital Library, and 3 from Google Scholar (manual search) were selected. Of these, 22 duplicate records and 6 records outside the study period were removed using EndNote 21.
Through title and abstract screening, 40 studies were excluded, and an additional 37 studies were removed during full-text evaluation. In total, 120 studies were considered for quality assessment, and finally 31 studies were further excluded owing to insufficient methodological details, and 89 studies were included in this review through consensus meetings based on eligibility criteria. The detailed screening process is shown in Figure 1.

4.2. Study Characteristics

This subsection describes the characteristics of the studies included in this review based on the information extracted in Section 4.1. Table 2 presents the number of studies included in this review classified by publication year and reference type. The table also illustrates the distribution of the reviewed research by publication year, publisher, and document type. According to the quality assessment results, the number of journal articles included in this review was higher than those of conference articles.
As shown in Table 2, the number of AI-based anomaly detection studies targeting CPS has been steadily increasing, and it is expected to continue growing given the rising importance of research in this domain

4.3. Network Traffic Data Type

Network traffic data refers to communication packets or session information exchanged between devices over a network. These data include statistical and protocol-level features of communication behavior such as IP/TCP/UDP 5-tuples (source and destination IP addresses and ports, protocol, and traffic direction), packet size, inter-arrival time, flow duration, and protocol fields.
In Industrial Control System (ICS) environments, the dominant traffic consists of communications among PLCs, HMIs, RTUs, sensors, and upper-layer control systems, as well as traffic based on industrial protocols such as Modbus, DNP3, OPC UA, and S7Comm. A distinguishing characteristic of ICS network traffic is its periodic and predictable communication patterns.
Due to these characteristics, ICS network traffic is effectively utilized for detecting network-based cyberattacks—such as reconnaissance, hijacking, spoofing, Man-in-the-Middle (MITM), and Denial of Service (DoS)—in environments where high availability, stability, and integrity are essential. Representative datasets such as the Gas Pipeline Dataset and the ICS Power Grid Dataset are ICS-specific datasets that reflect network traffic generated from real industrial control processes. These datasets include various attack scenarios such as MITM, command injection, and DoS, and incorporate industrial protocol structures, command–response interactions, and control-cycle characteristics. As such, they are widely employed in AI-based anomaly detection research.
Unlike general IT network traffic datasets, ICS-specific datasets reflect the operational context of network packets used to control devices within industrial processes. This contextual alignment contributes to enhancing the reliability and applicability of detection models when deployed in real industrial environments.

4.3.1. Statistical and Entropy-Based Anomaly Detection

Statistical and entropy-based anomaly detection using network traffic data relies on modeling the distribution of normal flows based on statistical characteristics and entropy values extracted from packet headers and metadata. Under normal communication conditions, statistical metrics such as packet length, session duration, port-usage ratios, and inter-arrival time (IAT) maintain stable distributions; however, when an attack occurs, these distributions are significantly distorted, and entropy values increase. Thus, anomalies can be identified by detecting entropy fluctuations or statistical deviations that exceed predefined thresholds. Table 3 summarizes statistical- and entropy-based anomaly detection studies.
Using the IoT-23 dataset, Malathi and Begum [13] proposed an ensemble deep-learning-based cyberattack detection framework. Considering the complexity of large-scale IoT network traffic, the study removes outliers through Z-score normalization, applies the Gorilla Troops Optimization (GTO) algorithm for feature selection, and inputs the selected features into an ensemble classifier composed of Random Space (RS), Random Tree (RT), XGBoost, and Graph Convolutional Neural Network (GCNN) to detect attacks.
Using the NF-BoT-IoT dataset, Sangeetha et al. [15] introduced a hybrid network anomaly detection model that integrates LSTM with XGBoost (“Integrating Deep Learning with Ensemble Approach”). The method jointly learns temporal and non-temporal patterns in network traffic by combining LSTM—which captures time-series dependencies in features such as TCP flags, packet counts, ports, and protocols—with XGBoost, which performs final classification using the latent vectors produced by LSTM along with static features.
Using the NSL-KDD and UNSW-NB15 datasets, RajBalaji et al. [17] proposed an anomaly detection system (ADS) based on a Deep Auto-Encoder and a Deep Feed-Forward Neural Network (DAE–DFFNN). The approach performs unsupervised pre-training with a DAE to learn low-dimensional latent representations of normal traffic, followed by supervised fine-tuning with a DFFNN using normal and attack labels. Input data undergo Z-score normalization and numerical encoding of categorical features (e.g., protocol type). By minimizing reconstruction errors, the DAE extracts core features, which are then classified by the DFFNN to identify anomaly TCP/IP flow patterns.
Saghezchi et al. [20] analyzed Industry 4.0 CPPS traffic (semiconductor manufacturing line) combined with DDoSDB public attack signatures. Forty-five bidirectional flow features were extracted from PCAP files using NetMate, preprocessed (removal of constant/identifier-like features, normalization), and projected into a lower-dimensional space using PCA. They compared supervised (OneR, LR, NB, BN, K-NN, DT, RF, SVM), unsupervised (K-Means, EM), and semi-supervised (univariate Gaussian) algorithms. Experimental results indicated that Decision Tree, Random Forest, and K-NN showed the most stable DDoS detection performance in real factory IDS settings, while unsupervised methods exhibited complementary false-positive/false-negative behaviors depending on preprocessing strategies.
Using ICS-CPS testbed data from Zhejiang University, Hao et al. [21] proposed an unsupervised real-time communication traffic anomaly detection method. They designed a DAGMM-based framework that integrates multidimensional characteristics of industrial network traffic—connection behavior, temporal attributes, and statistical features. The model pre-trains an autoencoder on normal samples to generate low-dimensional embeddings and reconstruction errors, which are then fed into a GMM-based density estimator. Samples whose energy function values exceed a threshold are detected as anomalies. The trained model is stored offline in XML format and deployed across a cloud–edge–device architecture, providing real-time detection with a response latency under one minute.
Using SWaT and Gas Pipeline datasets, Atheeq et al. [23] proposed a two-stage ensemble deep-learning framework. First, an autoencoder extracts latent features without applying over- or under-sampling. Next, PCA and a Decision Tree classifier determine whether an attack is present. In the second stage, a DNN-based Attack Attribution Network identifies known and unknown attack types. Robustness and explainability are enhanced using FGSM and Layer-wise Relevance Propagation (LRP), while pruning, knowledge distillation, and quantization ensure real-time responsiveness.
Using the SWaT dataset, Sun et al. [25] introduced a few-shot learning method called Space-Decoupled Prototype Learning (SDPL). The approach learns separate feature and prototype spaces, applying contrastive learning and orthogonality constraints to reduce class overlap and sharpen decision boundaries. Input time-series data are embedded into this space, and anomaly scores (distances from class prototypes) are computed. Samples whose scores exceed a threshold are classified as anomalies, enabling stable detection even under limited labeling and severe class imbalance.
Using the NSL-KDD and UNSW-NB15 datasets, Yang et al. [28] proposed the Stacked One-Class Broad Learning System (ST-OCBLS). Based on the horizontally scalable Broad Learning System (BLS), the model performs fast one-class learning without backpropagation. The OCBLS learns the patterns of normal traffic, and anomalies are detected when the distance Ψ between sample outputs and target labels exceeds a threshold Υ. Subsequently, multiple BLS-based autoencoders (BLS-AE) are stacked to progressively encode and reconstruct high-dimensional nonlinear features of IIoT network traffic.
Using SWaT, BATADAL, and WADI datasets, Kravchik and Shabtai [29] proposed a lightweight anomaly detection method combining 1D-CNN, autoencoder, and PCA. The model learns both temporal-domain and frequency-domain statistical characteristics from sensor and actuator time-series data, using reconstruction error and variance shift as monitoring statistics. During training, feature selection is performed using Kolmogorov–Smirnov (K–S) statistics and dimensions are reduced via PCA to improve efficiency. During detection, anomalies are identified when the mean-squared error (MSE) exceeds a predefined threshold.
Using the Cyber-Security Modbus ICS dataset, Sekaran et al. [32] introduced a machine-learning-based framework for detecting anomaly Modbus/TCP network behavior. The method extracts statistical features from packet-level information (protocol type, data length, TCP flags, etc.) and flow-level information (packet counts per source/destination IP, port distribution, total bytes) and determines deviations from normal communication distributions to identify attacks.
Niu et al. [34] proposed ADESSA, an ensemble semi-supervised active-learning-based method using flow-level and statistical features from NSL-KDD and SWaT datasets. The model employs an ensemble of Random Forest, Gradient Boosted Trees, and Extra Trees, and constructs a balanced training set through a balanced sampling strategy that combines margin sampling and democratic co-learning. By iteratively incorporating a small number of manually labeled high-confidence samples with automatically labeled samples, the method achieves stable attack/normal classification under limited labeling budgets and class imbalance in CPS networks.
From the studies summarized in Table 3 and discussed above, several observations can be made regarding statistical and entropy-based anomaly detection on network traffic. First, this data type is particularly well suited to communication-centric attacks such as DoS/DDoS, flooding, port scanning, probing, botnet and C&C traffic, and generic malware delivery, where attacks manifest as significant shifts in flow counts, packet rates, port-usage distributions, and related statistical properties [13,15,17,20,21,25,28,32,34]. In these scenarios, coarse-grained traffic statistics and entropy measures are sufficient to expose abnormal behavior without requiring deep protocol parsing [13,21,28,32]. By contrast, more process-aware attacks such as stealthy false data injection or setpoint manipulation often leave network volumes and simple statistics largely unchanged, which limits the effectiveness of purely statistical network-based approaches for such scenarios [23,29].
Second, the results highlight a clear trade-off between practicality and visibility when relying on statistical network features. These features can be extracted non-invasively from SPAN/TAP ports and scale naturally to large ICS/CPS deployments, providing a low-cost first line of defense [20,21,32]. However, they offer limited insight into physical process context, cross-layer attack chains, and slow drifts that primarily manifest in process variables. Several works attempt to bridge this gap by combining network statistics with temporal models or with process-oriented datasets such as SWaT, WADI, BATADAL, and Gas Pipeline [23,25,29,34], but a full characterization of process-level anomalies still requires complementary process or hybrid data, which are analyzed in later subsections.
Third, in terms of model behavior, the comparison across studies indicates that classical machine-learning classifiers often perform competitively on high-dimensional statistical feature spaces derived from NSL-KDD, UNSW-NB15, NF-BoT-IoT, IoT-23, and similar benchmarks [17,20,23,28,32,34]. Deep architectures such as DAE, DAGMM, GCNN, and LSTM-based hybrids are mainly beneficial when modeling nonlinear feature interactions or temporal dependencies [13,15,17,21,23,29], but they can be sensitive to preprocessing choices and class imbalance, sometimes exhibiting complementary false-positive/false-negative patterns compared with simpler models [20,21,28]. This suggests that, for purely statistical network features, more complex models do not universally dominate simpler baselines and must be carefully calibrated to the characteristics of the data.
Fourth, the surveyed work reveals a strong concentration on a small set of public datasets. NSL-KDD, UNSW-NB15, NF-BoT-IoT, IoT-23, CIC-IDS2017, and TON_IoT are repeatedly used to evaluate statistical and entropy-based techniques [13,15,17,21,25,28,32,34], while only a few studies rely on ICS-specific traces such as factory PCAPs, dedicated ICS-CPS testbeds, or Modbus-focused datasets [20,21,23,32]. This over-reliance on a limited subset of benchmarks raises concerns about overfitting traffic patterns, protocol mixes, and attack scripts, and limits the generalizability of reported performance to heterogeneous ICS/CPS environments.
Finally, the detection performance observed across different learning paradigms indicates systematic tendencies rather than a single dominant approach. Supervised statistical classifiers tend to achieve high accuracy when ample labeled attack data are available [13,15,17,20,23,25,32,34], whereas unsupervised and semi-supervised methods offer better robustness to previously unseen or zero-day attacks at the expense of slightly lower nominal accuracy [17,20,21,25,28,34]. Hybrid designs that combine unsupervised feature learning with supervised classification or active learning frequently achieve a favorable balance between detection rate, label efficiency, and robustness [17,23,25,29,34]. Overall, network-traffic-based statistical and entropy-oriented methods provide an effective and practical baseline for detecting volumetric and protocol-level attacks, but their limitations for process-aware and stealthy ICS-specific threats motivate the complementary use of process and hybrid data modalities.

4.3.2. Time-Series Dependency-Based Anomaly Detection

Time-series dependency-based anomaly detection using network traffic data treats packet or flow sequences as temporal processes, learning time-domain structures such as inter-arrival time (IAT), flow arrival rate, session duration, and periodicity of traffic volume. These approaches take real-time traffic sequences as input and either predict the next-time-step traffic level or pattern or model the normal temporal dependency within a fixed-length window. An anomaly score is then computed as the deviation between the observed sequence and the model’s learned normal temporal pattern. Table 4 summarizes time-series dependency–based anomaly detection studies.
In stable ICS communication environments, IAT distributions and flow-generation patterns maintain bound periodicity and variability. However, attacks such as DoS/DDoS, replay, and scanning disrupt temporal dependencies by inducing burst traffic, anomaly silent intervals, and collapse of periodicity. Consequently, detecting temporal-dependency deviations that exceed a predefined threshold enables the identification of various network anomalies, including low-rate and long-duration attacks.
Using the IoT-23 and LITNET-2020 network traffic datasets, Gonaygunta et al. [35] proposed a flexible deep-learning-based anomaly detection model employing a stacked ensemble architecture. A Deep Sparse Autoencoder (DSAE) denoises and extracts low-dimensional representations from high-dimensional NetFlow features. Then, a DNN and an LSTM serve as first-stage base classifiers, capturing both static nonlinear patterns and temporal dependencies in flow sequences. Their predictions are fused by a logistic regression meta-classifier to determine the final “normal/anomalous” label.
Using the CIC-IDS2017 and UNSW-NB15 datasets, Pathak et al. [38] proposed a CGAN-based unsupervised anomaly detection model deployable within Fog architectures to satisfy latency constraints of CPS environments. The method models multivariate time-series collected from sensors and actuators using LSTM-RNN-based generator–discriminator pairs, learning the temporal dependency of normal traffic. A BiGAN-style encoder maps observed sequences directly into the latent space, and anomalies are detected by computing reconstruction loss between the input and the generator-reconstructed sequence.
Using packet traffic captured from the TCMS of Alstom railway vehicles via Wireshark, Xu et al. [39] introduced KDDT, a digital-twin-based time-series anomaly detection framework using knowledge distillation. TCMS packet sequences, including normal and anomaly intervals—are first temporally aligned. A language model (LM) pre-trained on large-scale out-of-domain network traffic and a variational autoencoder (VAE) embed inner-packet contextual features. These embeddings are combined with an LSTM-based digital twin model (DTM) to predict subsequent packets, thereby learning inter-packet chronological dependencies. A Digital Twin Capability (DTC) classifier receiving the current packet and DTM hidden state determines packet-loss anomalies.
Using the CICDDoS2019 dataset, Min et al. [40] proposed Cu-BLSTMGRU, a hybrid time-series anomaly detection framework deployable on the SDN control plane. Flow-based traffic is fed sequentially into a BLSTM layer that captures bidirectional context and a GRU layer that maintains long-term dependencies. This jointly models temporal patterns and inter-flow correlations of diverse DDoS and port-scan attacks in IIoT/CPS environments. Preprocessing includes label encoding and min–max normalization, followed by Adam optimization and ReLU/Softmax activation to perform multi-class attack classification.
Using the TOW-IDS automotive Ethernet intrusion dataset, Jeong et al. [42] proposed AERO, an unsupervised anomaly detection framework for in-vehicle Automotive Ethernet traffic that simultaneously captures protocol order, payload, and timing intervals. AVTP, gPTP, and CAN/UDP packet streams are windowed and transformed into protocol transition matrices, payload-byte matrices, and inter-packet timing statistics. Normal traffic dependencies are learned using an autoencoder and Point Mapper, embedding each window near a reference point. Anomaly scores are computed based on distance from this reference. With thresholding derived solely from normal segments, AERO successfully detected AVTP frame injection, PTP desynchronization, and CAN DoS/Replay attacks—capturing subtle distortions in protocol, content, and timing patterns—while enabling near–real-time operation on embedded Jetson-class devices.
Using network traffic collected from a large ICS-CPS testbed consisting of power systems, gas pipelines, and urban rail systems, Hao et al. [44] proposed a hybrid time-series anomaly detection approach combining a SARIMA-based online dynamic threshold model with an LSTM-based background traffic model. The method models autocorrelation, periodicity, and self-similarity of ICS traffic as time-series, then dynamically tracks deviations between predicted and observed traffic within sliding windows. Grubbs’ test quantifies anomaly duration and severity. This hybrid approach achieves higher accuracy and lower miss rates than single-model statistical or pure LSTM-based methods, while retaining lower computational cost.
For industrial IoT botnet traffic, Shu and Lu [45] used 10 attack scenarios from the N-BaIoT dataset (Mirai and Gafgyt families) and proposed a two-stage detection approach. In the first stage, a hybrid spatiotemporal network combining 1D-CNN and Bi-GRU discriminates normal, Gafgyt, and Mirai traffic. In the second stage, F-test-based feature selection identifies key botnet family features, and an XGBoost classifier refines attack-type classification. The proposed method achieved over 99% accuracy and F1-score on Provision PT-737E security-camera traffic and accurately distinguished attack subtypes (e.g., Gafgyt TCP/UDP flooding) that prior one-stage models struggled to classify, demonstrating that staged detection with feature selection meaningfully enhances attack-type discrimination in IIoT botnet traffic.
From the time-series-based studies summarized in Table 4 and discussed above, several observations can be made regarding the role of temporal dependencies in network-traffic-based anomaly detection. First, this data type is particularly effective for attacks that explicitly disturb temporal patterns of communication, such as DoS/DDoS, flooding, scanning/probing, and botnet-driven bursts, where anomalies manifest as abrupt changes in flow-arrival rates, inter-arrival times, and session durations [35,38,40,44,45]. By explicitly modeling packet or flow sequences as time series, the proposed models can detect not only high-rate attacks but also low-rate or long-duration anomalies that gradually distort periodic traffic patterns in CPS/IIoT environments [38,40,44].
Second, these results highlight the trade-off between purely statistical network features and richer time-series models. While statistical and entropy-based approaches treat each flow or aggregate independently, time-series dependency-based methods incorporate sequential context—such as burstiness, periodicity, and long-range dependencies—via LSTM, BLSTM, GRU, SARIMA, or hybrid architectures [33,38,39,40,44,45]. This allows them to capture more subtle deviations in normal traffic dynamics, at the cost of higher model complexity, stricter requirements on ordering and timestamp quality, and increased sensitivity to concept drift in evolving ICS/CPS networks [38,40,44]. In practice, time-series models are best viewed as a complement to static statistical detectors, particularly in environments where communication schedules and traffic cycles are tightly coupled to control processes.
Third, in terms of model behavior and failure modes, the surveyed work shows that deep sequence models (LSTM, BLSTM-GRU, CNN + Bi-GRU) and generative architectures (FID-GAN, VAE-based digital twins) are able to exploit complex temporal patterns and achieve strong detection or classification performance on benchmark datasets [35,38,39,40,42,44,45]. However, these models can be sensitive to noisy or irregular traffic, missing packets, and inaccurate labels, which may lead to degraded performance when real-world traffic deviates from the structured patterns seen during training [35,36,41]. Moreover, when temporal dynamics are weak or dominated by highly variable human or background traffic, the additional complexity of deep sequence models may not yield commensurate gains over simpler baselines.
Fourth, the dataset distribution again reveals a concentration on a limited set of benchmarks. CIC-IDS2017, UNSW-NB15, IoT-23, LITNET-2020, NetML-2020, CIC-DDoS2019, and N-BaIoT are widely used to evaluate time-series dependency-based techniques, especially for botnet, DDoS, and generic network intrusions [35,38,40,43]. Only a subset of studies leverage ICS/CPS-specific traces such as Alstom TCMS traffic, multi-domain ICS-CPS testbeds (power, gas, rail), or automotive TOW-IDS data [39,42,44]. While these latter datasets are closer to actual industrial settings, they are fewer in number and often proprietary or custom-built, which limits systematic cross-comparison and raises concerns about overfitting to particular topologies, protocols, or attack scripts.
Finally, with respect to detection paradigms, supervised sequence classifiers and hybrid ensemble models dominate the literature and typically report very high accuracy and F1-scores when sufficient labeled attack data are available [35,39,40,45]. Unsupervised and generative approaches such as FID-GAN and autoencoder-based frameworks target zero-day or previously unseen attacks by learning normal temporal patterns and flagging deviations via reconstruction- or residual-based scores [38,42,44]. This yields greater robustness to unknown attack types but can also introduce higher false-positive rates if normal traffic patterns evolve or if training data do not cover all operational modes. Overall, network-traffic-based time-series dependency methods provide a powerful mechanism for capturing dynamic communication behavior in ICS/CPS, especially for DDoS, botnet, and protocol-abuse attacks, but they benefit from being combined with statistical, protocol-aware, or process-level information to fully cover stealthy and process-centric threats.

4.3.3. Protocol Feature-Based Detection

Protocol feature-based anomaly detection explicitly models functional codes, addressing schemes, message sequences, request–response relationships, and state-transition rules of industrial protocols such as Modbus, DNP3, S7, and IEC-104. This approach evaluates how much observed traffic deviates from these normative behavioral rules to identify protocol misuse patterns—such as field-value violations, anomaly command combinations, or session-state inconsistencies—and thereby locates the origin and root cause of cyberattack–induced anomalies. Table 5 summarizes protocol feature–based anomaly detection studies.
Using Ethernet-based CPIS network traffic, Kim et al. [47] proposed a multi-layer anomaly detection method that infers packet format and field semantics without prior protocol knowledge. MAC/IP/port and length information are used to construct external signature groups. Multiple sequence alignment (MSA) and field-distribution analysis automatically decompose headers and payloads into constant, categorical, and numerical fields. Based on the inferred structure and semantics, rules are generated for external information, fixed fields, traffic patterns, and payload values. These rules enable multi-stage detection of various attacks, including response/command injections, DoS, and reconnaissance.
Varol and İskefiyeli [49] constructed a hybrid dataset of Modbus/TCP-based ICS network traffic by combining a public Modbus attack dataset with normal traffic captured from the real CENTER SAU water system (240,000 packets, eight packet/protocol-level features). They evaluated DT, RF, SVM, KNN, NB, XGBoost, DNN, and ensemble models for binary classification of normal vs. attack packets. Results demonstrated that even a small number of meaningful features, together with Modbus fields extracted via Wireshark post-dissectors, enable highly accurate detection of Modbus cyberattacks.
Protocol feature-based anomaly detection studies provide several important observations about how semantic information in industrial protocols can be leveraged for cyber-attack detection. First, protocol-aware methods are particularly suitable for detecting attacks that directly exploit industrial protocol semantics such as command and response injection, replay, spoofing, and MITM because they evaluate deviations in function codes, addressing schemes, request–response matching, and state-transition rules rather than only in coarse traffic statistics [47,49]. This allows them to precisely pinpoint misuse patterns and to distinguish benign high-load conditions from truly malicious control operations.
Second, protocol feature-based detection reveals a clear trade-off between semantic visibility and deployment cost. On the one hand, inferring or parsing protocol fields or explicitly extracting Modbus/TCP features provides fine-grained insight into ICS-specific communication behavior and supports root-cause analysis at the command level. On the other hand, this requires high-quality packet captures, accurate dissection of proprietary or undocumented protocols, and maintenance effort when protocol variants or vendor-specific extensions are introduced. Compared with purely statistical or time-series models, protocol-aware detectors are thus more tightly coupled to protocol stacks and deployments.
Third, the current work also highlights that even relatively simple ML/DL classifiers can benefit from carefully engineered protocol features. Varol and İskefiyeli [49] show that a small set of packet/protocol-level Modbus features already enables high-accuracy binary classification of normal vs. attack traffic using conventional models (DT, RF, SVM, KNN, XGBoost, DNN, and ensembles), while Kim et al. [47] demonstrate that unsupervised field-semantic inference combined with rule-based multilevel detection can capture a broad range of protocol-abuse scenarios without prior protocol specifications. Overall, protocol feature-based detection complements statistical and time-series methods by providing semantics-aware visibility into industrial communications, and is especially valuable in ICS/CPS environments where attack detection and forensic analysis must be performed at the level of specific control commands and protocol flows.

4.3.4. Payload Feature-Based Detection

Payload byte/sequence-based anomaly detection treats packet payloads as sequences of bytes and semantic tokens rather than relying on header information. The model learns command and data patterns that appear in normal communication by embedding real-time payload sequences—such as control commands, sensor values, and configuration parameters—and captures the distribution of command sequences, field values, and contextual dependencies among fields under normal operation. Anomaly decisions are made by computing “content-based residuals,” such as reconstruction error or the probability of anomaly token occurrences, based on the deviation between the observed payload sequence and the learned normal pattern.
In normal industrial processes, function codes, addresses, and data fields appear in consistent combinations and value ranges. However, command injection, response manipulation, or stealthy payload tampering introduces previously unseen sequences, unreasonable field combinations, or statistically rare values, resulting in a significant increase in residuals. Thus, payload anomalies exceeding a predefined threshold can be detected as anomaly behavior. Table 6 summarizes payload feature–based anomaly detection studies.
Using the Cyber–Physical Attack Dataset (CPAD), Yang et al. [50] proposed an unsupervised payload-sequence anomaly detection approach. TCP/UDP packets are first filtered, and payloads are transformed into ASCII strings. An unsupervised LSTM-based word segmentation model is applied to divide payloads into semantically meaningful token sequences, mitigating distortions introduced by statistical segmentation. These segmented payloads are then processed using BECN, an autoencoder combining BERT with a 1D-CNN module, which jointly learns local short-term dependencies and global long-term dependencies. Anomaly detection is performed by setting confidence intervals on reconstruction error distributions derived from normal traffic and flagging packets that exceed the threshold.
Overall, Payload feature-based anomaly detection remains relatively underexplored compared with statistical, time-series, and protocol-structured approaches in the ICS/CPS literature [50]. Existing work shows that treating industrial payloads as byte- or token-level sequences enables detectors to capture semantically rich command patterns and field-value dependencies that cannot be inferred from headers alone This makes it possible to flag stealthy manipulation of command and response messages even when traffic volume and protocol header fields appear normal. In practice, payload-level detection further assumes reliable visibility of application-layer messages, which often requires IP defragmentation, TCP stream reassembly, and protocol-aware deep packet inspection (DPI) to reconstruct complete request–response payloads from segmented packets. Without such reassembly and parsing, extracted payload sequences can be incomplete or misaligned, degrading tokenization and reconstruction-based anomaly scoring. At the same time, these content-based models require access to full payloads—which may be encrypted or obfuscated in some deployments—and tend to be sensitive to benign changes in command formats, firmware versions, or application updates, especially when they are trained on a single custom dataset [50]. Consequently, payload feature-based detection is best viewed as a complementary mechanism that strengthens the network-layer view of ICS/CPS traffic by focusing on semantic content, and it motivates further research on scalable, protocol-agnostic payload modeling that can operate robustly across heterogeneous systems and software update cycles.

4.3.5. Graph-Structured Feature-Based Detection

Graph-structured anomaly detection represents communication relationships—such as hosts, flows, and services—as nodes and edges and identifies anomalies by learning normal connectivity patterns and cluster structures. By leveraging static/dynamic adjacency matrices, centrality/path metrics, and subgraph patterns, the goal is to detect rarely observed communication paths, lateral movement after privilege escalation, and anomaly path expansion characteristic of multi-stage intrusions. Table 7 summarizes graph-structured feature–based anomaly detection studies.
Using CICDDoS2019 and Edge-IIoTset datasets, Cao et al. [51] proposed FedDynST, a graph-based spatiotemporal deep-learning model for DDoS detection in cloud–edge collaborative ICS environments. The method jointly learns a static graph constructed from long-term traffic statistics and a dynamic graph estimated within short windows using APPNP GCN, extracting non-Euclidean correlations among traffic features. A 1D-CNN further encodes temporal patterns, enabling final DDoS classification.
Using the CIC Modbus 2023 dataset, Balaba et al. [54] proposed an unsupervised graph-based anomaly detection method that combines a host–connection heterogeneous graph with a GNN autoencoder. Zeek-derived conn.log files are segmented into 5 min blocks, and flows are grouped by Modbus address, operation type, register count, and request status to form flow nodes. Sender and receiver devices are added as host nodes, constructing a heterogeneous graph with “host → flow → host” directionality. The GNN autoencoder learns embeddings reflecting node/edge types and reconstructs node attributes, modeling normal graph structure and node characteristics. Training uses normal data only, and graphs exceeding the threshold are flagged as anomalies.
Using Gas Pipeline and SWaT SCADA network traffic, Jagtap et al. [55] introduced BLOSOM, a multi-stage IDS combining Bloom filters and hypergraph-based parallel Kohonen maps. First, Bloom filters store signatures of normal packet payloads to efficiently filter first-stage anomalies. Traffic that passes this stage undergoes noise/irrelevant-feature removal via enhanced PCA (ePCA), followed by clustering in a parallel Kohonen map (p-Kohonen) using neighbors selected through hypergraph vertex partitioning. The final BLOSOM model incorporates label supervision and class-imbalance corrections to detect NMRI/CMRI attacks, command/response injections, reconnaissance, and others.
Sayin et al. [56] proposed the concept of a Critical System Classifier (CSC) for deploying machine-learning classifiers in safety-critical cyber–physical systems such as autonomous vehicles, medical devices, and ICS. Rather than “maximizing accuracy,” CSC explicitly rejects uncertain predictions and triggers system-level mitigation strategies. The authors argue that existing IDS research assumes IID data and closed-world conditions, relying solely on confusion-matrix metrics (Accuracy, F1-score) that fail to capture risks from unknown inputs, OOD data, and zero-day attacks. The CSC architecture includes pre-detection unknown identification, post-detection probability calibration, cost-sensitive thresholding, and uncertainty-based rejection. Experiments show that tree-based ensembles outperform statistical models, and combining calibration with rejection yields an effective balance between accuracy, acceptable rejection rates, and reduced risk cost.
For PMU network traffic in cyber–physical power systems, Nie et al. [59] proposed an incremental learning-based intrusion detection approach that models multidimensional correlations among packet-header fields and updates the model as new attack types emerge. Using fields from the data-link, network, and transport layers, the method captures complex correlation structures distinguishing normal traffic from DoS, brute-force login, and infiltration attacks. Newly observed attack samples (CVE-based) are incrementally incorporated, maintaining and improving detection performance without retraining the entire model from scratch.
Taken together, graph-structured and relation-aware anomaly detection approaches provide several important insights into how structural information in network traffic can be exploited for ICS/CPS security. First, by representing hosts, flows, services, and even events as nodes and edges, these methods are particularly suitable for detecting DDoS, reconnaissance, injection, and other multi-stage intrusions that manifest as abnormal communication patterns, rare paths, or sudden expansions in connectivity rather than only local feature changes [51,54,55]. Graph-based models such as APPNP GCNs, heterogeneous GNN autoencoders, and hypergraph Kohonen maps can capture non-Euclidean correlations and higher-order neighborhood structures that are difficult to express with flat feature vectors [51,54,55].
Second, the surveyed work highlights a trade-off between structural expressiveness and deployment complexity. Constructing and maintaining communication graphs from live ICS/CPS traffic requires careful aggregation of flow logs, selection of node/edge types, and windowing, which introduce additional design choices and computational overhead at scale [51,54,55]. At the same time, when properly engineered, graph-based detectors can be distributed across cloud–edge architectures or parallelized to support near–real-time operation in large industrial networks [51,55,59].
Third, the surveyed studies underline that robustness under unknown or evolving operating conditions is a central requirement for deploying graph-based IDS in real ICS/CPS environments. In practice, communication graphs and attack patterns can shift due to topology changes, software updates, and previously unseen behaviors; therefore, detectors must avoid overconfident decisions on unfamiliar inputs and remain effective under distribution shift. For example, BLOSOM and related ensemble designs improve robustness in SCADA networks by explicitly addressing class imbalance and heterogeneous attack patterns [55]. Similarly, the Critical System Classifier (CSC) framework highlights that uncertainty-aware calibration and rejection (abstention) are essential in safety-critical CPS, where confidently misclassifying unknown or out-of-distribution traffic can be more harmful than refusing to decide [56]. Finally, incremental and federated learning strategies help graph-based detectors adapt to non-stationary traffic and emerging CVE-driven attacks without full retraining, as demonstrated in cloud–edge DDoS detection and PMU traffic monitoring [51,59]. Overall, graph-structured feature-based detection complements statistical, temporal, and protocol-level methods by focusing on relational communication structure and is particularly promising for capturing lateral movement, coordinated attacks, and complex intrusion patterns in ICS/CPS environments.

4.3.6. Operational Integration Characteristics

Research has also been conducted on operational integration-based detection, where anomaly detectors are coupled with enforcement and orchestration mechanisms so that model outputs are automatically translated into machine-enforceable policies, such as SDN controller rules, MUD-based whitelists, and firewall/ACL configurations. The key idea is not a new feature type, but a closed-loop “detection–policy translation–control” workflow that enables immediate actions—blocking, rerouting, or rate-limiting—against malicious flows at the network layer, thereby moving beyond standalone alerting toward real-time operational defense in ICS/IIoT networks. Table 8 summarizes operational integration–based detection studies.
Using SWaT and CICDDoS2019 network traffic, Zahid et al. [60] proposed an agentless security framework that sniffs IoT/IIoT traffic at the gateway and links machine-learning-based anomaly detection results with Wazuh SIEM policies. In the proposed approach, the gateway first uses ML classifiers such as Decision Tree (DT), Random Forest (RF), and K-Nearest Neighbors (KNN) to perform initial classification of intrusion, DDoS, and MITM attacks. The prediction results are then converted into JSON logs together with packet metadata and forwarded to the SIEM server via a Wazuh agent. On the Wazuh server, decoders and dynamic rules based on industrial protocol fields (e.g., CIP, Modbus, DNP3) are used to generate alerts that combine ML predictions with protocol function codes.
Using multiple network traffic datasets such as CICIDS2017 and Bot-IoT, Krishnan et al. [61] proposed a MUD-based behavioral profiling security framework that learns device behavior profiles and automatically translates them into SDN OpenFlow rules. The proposed system collects flow statistics and per-device telemetry at the edge gateway, detects anomalous behavior using clustering-based methods, and then classifies attack types using a hybrid deep-learning-based IDS deployed at the controller. The detection results are mapped to MUD policies and installed dynamically as ACL and flow rules, enabling operationally integrated defenses that block or reroute malicious flows. Moreover, the framework employs a network digital twin to simulate the impact of MUD rules and SDN actions in advance, mitigating policy conflicts, and successfully detects various attack scenarios, including Mirai botnets.
Using SD-CPS data, Cai et al. [64] proposed ADAM, an SDN-based adaptive mitigation method that combines information entropy with unsupervised learning to handle both known and unknown DDoS attacks. The method learns feature-wise entropy vectors from MAWI normal traffic and uses KNN-based anomaly detection to identify congestion periods. During attack intervals, features such as source/destination IPs and ports exhibiting anomaly low entropy are automatically extracted as “suspicious features,” and OpenFlow pipeline filter rules are installed on switches to selectively drop only attack flows, realizing an operationally integrated mitigation mechanism.
Using a gas pipeline ICS dataset, Kus et al. [66] argued that conventional evaluation practices based on random train/test splits tend to overestimate generalization performance because the same attack types are repeatedly included in both training and test sets. They proposed two experimental scenarios that intentionally exclude specific attacks or attack families from training, or train on only a single attack type, to measure “detection performance against unseen attacks” separately. Applying RF, SVM, and BLSTM-based IDS models to the Gas Pipeline dataset, they showed that although high F1 scores are achieved for attacks seen during training, recall for unseen attacks in some attack families deteriorates to as low as 3.2–14.7%. This empirically demonstrates that many ML-based IDS solutions behave more like implicit signature-based detectors that memorize trained attack patterns, rather than robust models of normal behavior, and thus exhibit limited generalization capability to unknown attacks.
Overall, these studies show how network-traffic-based anomaly detection can be operationally integrated into ICS/IIoT defense mechanisms, moving beyond standalone alerting toward closed-loop detection–policy–control cycles. By coupling IDS outputs with SIEM correlation rules, MUD-derived whitelists, SDN/OpenFlow policies, and switch-level filtering, the surveyed frameworks enable automated blocking, rerouting, and rate-limiting of malicious flows at the network layer [60,61,62,63,64]. This integration is particularly attractive in IoT/IIoT and SDN-enabled CPS environments, where gateways and controllers can dynamically enforce behavior-based policies derived from learned device profiles and traffic patterns [60,61,62,64].
At the same time, Kus et al. [66] highlight a critical limitation of many current ML-based IDS solutions: when evaluated under realistic “unseen attack” scenarios, models trained on specific attack types often exhibit sharply degraded recall for new or excluded attacks, behaving more like implicit signature-based detectors than robust models of normal behavior. This finding suggests that, even when detection is tightly integrated with SDN, MUD, or SIEM-based response mechanisms, the overall defense remains vulnerable if the underlying anomaly detector does not generalize well beyond its training distribution. Consequently, operationally integrated network-based defenses in ICS/CPS should be designed with explicit support for unknown and evolving attacks rather than relying solely on high performance under conventional random train/test splits.

4.4. Process Data Type

Process data refers to data generated from the physical processes of an Industrial Control System (ICS). These data record, in real time, variations in process variables such as flow rate, pressure, tank level, temperature, valve open/close states, and pump operation status, thereby reflecting the dynamic state of the control loop. Process data are widely used in AI-based anomaly detection studies, where anomalies are detected by predicting or reconstructing normal process states. Time-series learning models such as LSTM, GRU, CNN-AE, and Transformer are employed to identify anomaly variable fluctuations and process instability resulting from cyberattacks.
Representative datasets such as SWaT (Secure Water Treatment), WADI (Water Distribution), and HAI (HIL-based Augmented ICS) contain sensor and actuator variable values collected from real industrial processes. These datasets include various attack scenarios such as valve manipulation errors, pump control anomalies, sensor value spoofing, and physical faults, and are widely utilized in process-data-driven AI anomaly detection research. Unlike network-level data, process datasets are advantageous for detecting physical process disturbances and equipment malfunction that are difficult to identify at the packet level. As such, process data serves as a key data type for ensuring stable operation and safety in real industrial control environments.

4.4.1. Prediction-Residual-Based Anomaly Detection Study

Prediction-residual-based anomaly detection using process data is based on learning a prediction model that learns the normal operating behavior of the system. In this approach, real-time process data—such as sensor readings and process variables—are used as input to predict the next state of the system. The difference between the actual observation and the model prediction, i.e., the prediction residual, is then computed. Under normal operating conditions, this residual remains within a bounded range; however, when a system fault or cyberattack occurs, the actual values deviate from the predicted range, and the residual increases sharply. Therefore, anomalies can be identified by detecting prediction residuals that exceed a predefined threshold. In other words, prediction-residual-based methods quantify anomalies using the prediction residual, defined as the deviation between the observed measurements and the model’s predicted values, whereas reconstruction-error-based approaches rely on reconstruction error and sensor-correlation-based approaches detect abnormal changes in inter-variable correlations/dependencies among process variables. Table 9 summarizes prediction-residual–based anomaly detection studies.
Using the SWaT and WADI datasets, Tang et al. [67] proposed an anomaly detection method based on Distributed Linear Deep Learning (DL-AD). This technique builds a prediction model that learns linear correlations among time-series variables and monitors the prediction residuals, defined as the difference between actual data and model predictions. Through distributed processing, the method can detect anomaly sequential changes quickly and accurately even in large-scale ICS environments.
Based on the SWaT dataset, Xia et al. [68] proposed a stacking ensemble learning model. This study extracts statistical features from process data and then uses a stacking approach in which the predictions of multiple base classifiers—such as Random Forest and XGBoost—are combined by a meta-classifier (logistic regression) to directly classify each instance as “normal” or “anomaly.”
Using the SWaT and WADI datasets, Li et al. [69] applied a Temporal Graph Convolutional Network (T-GCN) to model complex spatiotemporal correlations among sensors within ICS. The model jointly learns the spatial structure of the system (graph) and temporal dynamics (GRU) to predict the next-step sensor values and then detects False Data Injection (FDI) attacks by monitoring whether the prediction residuals between observed values and T-GCN predictions exceed a predefined threshold.
Using log data from an in-house avionics testbed and a consumer robot testbed, Hong et al. [70] proposed a nonparametric Bayesian framework based on a Sticky Hierarchical Dirichlet Process Hidden Markov Model (Sticky HDP-HMM) for time-series analysis of multimodal CPS. The model automatically learns multiple normal operating modes of the system and computes an anomaly score as the probability that the observed data deviates from these learned modes. This anomaly score functions as a form of probabilistic residual, and attacks are detected by comparing it against a threshold.
Using PLC–sensor logs collected from a self-built temperature control ICS testbed, Xu et al. [72] designed a hybrid prediction-mechanism model called PLC-MDT that leverages a Digital Twin (DT). The method combines an LSTM-based prediction model trained on SCADA historical data with a mechanism model derived from physical laws and PID control logic to jointly predict the next-step sensor values and control signals. The difference between the values generated by the digital twin and those collected from the actual PLC (sensors and control signals) is computed as the root means square error (RMSE). A sliding-window-based dynamic threshold and a weighted error aggregation scheme are then used to monitor whether this error exceeds a threshold. The authors demonstrated that this approach could detect not only typical code modification attacks but also coordinated stealthy attacks that forge SCADA history logs, achieving high detection rates and low false positive rates in real time.
For offshore wind farm data, Badihi et al. [73] proposed a prediction-residual-based cyberattack diagnosis and mitigation method that simultaneously monitors grid frequency and active power reference signals observed by the Wind Farm Network Operator (WFNO). A Takagi–Sugeno (TS) fuzzy model is used to predict, in real time, the normal evolution of frequency and active power. The differences between the SCADA-measured values and the model predictions, i.e., prediction residuals, are computed and monitored in two separate channels. Under normal operation, both residuals remain small; however, under ramp attacks on frequency measurements or ramp/scaling attacks on the required active power commands sent by the WFNO, only the residual corresponding to the attacked signal increases selectively. The method thus detects anomalies by analyzing which residual channel exceeds its threshold and uses the residuals to automatically adjust the active power control input, thereby detecting and mitigating cyberattacks early—before the grid frequency significantly deviates from its allowable range.
Using process-variable time-series data obtained from the SWaT process and from ICS/SCADA simulations, Kabasele Ndonda and Sadre [75] proposed T-IDS, a time-based intrusion detection system that uses transition time—the time it takes for sensor values to move between threshold regions—and mean update step as features. The method models the density distribution of transition vectors under normal operation using Local Outlier Factor (LOF) and classifies deviations from this distribution observed in live data as anomalies. In this way, it detects not only conventional attacks but also stealthy attacks that gradually delay or freeze processes without explicitly violating invariants.
From the perspective of time-series anomaly detection using process data, Song et al. [76] proposed TSMixAD, a framework that integrates time–frequency domain data augmentation for sensor time-series collected from SWaT and WADI processes. First, original sensor time-series are segmented into fixed-length windows. In the time domain, Dirichlet-distribution-based Mixup is applied to create weighted mixtures of normal sequences, while in the frequency domain, frequency masking, noise injection, and frequency shifting are used to alleviate the scarcity of anomalous samples and class imbalance. A TCN–Transformer hybrid encoder is then employed: a Temporal Convolutional Network (TCN) extracts local temporal dependencies, while a Transformer captures global time-series patterns. Finally, the model predicts the probability distribution over normal and anomalous classes.
From the studies summarized in Table 9, several observations can be made regarding prediction-residual–oriented anomaly detection on process data. First, process data are particularly suitable for attacks that perturb the physical process state while keeping network-level statistics relatively unchanged—such as false data injection, malicious command or parameter manipulation, process-oriented attacks, and stealthy drifts in sensor trajectories [67,69,70,71,72,73,75,76]. In many of these works, a model predicts the next-step sensor or control-signal values and computes prediction residuals, or derives an anomaly score that functions as a probabilistic or density-based residual, so that small but systematic deviations in process dynamics can be detected even when they are not visible at the network layer [67,69,70,72,73,75]. This includes stealthy sensor spoofing, script/parameter injection, and gradual ramp attacks on physical quantities [67,69,73,75], while other approaches directly learn decision boundaries on process time-series but still rely on temporal dependencies in process variables [68,76].
Second, the surveyed work reveals a spectrum in how the normal process dynamics are modeled from multivariate process time-series. On one end, purely data-driven predictors learn temporal (and sometimes spatiotemporal) dependencies directly from datasets such as SWaT and WADI and use the resulting forecasting residuals (or residual-like scores) as detection statistics [67,68,69,70,75,76]. On the other end, hybrid designs augment data-driven predictors with mechanism models, physical laws, or control-theoretic structures, so that residuals can be interpreted relative to physical constraints and control objectives [72,73]. While such hybrid approaches often improve interpretability and enable targeted mitigation, they require additional system modeling and tuning.
Third, in terms of detection capability and failure modes, the results indicate that prediction-residual–oriented methods are powerful for detecting subtle and coordinated process anomalies, including multi-point stealthy attacks that forge SCADA histories or slowly drive the system toward unsafe states [69,72,73,75,76]. At the same time, their performance critically depends on the quality and coverage of the learned normal model: residuals can increase not only under attacks but also when the process changes operating mode, undergoes maintenance, or encounters unmodeled disturbances. Studies that explicitly model multiple normal modes or use probabilistic residuals address this by representing operating-mode changes and assigning anomaly scores based on deviation probabilities [70,75]. This suggests that robust deployment in real ICS/CPS requires mechanisms for handling operating-mode changes, re-training, and adaptive thresholding.
Finally, the distribution of datasets shows a strong reliance on SWaT and WADI for benchmarking prediction-residual-based methods, with additional evidence from custom-built avionics, robotics, temperature-control, offshore wind farm, and simulation-based CPS testbeds [67,68,69,70,71,72,73,75,76]. While this illustrates that the approach generalizes across different industrial domains, the heavy concentration on a few public process datasets also indicates that more diverse and realistic multivariate CPS benchmarks would be beneficial to thoroughly assess generalization, especially for rare attack types and complex multi-stage cyber–physical attack scenarios. Taken together, prediction-residual-based approaches are distinguished from reconstruction-error-based methods by their focus on short-horizon forecasting accuracy over time, and from sensor-correlation-based methods by concentrating on how individual variables or local groups evolve dynamically rather than on global correlation structures across the plant.

4.4.2. Reconstruction-Error-Based Anomaly Detection Studies

Reconstruction-error-based anomaly detection uses unsupervised models such as Autoencoders (AE) and Variational Autoencoders (VAE), which learn compact representations of normal data. These models are trained solely on normal process data to encode input into a low-dimensional latent space and then decode it back to an approximation of the original input. When normal data are provided, the reconstruction error—the difference between the original input and the reconstructed output—remains small. However, when anomalous data that lies outside the learned normal manifold are input, the model fails to reconstruct them accurately, yielding large reconstruction errors. The system detects anomalies when this reconstruction error exceeds a predefined threshold.
Conceptually, this view treats anomalies as observations that cannot be well represented by the low-dimensional latent space learned from normal operation, resulting in large reconstruction error. This is distinct from prediction-residual-based detection, which relies on forecasting residuals, and from sensor-correlation-based detection, which focuses on breakdowns in inter-sensor dependencies, even when time-windowed inputs are used. Table 10 summarizes reconstruction-error–based anomaly detection studies.
Using simulation data from a petrochemical fractionation process and the BATADAL dataset, Du et al. [77] combined data super-resolution with anomaly detection in a multirate sampling environment. A mechanism model (MM) is first employed to fill spatiotemporal gaps in the data, after which an Anomaly-Forced Autoencoder (AFA) that injects anomalies during training is used to strengthen reconstruction capability on normal data. Anomaly states are then detected based on reconstruction errors.
Analyzing process data from the HAI (HIL-Based Augmented ICS) dataset, Choi and Kim [79] proposed an unsupervised anomaly detection approach using an LSTM-based Variational Autoencoder (VAE). The model captures temporal dependencies in time-series data and models the latent distribution of normal process states. Anomalies are identified by computing the reconstruction error between the input and the reconstructed signal and flagging samples whose error exceeds a threshold.
Using the SWaT dataset, Boateng et al. [81] presented an anomaly detection method based on a One-Class Neural Network (OC-NN). Like an autoencoder, the model learns the characteristics of normal (single-class) data and establishes a boundary in the feature space. An anomaly score—analogous to a reconstruction error—is derived by measuring how far a new sample deviates from the learned normal boundary, and anomalies are detected based on this score.
Using the SWaT dataset, Pinto et al. [82] conducted a comparative analysis of various unsupervised learning approaches. The study evaluated the performance of reconstruction-error-based models such as AE, VAE, and GAN, as well as boundary-based models such as OC-SVM, in detecting zero-day attacks from ICS process data. Their results empirically validated the effectiveness of reconstruction-error-based techniques.
Using the HAI 1.0 dataset, Kim et al. [83] proposed a method to improve anomaly detection performance in IIoT environments. They first analyzed correlations among process variables using the Pearson correlation coefficient for feature selection, then trained an autoencoder to model normal operation. Anomaly system behavior is detected by monitoring the reconstruction error produced by the autoencoder.
For edge gateways in smart-grid substations and distribution boards, Zhang et al. [85] designed a lightweight CNN–LSTM-based hybrid detector that simultaneously ingests process sensor time-series (e.g., voltage, current) and local event/alarm logs. They further applied knowledge distillation and 8-bit quantization to reduce model size and computational load, enabling deployment at the edge. In the proposed hierarchical cooperative architecture, edge devices perform only simple anomaly-score computation and first-level alerts, while detailed attack-type classification and forensics are offloaded to the cloud. This design allows the system to detect anomalies in hybrid data with millisecond-level latency under resource constraints, while preserving basic safety functions even during network failures or attacks on central servers.
Using process data (sensor and manipulated variables) collected from a Tennessee Eastman (TE) chemical–process-based CPS testbed, Noorizadeh et al. [86] proposed a cybersecurity evaluation methodology that compares multiple data-driven detectors, including PCA, OCSVM, LOF, kNN, and Isolation Forest. In particular, PCA-based methods project process variables onto a principal-component space learned from normal operation and then reconstruct them. The squared reconstruction error between original and reconstructed data is used as a monitoring statistic, and samples whose values exceed a threshold are detected as anomalies.
Aslam et al. [87] proposed a multi-feature hybrid anomaly detection framework that combines Autoencoder (AE), Isolation Forest (IF), XGBoost, Random Forest, and LSTM, using the SWaT and wind-turbine SCADA datasets. Time-series windows are constructed using a sliding window, and reconstruction errors and isolation scores from AE and IF are fused with the original sensor features to train XGBoost and RF classifiers. An LSTM-based time-series anomaly score is further combined in a weighted manner. This approach mitigates the high false-positive rates and limited spatiotemporal pattern-capturing capability of single statistical, ML, or DL models.
From the reconstruction-error–oriented studies summarized in Table 10, several observations can be drawn about process-data-based anomaly detection. First, these methods are particularly effective for detecting sensor/actuator faults, false data injection, command manipulation, and generic injection-type attacks that cause local or global distortions in multivariate process trajectories [77,79,81,82,83,86,87]. By learning a compact representation of normal operating conditions and monitoring reconstruction error or boundary-based anomaly scores, autoencoder-like models (AE, VAE, OC-NN) and PCA-based approaches can flag process states that lie outside the learned normal manifold, including zero-day attack scenarios that were not explicitly seen during training [77,79,81,82,83,86,87]. Comparative studies on SWaT and TE data further confirm that reconstruction-error-based detectors often outperform classical statistical methods in capturing complex nonlinear relationships among process variables [82,86].
Second, the surveyed work illustrates a continuum between pure reconstruction-error detectors and hybrid architectures that combine reconstruction scores with additional signals. Some approaches rely almost exclusively on reconstruction error derived from AE or VAE models trained on normal process data [77,79,83], while others treat boundary distances in one-class neural networks or PCA-residual statistics as functionally equivalent “reconstruction-like” anomaly measures [81,86]. Hybrid frameworks such as CNN–LSTM edge detectors and AE + IF + tree-based ensembles fuse reconstruction error with isolation-based scores, temporal features, or event/log information to improve robustness and reduce false positives under realistic operating variability [85,87]. These designs show that reconstruction-error signals are particularly powerful when used as one component in a broader multi-feature decision process rather than as a single thresholded metric.
Third, the results emphasize the importance of deployment constraints and system architecture. Lightweight and quantized AE/CNN–LSTM models deployed at edge gateways can provide millisecond-level anomaly scoring while offloading complex diagnosis and attack-type classification to the cloud, enabling hierarchical detection in resource-constrained CPS environments [83,85]. At the same time, reconstruction-error-based detectors are sensitive to changes in normal operating regimes, sensor calibrations, and maintenance activities: large reconstruction errors can arise not only from attacks but also from legitimate process reconfigurations. This necessitates careful design of feature selection, mode handling, and adaptive thresholding, as well as periodic model updates, to avoid an excessive false-positive burden in real deployments [77,79,83,86,87].
Finally, the dataset distribution again reveals a strong reliance on a limited set of public process benchmarks—SWaT, HAI, BATADAL, and TE—supplemented by a small number of custom-built CAN fieldbus and wind-turbine SCADA datasets [77,79,81,82,83,85,86,87]. While this demonstrates that reconstruction-error-based techniques are applicable across water-treatment, chemical-process, smart-grid, and automotive domains, it also indicates that further work on diverse and standardized CPS process datasets is needed to fully assess generalization, particularly for rare multi-stage attacks and subtle operational anomalies that challenge current reconstruction-based detectors. Thus, reconstruction-error-based approaches are differentiated from prediction-residual-based methods by measuring distance to a learned normal manifold rather than short-horizon forecasting error, and from sensor-correlation-based techniques by capturing inter-variable dependencies implicitly through the reconstruction objective instead of explicitly modeling graph or physics-based correlation structures.

4.4.3. Sensor-Correlation-Based Anomaly Detection Studies

Industrial Control Systems (ICS) operate as complex platforms in which numerous sensors and actuators are physically or logically interconnected. As a result, individual sensor measurements are not independent; rather, strong spatial–temporal correlations emerge among sensors under specific process conditions. Sensor-correlation-based anomaly detection leverages AI models to learn these multivariate dependency structures and identify deviations from the expected correlation patterns. Recent studies not only aim to detect anomalies but also exploit correlation structures—often represented as graphs—to capture cascading failures and infer the root cause of attacks. When a cyberattack (e.g., FDI) or a physical fault forces certain sensor values to deviate from their expected relationships, the model flags such violations as anomalous behavior.
From this perspective, anomalies are characterized as breakdowns in multivariate dependency structures among sensors, actuators, and control signals. This is distinct from prediction-residual-based detection, which scores anomalies using the observation–prediction residual, and from reconstruction-error-based detection, which scores anomalies using reconstruction error. Table 11 summarizes sensor-correlation–based anomaly detection studies.
Using the SWaT and WADI datasets, Gulzar and Mustafa [88] first examined correlations between sensor features and attack classes using feature-selection methods such as Information Gain. They then proposed an LSTM/Bi-LSTM-based framework that deeply models temporal correlations embedded in multivariate sensor data and detects anomalies when system dynamics deviate from learned normal sequences.
Using data from a water-treatment system, Ayas et al. [90] employed a deep neural network (DNN) to implicitly learn complex, nonlinear correlations among multiple process variables. The model predicts the next process state based on learned correlations, and anomalies are flagged when observed values fall outside the predicted normal range.
Using sensor data from a liquid-distribution system, Ahmadi-Assalemi et al. [91] focused on dynamic environments where sensor correlations shift due to changes in operational modes. They proposed an adaptive-learning model that continuously updates the normal correlation profile while processing streaming data, identifying cyber threats when incoming values diverge from the updated normal pattern.
Using multivariate time-series data from the WADI dataset, Saheed et al. [93] combined LSTM with an attention mechanism. The attention module dynamically assigns importance weights to the most relevant sensors or past timestamps at each decision point, enabling lightweight anomaly detection that focuses on violations of key correlation patterns.
Using the SWaT dataset, Li et al. [94] modeled sensors and actuators within the SCADA system as nodes in a graph, with physical or logical correlations represented as edges. A graph neural network (GNN) is used to learn spatial–temporal dependencies directly from this structure, detecting anomalies when a node’s behavior violates its neighborhood correlation and further pinpointing the attack location.
For sensor data from a liquid-distribution system, Ahmadi-Assalemi et al. [95] proposed the “Super Learner Ensemble.” This approach trains multiple base learners—each capturing sensor correlations from different perspectives—and combines their predictions through a meta-learner, enabling more robust modeling of normal correlation profiles and reliable anomaly detection.
Using Tennessee Eastman (TE) chemical-process simulation data, Liu et al. [96] introduced a Time-Series Multi-Instance Learning framework, in which an entire time series is represented as a “bag” of sub-sequences (instances). The model learns temporal and correlation patterns among these instances, while a vector-quantization module memorizes normal patterns and flags mismatched patterns as anomalies.
Using the HAI 1.0 dataset, Kim et al. [98] proposed an explainable anomaly-detection method focusing on normal “operational sequences”—i.e., expected sequential relationships between events such as “valve opening” followed by “pump activation.” Violations of these sequential correlations are treated as anomalies.
Using physical-model data from the Festo MPA workstation rig, Robles-Durazno et al. [99] engineered “energy-based features” from raw sensor measurements (voltage, current) based on physical laws (P = IV). These features explicitly encode physical correlations and allow supervised models to learn normal energy relationships and detect anomaly states.
For CPS environments such as power grids and water-treatment systems, Ulybyshev et al. [100] proposed a secure-data-container mechanism to maintain sensor-data integrity during transmission. By preventing attackers from injecting values that distort normal correlations, the system ensures that anomaly detectors operate on trustworthy data.
Targeting smart-grid power systems, Murugesan et al. [101] introduced the SAML-Triple framework, which performs three-way classification (normal, natural faults, cyberattacks) by exploiting correlation structures across multiple measurement channels (voltage, current, frequency, impedance). Instead of relying on absolute deviations of single sensors, the model uses simultaneous multi-sensor behavior and covariance-structure collapse as the primary cues, enabling robust distinction between cyberattacks and natural faults even under noise or missing data, and early detection of cascading-failure precursors.
Using multivariate sensor/actuator data collected from high-fidelity simulators such as GRFICSv2 and Factory I/O, McGuan et al. [104] proposed the MinTWin–SVM anomaly-detection framework. The method uses PLC sensor values, actuator commands, and inter-time-step differences as features, detecting attacks when a fixed proportion of samples within a sliding window violate normal correlation constraints. Evaluation on single/multi-sensor manipulation and stealthy Modbus-MITM attacks demonstrates that, with appropriate windows and thresholds, the method achieves 0% false-positive rate while detecting most composite attacks.
In cyber-physical manufacturing systems (CPMS), Balta et al. [106] proposed a digital-twin-based anomaly detector that focuses on correlation collapse between sensors and control signals. The digital twin learns normal spatial–temporal correlation patterns among sensor values, control inputs, and setpoints; anomalies are detected when individual sensor values deviate independently from the expected multi-signal trajectory. Case studies on 3D-printer systems show the model’s ability to distinguish natural transients from manipulated measurements.
For power-system state estimation, Basulaiman et al. [107] introduced the LBSCA (Learned Block Successive Convex Approximation) method, which learns normal correlation patterns among SCADA measurements while remaining robust when a subset of channels is selectively corrupted by stealthy FDIAs. By unfolding the block-successive-optimization procedure into a neural-network architecture, the method jointly learns multivariate correlations and sparse attack patterns and performs iterative correction without explicit attack labels.
Using SWaT, WADI, and ICS-Flow datasets, Ghorbani et al. [108] proposed a lightweight intrusion-detection model based on Kolmogorov–Arnold Networks (KAN). The model takes standardized multivariate sensor, actuator, and flow features as input and approximates nonlinear dependencies via combinations of B-spline-based 1-D functions, enabling efficient anomaly detection without complex feature engineering and supporting real-time CPS deployment.
Using SWaT and WADI process data in a digital-twin setting, Li et al. [110] proposed an end-to-end supervised model that first applies PCA for dimensionality reduction, then expands the reduced features via 1-D/2-D deconvolution, and finally employs CNN and channel-attention modules to highlight latent correlations among process variables. Deconvolution reveals hidden inter-sensor relationships, while attention mechanisms assign higher weights to the most critical sensor channels, enabling accurate discrimination between normal and anomaly samples.
From the sensor-correlation–oriented studies summarized in Table 11, several observations can be made that distinguish this line of work from prediction-residual– and reconstruction-error-based approaches. First, correlation-based methods explicitly exploit multivariate relationships among sensors, actuators, and control signals—such as temporal co-movements, sequential dependencies between events, covariance structures across measurement channels, and energy or power-balance relations—to detect anomalies that may not appear abnormal when each variable is considered in isolation [88,89,90,91,92,93,94,95,96,98,99,100,101,104,106,107,108,109,110]. This makes them particularly suitable for attacks and faults that selectively perturb a subset of variables while keeping other measurements within nominal ranges, as well as for scenarios where the key symptom is a collapse or distortion of inter-sensor correlation rather than a large deviation of a single signal [94,96,99,100,101,106,107,108]. Second, the surveyed work reveals diverse ways of encoding correlation structures. Some models learn temporal correlations and cross-sensor dependencies implicitly using deep RNNs, LSTMs, attention mechanisms, or Transformers applied to multivariate sequences [88,90,93,98,108,110], while others make correlations explicit through graph structures, digital twins, energy-based physics features, or multi-instance representations [94,96,99,101,104,106,107]. In several cases, domain knowledge is encoded directly—such as power-flow relationships in smart grids or energy-conservation laws in manufacturing rigs—so that violations of physical consistency become a primary anomaly cue [99,101,107]. Ensemble and weakly supervised frameworks further show that combining multiple correlation views (statistical, temporal, structural) can improve robustness under label scarcity and mixed cyber/physical disturbance conditions [95,96].
Third, a recurring theme in these studies is the need to distinguish cyberattacks from natural faults and benign process variability. By focusing on joint behavior across multiple sensors and control channels, correlation-based detectors can better separate cyber-physical attacks, which often produce inconsistent or coordinated manipulation patterns, from natural faults that follow typical failure correlations or fault signatures [91,95,96,100,101]. At the same time, the strong reliance on learned correlation profiles implies that significant operating-mode changes, reconfigurations, or sensor upgrades can cause correlation shifts that resemble attacks, requiring adaptive learning, mode-aware modeling, and careful thresholding to avoid false alarms [91,96,98].
Finally, the dataset distribution indicates that sensor-correlation-based methods are heavily evaluated on SWaT, WADI, GHL, HAI, TE, and power-system benchmarks (IEEE bus systems), with additional evidence from gas-pipeline, GRFICSv2/Factory I/O, and aNormalies-based testbeds [88,89,90,91,92,93,94,95,96,98,99,100,101,102,104,105,106,107,108,109,110]. This suggests that correlation-based detection is applicable across water-treatment, manufacturing, and power-grid domains, but also that further work on more diverse CPS benchmarks—including longer-term datasets with explicit mode changes and mixed cyber/fault scenarios—would be valuable to fully assess the stability and generalization of correlation-focused models. Accordingly, sensor-correlation-based approaches complement prediction-residual– and reconstruction-error-based methods by prioritizing the preservation of multivariate dependency structures: they may flag attacks that keep individual trajectories and reconstruction errors small but nonetheless induce inconsistent joint behavior across sensors, actuators, and control channels.

4.4.4. Leveraging Operational-Consistency Characteristics Anomaly Studies

Industrial processes strictly adhere to well-defined physical laws—such as mass and energy conservation—and fixed operational rules, including PID control logic and safety interlock sequences. Approaches in this category either incorporate such domain knowledge into AI models or directly monitor whether observed data violate these physical or operational constraints, i.e., whether the observed behavior is physically infeasible or inconsistent with control logic. Recent studies increasingly adopt physics-informed characteristics, injecting conservation laws, control constraints, or observer-based consistency checks into the learning process to enforce physical consistency. This direction aims to detect not merely statistical outliers but true physical contradictions, thereby significantly reducing false positives and enhancing domain generalization. Table 12 summarizes operational-consistency–based anomaly detection studies.
Using the Tennessee Eastman (TE) chemical process dataset, Wan et al. [111] employed a Binary Segmentation algorithm to identify functional patterns in time-series data and modeled transitions among these patterns as a Finite State Machine (FSM). Anomalies are detected when the process exhibits logically impossible state transitions that deviate from the FSM-defined normal operational sequence.
Using the SWaT testbed, Raman et al. [112] proposed a PLC Command Validation Tool (PCAT) that verifies actuator commands before they are issued. By evaluating whether a command violates the physical and operational constraints of the current process state—such as attempting to start a pump when the corresponding valve is closed—PCAT proactively blocks logically inconsistent actions and mitigates anomalous behavior.
Using the WADI dataset, Cai et al. [113] proposed the SA2 method, which separately models sensor patterns and actuator rules. The model captures causal operational linkages—e.g., “if a pump (actuator) is turned on, flow rate (sensor) must increase”—and flags anomalies when these spatio-temporal causal constraints are violated.
Using in-vehicle ECU network data, Awaad et al. [114] presented a two-stage intelligent diagnostic security framework. In the first stage, engineering constraints and operational rules embedded within the vehicle’s On-Board Diagnostics (OBD) system—such as whether vehicle speed is consistent with engine RPM—are monitored to detect deviations from normal operational logic.
Using historical operational data from CPS environments, Kumar and Das [117] proposed the Simple Rule Induction (SRI) method to enhance the robustness of DNN-based IDS models. SRI automatically extracts threshold-based control-logic rules—e.g., “if sensor X exceeds threshold Y, valve Z must close”—from data. These explicitly extracted operational rules complement the statistical patterns learned by DNNs, improving resilience to zero-day and adversarial attacks.
For AGC-based power systems, Nafees et al. [118] introduced CLDPhy, a physics-informed deep-learning model that simultaneously learns correlation patterns among multiple measurements—voltage, frequency, tie-line power, ACE—and incorporates physical system constraints. By distinguishing normal load variations from physically inconsistent responses, the model detects anomalies where individual sensor readings may appear nominal but inter-area correlations collapse due to FDI attacks or load disturbances.
From the operational-consistency–oriented studies summarized in Table 12, several observations can be made regarding process-data-based anomaly detection. First, unlike purely data-driven prediction-residual or reconstruction-error approaches, these methods explicitly encode process constraints, control logic, and admissible state transitions, and treat violations of such rules as primary anomaly cues [111,112,113,114,115,116,117,118]. By checking whether actuator commands, sensor responses, and event sequences are physically feasible and logically consistent. they can detect cyber–physical attacks and stealthy manipulations that only slightly perturb statistical patterns but induce clear inconsistencies with process and control laws—such as false data injection, command and control tampering, replay, ramp-style stealth attacks, and adversarial perturbations [111,112,113,114,117,118].
Second, the surveyed work shows two main design styles for operational-consistency detection: rule-centric approaches that enforce explicit constraints directly, and hybrid approaches that integrate these constraints with ML-based classifiers. On one side, Bayesian-network/FSM models, PLC-command validation tools, and process-monitoring modules with explicit sensor/actuator rules leverage hand-crafted or automatically extracted constraints to reject logically impossible operations and abnormal event sequences [111,112,113,117]. On the other side, hybrid frameworks combine these rule-based consistency checks with supervised learners such as decision trees, XGBoost, CNN–LSTM, and DNNs, using operational rules either as a first-stage filter or as additional features to improve the robustness of data-driven classifiers [112,113,114,117,118]. This combination allows the system to maintain strict safety constraints while still benefiting from the flexibility and expressiveness of modern ML models.
Third, operational-consistency-based detectors are particularly relevant for handling zero-day and adversarial scenarios. Because they focus on physical and logical feasibility rather than on specific attack signatures, they can flag previously unseen attacks that nevertheless violate process interlocks, causal relationships, or power-balance constraints [113,114,117,118]. At the same time, their effectiveness critically depends on the correctness and completeness of the encoded rules and physical models: missing or overly coarse constraints can lead to false negatives, whereas mis-specified rules may generate false positives during legitimate transients, mode changes, or maintenance procedures. Several studies therefore emphasize the importance of automatic rule extraction, adaptive updating of operational profiles, and careful coordination between rule-based and ML-based components [113,114,117].
Finally, the dataset distribution shows that operational-consistency–oriented methods are evaluated across a relatively diverse set of CPS domains, including water-treatment testbeds (SWaT, WADI), vehicle OBD-II datasets, and power-system simulations [111,112,113,114,115,116,117,118]. This indicates that injecting process and control knowledge into anomaly detectors is a broadly applicable strategy across industrial sectors. However, the experiments are still largely limited to a small number of well-known benchmarks and lab-scale systems, suggesting that further work on large-scale, multi-mode, and multi-fault/multi-attack datasets would be valuable to fully assess how well operational-consistency-based approaches generalize under realistic workload shifts and complex cyber–physical disturbance patterns.

4.5. Simulation Data Type

Simulation data constitute a data type designed to experimentally reproduce attack–defense interactions and policy-optimization processes in ICS/IIoT security research. Such data are generated within Markov Decision Process (MDP)-based environments that follow a state–action–reward structure. Detection signals (e.g., anomaly scores) are treated as part of the system state, enabling dynamic adjustment of time-varying thresholds and the modeling of policy competition between attackers and defenders (Markov games) for learning and evaluating adaptive defense strategies and policy-based mitigation mechanisms. Moreover, simulation environments support reward designs that incorporate risk, delay, and operational cost, as well as offline and off-policy learning, self-play, and counterfactual (what-if) verification. This allows researchers to alleviate label sparsity and class imbalance, and to improve zero-day generalization and robustness, all without imposing risk on real-world industrial assets. Table 13 summarizes simulation-based anomaly detection studies.
In a CyberBattleSim-based IIoT simulation environment, Chen et al. [119] proposed a method that combines the FlipIt game model with reinforcement learning to emulate attack–defense interactions and derive optimal strategies. The approach models multi-layer (IT–OT) control-takeover dynamics as a game and uses RL to quantify rewards (attacker/defender gains), enabling each agent to adapt its strategy to the opponent’s intelligence level. Simulation experiments showed improvements in cumulative reward and defense success rate, demonstrating the practicality of policy-based mitigation strategies.
In an MDP environment providing simulation feedback, Yang et al. [120] proposed Agent-based Dynamic Thresholding (ADT), in which a DQN agent receives AE-based anomaly scores as part of the state and dynamically selects time-varying thresholds. This approach overcomes the limitations of static or expert-defined thresholds and achieved F1 scores of 0.995–0.999 on SWaT, WADI, and HAI, exhibiting high adaptability even under label sparsity and noisy or delayed feedback.
In an adversarial reinforcement learning (two-agent Markov game) simulation setting, Yoon et al. [121] proposed RAAD, which jointly trains an attacker policy (trajectory perturbation sampling) and a defender policy (normal/anomaly discrimination). As the environment supplies synthetically generated states that let the attacker continuously drive the defender toward its worst-case performance trajectories, the defender reduces overfitting and gains improved generalization to unseen (zero-day) attacks. Across multiple real-world datasets, RAAD reported statistically significant F1 improvements over existing methods.
From the simulation-data–oriented studies summarized in Table 13, several observations can be drawn. First, in contrast to other data types that mainly target offline detection accuracy, simulation data are primarily used to learn adaptive defense policies such as dynamic threshold control, attack–defense strategy selection, and policy-based mitigation in MDP or game-theoretic environments [119,120,121]. Second, the reviewed studies show two representative ways of using simulation: cyber-range environments such as CyberBattleSim, where the entire attack–defense process is simulated [119], and Markov game settings that reuse real ICS/CPS datasets while generating perturbed trajectories to evaluate robustness against unseen attacks [120,121]. Finally, simulation-based approaches are particularly useful for analyzing long-horizon or low-frequency attacks and for improving zero-day robustness, but their practical effectiveness still depends on how realistically the simulation models process dynamics, attacker behavior, and operational constraints.

4.6. Hybrid Data Type

Hybrid data in ICS research refer to data that jointly utilize network traffic and process data to analyze, in an integrated manner, communication anomalies in the cyber layer and process anomalies in the physical layer. While prior studies have typically performed network-based detection and process-based detection separately, real ICS environments exhibit tight coupling between the two layers: network attacks can propagate into physical process anomalies, and conversely, process anomalies may manifest as changes in network behavior.
Due to this characteristic, hybrid anomaly detection models have been proposed that learn cyber–physical correlations by combining network packet features with sensor and actuator time-series variables. Representative datasets include SWaT, WDT (Water Distribution Testbed), and ICS-Flow, which provide both network traffic containing cyberattack scenarios occurring at the communication layer and process data containing cyberattack scenarios affecting the physical process, thereby enabling integrated anomaly detection experiments.
By combining network traffic and process data, this hybrid data type compensates for the limitations of AI-based anomaly detection methods that rely on a single data modality and serves as a key research foundation for analyzing cyberattacks that unfold across cyber–physical layers in ICS environments.

4.6.1. Hybrid Data Fusion-Based Anomaly Detection Studies

For many years, ICS security research relied primarily on anomaly detection methods based solely on statistical features of network traffic, which led to a structural limitation: the controllability–observability relationship between control and physical processes was not sufficiently captured within the detection models. Recent work therefore moves toward integrative modeling of the spatio-temporal relationships among control commands, sensor feedback, and network traffic, with the goal of quantitatively validating the physical–logical consistency of industrial processes. Table 14 summarizes hybrid data fusion–based anomaly detection studies.
Du et al. [122] proposed an unsupervised hybrid data fusion-based anomaly detection method that combines an LSTM-Autoencoder with a GAN, using a self-constructed ICS dataset that fuses network traffic from the cyber layer and sensor readings from the physical layer. The authors extract network features such as protocol fields and payload size from Modbus TCP packets and combine them with process sensor data to construct cyber–physical fusion features. The model judges anomalies based on reconstruction capability under normal conditions and demonstrates approximately a 6% improvement in detection accuracy compared to single-modality approaches.
Using data collected from in-house traffic control and conveyor system testbeds, Lin et al. [123] proposed a Long–Short Period Deterministic Finite Automaton (LSP-DFA)-based cyber–physical integrated anomaly detection scheme. The key contribution is the implementation of a multi-domain model that jointly learns cyber-layer behaviors (communication events, packet polling periods) and physical-layer dynamics (process variables, sensor and actuator values), going beyond conventional single-domain (sensor-centric) approaches. Specifically, ICS communication logs (Industrial Control Packets, ICP) are generated from controller-specific request/response packets and time-synchronized with register-based sensor and control variables, forming system-level ICP logs. By jointly analyzing polling period and response-time patterns at the network layer together with state-transition sequences at the physical layer on a common time axis, the method detects cyber–physical inconsistencies such as communication delays, packet loss, and command manipulation that disrupt the causal relationship between cyber events and process behavior.
Li et al. [124] proposed a causality-guided counterfactual debiasing method to mitigate detection errors caused by data bias, using seven real-world CPS datasets (IDA, MFP, ACS, SPF, UNS, NSL, ICS). Their hybrid data-based approach jointly models the causal structure between the cyber layer (control commands, network events) and the physical layer (process time series), and uses counterfactual samples generated from a Structural Causal Model (SCM) to remove non-causal correlations. Across all seven datasets, their method achieved an average F1-score above 91%, improving both detection accuracy and process consistency compared to single time-series models.
Wu et al. [126] proposed GRU-MDSIR-AE, an unsupervised hybrid data fusion-based anomaly detection method applied to control and sensor data collected from a nonlinear CPS experimental platform. The model takes both control commands and sensor measurements as joint inputs and uses a GRU-based autoencoder to learn normal time-series patterns, employing reconstruction error as the anomaly score. By integrating a Stability Image Representation (SIR) with a Modified Disturbance Layer (MDL), the framework is designed to weaken the stealthiness of adversarial perturbations and sensitively capture subtle anomaly signal variations. Experimental results show substantially improved detection of stealthy attacks compared to single modality autoencoders. Demonstrating that learning interdependent cyber–physical patterns enable practical real-time anomaly detection in CPS environments.
Kim et al. [127] proposed a data fusion-based control algorithm that jointly performs cyberattack prevention and anomaly detection using an FDM 3D printer digital twin (DT) dataset constructed in-house. The authors achieve real-time synchronization between the physical twin (PT) and digital twin (DT), collecting and analyzing control commands and sensor feedback simultaneously to detect cyber–physical anomalies in the printing process. In the detection phase, DBSCAN-based clustering is combined with an EfficientDet-Lite deep model to identify nozzle position errors, temperature deviations, and vibration anomalies. Furthermore, a dual control scheme integrated with a PLC stops the machine and restores it to a safe state when anomaly patterns are detected, realizing preventive control. The proposed model is trained and validated on the custom DT–PT dataset and represents a hybrid anomaly detection architecture that simultaneously exploits control, sensor, and process image data.
Girdhar et al. [128] proposed a hybrid data–fusion anomaly detection method for electric vehicle (EV) fast-charging stations (EV XFC) that models cross-domain correlations across attack stages. Using a simulated EV charging infrastructure dataset, they define key attack paths via STRIDE threat modeling and Attack–Defense Trees (ADT), and jointly observe cyber-layer communication events (e.g., DoS, MITM, data manipulation) and physical-layer current, voltage, and temperature measurements on a unified time axis to learn state transition probabilities. Their HMM-based framework simultaneously analyzes cyber events and physical responses, implementing a cross-domain state correlation structure that predicts process anomalies and attack phases. Although it does not perform explicit feature-level fusion, the simultaneous tracking of cyber and physical states allows probabilistic modeling of multi-stage attacks—such as MITM, DoS, and FDI—and real-time estimation of their impact on physical system behavior.
Millot et al. [129] presented a systematic and efficient anomaly detection framework that performs integrative analysis of multi-domain data. Using six public ICS datasets—Water Storage Tank, New Gas Pipeline, Power System, WADI, BATADAL, and Tennessee Eastman Process—the framework leverages both cyber-layer data (network traffic, IDS logs) and physical-layer data (sensor and process variables). In particular, WADI and Power System datasets, which include both network and physical signals, are used to validate multi-domain applicability. The pipeline combines data scaling and normalization, frequency smoothing, dimensionality reduction via PCA, and machine-learning classifiers (Random Forest, SVM, XGBoost, etc.) to handle heterogeneous data structures in a unified manner. Experimental results demonstrate consistently high detection accuracy (above 90%) across datasets and show that the framework significantly improves generalization and reproducibility compared to single-domain models.
Wang et al. [131] proposed a multimodal anomaly detection method that integrates heterogeneous data sources to precisely detect security threats at power Distribution Terminal Units (DTUs). Using real operational logs and a Simulated Power Terminal Dataset, they construct hybrid cyber–physical data including network traffic, system and application logs, asset information, control commands, and sensor measurements. The detection framework defines stage-wise detection points based on the MITRE ATT&CK threat model and adopts both feature-level and decision-level fusion to learn cross-domain correlations. A data lake and microservices architecture (MSA) are used to implement a distributed system capable of real-time analysis of large-scale heterogeneous logs. In a realistic power grid test environment, the multimodal detector achieved approximately 90% detection accuracy with an average detection delay of 2–4 min, significantly improving attack identification and phase prediction compared with single-source IDS solutions.
Han et al. [132] proposed RHAD (Reinforced Heterogeneous Anomaly Detector), a reinforcement-learning-based anomaly detection framework that integrates heterogeneous multi-domain data to enhance ICS security robustness. Using SCADA and WDT (Water Distribution Testbed) datasets, RHAD fuses network traffic, control commands, and sensor measurements to learn interdependent anomaly patterns across cyber–physical layers. The framework combines multiple detection models—FlowTransformer, LSTM-AE, CNN-Attention, Random Forest, SVM—in parallel and employs a PPO-based reinforcement-learning scheduler to dynamically adjust model-specific weights and reliabilities, with final decisions derived via temporal-weighted voting. This hybrid approach illustrates an effective way to tackle nonlinear and complex attack patterns in ICS using reinforcement learning and multi-model fusion over hybrid data.
Overall, the hybrid data fusion-based anomaly detection studies in Table 14 share three common characteristics. First, many approaches explicitly synchronize cyber-layer events with physical-layer behavior on a common time axis to detect cyber–physical inconsistencies that single-domain detectors would miss [122,123,124,125,126,127,128,129]. Second, several frameworks are designed to operate across multiple datasets and domains by providing generic pipelines for heterogeneous feature processing and multi-modal fusion, rather than redesigning ad hoc detectors for each individual system [124,129,131]. Third, some works couple fused anomaly scores with higher-level decision modules—such as attack-stage modeling, ATT&CK-based threat mapping, or reinforcement learning-based model selection—so that hybrid data directly drives mitigation policies and adaptive defense strategies in real time [128,131,132]. These results indicate that hybrid data are particularly effective for detecting multi-stage, cross-layer attacks and combined cyber–physical faults, although they also require reliable time synchronization, access to diverse logs, and additional engineering effort compared with single-modality approaches.

4.6.2. Ensemble and Decision-Fusion-Based Detection Studies

In hybrid data-based anomaly detection settings, differences in scale, distribution, and periodicity across data sources make it difficult for a single detector to comprehensively capture all relevant patterns. To overcome this limitation, recent studies have proposed ensemble and decision-fusion architectures that combine multiple detectors in parallel or hierarchical configurations, aggregating their outputs. Such approaches exploit the complementary biases of individual detectors and have proven effective in ICS environments for maintaining robust performance under data imbalance and concept drift. Table 15 summarizes ensemble and decision-fusion–based anomaly detection studies.
Xue et al. [133] proposed a decision-fusion-based real-time anomaly detection method designed to address the constraints of limited computational resources and strict real-time requirements in ICS. Using an Ethanol Distillation System (EDS) testbed, they synchronously collected multi-domain data during real operation, including PLC communication packets (network data), sensor readings, actuator states, and system parameters. Decision Tree, SVM, LSTM, and XGBoost detectors were trained separately on the hybrid dataset, and their decisions were then combined using hard and soft voting in a decision-level fusion scheme to compensate for individual model biases. The fused detector achieved higher detection accuracy and better generalization than any single model, demonstrating the feasibility of real-time hybrid-data anomaly detection that jointly considers cyber (communication anomalies) and physical (process anomalies) layers in ICS.
Brenner et al. [134] proposed a Safety-Augmented Network Intrusion Detection System (NIDS) that integrates security and safety considerations in ICS. Moving beyond traditional IDS, which only identifies network-level security events, the proposed system also evaluates the impact of detected attacks on physical equipment safety. It first detects attacks using network traffic and IDS logs (cyber-layer data), then links these results to safety metrics such as Safety Integrity Level (SIL), operational criticality (OC), and asset value (physical and operational layer data) to quantify risk. Although explicit feature-level fusion is not performed, the system implements a decision-level multi-domain fusion model that combines detection outputs with safety indicators, enabling joint assessment of security severity and safety impact. Empirical results show high detection performance for PortScan, DoS, and botnet scenarios, as well as demonstrable mitigation of safety risks; the system further automates the prioritization of responses based on safety impact.
Karanfil [135] proposed a cyber–physical hybrid anomaly detection framework for detecting cyberattacks in microgrid environments using Network and System Management (NSM) data compliant with IEC 62351-7:2017 [139]. In a HYPERSIM-based microgrid co-simulation environment, network-layer NSM traffic and MIB statistics are collected alongside control-layer operational state variables, enabling a hybrid data–driven approach that jointly detects physical and communication anomalies. The collected data are analyzed using a hybrid scheme that combines rule-based detection with LSTM/GRU-based unsupervised models. For IEC-104 [140] protocol-based delay, modification, and loss attacks, the proposed framework achieved average F1-scores above 0.92, demonstrating that integrated analysis of network and control-layer data can simultaneously support attack detection and physical impact assessment in microgrids.
Gao et al. [136] proposed a cyber–physical hybrid anomaly detection method that couples machine-learning-based network intrusion detection with physical state observation, using a self-constructed train–ground wireless communication simulation dataset. In an IEEE 802.11 [141] wireless environment, network-layer traffic features—20 statistics including control fields, addresses, and retransmission rates—are used to train RF, GBDT, AdaBoost, and SVM classifiers for detecting DoS, deauthentication, and flooding attacks. At the physical layer, a train dynamics state observer computes residual between measured and estimated position/velocity to determine operational anomalies. Finally, a cyber–physical correlation framework combines both layers’ outputs to verify whether detected network attacks have a tangible impact on train control, providing an integrated anomaly assessment over hybrid data.
Jadidi et al. [137] proposed a hybrid anomaly detection scheme that applies a defence-in-depth/detection-in-depth strategy by combining network traffic and process logs in ICS. Network packets captured from a Purdue-model ICS are converted into NetFlow records to extract flow-level statistics, while PLC logs—containing sensor/actuator states and control actions—are collected and preprocessed as CSV time-series data. In the first layer, hierarchical cluster analysis (HCA) is applied to NetFlow histograms to detect flooding-type network anomalies that deviate from normal flow distributions. In the second layer, ARIMA/GARCH-based time-series prediction models learn a baseline of normal PLC behavior and identify process anomalies when residuals between predicted and actual log values exceed a threshold. The outputs of the two detectors are fused via an OR rule at the decision level; if either layer reports an anomaly, the system flags a potential attack at the ICS level.
Overall, the ensemble and decision-fusion-based hybrid data studies in Table 15 share three key tendencies. First, they explicitly combine detectors with heterogeneous inductive biases—tree ensembles, kernel methods, deep sequence models, and state observers—so that cyber-layer traffic anomalies and physical-layer process deviations are jointly reflected in the final decision, improving robustness under noisy hybrid data and nonstationary operating regimes [133,134,135,136,137]. Second, many frameworks perform decision-level fusion rather than strict feature-level fusion, aggregating per-model outputs via voting schemes or risk evaluation engines; this design simplifies deployment across diverse ICS domains because existing detectors can be reused while the fusion logic is tuned to plant-specific safety and criticality requirements [133,134,135,136]. Third, several works go beyond pure “detection accuracy” and link fused anomaly decisions to higher-level concepts—such as safety integrity, risk scores, or physical impact validation—thereby prioritizing responses to attacks that threaten equipment and process safety instead of treating all alerts as equally important [134,136,137]. These observations suggest that ensemble and decision-fusion architectures are particularly effective for maintaining stable performance under data imbalance and concept drift in hybrid ICS environments, but they also require careful calibration of model confidences, coordination of thresholds across detectors, and additional engineering effort to meet stringent real-time and resource constraints at the plant level.

4.7. Other Data Type

This subsection discusses AI-based cyber-attack detection studies that utilize data types other than the four categories defined above—network traffic data, process data, simulation data, and hybrid data. Table 16 summarizes anomaly detection studies based on other data types.
Lee et al. [142] highlighted that existing ICS anomaly detection techniques, which primarily monitor network packets or process data, are inherently incapable of detecting PLC control-logic modification attacks such as Stuxnet. To address this limitation, they proposed a control-logic–centric anomaly detection framework that directly analyzes the structure of PLC control logic. The authors converted IEC 61131-3 [147] IEC languages into Instruction List (IL) code and decomposed each IL instruction into its opcode and operand, which were independently vectorized using separate embedding models and then sequentially merged to preserve both contextual and structural characteristics of the control logic. Using these control-logic embedding sequences as input, the authors trained one-class deep learning models such as LSTM, LSTM-Autoencoder, and Transformer solely on benign control logic, and classified embedding patterns that deviate from the learned normal distribution as malicious control logic.
For three industrial robotic arms (Borunte 1820A, Moveit A150, xArm 1S, the BORUNTE 1820A manufactured by BORUNTE Robot Co., Ltd., Dongguan, China; the MoveIt A150 manufactured by Estun Automation Co., Ltd., Nanjing, China; and the xArm 1S manufactured by UFACTORY, Shenzhen, China), Yang et al. [144] proposed ASIDS, an intrusion detection system that leverages acoustic side-channel signals to detect trajectory-manipulation attacks in networked SCADA–robot environments. Motivated by the observation that the mechanical motion of each robot arm axis generates distinct and consistent acoustic signatures, the authors synchronized trajectory data with microphone-captured acoustic signals and performed noise filtering, axis-wise source separation, and trace alignment. Time- and frequency-domain features were then extracted to train a neural network model. During detection, the reported trajectory transmitted over the network (SCADA-side) was compared with the trajectory reconstructed from acoustic signals using an EWMA-based statistical test; deviations exceeding a preset threshold were flagged as malicious manipulations.
In a smart-grid industrial terminal environment, Mei et al. [145] collected five-dimensional physical signals—power consumption, CPU idle time, CPU occupancy rate, interrupt counts, and system call counts—at one-second intervals and proposed a physical-signal-based anomaly detection approach. Recognizing that resource-constrained industrial devices (PLC, DCS, RTU) cannot host traditional IDS or antivirus solutions, the authors trained a Transformer-based time-series predictor solely on normal operational data to forecast future physical signals. During runtime, if the L2 error between predicted and observed signals exceeded a predefined threshold, the terminal was classified as executing anomaly code, experiencing a crash, or operating in an anomalous state.
Using an industrial robot testbed, Pu et al. [146] introduced PIDS, a detection framework that fingerprints the physically induced dependency between robot motion and corresponding power consumption. Based on the physical principle that a specific commanded motion should consume a predictable amount of power, the system learns energy-consistency patterns and detects replay attacks by identifying discrepancies between the monitored trajectory and the actual power consumption.
Overall, the other-data–type–driven anomaly detection studies in Table 16 share several distinctive characteristics. First, they deliberately move beyond conventional network and process data to monitor artifacts that are closer to the root cause of cyber–physical compromise—such as PLC control logic structure, acoustic side-channel signals, host-level physical resource usage, and power-consumption traces—thereby covering attack surfaces that packet- or sensor-centric detectors inherently miss [142,143,144,145,146]. Second, the monitored signals are tightly constrained by the underlying physics or OS-level behavior: normal ladder logic adheres to strict structural patterns, robot motion induces characteristic acoustic and power signatures, and terminal resource metrics follow stable operating profiles. This makes it possible to detect semantically stealthy or encrypted attacks by flagging violations of these auxiliary consistency relations, even when primary cyber channels are partially hidden or manipulated [142,144,145,146]. Third, most approaches are designed as lightweight, mostly unsupervised endpoint monitors that can operate on resource-constrained devices or external side channels without requiring deep modifications to existing control networks, suggesting a practical way to complement network- and process-based IDS in real deployments [142,145,146]. At the same time, these methods tend to be highly system-specific and sensitive to environmental conditions, implying that such “other” data types are best viewed as auxiliary modalities that strengthen defense-in-depth rather than as universal replacements for the four primary data categories.

5. Discussion

In this section, we answer the RQs based on the literature analyzed in Section 4.

Research Questions Answers

  • RQ1: What security objectives and observation scopes does each data type address across the cyber, physical, policy, and cyber–physical integration layers of ICS/CPS, and how do these collectively form a complementary multilayer defense architecture?
To answer RQ1, we refer to Section 4.3.1, Section 4.3.2, Section 4.3.3, Section 4.4.1, Section 4.4.2, Section 4.5, Section 4.6.1 and Section 4.7. The studies analyzed in Section 4 clearly indicate that each data type monitors different layers of ICS/CPS and jointly composes a complementary defense-in-depth architecture.
First, network traffic data (Section 4.3) primarily supports cyber-layer monitoring. It leverages 5-tuple statistics (Section 4.3.1) and protocol-level information (Section 4.3.3) to detect network-centric attacks such as reconnaissance and MITM. By analyzing function codes and register addresses of ICS-specific protocols such as Modbus and DNP3, or by modeling host-to-host communication as a graph, these approaches incorporate the control context that distinguishes ICS networks from generic IT networks.
Second, process data (Section 4.4) focuses on physical-layer monitoring. Time series of process variables such as flow, pressure, and tank level (e.g., SWaT, WADI) are analyzed to detect physical process disruptions and equipment malfunctions that are difficult to observe at the packet level. Beyond simple statistical patterns, recent work increasingly exploits prediction residuals (Section 4.4.1), reconstruction errors (Section 4.4.2), and sensor correlation (Section 4.4.3), and further moves towards explicitly modeling physical laws and operational logic (Section 4.4.4) to verify physical consistency.
Third, simulation data (Section 4.5) provides an environment for policy and strategy learning. Without affecting real systems, it constructs MDP-based environments with state–action–reward structures. Within such environments, DQN agents can learn dynamic thresholds, and adversarial reinforcement learning between attacker and defender can be performed, enabling the learning of robust defense policies that respond to zero-day attacks under label-sparse conditions.
Fourth, hybrid data (Section 4.6) supports cyber–physical linkage monitoring. It simultaneously uses network features and sensor/actuator time series (Section 4.6.1) to analyze how cyber-attacks on communication channels translate into physical process anomalies. By explicitly modeling cyber–physical correlations—i.e., “if a specific command is sent on the network (cyber), a corresponding change must be observed in a certain sensor (physical)”—these approaches detect inconsistencies between the two layers.
Finally, other data types (Section 4.7) provide blind-spot monitoring that cannot be fully covered by the previous data types. Side-channel signals, PLC control logic, system and security logs, and configuration/asset metadata are used to identify logic tampering, unauthorized code deployment, multi-step attack chains, and configuration drifts that do not necessarily manifest as obvious anomalies in network or process data. By enabling cross-checking across the cyber (logs/policies), control (code), and physical (side channels) layers, these data sources fill observation gaps and extend the coverage of the multi-layer defense.
In summary, the five data types address different security objectives and observation scopes—network behavior, physical process dynamics, defense policies, and their cross-layer linkages—and collectively form a complementary defense-in-depth framework that spans all layers of ICS/CPS. Therefore, in direct answer to RQ1, our review shows that each data type is mapped to specific cyber, physical, policy, or integration-layer objectives, and that their combined use realizes a complementary multilayer defense architecture for ICS/CPS.
  • RQ2: How are the AI models and learning/preprocessing strategies applied to each data type aligned with the domain characteristics of those data, and what performance advantages do they offer?
To answer RQ2, we refer to Section 4.3, Section 4.4, Section 4.5 and Section 4.6. The choice of AI models for each data type is closely aligned with the domain characteristics that the data captures in ICS.
For network traffic data (Section 4.3), the dominant characteristics are periodicity and regularity. Unlike IT traffic, ICS traffic is typically generated by a relatively fixed set of devices communicating via cyclical and highly structured protocols (e.g., Modbus polling). Accordingly, statistical and entropy-based methods (Section 4.3.1) are effective in detecting deviations from the normal distribution, such as traffic bursts or anomaly port/host access patterns. Graph neural network (GNN) models (Section 4.3.5) are also well aligned with the domain property of a relatively stable “communication topology,” which can be naturally represented and learned as a graph.
For process data (Section 4.4), the core characteristics are spatio-temporal dynamics and physical constraints. Process variables evolve continuously over time according to physical laws and interact with neighboring sensors and actuators. Accordingly, LSTM/GRU, temporal GCN (T-GCN), and GNN-based models (Section 4.4.1 and Section 4.4.3) are used to capture temporal dependencies and spatial correlations. Furthermore, the fact that normal operation occupies a relatively compact region in the state space motivates AE/VAE-based approaches (Section 4.4.2), which learn a low-dimensional latent space for normal operation and use reconstruction error as an anomaly score. Beyond statistical dynamics, the strongest domain features are physical and operational constraints, such as invariants (“tank level can only rise when the inlet valve is open”) and finite-state operational sequences. Studies in Section 4.4.4 explicitly inject such constraints—through invariants, FSMs, and rule-based checks—into the detection pipeline to validate physical consistency rather than relying solely on statistical deviation.
For simulation data (Section 4.5), the key characteristic is strategic interaction. ICS security can be modeled as a sequential game between attacker and defender in an MDP or Markov game setting. Reinforcement learning models such as DQN and PPO align naturally with this environment, enabling the learning of optimal defense policies (e.g., dynamic thresholding, adaptive mitigation strategies) under varying attack patterns and delayed or noisy feedback.
For hybrid data (Section 4.6), the defining characteristic is cyber–physical causality. Control commands (cyber) induce subsequent changes in sensor readings (physical). Fusion models in Section 4.6.1 exploit this by feeding both network traffic (e.g., PLC commands) and sensor time series into a single model that learns their normal causal coupling and spatial-temporal dependencies. Anomalies are then defined as violations of physical–logical consistency, where the observed physical response is incompatible with the preceding cyber commands.
Overall, the alignment between data type, domain characteristics, and model design provides tangible performance benefits: improved detection accuracy for domain-specific attacks, better robustness to noise and imbalance, and enhanced ability to detect stealthy or structurally inconsistent behaviors that might be missed by generic, domain-agnostic models. Consequently, in direct answer to RQ2, our review confirms that AI models and learning/preprocessing strategies are deliberately selected to match the domain characteristics of each data type, which yields concrete performance advantages in terms of accuracy, robustness, and stealthy-attack detection.
  • RQ3: What structural limitations do current evaluation methodologies exhibit in terms of detecting unknown or zero-day attacks, and how do proposed approaches—such as physics-based constraints, adversarial learning, and simulation-based methods—improve these weaknesses?
To answer RQ3, we refer to Section 4.3.6, Section 4.4, Section 4.5 and Section 4.6. The surveyed studies collectively reveal both the limitations of existing evaluation methodologies and the directions in which they are being improved to better handle unknown and zero-day attacks.
The first major limitation is the risk of implicit signature learning. As pointed out by Kus et al. [66] in Section 4.3.6, many network-based ML models implicitly learn the “signatures” of attacks present in the training set rather than truly modeling the distribution of normal behavior. Their experiments, in which certain attack types were deliberately excluded from training, showed that recall for unseen attack families could drop to as low as 3.2–14.7%. This raises serious concerns about the zero-day detection capability of many ML-based IDS solutions.
A second limitation is dataset bias. As discussed in Section 4.4 and Section 4.6, a large fraction of process- and hybrid-data studies rely heavily on a small number of testbeds such as SWaT, WADI, and HAI. Models trained and evaluated exclusively on such testbeds risk overfitting to specific processes (e.g., water treatment) and attack scenarios, making it difficult to guarantee generalization to other domains, such as power systems or discrete manufacturing.
To overcome these limitations intrinsic to purely statistical distribution learning, literature converges on explicitly injecting domain knowledge. One line of work is simulation-based adversarial generalization (Section 4.5). Instead of relying solely on static datasets, simulation environments are used to run adversarial RL, where an attacker agent actively explores worst-case trajectories and synthetic states to degrade the defender. This forces the defender to learn policies that remain effective against patterns that do not present in the original training data, thereby improving zero-day generalization.
Another key direction is the integration of physical and operational constraints (Section 4.4.4 and Section 4.6). The underlying principle is that, although attackers can attempt to mimic statistical patterns (stealthy attacks), they ultimately must violate physical laws or control logic to cause real impact on the system. Accordingly, the studies in these sections inject invariants, sensor–actuator causal relations, cyber–physical causal models, and physics-informed constraints into anomaly detectors. By doing so, they detect situations where statistical indicators might appear “normal,” but physical–logical consistency is broken. This addresses precisely the type of stealth, and zero-day attacks that traditional, purely statistical IDS tend to miss, and directly mitigates the limitations highlighted by Kus et al. [66]. In summary, in direct answer to RQ3, our review identifies implicit signature learning and dataset bias as the main structural weaknesses of current evaluations, and shows that physics-based constraints, adversarial learning, and simulation-based methods enhance the detection of unknown and zero-day attacks beyond what purely statistical approaches can provide.
  • RQ4: When integrating detection results across heterogeneous data types, what design principles should be applied in data collection and modeling to ensure cyber–physical consistency in CPS?
To answer RQ4, we refer to Section 4.3, Section 4.4.4, Section 4.5 and Section 4.6. The design principles for preserving physical–logical consistency in CPS can be summarized as: (i) securing process context already at the data collection stage and (ii) explicitly incorporating physical laws and cyber–physical causality at the modeling stage.
From a data collection perspective, it is essential to collect data enriched with semantic context, rather than mere sequences of bytes or numeric values. For network data (Section 4.3), this means going beyond simple 5-tuple records to include protocol fields that carry control semantics—such as Modbus function codes and register addresses (Section 4.3.3) and payload content (Section 4.3.4). For process data (Section 4.4), this implies that datasets should not only contain individual sensor traces (e.g., LIT-101), but also encode process logic and physical connectivity (e.g., “LIT-101 is influenced by pump P-101 and valve MV-101”), as is the case in SWaT and WADI. Such contextual information is a prerequisite for physical-constraint-based modeling (Section 4.4.4). For simulation data (Section 4.5), the state and action variables should be complemented with carefully designed rewards that reflect operational objectives and constraints—such as physical stability margins or operating costs—so that domain constraints are inherently embedded in the data.
From a modeling perspective, this contextual information must be explicitly injected into AI models to capture cyber–physical relationships and physical laws. The most direct principle is to explicitly model cyber–physical correlations, as in the hybrid data fusion models of Section 4.6.1. This entails using network control commands (cyber) and sensor feedback (physical) jointly as inputs, enabling the model to learn spatial-temporal dependencies, causal relations, and state reconstruction across the two domains. In addition, rather than relying solely on statistical learning, it is crucial to incorporate physical and operational constraints such as in Section 4.4.4—e.g., using FSMs to validate operational sequences, monitoring physical invariants derived from plant design, or embedding control-theoretic observers and physics-informed constraints (PINN-like structures) to rule out physically impossible states.
In conclusion, design principles for preserving physical–logical consistency in CPS can be summarized as domain-aware and physics-informed approaches that (i) secure process context at the data collection stage and (ii) explicitly encode physical laws and cyber–physical causality in the modeling stage. These principles are essential to overcoming the limitations of purely statistical, data-driven models and to enabling robust, interpretable anomaly detection in real ICS/CPS environments. Accordingly, in direct answer to RQ4, our review concludes that ensuring cyber–physical consistency in CPS hinges on two complementary requirements. First, detectors must be trained on context-rich, semantics-aware data collected across heterogeneous cyber and physical data types. Second, AI models should explicitly encode physical laws and cyber–physical causal relationships, so that the resulting integrated detection outputs remain physically coherent with the underlying process dynamics.

6. Conclusions and Future Research Directions

Modern ICS/CPS constitute critical infrastructure that supports the control and monitoring of essential sectors such as energy, water treatment, and manufacturing, where a single cyber intrusion can immediately propagate into physical process disruptions and safety incidents. Consequently, AI-based anomaly detection techniques leveraging diverse data sources—including network traffic, process operational data, simulation environments, and hybrid cyber–physical data—have emerged as an indispensable research domain for strengthening ICS/CPS security.
In this review, we systematically examined prior studies on AI-based anomaly detection in ICS/CPS by categorizing the literature according to data type—network traffic, process data, simulation data, hybrid data, and other specialized data—and analyzing them with respect to detection objectives, learning paradigms, model families, attack types, and datasets used. Our analysis shows that network-centric approaches excel at detecting cyber-layer attacks such as reconnaissance, DoS, and MITM, whereas process-data-based approaches are effective for identifying physical-layer anomalies such as process perturbations, FDI attacks, and stealthy manipulations. Furthermore, simulation- and hybrid-data-driven studies provide valuable capabilities for reproducing rare attack scenarios and identifying violations of cyber–physical consistency, thereby complementing the strengths of individual data types.
Despite these advancements, significant challenges remain. The heavy reliance on a small number of benchmark datasets and narrowly scoped testbeds, the scarcity of long-term and multi-domain datasets that reflect diverse industrial environments, label sparsity and concept drift, and evaluation methodologies that insufficiently account for real-world OT operating conditions and resource constraints all limit the practical deploy ability of current research outcomes.
Future research should therefore prioritize three directions that directly address the gaps identified in this review. First, it should focus on constructing realistic and openly available ICS/CPS datasets that span heterogeneous industrial domains, richer attack scenarios, and coupled cyber–physical dynamics. Second, it should advance hybrid-data detection frameworks that explicitly combine network traffic, operational/process measurements, simulation traces, and auxiliary signals under a unified architecture, thereby leveraging the complementary strengths of different data modalities while mitigating their individual blind spots. Third, it should translate these models into deployable solutions by tackling real-time constraints, resource limitations, and strict safety and availability requirements in industrial environments. Pursuing these priorities is essential for building anomaly detection systems that are not only accurate on benchmark datasets but also robust, generalizable, and operationally relevant in real ICS/CPS deployments.

Author Contributions

Conceptualization, J.K.S.; methodology, J.K.S.; validation, J.L., B.K., and W.S.; writing—J.K.S.; writing—review and editing, J.L., B.K. and J.T.S. All authors have read and agreed to the published version of the manuscript.

Funding

This work was supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (RS-2023-00241376, Development of security monitoring technology-based network behavior against encrypted cyber threats in maritime environment).

Data Availability Statement

No new data were created or analyzed in this study.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
1D-CNNOne-Dimensional Convolutional Neural Network
AEAutoencoder
AFAAdaptive Factor Analysis
ANNArtificial Neural Network
APPNPApproximate Personalized Propagation of Neural Predictions
APTAdvanced Persistent Threat
ARFAdaptive Random Forest
ARIMAAutoregressive Integrated Moving Average
ASCAdaptive Supervisory Control
ATT&CKAdversarial Tactics, Techniques, and Common Knowledge
AVTPAudio Video Transport Protocol
AdaBoostAdaptive Boosting
AttnAttention mechanism
BBNBayesian Belief Network
BECN-AEBidirectional Encoder–Context Normalization Autoencoder
Bi-GRUBidirectional Gated Recurrent Unit
BLSTMBidirectional Long Short-Term Memory
BLSBroad Learning System
BLS-AEBroad Learning System-based Autoencoder
BloomBloom Filter
BNBayesian Network
C&CCommand and Control
CAMContent Addressable Memory
CANController Area Network
CANetChannel/Context Attention Network
CMRIControl Message–Related Intrusion
CPPSCyber-Physical Production System
CPSCyber–Physical System
CUSUMCumulative Sum (change detection)
DAEDenoising Autoencoder
DAGMMDeep Autoencoding Gaussian Mixture Model
DBSCANDensity-Based Spatial Clustering of Applications with Noise
Deep RNNDeep Recurrent Neural Network
DDQLDouble Deep Q-Learning (Double Deep Q-Network)
DDoSDistributed Denial of Service
DFFNNDeep Feed-Forward Neural Network
DLDeep Learning
DLLDynamic Link Library
DNNDeep Neural Network
DoSDenial of Service
DTDecision Tree
EnsEnsemble Model
ESREvent-Sequence Reasoning
ExtraTreesExtremely Randomized Trees
FDIFalse Data Injection
FGSMFast Gradient Sign Method
FID-GANFeature-Importance-Driven Generative Adversarial Network
FMIFunctional Model Identification
FMRACFunctional Model Reference Adaptive Control
FSMFinite State Machine
GA-mADAM-LSTMGenetic Algorithm–optimized modified ADAM LSTM
GANGenerative Adversarial Network
GBGradient Boosting
GBDTGradient Boosting Decision Tree
GARCHGeneralized Autoregressive Conditional Heteroskedasticity
GCNGraph Convolutional Network
GCNNGraph Convolutional Neural Network
GNNGraph Neural Network
GRUGated Recurrent Unit
GTOGorilla Troops Optimization
HATHoeffding Adaptive Tree
HCAHierarchical Cluster Analysis
HMMHidden Markov Model
Hetero-SAGEConvHeterogeneous GraphSAGE Convolution
IATInter-Arrival Time
ICPSIndustrial Cyber–Physical System
ICSIndustrial Control System
IDSIntrusion Detection System
IFIsolation Forest
IIoTIndustrial Internet of Things
IoTInternet of Things
K-NNK-Nearest Neighbors
KANKolmogorov–Arnold Network
KDKnowledge Distillation
K–SKolmogorov–Smirnov
LDLatent Dimension
LMLinear Model
LOFLocal Outlier Factor
LRLogistic Regression
LRPLayer-wise Relevance Propagation
LSP-DFALatent State Process–Driven Feature Analysis
LSTMLong Short-Term Memory
LSTM AELSTM-based Autoencoder
MFCIMulti-Function Command Injection
MILMulti-Instance Learning
MITMMan-in-the-Middle
MLMachine Learning
MLPMulti-Layer Perceptron
MMMixture Model
MPCModel Predictive Control
MPCIMulti-Point Command Injection
MSCIMulti-Stage Command Injection
NDAENonlinear Deep Autoencoder
NMRINetwork Measurement–Related Intrusion
NNNeural Network
NN-OneclassNeural Network One-Class Classifier
OCSVMOne-Class Support Vector Machine
PCAPrincipal Component Analysis
PoDPing of Death
PM-ACTProcess Monitoring for Actuators
PM-SENProcess Monitoring for Sensors
PTPPrecision Time Protocol
ProbProbabilistic model
RAADRetrieval-Augmented Anomaly Detection
RFRandom Forest
RSRandom Space
RTRandom Tree
ReconReconnaissance
SARIMASeasonal Autoregressive Integrated Moving Average
SCADASupervisory Control And Data Acquisition
SLRSystematic Literature Review
SRISystem Response Inference
ST-OCBLSStacked One-Class Broad Learning System
SVMSupport Vector Machine
TCNTemporal Convolutional Network
TransTransformer Network
VAEVariational Autoencoder
VAE-LSTMVariational Autoencoder with LSTM
XGBoosteXtreme Gradient Boosting

Appendix A. PRISMA Checklist

The following table reports the PRISMA checklist for the present study.
Section and TopicItem #Checklist ItemLocation Where Item Is Reported
Title1Identify the report as a systematic review.Title
Abstract2See the PRISMA 2020 for Abstracts checklist.Abstract
Rationale3Describe the rationale for the review in the context of existing knowledge.Section 1
Objectives4Provide an explicit statement of the objective(s) or question(s) the review addresses.Section 1 and Section 3.1
Eligibility criteria5Specify the inclusion and exclusion criteria for the review and how studies were grouped for the syntheses.Section 3.2
Information sources6Specify all databases, registers, websites, organisations, reference lists and other sources searched or consulted to identify studies. Specify the date when each source was last searched or consulted.Section 3.3
Search strategy7Present the full search strategies for all databases, registers and websites, including any filters and limits used.Section 3.4 and Table 1
Selection process8Specify the methods used to decide whether a study met the inclusion criteria of the review, including how many reviewers screened each record and each report retrieved, whether they worked independently, and if applicable, details of automation tools used in the process.Section 3.4
Data collection process9Specify the methods used to collect data from reports, including how many reviewers collected data from each report, whether they worked independently, any processes for obtaining or confirming data from study investigators, and if applicable, details of automation tools used in the process.Section 3.5
Data items10aList and define all outcomes for which data were sought. Specify whether all results that were compatible with each outcome domain in each study were sought (e.g., for all measures, time points, analyses), and if not, the methods used to decide which results to collect.Section 3.5
10bList and define all other variables for which data were sought (e.g., participant and intervention characteristics, funding sources). Describe any assumptions made about any missing or unclear information.Section 3.5
Study risk of bias assessment11Specify the methods used to assess risk of bias in the included studies, including details of the tool(s) used, how many reviewers assessed each study and whether they worked independently, and if applicable, details of automation tools used in the process.Section 3.6
Effect measures12Specify for each outcome the effect measure(s) (e.g., risk ratio, mean difference) used in the synthesis or presentation of results.N/A-no statistical meta-anlaysis;
Synthesis methods13aDescribe the processes used to decide which studies were eligible for each synthesis (e.g., tabulating the study intervention characteristics and comparing against the planned groups for each synthesis (item #5)).Section 3.2
13bDescribe any methods required to prepare the data for presentation or synthesis, such as handling of missing summary statistics, or data conversions.Section 3.5
13cDescribe any methods used to tabulate or visually display results of individual studies and syntheses.Section 4, Table
13dDescribe any methods used to synthesize results and provide a rationale for the choice(s). If meta-analysis was performed, describe the model(s), method(s) to identify the presence and extent of statistical heterogeneity, and software package(s) used.N/A—no quantitative synthesis
13eDescribe any methods used to explore possible causes of heterogeneity among study results (e.g., subgroup analysis, meta-regression).N/A—no meta-analysis /heterogeneity tests
13fDescribe any sensitivity analyses conducted to assess robustness of the synthesized results.N/A—no sensitivity analysis
Reporting bias assessment14Describe any methods used to assess risk of bias due to missing results in a synthesis (arising from reporting biases).N/A—reporting bias not formally assessed
Certainty assessment15Describe any methods used to assess certainty (or confidence) in the body of evidence for an outcome.N/A—certainty of evidence not formally graded
Study selection16aDescribe the results of the search and selection process, from the number of records identified in the search to the number of studies included in the review, ideally using a flow diagram.Section 4.1 and Figure 1
16bCite studies that might appear to meet the inclusion criteria, but which were excluded, and explain why they were excluded.Section 3.2 and Section 4.1
Study characteristics17Cite each included study and present its characteristics.Section 4.2, Section 4.3, Section 4.4, Section 4.5, Section 4.6 and Section 4.7
Risk of bias in studies18Present assessments of risk of bias for each included study.Not specifically tabulated; only described generally in Section 3.6
Results of individual studies19For all outcomes, present, for each study: (a) summary statistics for each group (where appropriate) and (b) an effect estimate and its precision (e.g., confidence/credible interval), ideally using structured tables or plots.Section 4.3, Section 4.4, Section 4.5, Section 4.6 and Section 4.7
Results of syntheses20aFor each synthesis, briefly summarise the characteristics and risk of bias among contributing studies.Section 5, Section 4.3, Section 4.4, Section 4.5, Section 4.6 and Section 4.7
20bPresent results of all statistical syntheses conducted. If meta-analysis was done, present for each the summary estimate and its precision (e.g., confidence/credible interval) and measures of statistical heterogeneity. If comparing groups, describe the direction of the effect.N/A—no statistical synthesis/meta-analysis
20cPresent results of all investigations of possible causes of heterogeneity among study results.N/A—no statistical heterogeneity analyses
20dPresent results of all sensitivity analyses conducted to assess the robustness of the synthesized results.N/A—no sensitivity analyses
Reporting biases21Present assessments of risk of bias due to missing results (arising from reporting biases) for each synthesis assessed.N/A—reporting bias not formally assessed
Certainty of evidence22Present assessments of certainty (or confidence) in the body of evidence for each outcome assessed.N/A—certainty of evidence not graded
Discussion23aProvide a general interpretation of the results in the context of other evidence.Section 5 and Section 6
23bDiscuss any limitations of the evidence included in the review.Section 5
23cDiscuss any limitations of the review processes used.Section 5
23dDiscuss implications of the results for practice, policy, and future research.Section 5 and Section 6
Registration and protocol24aProvide registration information for the review, including register name and registration number, or state that the review was not registered.N/A
24bIndicate where the review protocol can be accessed, or state that a protocol was not prepared.N/A
24cDescribe and explain any amendments to information provided at registration or in the protocol.N/A
Support25Describe sources of financial or non-financial support for the review, and the role of the funders or sponsors in the review.Funding Section
Competing interests26Declare any competing interests of review authors.Conflicts of Interest Section
Availability of data, code and other materials27Report which of the following are publicly available and where they can be found: template data collection forms; data extracted from included studies; data used for all analyses; analytic code; any other materials used in the review.No new data were created or analyzed in this study
# Item number corresponds to the PRISMA 2020 checklist item.

References

  1. Bhamare, D.; Zolanvari, M.; Erbad, A.; Jain, R.; Khan, K.; Meskin, N. Cybersecurity for industrial control systems: A survey. Comput. Secur. 2020, 89, 101677. [Google Scholar] [CrossRef]
  2. Koay, A.M.; Ko, R.K.L.; Hettema, H.; Radke, K. Machine learning in industrial control system (ICS) security: Current landscape, opportunities and challenges. J. Intell. Inf. Syst. 2023, 60, 377–405. [Google Scholar] [CrossRef]
  3. Firoozjaei, M.D.; Mahmoudyar, N.; Baseri, Y.; Ghorbani, A.A. An evaluation framework for industrial control system cyber incidents. Int. J. Crit. Infrastruct. Prot. 2022, 36, 100487. [Google Scholar] [CrossRef]
  4. Abshari, D.; Sridhar, M. A survey of anomaly detection in cyber-physical systems. arXiv 2025, arXiv:2502.13256. [Google Scholar] [CrossRef]
  5. Ji, I.H.; Lee, J.H.; Kang, M.J.; Park, W.J.; Jeon, S.H.; Seo, J.T. Artificial intelligence-based anomaly detection technology over encrypted traffic: A systematic literature review. Sensors 2024, 24, 898. [Google Scholar] [CrossRef]
  6. Gaggero, G.B.; Girdinio, P.; Marchese, M. Artificial intelligence and physics-based anomaly detection in the smart grid: A survey. IEEE Access 2025, 13, 23597–23606. [Google Scholar] [CrossRef]
  7. Djouad, A.; Atil, F.; Seriai, A.-D.; Beddiar, C. Domain Model for Cyber-Physical Systems. In Proceedings of the ICAASE, Constantine, Algeria, 1–2 December 2018. [Google Scholar]
  8. Khraisat, A.; Gondal, I.; Vamplew, P.; Kamruzzaman, J. Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity 2019, 2, 20. [Google Scholar] [CrossRef]
  9. Wang, F.; Jiang, Y.; Zhang, R.; Wei, A.; Xie, J.; Pang, X. A survey of deep anomaly detection in multivariate time series: Taxonomy, applications, and directions. Sensors 2025, 25, 190. [Google Scholar] [CrossRef] [PubMed]
  10. Paolini, D.; Dini, P.; Soldaini, E.; Saponara, S. One-Class Anomaly Detection for Industrial Applications: A Comparative Survey and Experimental Study. Computers 2025, 14, 281. [Google Scholar] [CrossRef]
  11. Moher, D.; Liberati, A.; Tetzlaff, J.; Altman, D.G. Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement. Bmj 2009, 339, b2535. [Google Scholar] [CrossRef]
  12. Keele, S. Guidelines for Performing Systematic Literature Reviews in Software Engineering; Technical Report, Ver. 2.3 ebse Technical Report. ebse: 2007; Elsevier: Amsterdam, The Netherlands, 2007. [Google Scholar]
  13. Malathi, S.; Begum, S.R. Enhancing trustworthiness among iot network nodes with ensemble deep learning-based cyber attack detection. Expert Syst. Appl. 2024, 255, 124528. [Google Scholar] [CrossRef]
  14. Garcia, S.; Parmisano, A.; Erquiaga, M.J. IoT-23: A Labeled Dataset with Malicious and Benign IoT Network Traffic (Version 1.0.0) [Data Set]; Zenodo, 2020; Available online: https://zenodo.org/records/4743746 (accessed on 15 December 2025). [CrossRef]
  15. Sangeetha, V.; Naidu, R.C.A.; Bhat, A.; Kulkarni, P. Integrating deep learning with ensemble approach for anomaly detection in network traffic. In Proceedings of the 2024 4th International Conference on Mobile Networks and Wireless Communications (ICMNWC), Reykjavik, Iceland, 13–14 December 2024; IEEE: New York, NY, USA, 2024. [Google Scholar]
  16. Sarhan, M.; Layeghy, S.; Moustafa, N.; Portmann, M. Netflow datasets for machine learning-based network intrusion detection systems. In Proceedings of the International Conference on Big Data Technologies and Applications, Virtual Event, 11 December 2020; Springer: Berlin/Heidelberg, Germany, 2020. [Google Scholar]
  17. RajBalaji, S.; Raman, R.; Pant, B.; Rathour, N.; Rajagopa, B.R.; Prasad, C.R. Design of deep learning models for the identifications of harmful attack activities in IIOT. In Proceedings of the 2023 International Conference on Artificial Intelligence and Smart Communication (AISC), Jaipur, India, 27–28 May 2023; IEEE: New York, NY, USA, 2023. [Google Scholar]
  18. Tavallaee, M.; Bagheri, E.; Lu, W.; Ghorbani, A.A. A detailed analysis of the KDD CUP 99 data set. In Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, 8–10 July 2009; IEEE: New York, NY, USA, 2009. [Google Scholar]
  19. Moustafa, N.; Slay, J. UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, Australia, 10–12 November 2015; IEEE: New York, NY, USA, 2015. [Google Scholar]
  20. Saghezchi, F.B.; Mantas, G.; Violas, M.A.; de Oliveira Duarte, A.M.; Rodriguez, J. Machine learning for DDoS attack detection in industry 4.0 CPPSs. Electronics 2022, 11, 602. [Google Scholar] [CrossRef]
  21. Zhang, Z.; Wang, X.; Yang, Q.; Liu, B.; Wang, W.; Ye, P.; Yang, T. Unsupervised Real-time Communication Traffic Anomaly Detection for Multi-dimensional Industrial Networks. IEEE Trans. Ind. Cyber-Phys. Syst. 2024, 3, 228–240. [Google Scholar]
  22. Sharafaldin, I.; Lashkari, A.H.; Ghorbani, A.A. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp 2018, 1, 108–116. [Google Scholar]
  23. Atheeq, C.; Sultana, R.; Sabahath, S.A.; Mohammed, M.A.K. Advancing IoT Cybersecurity: Adaptive threat identification with deep learning in Cyber-physical systems. Eng. Technol. Appl. Sci. Res. 2024, 14, 13559–13566. [Google Scholar] [CrossRef]
  24. Mathur, A.P.; Tippenhauer, N.O. SWaT: A water treatment testbed for research and training on ICS security. In Proceedings of the 2016 International Workshop on Cyber-Physical Systems for Smart Water Networks (CySWater), Vienna, Austria, 11 April 2016; IEEE: New York, NY, USA, 2016. [Google Scholar]
  25. Sun, H.; Huang, Y.; Zhou, C.; Han, L.; Liu, H.; Chen, J.; Li, X. Space Decoupled Prototype Learning for Few-Shot Attack Detection in Cyber–Physical Systems. IEEE Trans. Ind. Inform. 2024, 20, 12350–12362. [Google Scholar] [CrossRef]
  26. Moustafa, N. New generations of internet of things datasets for cybersecurity applications based machine learning: TON_IoT datasets. In Proceedings of the eResearch Australasia Conference, Brisbane, Australia, 21–25 October 2019. [Google Scholar]
  27. Quincozes, S.E.; Albuquerque, C.; Passos, D.; Mossé, D. Ereno: An extensible tool for generating realistic iec-61850 intrusion detection datasets. In Proceedings of the Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg), Vitória, Brazil, 6–10 November 2023; SBC: Porto Alegre, Brazil, 2022. [Google Scholar]
  28. Yang, K.; Shi, Y.; Yu, Z.; Yang, Q.; Sangaiah, A.K.; Zeng, H. Stacked one-class broad learning system for intrusion detection in industry 4.0. IEEE Trans. Ind. Inform. 2022, 19, 251–260. [Google Scholar] [CrossRef]
  29. Kravchik, M.; Shabtai, A. Efficient cyber attack detection in industrial control systems using lightweight neural networks and pca. IEEE Trans. Dependable Secur. Comput. 2021, 19, 2179–2197. [Google Scholar] [CrossRef]
  30. Taormina, R.; Galelli, S.; Tippenhauer, N.O.; Salomons, E.; Ostfeld, A.; Eliades, D.G.; Aghashahi, M.; Sundararajan, R.; Pourahmadi, M.; Banks, M.K. Battle of the attack detection algorithms: Disclosing cyber attacks on water distribution networks. J. Water Resour. Plan. Manag. 2018, 144, 04018048. [Google Scholar] [CrossRef]
  31. Ahmed, C.M.; Palleti, V.R.; Mathur, A.P. WADI: A water distribution testbed for research in the design of secure cyber physical systems. In Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks, Porto, Portugal, 17 April 2017. [Google Scholar]
  32. Sekaran, Y.; Debnath, T.; Assadi, T.A.; Suvvari, S.D.; Oswal, S. Using machine learning to detect abnormalities on modbus/TCP networks. In Proceedings of the 4th International Conference on Information Management & Machine Intelligence, Jaipur, India, 23–24 December 2022. [Google Scholar]
  33. Frazão, I.; Abreu, P.; Cruz, T.; Araújo, H.; Simões, P. Cyber-Security Modbus ICS Dataset. IEEE Dataport, 31 January 2019. [Google Scholar] [CrossRef]
  34. Niu, Z.; Guo, W.; Xue, J.; Wang, Y.; Kong, Z.; Huang, L. A novel anomaly detection approach based on ensemble semi-supervised active learning (ADESSA). Comput. Secur. 2023, 129, 103190. [Google Scholar] [CrossRef]
  35. Gonaygunta, H.; Nadella, G.S.; Pawar, P.P.; Kumar, D. Enhancing cybersecurity: The development of a flexible deep learning model for enhanced anomaly detection. In Proceedings of the 2024 Systems and Information Engineering Design Symposium (SIEDS), Charlottesville, VA, USA, 26 April 2024; IEEE: New York, NY, USA, 2024. [Google Scholar]
  36. Damasevicius, R.; Venckauskas, A.; Grigaliunas, S.; Toldinas, J.; Morkevicius, N.; Aleliunas, T.; Smuikys, P. LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics 2020, 9, 800. [Google Scholar] [CrossRef]
  37. Barut, O.; Luo, Y.; Zhang, T.; Li, W.; Li, P. NetML: A challenge for network traffic analytics. arXiv 2020, arXiv:2004.13006. [Google Scholar] [CrossRef]
  38. Pathak, P.; Singh, D.; Saxena, A.; Kumar, K.; Dari, S.S.; Dhabliya, D. Enhancing Cyber-Physical System Security with CGAN in Fog Environment. In Proceedings of the 2023 International Conference on Data Science and Network Security (ICDSNS), Tiruchengode, India, 21–22 July 2023; IEEE: New York, NY, USA, 2023. [Google Scholar]
  39. Xu, Q.; Ali, S.; Yue, T.; Nedim, Z.; Singh, I. KDDT: Knowledge distillation-empowered digital twin for anomaly detection. In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, San Francisco, CA, USA, 3–9 December 2023. [Google Scholar]
  40. Min, W.; Almughalles, W.; Muthanna, M.S.A.; Ouamri, M.A.; Muthanna, A.; Hong, S.; Abd El-Latif, A.A. An SDN-Orchestrated Artificial Intelligence-Empowered Framework to Combat Intrusions in the Next Generation Cyber-Physical Systems. Hum.-Centric Comput. Inf. Sci. 2024, 14. Available online: https://hcisj.com/articles/?HCIS202414011 (accessed on 15 December 2025).
  41. Sharafaldin, I.; Lashkari, A.H.; Hakak, S.; Ghorbani, A.A. Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, 1–3 October 2019; IEEE: New York, NY, USA, 2019. [Google Scholar]
  42. Jeong, S.; Kim, H.K.; Han, M.L.; Kwak, B.I. Aero: Automotive ethernet real-time observer for anomaly detection in in-vehicle networks. IEEE Trans. Ind. Inform. 2023, 20, 4651–4662. [Google Scholar] [CrossRef]
  43. Han, M.L.; Kwak, B.I.; Kim, H.K. TOW-IDS: Intrusion detection system based on three overlapped wavelets for automotive ethernet. IEEE Trans. Inf. Forensics Secur. 2022, 18, 411–422. [Google Scholar] [CrossRef]
  44. Hao, W.; Yang, T.; Yang, Q. Hybrid statistical-machine learning for real-time anomaly detection in industrial cyber–physical systems. IEEE Trans. Autom. Sci. Eng. 2021, 20, 32–46. [Google Scholar] [CrossRef]
  45. Shu, J.; Lu, J. Two-Stage Botnet Detection Method Based on Feature Selection for Industrial Internet of Things. IET Inf. Secur. 2025, 2025, 9984635. [Google Scholar] [CrossRef]
  46. Meidan, Y.; Bohadana, M.; Mathov, Y.; Mirsky, Y.; Shabtai, A.; Breitenbacher, D.; Elovici, Y. N-baiot—Network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput. 2018, 17, 12–22. [Google Scholar] [CrossRef]
  47. Kim, H.; Kim, S.; Jo, W.; Kim, K.-H.; Shon, T. Unknown payload anomaly detection based on format and field semantics inference in cyber-physical infrastructure systems. IEEE Access 2021, 9, 75542–75552. [Google Scholar] [CrossRef]
  48. Morris, T.H.; Thornton, Z.; Turnipseed, I. Industrial control system simulation and data logging for intrusion detection system research. In Proceedings of the 7th Annual Southeastern Cyber Security Summit, Huntsvile, AL, USA, 3–4 June 2015; pp. 3–4. Available online: https://www.semanticscholar.org/paper/Industrial-Control-System-Simulation-and-Data-for-Morris-Thornton/bb9714e0c661576f5df19fb54e0e26567ca37372 (accessed on 15 December 2025).
  49. Varol, M.; İskefiyeli, M. An intrusion detection system for critical infrastructures: Modbus approach. Eng. Appl. Artif. Intell. 2025, 162, 112410. [Google Scholar] [CrossRef]
  50. Yang, T.; Jiang, Z.; Liu, P.; Yang, Q.; Wang, W. A traffic anomaly detection approach based on unsupervised learning for industrial cyber–physical system. Knowl.-Based Syst. 2023, 279, 110949. [Google Scholar] [CrossRef]
  51. Cao, Z.; Liu, B.; Gao, D.; Zhou, D.; Han, X.; Cao, J. A Dynamic Spatiotemporal Deep Learning Solution for Cloud–Edge Collaborative Industrial Control System Distributed Denial of Service Attack Detection. Electronics 2025, 14, 1843. [Google Scholar] [CrossRef]
  52. Boakye-Boateng, K.; Ghorbani, A.A.; Lashkari, A.H. Securing substations with trust, risk posture, and multi-agent systems: A comprehensive approach. In Proceedings of the 2023 20th Annual International Conference on Privacy, Security and Trust (PST), Copenhagen, Denmark, 21–23 August 2023; IEEE: New York, NY, USA, 2023. [Google Scholar]
  53. Ferrag, M.A.; Friha, O.; Hamouda, D.; Maglaras, L.; Janicke, H. Edge-IIoTset: A new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning. IEEE Access 2022, 10, 40281–40306. [Google Scholar] [CrossRef]
  54. Balaba, S.; Chernyshov, Y.; Skorohodov, A.; Komarov, D. Graph-Based Anomaly Detection in Industrial Control Systems. In Proceedings of the 2025 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT), Yekaterinburg, Russia, 11–13 March 2025; IEEE: New York, NY, USA, 2025. [Google Scholar]
  55. Jagtap, S.S.; VS, S.S. A hypergraph based Kohonen map for detecting intrusions over cyber–physical systems traffic. Future Gener. Comput. Syst. 2021, 119, 84–109. [Google Scholar] [CrossRef]
  56. Sayin, B.; Zoppi, T.; Marchini, N.; Khokhar, F.A.; Passerini, A. Bringing Machine Learning Classifiers Into Critical Cyber-Physical Systems: A Matter of Design. IEEE Access 2025, 13, 94858–94877. [Google Scholar] [CrossRef]
  57. Ring, M.; Wunderlich, S.; Grüdl, D.; Landes, D.; Hotho, A. Flow-based benchmark data sets for intrusion detection. In Proceedings of the 16th European Conference on Cyber Warfare and Security (ECCWS), Dublin, Ireland, 29–30 June 2017; ACPI: South Oxfordshire, UK, 2017. [Google Scholar]
  58. Lashkari, A.H.; Kadir, A.F.A.; Taheri, L.; Ghorbani, A.A. Toward developing a systematic approach to generate benchmark android malware datasets and classification. In Proceedings of the 2018 International Carnahan Conference on Security Technology (ICCST), Montreal, QC, Canada, 22–24 October 2018; IEEE: New York, NY, USA, 2018. [Google Scholar]
  59. Nie, Z.; Basumallik, S.; Banerjee, P.; Srivastava, A.K. Intrusion detection in cyber-physical grid using incremental ML with adaptive moment estimation. IEEE Trans. Ind. Cyber-Phys. Syst. 2024, 2, 206–219. [Google Scholar] [CrossRef]
  60. Zahid, H.; Hina, S.; Hayat, M.F.; Shah, G.A. Agentless approach for security information and event management in industrial iot. Electronics 2023, 12, 1831. [Google Scholar] [CrossRef]
  61. Krishnan, P.; Jain, K.; Buyya, R.; Vijayakumar, P.; Nayyar, A.; Bilal, M.; Song, H. MUD-based behavioral profiling security framework for software-defined IoT networks. IEEE Internet Things J. 2021, 9, 6611–6622. [Google Scholar] [CrossRef]
  62. Hamza, A.; Ranathunga, D.; Gharakheili, H.H.; Roughan, M.; Sivaraman, V. Clear as MUD: Generating, validating and applying IoT behavioral profiles. In Proceedings of the 2018 Workshop on IoT Security and Privacy, Budapest, Hungary, 19 October 2018. [Google Scholar]
  63. Resende, P.A.A.; Drummond, A.C. The Hogzilla Dataset. 2018. Available online: http://ids-hogzilla.org/dataset (accessed on 15 December 2025).
  64. Cai, T.; Jia, T.; Adepu, S.; Li, Y.; Yang, Z. ADAM: An adaptive DDoS attack mitigation scheme in software-defined cyber-physical system. IEEE Trans. Ind. Inform. 2023, 19, 7802–7813. [Google Scholar] [CrossRef]
  65. Cho, K.; Mitsuya, K.; Kato, A. Traffic data repository at the {WIDE} project. In Proceedings of the 2000 USENIX Annual Technical Conference (USENIX ATC 00), San Diego, CA, USA, 18–23 June 2000. [Google Scholar]
  66. Kus, D.; Wagner, E.; Pennekamp, J.; Wolsing, K.; Fink, I.B.; Dahlmanns, M.; Wehrle, K.; Henze, M. A false sense of security? Revisiting the state of machine learning-based industrial intrusion detection. In Proceedings of the 8th ACM on Cyber-Physical System Security Workshop, Nagasaki, Japan, 27 May 2022. [Google Scholar]
  67. Tang, S.; Ding, Y.; Wang, H. Industrial Control Anomaly Detection Based on Distributed Linear Deep Learning. Comput. Mater. Contin. 2025, 82, 1129–1150. [Google Scholar] [CrossRef]
  68. Xia, Z.; Wang, S.; Tan, J.; Hu, Z. Stacking Ensemble Learning Network Attack Detection Based on Industrial Processes in CPS-Enabled Smart Water Conservancy. In Proceedings of the 2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD), Tianjin, China, 8–10 May 2024; IEEE: New York, NY, USA, 2024. [Google Scholar]
  69. Li, S.; Liu, J.; Pan, Z.; Lv, S.; Si, S.; Sun, L. Anomaly detection based on robust spatial-temporal modeling for industrial control systems. In Proceedings of the 2022 IEEE 19th International Conference on Mobile Ad Hoc and Smart Systems (MASS), Denver, CO, USA, 20–22 October 2022; IEEE: New York, NY, USA, 2022. [Google Scholar]
  70. Hong, A.E.; Malinovsky, P.P.; Damodaran, S.K. Towards attack detection in multimodal cyber-physical systems with sticky HDP-HMM based time series analysis. Digit. Threat. Res. Pract. 2024, 5, 1–21. [Google Scholar] [CrossRef]
  71. Schuh, R.A. An overview of the 1553 bus with testing and simulation considerations. In Proceedings of the 1988. IMTC-88. 5th IEEE Instrumentation and Measurement Technology Conference, San Diego, CA, USA, 19–21 April 1988; IEEE: New York, NY, USA, 1988. [Google Scholar]
  72. Xu, Z.; Zhang, Z.; He, T. PLC-MDT: A Framework for Detecting Anomalies with Digital Twins of Industrial Control Systems. IEEE Sens. J. 2025, 25, 17739–17749. [Google Scholar] [CrossRef]
  73. Badihi, H.; Jadidi, S.; Yu, Z.; Zhang, Y.; Lu, N. Smart cyber-attack diagnosis and mitigation in a wind farm network operator. IEEE Trans. Ind. Inform. 2022, 19, 9468–9478. [Google Scholar] [CrossRef]
  74. Soltani, M.; Knudsen, T.; Bak, T. Modeling and simulation of offshore wind farms for farm level control. In Proceedings of the European Offshore Wind Conference and Exhibition (EOW), Stockholm, Sweden, 14–16 September 2009. [Google Scholar]
  75. Ndonda, G.K.; Sadre, R. Exploiting the temporal behavior of state transitions for intrusion detection in ICS/SCADA. IEEE Access 2022, 10, 111171–111187. [Google Scholar] [CrossRef]
  76. Song, Y.; Huang, H.; Wei, Q.; Liu, L.; Wei, Z. TSMixAD: A Time-Series Anomaly Detection Framework for Industrial Control Systems Incorporating Time-Frequency Domain Data Augmentation Techniques. In Proceedings of the 2025 6th International Conference on Computer Information and Big Data Applications, Wuhan, China, 14–16 March 2025. [Google Scholar]
  77. Du, X.; Zhou, C.; Tian, Y.-C.; Wang, K. Anomaly detection based on data super-resolution in industrial cyber–physical systems with multirate sampling. IEEE Sens. J. 2024, 24, 16478–16490. [Google Scholar] [CrossRef]
  78. Santander, O.; Kuppuraj, V.; Harrison, C.A.; Baldea, M. An open source fluid catalytic cracker-fractionator model to support the development and benchmarking of process control, machine learning and operation strategies. Comput. Chem. Eng. 2022, 164, 107900. [Google Scholar] [CrossRef]
  79. Choi, W.-H.; Kim, J. Unsupervised learning approach for anomaly detection in industrial control systems. Appl. Syst. Innov. 2024, 7, 18. [Google Scholar] [CrossRef]
  80. Shin, H.-K.; Lee, W.; Yun, J.-H.; Kim, H. {HAI} 1.0:{HIL-based} augmented {ICS} security dataset. In Proceedings of the 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20), Online, 10 August 2020. [Google Scholar]
  81. Boateng, E.A.; Bruce, J.W.; Talbert, D.A. Anomaly detection for a water treatment system based on one-class neural network. IEEE Access 2022, 10, 115179–115191. [Google Scholar] [CrossRef]
  82. Pinto, A.; Herrera, L.-C.; Donoso, Y.; Gutierrez, J.A. Enhancing Critical Infrastructure Security: Unsupervised Learning Approaches for Anomaly Detection. Int. J. Comput. Intell. Syst. 2024, 17, 236. [Google Scholar] [CrossRef]
  83. Kim, J.; Shin, J.; Park, K.-W.; Seo, J.T. Improving Method of Anomaly Detection Performance for Industrial IoT Environment. Comput. Mater. Contin. 2022, 72, 5377–5394. [Google Scholar] [CrossRef]
  84. Shin, H.-K.; Lee, W.; Yun, J.-H.; Min, B.-G. Two ICS security datasets and anomaly detection contest on the HIL-based augmented ICS testbed. In Proceedings of the 14th Cyber Security Experimentation and Test Workshop, Virtual, 9 August 2021. [Google Scholar]
  85. Liu, Y.; Meng, L.; Wang, X.; Qiu, S.; Lv, Z.; Liu, P.; Liu, T. PIL-MDRS: Physical Intrusion Localization Based on Multidevice Reflection Signals in ICS. IEEE Trans. Ind. Inform. 2024, 21, 2432–2441. [Google Scholar] [CrossRef]
  86. Noorizadeh, M.; Shakerpour, M.; Meskin, N.; Unal, D.; Khorasani, K. A cyber-security methodology for a cyber-physical industrial control system testbed. IEEe Access 2021, 9, 16239–16253. [Google Scholar] [CrossRef]
  87. Aslam, M.M.; Tufail, A.; De Silva, L.C.; Apong, R.A.A.H.M. Multi-Feature Hybrid Anomaly Detection in ICS: An Integration of ML, DL, and Statistical Techniques. In Proceedings of the 3rd ACM Workshop on Secure and Trustworthy Deep Learning Systems, (SecTL 2025), Hanoi, Vietnam, 26 August 2025. [Google Scholar]
  88. Gulzar, Q.; Mustafa, K. Interdisciplinary framework for cyber-attacks and anomaly detection in industrial control systems using deep learning. Sci. Rep. 2025, 15, 26575. [Google Scholar] [CrossRef]
  89. Filonov, P.; Lavrentyev, A.; Vorontsov, A. Multivariate industrial time series with cyber-attack simulation: Fault detection using an lstm-based predictive data model. arXiv 2016, arXiv:1612.06676. [Google Scholar]
  90. Ayas, S.; Ayas, M.S.; Cavdar, B.; Sahin, A.K. Detecting cyberattacks based on deep neural network approaches in industrial control systems. J. Inf. Secur. Appl. 2025, 94, 104206. [Google Scholar] [CrossRef]
  91. Ahmadi-Assalemi, G.; Al-Khateeb, H.; Benson, V.; Adamyk, B.; Ammi, M. Adaptive learning anomaly detection and classification model for cyber and physical threats in industrial control systems. IET Cyber-Phys. Syst. Theory Appl. 2025, 10, e70004. [Google Scholar] [CrossRef]
  92. Laso, P.M.; Brosset, D.; Puentes, J. Dataset of anomalies and malicious acts in a cyber-physical subsystem. Data Brief 2017, 14, 186–191. [Google Scholar] [CrossRef]
  93. Saheed, Y.K.; Omole, A.I.; Sabit, M.O. GA-mADAM-IIoT: A new lightweight threats detection in the industrial IoT via genetic algorithm with attention mechanism and LSTM on multivariate time series sensor data. Sens. Int. 2025, 6, 100297. [Google Scholar] [CrossRef]
  94. Li, D.; Tang, J.; Wu, S.; Zheng, Z.; Ng, S.-K. Cyber-Attack Detection and Localization for SCADA system of CPSs. In Proceedings of the 2025 IEEE/ACM Second International Conference on AI Foundation Models and Software Engineering ((FORGE 2025), Ottawa, ON, Canada, 27–28 April 2025; IEEE: New York, NY, USA, 2025. [Google Scholar]
  95. Ahmadi-Assalemi, G.; Al-Khateeb, H.; Epiphaniou, G.; Aggoun, A. Super learner ensemble for anomaly detection and cyber-risk quantification in industrial control systems. IEEE Internet Things J. 2022, 9, 13279–13297. [Google Scholar] [CrossRef]
  96. Liu, C.; He, S.; Li, S.; Shi, Z.; Meng, W. Time-Series Multi-Instance Learning for Weakly Supervised Industrial Fault Detection. IEEE Trans. Ind. Inform. 2025, 21, 3326–3335. [Google Scholar] [CrossRef]
  97. Wang, R.; Liu, C.; Mou, X.; Gao, K.; Guo, X.; Liu, P.; Wo, T.; Liu, X. Deep contrastive one-class time series anomaly detection. In Proceedings of the 2023 SIAM International Conference on Data Mining (SDM 2023), Minneapolis, MN, USA, 27–29 April 2023; SIAM: Philadelphia, PA, USA, 2023. [Google Scholar]
  98. Kim, K.-K.; Kim, J.-S.; Euom, I.-C. Explainable Anomaly Detection Based on Operational Sequences in Industrial Control Systems. IEEE Access 2025, 13, 66170–66187. [Google Scholar] [CrossRef]
  99. Robles-Durazno, A.; Moradpoor, N.; McWhinnie, J.; Russell, G.; Tan, Z. Newly engineered energy-based features for supervised anomaly detection in a physical model of a water supply system. Ad Hoc Netw. 2021, 120, 102590. [Google Scholar] [CrossRef]
  100. Ulybyshev, D.; Yilmaz, I.; Northern, B.; Kholodilo, V.; Rogers, M. Trustworthy data analysis and sensor data protection in cyber-physical systems. In Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS ’21), Online, 28 April 2021. [Google Scholar]
  101. Murugesan, N.; Velu, A.N.; Palaniappan, B.S.; Sukumar, B.; Hossain, M.J. Mitigating missing rate and early cyberattack discrimination using optimal statistical approach with machine learning techniques in a smart grid. Energies 2024, 17, 1965. [Google Scholar] [CrossRef]
  102. Beaver, J.M.; Borges-Hink, R.C.; Buckner, M.A. An evaluation of machine learning methods to detect malicious SCADA communications. In Proceedings of the 2013 12th International Conference on Machine Learning and Applications (ICMLA 2013), Miami, FL, USA, 4–7 December 2013; IEEE: New York, NY, USA, 2013. [Google Scholar]
  103. Sakhnini, J.; Karimipour, H.; Dehghantanha, A. Smart grid cyber attacks detection using supervised learning and heuristic feature selection. In Proceedings of the 2019 IEEE 7th International Conference on Smart Energy Grid Engineering (SEGE), 7 October 2019; IEEE: New York, NY, USA, 2019. [Google Scholar]
  104. McGuan, C.; Yu, C.; Lin, Q. Towards low-barrier cybersecurity research and education for industrial control systems. In Proceedings of the 2023 IEEE International Conference on Intelligence and Security Informatics (ISI 2023), Charlotte, NC, USA, 2–3 October 2023; IEEE: New York, NY, USA, 2023. [Google Scholar]
  105. Formby, D.; Rad, M.; Beyah, R. Lowering the barriers to industrial control system security with {GRFICS}. In Proceedings of the 2018 USENIX Workshop on Advances in Security Education (ASE 18), Baltimore, MD, USA, 13 August 2018. [Google Scholar]
  106. Balta, E.C.; Pease, M.; Moyne, J.; Barton, K.; Tilbury, D.M. Digital twin-based cyber-attack detection framework for cyber-physical manufacturing systems. IEEE Trans. Autom. Sci. Eng. 2023, 21, 1695–1712. [Google Scholar] [CrossRef]
  107. Basulaiman, K.; Albeladi, F.; Almutairi, F.M.; Saeed, A.; Barati, M. LBSCA: Learning Real-time Power System State Estimation Under Hidden Adversarial Attacks. IEEE Access 2025, 13, 169340–169351. [Google Scholar] [CrossRef]
  108. Ghorbani, M.; Ghassemi, A.; Alikhani, M.; Khaloozadeh, H.; Nikoofard, A. Using Kolmogorov–Arnold network for cyber-physical system security: A fast and efficient approach. Int. J. Crit. Infrastruct. Prot. 2025, 50, 100768. [Google Scholar] [CrossRef]
  109. Dehlaghi-Ghadim, A.; Moghadam, M.H.; Balador, A.; Hansson, H. Anomaly detection dataset for industrial control systems. IEEE Access 2023, 11, 107982–107996. [Google Scholar] [CrossRef]
  110. Li, Z.; Duan, M.; Xiao, B.; Yang, S. A novel anomaly detection method for digital twin data using deconvolution operation with attention mechanism. IEEE Trans. Ind. Inform. 2022, 19, 7278–7286. [Google Scholar] [CrossRef]
  111. Li, J.; Song, Y. Functional Pattern-Related Anomaly Detection Approach Collaborating Binary Segmentation with Finite State Machine. Comput. Mater. Contin. 2023, 77, 3573–3592. [Google Scholar] [CrossRef]
  112. MR, G.R.; Shrivastava, S.; Mathur, A.P. Assessing the Effectiveness of PCAT in Avoiding Process Anomalies in Water Treatment Plants. IEEE Trans. Ind. Inform. 2025, 99, 1–8. [Google Scholar]
  113. Cai, J.; Wei, Z.; Luo, J. ICS anomaly detection based on sensor patterns and actuator rules in spatiotemporal dependency. IEEE Trans. Ind. Inform. 2024, 20, 10647–10656. [Google Scholar] [CrossRef]
  114. Awaad, T.A.; El-Kharashi, M.W.; Taher, M.; Ammar, K.A. An intelligent, two-stage, in-vehicle diagnostic-based secured framework. IEEE Access 2022, 10, 88907–88919. [Google Scholar] [CrossRef]
  115. Weber, M. Automotive OBD-II Dataset; Karlsruhe Institute of Technology: Karlsruhe, Germany, 2019. [Google Scholar]
  116. Kwak, B.I.; Woo, J.; Kim, H. Driving Dataset. 2016. Available online: https://ocslab.hksecurity.net/Datasets/driving-dataset (accessed on 30 June 2022).
  117. Kumar, A.; Das, T.K.; Pandey, R.K. SRI: A Simple Rule Induction Method for improving resiliency of DNN based IDS against adversarial and zero-day attacks. In Proceedings of the 10th ACM Cyber-Physical System Security Workshop(CPSS 2024), Singapore, 2 July 2024. [Google Scholar]
  118. Nafees, M.N.; Saxena, N.; Burnap, P. On the efficacy of physics-informed context-based anomaly detection for power systems. In Proceedings of the 2022 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm 2022), Singapore, 25–28 October 2022; IEEE: New York, NY, USA, 2022. [Google Scholar]
  119. Chen, X.; Cao, W.; Chen, L.; Han, J.; Yang, M.; Wang, Z.; Wang, F.-Y. iCyberGuard: A FlipIt Game for Enhanced Cybersecurity in IIoT. IEEE Trans. Comput. Soc. Syst. 2024, 11, 8005–8014. [Google Scholar] [CrossRef]
  120. Yang, X.; Howley, E.; Schukat, M. ADT: Time series anomaly detection for cyber-physical systems via deep reinforcement learning. Comput. Secur. 2024, 141, 103825. [Google Scholar] [CrossRef]
  121. Woo, S.S.; Yoon, D.; Gim, Y.; Park, E. Raad: Reinforced adversarial anomaly detector. In Proceedings of the 39th ACM/SIGAPP Symposium on Applied Computing (SAC 2024), Ávila, Spain, 8–12 April 2024; IEEE: New York, NY, USA, 2024. [Google Scholar]
  122. Du, Y.; Huang, Y.; Wan, G.; He, P. Deep learning-based cyber–physical feature fusion for anomaly detection in industrial control systems. Mathematics 2022, 10, 4373. [Google Scholar] [CrossRef]
  123. Lin, X.; Yao, Y.; Hu, B.; Yang, W.; Zhou, X.; Li, G.; Zhang, W. A real-time anomaly detection method for industrial control systems based on long-short period deterministic finite automaton. IEEE Internet Things J. 2025, 12, 14599–14621. [Google Scholar] [CrossRef]
  124. Tang, W.; Liu, J.; Zhou, Y.; Ding, Z. Causality-guided counterfactual debiasing for anomaly detection of cyber-physical systems. IEEE Trans. Ind. Inform. 2023, 20, 4582–4593. [Google Scholar] [CrossRef]
  125. Pan, S.; Morris, T.; Adhikari, U. Classification of disturbances and cyber-attacks in power systems using heterogeneous time-synchronized data. IEEE Trans. Ind. Inform. 2015, 11, 650–662. [Google Scholar] [CrossRef]
  126. Wu, S.; Luo, H.; Jiang, Y.; Zhang, J.; Tian, J.; Yin, S. SIR-aided secure transmission and attack detection for security management of nonlinear cyber-physical system using GRU autoencoder. IEEE Trans. Ind. Inform. 2023, 20, 5529–5538. [Google Scholar] [CrossRef]
  127. Ali, M.H.; Malik, A.; Jyeniskhan, N.; Mahmood, M.A.; Shehab, E.; Liou, F. Development of Digital Twin for FDM Printer With Preventive Cyber-Attack and Control Algorithms. IEEE Access 2024, 12, 193594–193606. [Google Scholar] [CrossRef]
  128. Girdhar, M.; Hong, J.; Lee, H.; Song, T.-J. Hidden markov models-based anomaly correlations for the cyber-physical security of ev charging stations. IEEE Trans. Smart Grid 2021, 13, 3903–3914. [Google Scholar] [CrossRef]
  129. Baptiste, M.; Julien, F.; Franck, S. Systematic and efficient anomaly detection framework using machine learning on public ics datasets. In Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience (CSR 2021), Virtual Conference, Rhodes, Greece, 26–28 July 2021; IEEE: New York, NY, USA, 2021. [Google Scholar]
  130. Rieth, C.A.; Amsel, B.D.; Tran, R.; Cook, M.B. Additional tennessee eastman process simulation data for anomaly detection evaluation. Harv. Dataverse 2017, 1, 2017. [Google Scholar]
  131. Wang, R.; Zou, X.; Li, Y.; Li, F.; Liu, J.; Wang, R. Research on Power Terminal Attack Detection Technology Based on ATT&CK Multi-modal Perception. In Proceedings of the 2024 3rd International Conference on Cryptography, Network Security and Communication Technology, Harbin, China, 19–21 January 2024. [Google Scholar]
  132. Han, X.; Niu, Y.; Cao, Z.; Zhou, D.; Liu, B. RHAD: A Reinforced Heterogeneous Anomaly Detector for Robust Industrial Control System Security. Electronics 2025, 14, 2440. [Google Scholar] [CrossRef]
  133. Xue, Y.; Pan, J.; Geng, Y.; Yang, Z.; Liu, M.; Deng, R. Real-Time Intrusion Detection Based on Decision Fusion in Industrial Control Systems. IEEE Trans. Ind. Cyber-Phys. Syst. 2024, 2, 143–153. [Google Scholar] [CrossRef]
  134. Brenner, B.; Hollerer, S.; Bhosale, P.; Sauter, T.; Kastner, W.; Fabini, J.; Zseby, T. Better safe than sorry: Risk management based on a safety-augmented network intrusion detection system. IEEE Open J. Ind. Electron. Soc. 2023, 4, 287–303. [Google Scholar] [CrossRef]
  135. Karanfil, M.; Rebbah, D.E.; Debbabi, M.; Kassouf, M.; Ghafouri, M.; Youssef, E.-N.S.; Hanna, A. Detection of microgrid cyberattacks using network and system management. IEEE Trans. Smart Grid 2022, 14, 2390–2405. [Google Scholar] [CrossRef]
  136. Gao, B.; Bu, B.; Zhang, W.; Li, X. An intrusion detection method based on machine learning and state observer for train-ground communication systems. IEEE Trans. Intell. Transp. Syst. 2021, 23, 6608–6620. [Google Scholar] [CrossRef]
  137. Jadidi, Z.; Foo, E.; Hussain, M.; Fidge, C. Automated detection-in-depth in industrial control systems. Int. J. Adv. Manuf. Technol. 2022, 118, 2467–2479. [Google Scholar] [CrossRef]
  138. Myers, D.; Suriadi, S.; Radke, K.; Foo, E. Anomaly detection for industrial control systems using process mining. Comput. Secur. 2018, 78, 103–125. [Google Scholar] [CrossRef]
  139. Power Systems Management and Associated Information Exchange—Data and Communications Security—Part 7: Network and System Management (NSM) Data Object Models; International Electrotechnical Commission (IEC): Geneva, Switzerland, 2017.
  140. Telecontrol Equipment and Systems—Part 5-104: Transmission Protocols—Network Access for IEC 60870-5-101 Using Standard Transport Profiles; International Electrotechnical Commission (IEC): Geneva, Switzerland, 2006.
  141. IEEE Standard for Information Technology—Telecommunications and Information Exchange Between Systems—Local and Metropolitan Area Networks—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications; Institute of Electrical and Electronics Engineers (IEEE): New York, NY, USA, 2020.
  142. Lee, J.H.; Ji, I.H.; Jeon, S.H.; Seo, J.T. Anomaly Detection Method Considering PLC Control Logic Structure for ICS Cyber Threat Detection. Appl. Sci. 2025, 15, 3507. [Google Scholar] [CrossRef]
  143. Iacobelli, A.; Rinieri, L.; Melis, A.; Al Sadi, A.; Prandini, M.; Callegati, F. Detection of Ladder Logic Bombs in PLC Control Programs: An Architecture based on Formal Verification. In Proceedings of the 2024 IEEE 7th International Conference on Industrial Cyber-Physical Systems (ICPS), St. Louis, MO, USA, 12–15 May 2024; IEEE: New York, NY, USA, 2024. [Google Scholar]
  144. Yang, K.; Zhang, Y.; Li, T.; Sun, L. ASIDS: Acoustic side-channel based intrusion detection system for industrial robotic arms. Comput. Secur. 2025, 157, 104586. [Google Scholar] [CrossRef]
  145. Mei, W.; Liu, W.; Chen, J.; Li, K. A physical signal-based anomaly detection for industrial terminal. In Proceedings of the 2023 7th International Conference on Electronic Information Technology and Computer Engineering, Xiamen, China, 20–22 October 2023. [Google Scholar]
  146. Pu, H.; He, L.; Zhao, C.; Yau, D.K.; Cheng, P.; Chen, J. Fingerprinting movements of industrial robots for replay attack detection. IEEE Trans. Mob. Comput. 2021, 21, 3629–3643. [Google Scholar] [CrossRef]
  147. Programmable Controllers—Part 3: Programming Languages; International Electrotechnical Commission (IEC): Geneva, Switzerland, 2013.
Electronics 15 00020 g001
Figure 1. PRISMA flow chart.
Figure 1. PRISMA flow chart.
Electronics 15 00020 g001
Table 1. Search query for bibliographic databases.
Table 1. Search query for bibliographic databases.
DatabaseQuery
Web of ScienceCPS OR Cyber Physical System (All Fields) AND anomaly OR anomalies OR abnormal) (All Fields) AND detection OR detecting OR detected OR detect (All Fields) AND model (All Fields) AND ICS OR Industrial Control System (All Fields) AND dataset (All Fields) AND Index Date: 1 January–31 October 2025 (https://www.webofscience.com/wos/woscc/summary/8736d9c6-5149-4370-9aa4-15b4cd2cd95d-0187350a57/relevance/1) (accessed on 1 November 2025)
ScopusTITLE-ABS-KEY (ICS or Industrial Control System) AND TITLE-ABS-KEY (CPS or Cyber Physical System) AND TITLE-ABS-KEY (model) AND TITLE-ABS-KEY (dataset) AND TITLE-ABS-KEY (anomaly or anomalies or abnormal) AND TITLE-ABS-KEY (detection or detect or detecting or detected) AND PUBYEAR > 2020 AND PUBYEAR < 2026
IEEE Xplore(“All Metadata”: Industrial Control System) AND (“All Metadata”: Cyber Physical System) AND (“All Metadata”: anomaly) AND (“All Metadata”: detection) AND (“All Metadata”: dataset) (Journal)
Filters Applied: 2021–2026, Journals
ACM[All: cps or cyber physical system] AND [All: ics or industrial control system] AND [All: anomaly or anomalies or abnormal] AND [All: model] AND [All: detect or detection or detecting] AND [E-Publication Date: (1 January–31 October 2025)]
Table 2. Information on the journal and conference publications included in the review.
Table 2. Information on the journal and conference publications included in the review.
Year of Study PublicationThe Number of Selected Studies
202112
202216
202315
202423
202523
Reference type
Journal68
Conference proceedings21
Table 3. Network Traffic-Based Statistical and Entropy-Oriented Anomaly Detection Techniques for ICS/CPS.
Table 3. Network Traffic-Based Statistical and Entropy-Oriented Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Statistical Based[13]DSupGCNN, RS, RT, XGBoostPort Scanning, Botnet/Malware, DDoS, C & C, Malware DeliveryIoT-23 [14]
[15]DSupLSTM, XGBoostDoS/DDoS, Brute ForceNF-BoT-IoT [16]
[17]DSup, UnsDAE, DFFNNDoS/DDoS, APT, SpywareNSL-KDD [18], UNSW-NB15 [19]
[20]DSup, Uns, SemiDecision Tree (DT), Random Forest (RF), K-NN, SVM, etc.DDoS Infineon Factory PCAP + DDoSDB
[21]DUnsDAGMMDoS/DDoS, Flooding Attack, Malicious OperationICS-CPS Testbed (Zhejiang Univ.), CIC-IDS2017 [22]
[23]D, CSupAE, PCA, DT, DNNReplay, DoS, False Data Injection, Command Injection, Flow ManipulationSWaT [24], Gas Pipeline
[25]DSupDPL-FSADDoS/DDoS, Probe, R2L/U2R, Fuzzing, Malware, Information Theft, IEC-61850 Protocol AttacksUNSW-NB15, NSL-KDD, TON_IoT [26], ERENO IEC-61850 [27]
[28]DUnsST-OCBLSUnknown/Zero-Day, Protocol Abuse, Port Misuse, DoS, ProbeNSL-KDD, UNSW-NB15
[29]DSemiLightweight 1D-CNNReplay, DoS, FDI, Command Injection, Stealthy Multi-Point Attack, Sensor Spoofing, Adversarial EvasionSWaT, BATADAL [30], WADI [31]
[32]DSup, UnsRF, SVM, MLP, AE, K-MeansMITM, DoSCyber-Security Modbus ICS Dataset [33]
[34]D, CSemiADESSADoS, Probe, R2L, U2RNSL-KDD, SWaT
D: Detection, C: Classification, P: Prediction, Sup: Supervised learning, Uns: Unsupervised learning, Semi: Semi-supervised learning.
Table 4. Network Traffic–Driven Time-Series Dependency-Based Anomaly Detection Techniques for ICS/CPS.
Table 4. Network Traffic–Driven Time-Series Dependency-Based Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Time-Series-Based[35]DSupDSAE + DNN + LSTM + LRBotnet, Malware, DDoS, Probe, Scanning, Unknown/Zero-DayIoT-23, LITNET-2020 [36], NetML-2020 [37]
[38]DUnsFID-GANDoS, Backdoor, Worm, Reconnaissance/Probe, Generic/Exploit, Shellcode, Heartbleed, FuzzersCIC-IDS2017, UNSW-NB15
[39]DSupDT, LSTM, LM, VAE, KDPacketLossAlstom TCMS
[40]D, CSupBLSTM + GRUDoS/DDoS, Port Scan/Probe, Protocol ExploitCIC-DDoS2019 [41]
[42]DUnsAEAVTP Frame Injection, PTP Sync Attack, CAM Table Overflow, CAN DoS, CAN ReplayTOW-IDS [43]
[44]DUnsSARIMA + LSTMDoS/DDoS, ARP Spoofing, Ping of Death, Network Scanning, Remote Control Abuse, Configuration Tampering, Network Failure, CrashCustom-built dataset
[45]CSup1D-CNN + Bi-GRU + F-test + XGBoostMirai·Gafgyt BotnetN-BaIoT [46]
D: Detection, C: Classification, P: Prediction, Sup: Supervised learning, Uns: Unsupervised learning.
Table 5. Network Traffic–Driven Protocol Feature-Based Anomaly Detection Techniques for ICS/CPS.
Table 5. Network Traffic–Driven Protocol Feature-Based Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Protocol-Aware[47]DUnsField-Semantic Inference, Multilevel Detection ModelCommand Injection, Response Injection, DoS/DDoS, ReconnaissanceGas Pipeline Dataset [48]
[49]DSupML/DL EnsembleMITM, DoS, Command Injection, Replay, Spoofing, EavesdroppingCIC Modbus Dataset, CENTER SAU Water Dataset
D: Detection, C: Classification, P: Prediction, Sup: Supervised learning, Uns: Unsupervised learning.
Table 6. Network Traffic–Driven Payload-Based Anomaly Detection Techniques for ICS/CPS.
Table 6. Network Traffic–Driven Payload-Based Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Payload-Based[50]DUnsBECN-AEFDI, DLL hijackCustom-built dataset
D: Detection, C: Classification, P: Prediction, Uns: Unsupervised learning.
Table 7. Network Traffic-Driven Graph-Structured Feature-Based Anomaly Detection Techniques for ICS/CPS.
Table 7. Network Traffic-Driven Graph-Structured Feature-Based Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Graph-Based[51]DSup + FedAPPNP Graph Convolution + 1D-CNNDDoSCIC Modbus Dataset 2023 [52], Edge-IIoTset [53]
[54]DUnsGNN based Hetero-SAGEConvDDoS, Replay, Reconnaissance, InjectionCIC Modbus 2023
[55]DUnsBloom + Hypergraph KohonenInjection, DoS, ReconnaissanceGas Pipeline, SWaT
[56]D, C, PUnsEnsIntrusion, Error, FailureADFANet [57], AndMal17 [58], CICIDS2017/2018, etc.
[59]DSupNNDoS, BruteforceCustom-built dataset
D: Detection, C: Classification, P: Prediction, Sup: Supervised learning, Uns: Unsupervised learning, Fed: Federated learning.
Table 8. Network Traffic–Driven Operational Integration-Based Anomaly Detection Techniques for ICS/CPS.
Table 8. Network Traffic–Driven Operational Integration-Based Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Operational Integration-Based[60]D, CSupRF, DT, KNNDDoS, Intrusion, MITMCICDDoS2019, SWaT
[61]D, CSup + UnsNDAE + RFDDoS, Scan, Botnet, Malware, Brute ForceMUDgee PCAP/MUD Profiles [62], CICIDS2017, Bot-IoT, Hogzilla [63]
[64]DUnsKNNDDoSMAWI [65], Bot-IoT
[66]DSupRF, SVM, BLSTMNMRI, CMRI, MSCI, MPCI, MFCI, DoS, ReconGas Pipeline
D: Detection, C: Classification, P: Prediction, Sup: Supervised learning, Uns: Unsupervised learning.
Table 9. Process Data–Driven Prediction-Residual-Based Anomaly Detection Techniques for ICS/CPS.
Table 9. Process Data–Driven Prediction-Residual-Based Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Prediction-Residual-Based[67]DUnsMLP (Distributed Linear Deep Learning)FDI, Replay, Command Injection, DoSSWaT, WADI
[68]DUnsMLP + LSTMDoS
Malicious Command, Script Injection
Parameter Injection		SWaT
[69]DUns1D-CNN + Multi-head Self-AttentionFDI, Sensor Spoofing, Stealthy AttackSWaT/WADI
[70]DUnsHMMDoS, Noise Attack, Protocol Violation, Buffer Attack, Sensor·Actuator Physical AttackAvionics Testbed, Consumer Robot Testbed–iRobot Create 2 [71]
[72]DUnsLSTMMalicious Code Execution, Coordinated Stealthy Attack, Replay, Command InjectionCustom-built dataset
[73]D, PUnsFMI + FMRAC + ASCRamp Attack (Data Integrity Attack)Offshore Wind Farm Benchmark [74]
[75]DUnsTemporal State-Transition based Process-aware IDSProcess-Oriented AttackSWaT
[76]DSemi, UnsTCN + TransGlobal Anomaly, Contextual Anomaly, Seasonal Anomaly, Trend AnomalySWaT, WADI
D: Detection, C: Classification, P: Prediction, Uns: Unsupervised learning, Semi: Semi-supervised learning.
Table 10. Process Data–Driven Reconstruction-Error-Based Anomaly Detection Techniques for ICS/CPS.
Table 10. Process Data–Driven Reconstruction-Error-Based Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Reconstruction-Error-Based[77]DUnsMM + AFAInjection AttackFCC Fractionator Simulation Dataset [78], BATADAL
[79]DUnsCNN + LSTM AEStep Injection, Slope Injection, DoS, InjectionHAI [80]
[81]DUnsNN-OneclassSensor, Actuator Fault, FDI, Command Manipulation SWaT
[82]DUnsVAE-LSTMSensor/Actuator Fault, False Data Injection, Command Manipulation SWaT
[83]DUnsBiLSTMOperational Anomaly, Contextual Sequence Deviation, Process Feedback ErrorHAI [84]
[85]DUnsKNN, Linear SVM, AEPhysical intrusion devices on CAN fieldbusCustom-built dataset
[86]DUnsPCA, OCSVM, LOF, kNN, IFFDICustom-built dataset
[87]DSup + UnsAE + IF + XGBoost + RF + LSTMInjection, Tampering, DoS, ReconnaissanceSWaT, Wind Turbine SCADA
D: Detection, C: Classification, P: Prediction, Sup: Supervised learning, Uns: Unsupervised learning.
Table 11. Process Data–Driven Sensor-Correlation-Based Anomaly Detection Techniques for ICS/CPS.
Table 11. Process Data–Driven Sensor-Correlation-Based Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Sensor-Correlation-Based[88]D, CSupDeep RNN based Attention, Deep LSTM, Deep Bi-LSTMInjection, Spoofing Attack, Noise AttackSWaT, WADI, GHL [89]
[90]DUnsCNN, RNN, LSTM, GRUCommand Injection
Replay, DoS, Physical Process Manipulation		SWaT/WADI
[91]DSupARF, HATDoS, Spoofing, Command Injection, Physical fault, sabotage, Insider AttackaNormalies [92]/WDT/HAI
[93]DSupGA-mADAM-LSTMInjection, Tampering, DoS, ReconnaissanceSWaT/WADI
[94]DUnsGCN + LSTM VAEInjection, Tampering, DoS, Multi-StageSWaT, BATADAL
[95]D, PSup + UnsSuper Learner Ensemble + Isolation Forest + BBNInjection, Tampering, Sabotage, DoSaNormalies
[96]DWeak-SupC-ary Tree MIL FrameworkFault, Tampering, DoS, Overflow, Sensor AnomalySWaT/WADI/AIOPS [97]/GHL
[98]DSup + UnsTrans, RFFDI, Setpoint Manipulation, Sensor Fault, Controller Parameter AttackHAI
[99]DSupSVM, KNN, MLP, DT, RF, Gaussian Naïve BayesMemory, Parameter TamperingCustom-built dataset
[100]DSupRF, KNN, SVM, NNFDIGas Pipeline Dataset
[101]DSupExtra Trees, AdaBoostFDIICS Cyber Attack Power System (Triple-Class) [102], IEEE 14-Bus FDI Dataset [103], IEEE 57-Bus FDI Dataset [103]
[104]DUnsOCSVMFDI, Command InjectionGRFICSv2 [105]
[106]DSupOCSVMFDI, Replay, Command InjectionCustom-built dataset
[107]DSupDNNFDIAIEEE 118-bus Simulation
[108]DSupKANDDoS, Reconnaissance, Replay, MitM InjectionSWaT, WADI, ICS-Flow [109]
[110]DSupCNN + AttnFDI, Replay, Spoofing, Control InjectionSWaT, WADI
D: Detection, C: Classification, P: Prediction, Sup: Supervised learning, Uns: Unsupervised learning, Weak-Sup: Weakly Supervised learning.
Table 12. Process Data–Driven Operational-Consistency-Based Anomaly Detection Techniques for ICS/CPS.
Table 12. Process Data–Driven Operational-Consistency-Based Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Leveraging Operational-Consistency[111]DUnsBayesian network + FSMFDI, Command Injection, Control Tampering, Sensor SpoofingSWaT
[112]D, PSupRule-based Function Simulator, DTFDI, Command Injection, Control Tampering, ReplaySWaT
[113]DUnsPM-SEN, PM-ACT, ESRFDI, Command Injection, Replay, StealthySWaT, WADI
[114]DSupXGBoostValue Manipulation, Replay, Fuzzy, Zero-DaySeat Leon 2018 OBD-II Dataset [115], KIA SOUL Dataset [116]
[117]DSupRule based SRI+DNNAdversarial Attack, Zero-day, FDI, DoS, Spoofing, ReplaySWaT
[118]DSupCNN+LSTM+DNNFDI, Coordinated, Stealthy, Ramp, RandomIEEE 37-bus Simulation
D: Detection, C: Classification, P: Prediction, Sup: Supervised learning, Uns: Unsupervised learning.
Table 13. Simulation Data Type Used in AI anomaly Detection for ICS/CPS.
Table 13. Simulation Data Type Used in AI anomaly Detection for ICS/CPS.
ListD, C, PLearning MethodModel TypeAttack TypeDataset
[119]DRLDouble Deep Q-LearningAPTCyberBattleSim
[120]DSemiAEFDI, DoS/DDoS, Replay, Command Injection, SpoofingSWAT, WADI, HAI
[121]DUns, RLRAADDoS, MITM, Replay, FDI, Physical FaultSWAT, HAI, UNSW-NB15
D: Detection, C: Classification, P: Prediction, Uns: Unsupervised learning, Semi: Semi-supervised learning, RL: Reinforcement learning.
Table 14. Hybrid Data-Driven Data Fusion-Based Anomaly Detection Techniques for ICS/CPS.
Table 14. Hybrid Data-Driven Data Fusion-Based Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Data Fusion-based[122]DUnsLSTM + GANMITM, DoS, Scan, Pump Failure, Sensor Breakdown, LeakWDT
[123]DUnsLSP-DFADoS, Replay, Command Injection, Long-duration Attack, Masquerade Transition Attack, System Recovery AttackCustom-built dataset
[124]DSemiCDFFDI, DoS/DDoS, Replay, Command Injection, SpoofingNSL-KDD,
ICS [125], etc.
[126]DUnsGRU + AEStealthy, Non-stealthy, Amplification, Replay, FDICustom-built dataset
[127]DSup+UnsCNN + DBSCAN + MPC ControlCyber-Attack, Sensor Anomaly, Defect DetectionCustom-built dataset
[128]D, PSupHMMFDI, DoS, MITM, Buffer Overflow, Backdoor, SpoofingCustom-built dataset
[129]DSup/Uns/SemiRF, Extra Trees, GB, MLP, AE, LOFDoS, FDI, Replay, Probe, Injection, ReconnaissanceWater Storage Tank, New Gas Pipeline, Power System, WADI, BATADAL, Tennessee Eastman [130]
[131]D, PSemi/ProbBayesian Network + Multi-modal Fusion + ATT&CK MappingMalware Injection, Lateral Movement, Privilege Escalation, Data ExfiltrationPower Terminal Network Simulation
[132]DSup + RLTrans + LSTM AE + CANet + RF + SVMDoS, MITM, Scan, Physic FaultSCADA, WDT
D: Detection, C: Classification, P: Prediction, Sup: Supervised learning, Uns: Unsupervised learning, Semi: Semi-supervised.
Table 15. Hybrid Data–Driven Ensemble and Decision-Fusion-Based Anomaly Detection Techniques for ICS/CPS.
Table 15. Hybrid Data–Driven Ensemble and Decision-Fusion-Based Anomaly Detection Techniques for ICS/CPS.
Data Characteristics UtilizedListD, C, PLearning MethodModel TypeAttack TypeDataset
Ensemble and Decision-Fusion-Based[133]DSupDT, SVM, LSTM, XGBoost + Decision FusionInformation Leakage, Replay, Command Injection, Sensor Tampering, Control Parameter Tampering, Multi-Point, Physical AttackCustom-built dataset
[134]D, CSupRF + Risk Evaluation EngineDoS, PortScan, Botnet, Remote Shell, Lateral MovementCustom-built dataset
[135]D, PUnsupLSTM, GRUPacket Corruption, Packet Modification, Packet DelayCustom-built dataset
[136]D, CSupRF, GBDT, AdaBoost, SVM + State ObserverDoS, Data SpoofingCustom-built dataset
[137]DUnsupClust + TS (HCA, ARIMA/GARCH)DoS/DDoS, Spoofing, MITMFactory Automation [138], Modbus, SWaT
D: Detection, C: Classification, P: Prediction, Sup: Supervised learning, Unsup: Unsupervised learning.
Table 16. Other Type Used in AI anomaly Detection for ICS/CPS.
Table 16. Other Type Used in AI anomaly Detection for ICS/CPS.
ListD, C, PLearning MethodModel TypeAttack TypeDataset
[142]DUnsLSTM, LSTM AE, TransPLC Ladder Logic BombPLC control logic Ladder Logic Bombs [143]
[144]DSupNNFDICustom-built dataset
[145]DUnsTransAnomaly ExecutionCustom-built dataset
[146]DUnsANN Regression, CUSUMreplay attackCustom-built dataset
D: Detection, C: Classification, P: Prediction, Sup: Supervised learning, Uns: Unsupervised learning.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Seo, J.K.; Lee, J.; Kim, B.; Shim, W.; Seo, J.T. AI-Based Anomaly Detection in Industrial Control and Cyber–Physical Systems: A Data-Type-Oriented Systematic Review. Electronics 2026, 15, 20. https://doi.org/10.3390/electronics15010020

AMA Style

Seo JK, Lee J, Kim B, Shim W, Seo JT. AI-Based Anomaly Detection in Industrial Control and Cyber–Physical Systems: A Data-Type-Oriented Systematic Review. Electronics. 2026; 15(1):20. https://doi.org/10.3390/electronics15010020

Chicago/Turabian Style

Seo, Jung Kyu, JuHyeon Lee, Buyoung Kim, Wooseong Shim, and Jung Taek Seo. 2026. "AI-Based Anomaly Detection in Industrial Control and Cyber–Physical Systems: A Data-Type-Oriented Systematic Review" Electronics 15, no. 1: 20. https://doi.org/10.3390/electronics15010020

APA Style

Seo, J. K., Lee, J., Kim, B., Shim, W., & Seo, J. T. (2026). AI-Based Anomaly Detection in Industrial Control and Cyber–Physical Systems: A Data-Type-Oriented Systematic Review. Electronics, 15(1), 20. https://doi.org/10.3390/electronics15010020

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Article metric data becomes available approximately 24 hours after publication online.
Back to TopTop