Search Results (142)

Industrial Control Systems (ICSs), critical to infrastructure, face escalating cyber threats under Industry 4.0, yet existing intrusion detection methods are hindered by attack sample scarcity, spatiotemporal heterogeneity of industrial protocols, and resource constraints of embedded devices. This paper proposes a four-stage closed-loop intrusion detection framework for ICSs, with its core innovations integrating the following key components: First, a protocol-conditioned Conditional Generative Adversarial Network (CTGAN) is designed to synthesize realistic attack traffic by enforcing industrial protocol constraints and validating syntax through dual-path discriminators, ensuring generated traffic adheres to protocol specifications. Second, a three-tiered sliding window encoder transforms raw network flows into structured RGB images, capturing protocol syntax, device states, and temporal autocorrelation to enable multiresolution spatiotemporal analysis. Third, an Efficient Multiscale Attention Visual State Space Model (EMA-VSSM) is developed by integrating gate-enhanced state-space layers with multiscale attention mechanisms and contrastive learning, enhancing threat detection through improved long-range dependency modeling and spatial–temporal correlation capture. Finally, a lightweight EMA-VSSM student model, developed via hierarchical distillation, achieves a model compression rate of 64.8% and an inference efficiency enhancement of approximately 30% relative to the original model. Experimental results on a real-world ICS dataset demonstrate that this lightweight model attains an accuracy of 98.20% with a False Negative Rate (FNR) of 0.0316, outperforming state-of-the-art baseline methods such as XGBoost and Swin Transformer. By effectively balancing protocol compliance, multi-resolution feature extraction, and computational efficiency, this framework enables real-time deployment on resource-constrained ICS controllers. Full article

Industrial Control Systems (ICSs) are critical infrastructure for maintaining social and economic stability, but they face increasing security threats that require robust anomaly detection mechanisms. Anomaly detection in ICS, based on sensor data, is essential for identifying abnormal behaviors caused by factors such as equipment failures, cyber-attacks, and operational mistakes. However, industrial time series data are often multimodal, noisy, and exhibit both short-term fluctuations and long-term dependencies, making them difficult to model effectively. Additionally, ICS data often contain high-frequency noise and complex periodic patterns, which traditional methods and standalone models, such as Long Short-Term Memory (LSTM), fail to capture effectively. To address these challenges, we propose a novel anomaly detection framework that leverages Gated Recurrent Units for short-term dynamics and PatchTST for long-term dependencies. The GRU module extracts dynamic short-term features, while PatchTST models long-term dependencies by segmenting the feature sequence processed by GRU into overlapping patches. Additionally, we innovatively introduce Frequency-Enhanced Channel Attention Module to capture frequency domain features, mitigating high-frequency noise and enhancing the model’s ability to detect long-term trends and periodic patterns. Experimental results on the SWaT and WADI datasets show that the proposed method achieves strong anomaly detection performance, attaining F1 scores of 0.929 and 0.865, respectively, which are superior to those of representative existing methods, demonstrating the effectiveness of the proposed design for robust anomaly detection in complex ICS environments. Full article

Industrial control systems (ICSs) are increasingly interconnected with enterprise IT networks and remote services, which expands the attack surface of operational technology (OT) environments. However, collecting sufficient attack traffic from real OT/ICS networks is difficult, and the resulting scarcity and class imbalance of malicious data hinder the development of intrusion detection systems (IDSs). At the same time, large language models (LLMs) have shown promise for security analytics when system events are expressed in natural language. This study investigates an LLM-based network IDS for a smart-factory OT/ICS environment and proposes a synthetic data generation method that injects domain knowledge into attack samples. Using the ICSSIM simulator, we construct a bottle-filling smart factory, implement six MITRE ATT&CK for ICS-based attack scenarios, capture Modbus/TCP traffic, and convert each request–response pair into a natural-language description of network behavior. We then generate synthetic attack descriptions with GPT by combining (1) statistical properties of normal traffic, (2) MITRE ATT&CK for ICS tactics and techniques, and (3) expert knowledge obtained from executing the attacks in ICSSIM. The Llama 3.1 8B Instruct model is fine-tuned with QLoRA on a seven-class classification task (Benign vs. six attack types) and evaluated on a test set composed exclusively of real ICSSIM traffic. Experimental results show that synthetic data generated only from statistical information, or from statistics plus MITRE descriptions, yield limited performance, whereas incorporating environment-specific expert knowledge is associated with substantially higher performance on our ICSSIM-based expanded test set (100% accuracy in binary detection and 96.49% accuracy with a macro F1-score of 0.958 in attack-type classification). Overall, these findings suggest that domain-knowledge-infused synthetic data and natural-language traffic representations can support LLM-based IDSs in OT/ICS smart-factory settings; however, further validation on larger and more diverse datasets is needed to confirm generality. Full article

Industrial Control Systems (ICS) are fundamental to the operation, monitoring, and automation of critical infrastructure in sectors such as energy, water utilities, manufacturing, transportation, and oil and gas. According to the Purdue Model, ICS encompasses tightly coupled OT and IT layers, becoming increasingly interconnected. Smart grids represent a critical class of ICS; thus, this survey examines encryption and relevant protocols in smart grid communications, with findings extendable to other ICS. Encryption techniques implemented at both the protocol and network layers are among the most effective cybersecurity strategies for protecting communications in increasingly interconnected ICS environments. This paper provides a comprehensive survey of encryption practices within the smart grid as the primary ICS application domain, focusing on protocol-level solutions (e.g., DNP3, IEC 60870-5-104, IEC 61850, ICCP/TASE.2, Modbus, OPC UA, and MQTT) and network-level mechanisms (e.g., VPNs, IPsec, and MACsec). We evaluate these technologies in terms of security, performance, and deployability in legacy and heterogeneous systems that include renewable energy resources. Key implementation challenges are explored, including real-time operational constraints, cryptographic key management, interoperability across platforms, and alignment with NERC CIP, IEC 62351, and IEC 62443. The survey highlights emerging trends such as lightweight Transport Layer Security (TLS) for constrained devices, post-quantum cryptography, and Zero Trust architectures. Our goal is to provide a practical resource for building resilient smart grid security frameworks, with takeaways that generalize to other ICS. Full article

The study focuses on the design of an intelligent information-control system (ICS) for metallurgical production, aimed at robust forecasting of technological parameters and automatic self-adaptation under noise, anomalies, and data drift. The proposed architecture integrates a hybrid LSTM–DNN model with low-discrepancy hypercube sampling using Sobol and Halton sequences to ensure uniform coverage of operating conditions and the hyperparameter space. The processing pipeline includes preprocessing and temporal synchronization of measurements, a parameter identification module, anomaly detection and correction using an ε-threshold scheme, and a decision-making and control loop. In simulation scenarios modeling the dynamics of temperature, pressure, level, and flow (1 min sampling interval, injected anomalies, and measurement noise), the hybrid model outperformed GRU and CNN architectures: a determination coefficient of R² > 0.92 was achieved for key indicators, MAE and RMSE improved by 7–15%, and the proportion of unreliable measurements after correction decreased to <2% (compared with 8–12% without correction). The experiments also demonstrated accelerated adaptation during regime changes. The scientific novelty lies in combining recurrent memory and deep nonlinear approximation with deterministic experimental design in the hypercube of states and hyperparameters, enabling reproducible self-adaptation of the ICS and increased noise robustness without upgrading the measurement hardware. Modern metallurgical information-control systems operate under non-stationary regimes and limited measurement reliability, which reduces the robustness of conventional forecasting and decision-support approaches. To address this issue, a hybrid LSTM–DNN architecture combined with low-discrepancy hypercube probing and anomaly-aware data correction is proposed. The proposed approach is distinguished by the integration of hybrid neural forecasting, deterministic hypercube-based adaptation, and anomaly-aware data correction within a unified information-control loop for non-stationary industrial processes. Full article

The global transition from internal combustion engines (ICEs) to hybrid (HEVs) and electric vehicles (EVs) is fundamentally reshaping lubricant design requirements, driven by evolving thermal demands, electrical constraints, and material compatibility challenges. Conventional ICE lubricants are primarily formulated to withstand high operating temperatures, mechanical stresses, and combustion-derived contaminants through established additive chemistries such as zinc dialkyldithiophosphate (ZDDP), with thermal stability and wear protection as dominant considerations. In contrast, HEV lubricants must accommodate frequent start–stop operation, pronounced thermal cycling, and fuel dilution while maintaining performance across coupled mechanical and electrical subsystems. EV lubricants represent a paradigm shift, where requirements extend beyond tribological protection to include electrical insulation and conductivity control, thermal management of electric motors and battery systems, and compatibility with copper windings, polymers, elastomers, and advanced coatings, alongside mitigation of noise, vibration, and harshness (NVH). This review critically examines lubricant behavior, formulation strategies, and performance requirements across ICE, HEV, and EV powertrains, with specific emphasis on heat transfer, electrical performance, and lubricant–material interactions, covering mineral, synthetic, and bio-based fluids. Additionally, regulatory drivers, sustainability considerations, and emerging innovations such as nano-additives, multifunctional and smart lubricants, and AI-assisted formulation are discussed. By integrating recent research into industrial practice, this work highlights the increasingly interdisciplinary role of tribology in enabling efficient, durable, and sustainable mobility for next-generation automotive systems. Full article

The electric power grid constitutes a foundational pillar of modern critical infrastructure (CI), underpinning societal functionality and global economic stability. Yet, the increasing convergence of Information Technology (IT) and Operational Technology (OT), particularly through the integration of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS), has amplified the sector’s exposure to sophisticated cyber threats. This study conducts a comparative analysis of five major cyber incidents targeting electric power systems: the 2015 and 2016 Ukrainian power grid disruptions, the 2022 Industroyer2 event, the 2010 Stuxnet attack, and the 2012 Shamoon incident. Each case is examined with respect to its objectives, methodologies, operational impacts, and mitigation efforts. Building on these analyses, the research evaluates the extent to which such attacks could have been prevented or mitigated through the systematic adoption of leading cybersecurity maturity frameworks. The NIST Cybersecurity Framework (CSF) 2.0, the ENISA NIS2 Directive Risk Management Measures, the U.S. Department of Energy’s Cybersecurity Capability Maturity Model (C2M2), and the Cybersecurity Risk Foundation (CRF) Maturity Model alongside complementary technical standards such as NIST SP 800-82 and IEC 62443 have been thoroughly examined. The findings suggest that a proactive, layered defense architecture grounded in the principles of these frameworks could have significantly reduced both the likelihood and the operational impact of the reviewed incidents. Moreover, the paper identifies critical gaps in the existing maturity models, particularly in their ability to capture hybrid, cross-domain, and human-centric threat dynamics. The study concludes by proposing directions for evolving from compliance-driven to resilience-oriented cybersecurity ecosystems, offering actionable recommendations for policymakers and power system operators to strengthen the cyber-physical resilience of electric generation and distribution infrastructures worldwide. Full article

Industrial Control Systems (ICS) and Cyber–Physical Systems (CPS) are critical infrastructures supporting national sectors, where cyberattacks can directly cause physical process disruptions and safety incidents. Following PRISMA 2020 guidelines, we systematically searched Web of Science, Scopus, IEEE Xplore, and the ACM Digital Library for studies published between 1 January 2021 and 31 October 2025, and finally included 89 primary studies. The literature is categorized into five data modalities—network traffic, operational data, simulation data, hybrid data, and other auxiliary data—and compared in terms of detection objectives, learning paradigms, model families, attack types, and datasets. The analysis shows that network data are effective for detecting cyber-layer attacks such as reconnaissance, DoS, and MITM, while operational data are suited for physical-layer anomalies including process disturbances, FDI, and stealth deviations. Simulation and hybrid data further support rare-scenario generation and cyber–physical consistency checking. However, limitations remain, including reliance on few benchmarks, lack of realistic multi-domain datasets, label sparsity, concept drift, and insufficient consideration of real-time and resource-constrained OT environments. Based on these findings, this review highlights future directions such as multi-domain dataset development, physics- and control-informed model design, hybrid-data-driven integrated detection, and lightweight edge deployment. Full article

This study presents a comparative analysis of the adsorption behavior of three industrial ionic dyes—Indigo Carmine (IC), Congo Red (CR), and Evans Blue (EB)—using two adsorbent materials with distinct physicochemical and textural properties: bone char (BC) and activated carbon cloth (ACC). The main objective was to evaluate and compare the adsorption equilibrium and kinetics of these dyes on both materials. Equilibrium behavior was analyzed using the Prausnitz–Radke isotherm model, while adsorption kinetics were evaluated using PVSDM. The results showed that adsorption onto BC was primarily driven by electrostatic interactions, enhanced by the presence of hydroxyapatite. The maximum adsorbed amounts were determined to be 0.296, 0.107, and 0.0614 mmol g⁻¹ for CR, IC, and EB, respectively. In contrast, adsorption on ACC was influenced by both electrostatic and hydrophobic forces due to its carbonaceous composition. IC exhibited significantly higher adsorption on ACC (1.087 mmol g⁻¹), whereas CR and EB only 0.269 mmol g⁻¹ and 0.028 mmol g⁻¹, respectively. Kinetic studies revealed that intraparticle transport was the rate-limiting step across all systems. Specifically, pore volume diffusion controlled the adsorption rate on ACC, with mean diffusion coefficients of 9.72 × 10⁻⁸, 1.83 × 10⁻⁹, and 1.48 × 10⁻¹⁰ cm² s⁻¹ for IC, CR and EB, respectively. Conversely, for BC, adsorption surface diffusion played a dominant role in the adsorption of IC and CR, with mean diffusion coefficients of 1.62 × 10⁻⁹ and 7.28 × 10⁻¹⁰ for IC and CR, respectively. These findings underscore the importance of considering both equilibrium and kinetic parameters in the design of efficient wastewater treatment systems. Full article

Industrial control systems (ICS), as critical infrastructure supporting national operations, are increasingly threatened by sophisticated stealthy network attacks. These attacks often break malicious behaviors into multiple highly camouflaged packets, which are embedded into large-scale background traffic with low frequency, making them semantically and temporally indistinguishable from normal traffic and thus evading traditional detection. Existing methods largely rely on flow-level statistics or long-sequence modeling, resulting in coarse detection granularity, high latency, and poor byte-level interpretability, falling short of industrial demands for real-time and actionable detection. To address these challenges, we propose Avocado, a fine-grained, multi-level intrusion detection model. Avocado’s core innovation lies in contextual flow-feature fusion: it models each packet jointly with its surrounding packet sequence, enabling independent abnormality detection and precise localization. Moreover, a shared-query multi-head self-attention mechanism is designed to quantify byte-level importance within packets. Experimental results show that Avocado significantly outperforms state-of-the-art flow-level methods on NGAS and CLIA-M221 datasets, improving packet-level detection ACC by 1.55% on average, and reducing FPR and FNR to 3.2%, 3.6% (NGAS), and 3.7%, 4.3% (CLIA-M221), respectively, demonstrating its superior performance in both detection and interpretability. Full article

In tightly coupled Industrial Control Systems (ICS), abnormal disturbances often propagate throughout the process, triggering a large number of time-correlated alarms that exceed the handling capacity of the operator. Consequently, a key challenge is how to leverage the directional and temporal characteristics of disturbance propagation to alleviate alarm overload. This paper proposes a delay-sensitive causal inference approach for industrial alarm analysis to address this problem. On the one hand, time delay estimation is introduced to precisely align the responses of two sensor sequences to disturbances, thereby improving the accuracy of causal relationship identification in the temporal domain. On the other hand, a multi-scale subgraph fusion strategy is designed to address the inconsistency in causal strength caused by disturbances of varying intensities. By integrating significant causal subgraphs from multiple scenarios into a unified graph, the method reveals the overall causal structure among alarm variables and provides guidance for alarm mitigation. To validate the proposed method, a case study is conducted on the Tennessee Eastman Process. The results demonstrate that the approach identifies causal relationships more accurately and reasonably and can effectively reduce the number of alarms by up to 51.6%. Full article

Stealth attacks targeting industrial control systems (ICS) exploit subtle sequences of malicious actions, making them difficult to detect with conventional methods. The OPC Unified Architecture (OPC UA) protocol—now widely adopted in SCADA/ICS environments—enhances OT–IT integration but simultaneously increases the exposure of critical infrastructures to sophisticated cyberattacks. Traditional detection approaches, which rely on instantaneous traffic features and static models, neglect the sequential dimension that is essential for uncovering such gradual intrusions. To address this limitation, we propose a hybrid sequential anomaly detection pipeline that combines Markov chain modeling to capture temporal dependencies with machine learning algorithms for anomaly detection. The pipeline is further augmented by explainability through SHapley Additive exPlanations (SHAP) and causal inference using the PC algorithm. Experimental evaluation on an OPC UA dataset simulating Man-In-The-Middle (MITM) and denial-of-service (DoS) attacks demonstrates that incorporating a second-order sequential memory significantly improves detection: F1-score increases by +2.27%, precision by +2.33%, and recall by +3.02%. SHAP analysis identifies the most influential features and transitions, while the causal graph highlights deviations from the system’s normal structure under attack, thereby providing interpretable insights into the root causes of anomalies. Full article

Industrial control systems (ICS) are increasingly vulnerable to evolving cyber threats due to the convergence of operational and information technologies. This research presents a robust cybersecurity framework that integrates machine learning-based anomaly detection with advanced cryptographic techniques to protect ICS communication networks. Using the ICS-Flow dataset, we evaluate several ensemble models, with XGBoost achieving 99.92% accuracy in binary classification and Decision Tree attaining 99.81% accuracy in multi-class classification. Additionally, we implement an LSTM autoencoder for temporal anomaly detection and employ the ADWIN technique for real-time drift detection. To ensure data security, we apply AES-CBC with HMAC and AES-GCM with RSA encryption, which demonstrates resilience against brute-force, tampering, and cryptanalytic attacks. Security assessments, including entropy analysis and adversarial evaluations (IND-CPA and IND-CCA), confirm the robustness of the encryption schemes against passive and active threats. A hardware implementation on a PYNQ Zynq board shows the feasibility of real-time deployment, with a runtime of 0.11 s. The results demonstrate that the proposed framework enhances ICS security by combining AI-driven anomaly detection with RSA-based cryptography, offering a viable solution for protecting ICS networks from emerging cyber threats. Full article

In modern industrial control systems (ICSs), communication protocols such as Modbus TCP remain widely used due to their simplicity, interoperability, and real-time performance. However, these communication protocols (e.g., Modbus TCP) were originally designed without security considerations, lacking essential features such as encryption, integrity protection, and authentication. This exposes ICS deployments to severe security threats, including eavesdropping, command injection, and replay attacks, especially when operating over unsecured networks. To address these critical vulnerabilities while preserving the lightweight nature of the protocol, we propose a Modbus TCP security enhancement scheme that integrates ASCON, an NIST-standardized authenticated encryption algorithm, with the CBOR Object Signing and Encryption (COSE) framework. Our design embeds COSE_Encrypt0 structures into Modbus application data, enabling end-to-end confidentiality, integrity, and replay protection without altering the protocol’s semantics or timing behavior. We implement the proposed scheme in C and evaluate it in a simulated embedded environment representative of typical ICS devices. Experimental results show that the solution incurs minimal computational and memory overhead, while providing robust cryptographic guarantees. This work demonstrates a practical pathway for retrofitting legacy ICS protocols with modern lightweight cryptography, enhancing system resilience without compromising compatibility or performance. Full article

Recent advances in time-series anomaly detection have leveraged artificial intelligence (AI) to improve detection performance. In industrial control systems (ICSs), however, acquiring training data is challenging due to operational constraints and the difficulty of system shutdowns. To address this, many countries are developing ICS simulators and testbeds to generate training data. This study uses a publicly available ICS testbed dataset as a benchmark for the discriminator in a Semi-Supervised Generative Adversarial Network (SGAN). The goal is to generate large volumes of synthetic time-series data through adversarial training between generator and discriminator networks, thereby mitigating data scarcity in ICS anomaly detection. Comparative experiments were conducted using this synthetic data to evaluate its impact on existing detection models. Using the HAI 22.04 dataset from the National Security Research Institute, this study performed feature engineering and preprocessing to identify correlations and remove irregularities. Various models, including One-Class SVM, VAE, CNN-GRU-Autoencoder, and CNN-LSTM-Autoencoder, were trained and tested on the dataset. A synthetic dataset was then generated via SGAN and validated using PCA and t-SNE. The results show that applying SGAN-generated data to time-series anomaly detection yielded significant performance improvements in F1 score. Additional validation using the SWaT dataset from the National University of Singapore confirmed similar gains. These findings indicate that synthetic data generated by SGANs can effectively enhance semi-supervised learning for anomaly detection, classification, and prediction in data-constrained environments such as medical, industrial, transportation, and environmental systems. Full article