A Hybrid Framework for Detecting and Mitigating Cyber-Attacks in Industrial Control Systems Through Physical Process Monitoring

Jansher Ali Chang; Muhammad Saleem Vighio

Authors

Jansher Ali Chang Quaid-e-Awam university of engineering science and technology Nawabshah
Muhammad Saleem Vighio Quaid-e-Awam university of engineering science and technology Nawabshah

Keywords:

Industrial Control Systems (ICS), Cyber–Physical Security, Hybrid Intrusion Detection, Random Forest–LSTM Framework, Anomaly Detection

Abstract

The efficiency of Industrial Control Systems (ICS) has been threatened by the increasing complexity of cyber-physical attacks owing to the convergence of Information Technology (IT) and Operational Technology (OT). The intrusion detection systems designed to address this issue focus on network monitoring. However, these systems were not entirely reliable in identifying complex attacks, such as those employing cyber-physical means to control physical processes concurrently with normal communications. To address this deficiency, the research paper proposes a comprehensive hybrid solution to detect and mitigate cyber-physical attacks simultaneously. This research combines both cyber-network and physical process monitoring. The solution employs a Random Forest classifier to detect cyber-physical attacks and an LSTM-based time series model to detect anomalies in multivariate sensor and actuator data of physical processes. The outputs of both detection models are optimized through a decision fusion approach. The detection framework also incorporates an automated response mechanism that isolates malicious units, generates alerts, and initializes safe operation modes during detected attacks. Additionally, to enhance the efficiency of the solution, an adaptive learning component has been incorporated to optimize detection and responses based on feedback derived from previous attacks and mitigation actions. The solution has been evaluated using the BATADAL dataset to demonstrate its effectiveness in terms of accuracy, reduction in false positives, and real-time cybersecurity performance for safeguarding ICS. This research applies a comprehensive hybrid approach aligned with real-world ICS, addressing identified challenges in current cyber-physical threats to provide effective protection for ICS.

References

William Bolton, “Instrumentation and Control Systems,” Instrum. Control Syst. Third Ed., 2021, [Online]. Available: https://www.sciencedirect.com/book/monograph/9780128234716/instrumentation-and-control-systems

William Knowles, Daniel Prince, “A survey of cyber security management in industrial control systems,” Int. J. Crit. Infrastruct. Prot., vol. 9, pp. 52–80, 2015, [Online]. Available: https://www.sciencedirect.com/science/article/abs/pii/S1874548215000207

S. McLaughlin et al., “The Cybersecurity Landscape in Industrial Control Systems,” Proc. IEEE, vol. 104, no. 5, pp. 1039–1057, May 2016, doi: 10.1109/JPROC.2015.2512235.

S. Janakiraman, “Cyber Security For Industrial Automation & Control Systems,” Oil Gas Bus., no. 1, pp. 176–194, Mar. 2024, doi: 10.17122/ogbus-2024-1-176-194.

J. S. Wei Xing, “Security Control of Cyber–Physical Systems under Cyber Attacks: A Survey,” Ssensors, vol. 24, no. 12, p. 3815, 2024, [Online]. Available: https://www.mdpi.com/1424-8220/24/12/3815

A. S. Moshe Kravchik, “Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks,” Proc. ACM Conf. Comput. Commun. Secur., 2018, [Online]. Available: https://dl.acm.org/doi/10.1145/3264888.3264896

Mohammed Al-Dhaheri, Ping Zhang, Dina Mikhaylenko, “Detection of Cyber Attacks on a Water Treatment Process,” IFAC-PapersOnLine, vol. 55, no. 6, pp. 667–672, 2022, [Online]. Available: https://www.sciencedirect.com/science/article/pii/S2405896322005894

A. Chattopadhyay, A. Prakash, and M. Shafique, “Secure Cyber-Physical Systems: Current trends, tools and open research problems,” Proc. 2017 Des. Autom. Test Eur. DATE 2017, pp. 1104–1109, May 2017, doi: 10.23919/DATE.2017.7927154.

Piotr Marusak, Robert Nebeluk, “Efficient Cyberattack Detection Methods in Industrial Control Systems,” Sensors, vol. 24, no. 12, p. 3860, 2024, doi: https://doi.org/10.3390/s24123860.

I. R. C. Robert Mitchell, “A survey of intrusion detection techniques for cyber-physical systems,” ACM Comput. Surv., vol. 46, no. 4, pp. 1–29, 2014, [Online]. Available: https://dl.acm.org/doi/10.1145/2542049

W. G. Thomas Morris, “Industrial Control System Traffic Data Sets for Intrusion Detection Research,” IFIP Adv. Inf. Commun. Technol., 2014, [Online]. Available: https://link.springer.com/chapter/10.1007/978-3-662-45355-1_5

P. M. Karen Scarfone, “Guide to Intrusion Detection and Prevention Systems,” Comput. Secur. Resour. Cent., 2007, [Online]. Available: https://csrc.nist.gov/pubs/sp/800/94/final

Kazukuni Kobara, “Cyber Physical Security for Industrial Control Systems and IoT,” IEICE Trans. Inf. Syst., pp. 787–795, 2016, doi: 10.1587/transinf.2015ICI0001.

Chuadhry Mujeeb Ahmed, Venkata Reddy Palleti, “WADI: a water distribution testbed for research in the design of secure cyber physical systems,” Proc. 3rd Int. Work. Cyber-Physical Syst. Smart Water Networks, pp. 25–28, 2017, [Online]. Available: https://dl.acm.org/doi/10.1145/3055366.3055375

H. A. Shafiq ur Rehman, “Intrusion detection system framework for cyber-physical systems,” Egypt. Informatics J., vol. 30, p. 100600, 2025, [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1110866524001634

N. Jadidi and M. Varmazyar, “A Survey of Cyber-physical Systems Applications (2017–2022),” Handb. Smart Energy Syst. Vol. 1-4, vol. 1–4, pp. 2089–2117, Jan. 2023, doi: 10.1007/978-3-030-97940-9_145.

David I. Urbina, Jairo Giraldo, “Limiting the Impact of Stealthy Attacks on Industrial Control Systems,” Proc. 2016 ACM SIGSAC Conf. Comput. Commun. Secur., 2016, [Online]. Available: https://dl.acm.org/doi/10.1145/2976749.2978388

Y. Xue, J. Pan, Y. Geng, Z. Yang, M. Liu, and R. Deng, “Real-Time Intrusion Detection Based on Decision Fusion in Industrial Control Systems,” IEEE Trans. Ind. Cyber-Physical Syst., vol. 2, pp. 143–153, May 2024, doi: 10.1109/ticps.2024.3406505.

K. N. J. Muhammad Azmi Umer, “Machine Learning for Intrusion Detection in Industrial Control Systems: Applications, Challenges, and Recommendations,” arXiv:2202.11917, 2022, [Online]. Available: https://arxiv.org/abs/2202.11917

Hakan Kayan, Matthew Nunes, “Toward Intrusion Detection of Industrial Cyber-Physical System: A Hybrid Approach Based on System State and Network Traffic Abnormality Monitoring,” Comput. Mater. Contin., vol. 84, no. 1, pp. 1227–1252, 2025, [Online]. Available: https://www.sciencedirect.com/org/science/article/pii/S154622182500551X

R. S. C. Atheeq, “Advancing IoT Cybersecurity: Adaptive Threat Identification with Deep Learning in Cyber-Physical Systems,” Eng. Technol. Appl. Sci. Res., vol. 14, no. 2, 2024, [Online]. Available: https://www.etasr.com/index.php/ETASR/article/view/6969

Swechchha Gupta, Buddha Singh, “Lightweight ensemble learning based intrusion detection framework with explainable artificial intelligence,” Eng. Appl. Artif. Intell., vol. 163, no. 2, p. 112936, 2026, [Online]. Available: https://www.sciencedirect.com/science/article/abs/pii/S0952197625029677?dgcid=rss_sd_all