Toward Intrusion Detection of Industrial Cyber-Physical System: A Hybrid Approach Based on System State and Network Traffic Abnormality Monitoring

Junbin He^1,2, Wuxia Zhang³, Xianyi Liu¹, Jinping Liu^2,*, Guangyi Yang⁴
1 Hunan Intellectual Property Protection Center, Changsha, 410006, China
2 College of Information Science and Engineering, Hunan Normal University, Changsha, 410081, China
3 College of Computer Science and Software Engineering, Shenzhen University, Shenzhen, 518061, China
4 Hunan Institute of Metrology and Test, Changsha, 410018, China
* Corresponding Author: Jinping Liu. Email: email
(This article belongs to the Special Issue: Big Data and Artificial Intelligence in Control and Information System)

Computers, Materials & Continua https://doi.org/10.32604/cmc.2025.064402

Received 14 February 2025; Accepted 03 April 2025; Published online 25 April 2025

Download PDF

Abstract

The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System (ICPS), enhancing intelligence and autonomy. However, this transition also expands the attack surface, introducing critical security vulnerabilities. To address these challenges, this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection. Specifically, an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering (IVB-NCA-NLKF) method is developed to model nonlinear system dynamics, enabling optimal state estimation in multi-sensor ICPS environments. Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states. Simultaneously, an adaptive network traffic anomaly detection mechanism is introduced, leveraging learned traffic patterns to detect node- and network-level anomalies through pattern matching. Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy (92.14%) with a reduced false alarm rate (0.81%). Moreover, it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations, providing a robust and comprehensive security solution for the safety protection of ICPS.

Keywords

Industrial cyber-physical systems; network intrusion detection; adaptive Kalman filter; abnormal state monitoring; network traffic abnormality monitoring

Downloads
- Full-Text PDF
Citation Tools
- BibTex
- EndNote
- RIS

181

View
57

Download
0

Like

Application of Self-Organizing Feature Map Neural Network Based on K-means Clustering in Network Intrusion Detection
Ling Tan, Chong Li, Jingming Xia,...
High Speed Network Intrusion Detection System (NIDS) Using Low Power Precomputation Based Content Addressable Memory
R. Mythili, P. Kalpana
A Network Traffic Classification Model Based on Metric Learning
Mo Chen, Xiaojuan Wang, Mingshu...
Anomaly Classification Using Genetic Algorithm-Based Random Forest Model for Network Attack Detection
Adel Assiri
Enhancing Network Intrusion Detection Model Using Machine Learning Algorithms
Nancy Awadallah Awad

All issues

Online First

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Toward Intrusion Detection of Industrial Cyber-Physical System: A Hybrid Approach Based on System State and Network Traffic Abnormality Monitoring

Abstract

Keywords

181

57

0

Further Information

Guidelines

Follow Us

Join Us

Contact Us

WhatsApp:

Share Link