Open Access

ARTICLE

Toward Intrusion Detection of Industrial Cyber-Physical System: A Hybrid Approach Based on System State and Network Traffic Abnormality Monitoring

Junbin He^1,2, Wuxia Zhang³, Xianyi Liu¹, Jinping Liu^2,*, Guangyi Yang⁴

1 Hunan Intellectual Property Protection Center, Changsha, 410006, China
2 College of Information Science and Engineering, Hunan Normal University, Changsha, 410081, China
3 College of Computer Science and Software Engineering, Shenzhen University, Shenzhen, 518061, China
4 Hunan Institute of Metrology and Test, Changsha, 410018, China

* Corresponding Author: Jinping Liu. Email:

(This article belongs to the Special Issue: Big Data and Artificial Intelligence in Control and Information System)

Computers, Materials & Continua 2025, 84(1), 1227-1252. https://doi.org/10.32604/cmc.2025.064402

Received 14 February 2025; Accepted 03 April 2025; Issue published 09 June 2025

Abstract

The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System (ICPS), enhancing intelligence and autonomy. However, this transition also expands the attack surface, introducing critical security vulnerabilities. To address these challenges, this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection. Specifically, an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering (IVB-NCA-NLKF) method is developed to model nonlinear system dynamics, enabling optimal state estimation in multi-sensor ICPS environments. Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states. Simultaneously, an adaptive network traffic anomaly detection mechanism is introduced, leveraging learned traffic patterns to detect node- and network-level anomalies through pattern matching. Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy (92.14%) with a reduced false alarm rate (0.81%). Moreover, it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations, providing a robust and comprehensive security solution for the safety protection of ICPS.

---

Keywords

---