@Article{cmc.2025.064402,
AUTHOR = {Junbin He, Wuxia Zhang, Xianyi Liu, Jinping Liu, Guangyi Yang},
TITLE = {Toward Intrusion Detection of Industrial Cyber-Physical System: A Hybrid Approach Based on System State and Network Traffic Abnormality Monitoring},
JOURNAL = {Computers, Materials \& Continua},
VOLUME = {84},
YEAR = {2025},
NUMBER = {1},
PAGES = {1227--1252},
URL = {http://www.techscience.com/cmc/v84n1/61761},
ISSN = {1546-2226},
ABSTRACT = {The integration of cloud computing into traditional industrial control systems is accelerating the evolution of Industrial Cyber-Physical System (ICPS), enhancing intelligence and autonomy. However, this transition also expands the attack surface, introducing critical security vulnerabilities. To address these challenges, this article proposes a hybrid intrusion detection scheme for securing ICPSs that combines system state anomaly and network traffic anomaly detection. Specifically, an improved variation-Bayesian-based noise covariance-adaptive nonlinear Kalman filtering (IVB-NCA-NLKF) method is developed to model nonlinear system dynamics, enabling optimal state estimation in multi-sensor ICPS environments. Intrusions within the physical sensing system are identified by analyzing residual discrepancies between predicted and observed system states. Simultaneously, an adaptive network traffic anomaly detection mechanism is introduced, leveraging learned traffic patterns to detect node- and network-level anomalies through pattern matching. Extensive experiments on a simulated network control system demonstrate that the proposed framework achieves higher detection accuracy (92.14%) with a reduced false alarm rate (0.81%). Moreover, it not only detects known attacks and vulnerabilities but also uncovers stealthy attacks that induce system state deviations, providing a robust and comprehensive security solution for the safety protection of ICPS.},
DOI = {10.32604/cmc.2025.064402}
}