The increasing digital integration of Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCSs), has improved operational efficiency while simultaneously increasing exposure to cyber threats. Traditional signature-based intrusion detection systems are limited in detecting novel and stealthy attacks in dynamic industrial environments. This study presents a deep learning–based anomaly detection framework for ICS cybersecurity using multivariate time-series data from sensors, actuators, and network traffic. Three architectures, Convolutional Neural Networks (CNNs), Long Short-Term Memory (LSTM) networks, and Transformer models, are evaluated using the HAI Security Dataset. Experimental results show that the Transformer model achieves the highest accuracy (92%), followed by CNN (91%) and LSTM (90%), with all models attaining an F1-score of 91%. The Transformer demonstrates superior generalization by effectively modelling complex temporal dependencies. Key challenges, including data imbalance, overfitting, and limited interpretability, are discussed alongside potential mitigation strategies such as hybrid modelling, federated learning, and digital twin integration. The findings demonstrate the effectiveness of deep learning for scalable, real-time cybersecurity threat detection in industrial control environments. To address challenges such as class imbalance and overfitting, the study discusses mitigation strategies including regularization, early stopping, cost-sensitive learning, and future integration of data balancing and federated learning techniques for improved robustness and generalization.
Loading....