A hybrid methodology for anomaly detection in Cyber–Physical Systems

The rapid adoption of Industry 4.0 has seen Information Technology (IT) networks increasingly merged with Operational Technology (OT) networks, which have traditionally been isolated on air-gapped and fully trusted networks. This increased attack surface has resulted in compromises of Cyber–Physical Systems (CPS) with significant economic and life safety consequences. This paper proposes a hybrid model of anomaly detection of security threats to CPS by blending the signature-based and threshold-based Intrusion Detection Systems (IDS) commonly used in IT networks, with a Machine Learning (ML) model designed to detect behaviour-based anomalies in OT networks. This hybrid model achieves more rapid detection of known threats through signature-based and threshold-based detection strategies, and more accurate detection of unknown threats via behaviour-based anomaly detection using ML algorithms.