DOI:
https://doi.org/10.64539/sjer.v2i2.2026.434Keywords:
Cyber-Physical Systems, Intrusion Detection, Isolation Forest, Anomaly Detection, Industrial Control SystemsAbstract
Cyber-physical engineering systems (CPES) form the backbone of critical infrastructures such as power generation, industrial automation, and water treatment facilities. Because cyber intrusions in these environments can directly disrupt physical processes, reliable intrusion detection mechanisms are essential for maintaining operational safety and system resilience. However, many existing intrusion detection approaches rely on supervised learning techniques that require large volumes of labeled attack data, which are rarely available in real industrial environments. In addition, advanced detection methods often introduce significant computational overhead, limiting their practicality for deployment in resource-constrained cyber-physical systems. To address these challenges, this study proposes a one-class anomaly detection framework based on the Isolation Forest algorithm for monitoring cyber-physical engineering systems. The proposed approach learns the statistical distribution of normal operational behavior using multivariate sensor, actuator, and control signals, and identifies deviations from this learned pattern as potential cyber intrusions. The framework is evaluated using the Hardware-in-the-Loop–based Augmented Industrial Control System (HAI) Security Dataset, which provides realistic industrial process measurements under both normal and attack scenarios. Experimental results show that the model achieves overall accuracy (0.89) and strong performance in identifying normal operational states (F1-score = 0.94). However, attack detection shows moderate recall (0.48) but low precision (0.04) due to class imbalance and overlapping anomaly score distributions. These findings indicate that Isolation Forest serves as a computationally efficient baseline anomaly detection mechanism for real-time CPS monitoring, while highlighting the need for hybrid and temporally aware detection strategies to improve attack discrimination in industrial cyber-physical environments.
References
[1] I. A. Khan, M. Keshk, D. Pi, N. Khan, Y. Hussain, and H. Soliman, “Enhancing IIoT networks protection: A robust security model for attack detection in Internet Industrial Control Systems,” Ad Hoc Networks, vol. 134, p. 102930, Sep. 2022. https://doi.org/10.1016/j.adhoc.2022.102930.
[2] P. Verma, D. O’Shea, T. Newe, N. Mehta, N. Bharot, and J. G. Breslin, “ABIDS-VEM: leveraging an equilibrium optimizer and data ramification in association with ensemble learning for anomaly-based intrusion detection system,” J. Supercomput., vol. 81, no. 7, p. 856, May 2025. https://doi.org/10.1007/s11227-025-07292-w.
[3] K. Shanthi and R. Maruthi, “Machine Learning Approach for Anomaly-Based Intrusion Detection Systems Using Isolation Forest Model and Support Vector Machine,” in 2023 5th International Conference on Inventive Research in Computing Applications (ICIRCA), IEEE, Aug. 2023, pp. 136–139. https://doi.org/10.1109/ICIRCA57980.2023.10220620.
[4] C. K. Reddy, G. Keerthi, G. Pranay, and A. J. A, “Machine Learning based Enhanced Intrusion Detection for Cybersecurity,” in 2025 4th International Conference on Sentiment Analysis and Deep Learning (ICSADL), IEEE, Feb. 2025, pp. 1400–1407. https://doi.org/10.1109/ICSADL65848.2025.10933487.
[5] G. P. Oise, B. S. Olanrewaju, O. A. Orukpe, K. C. Pius, and A. O. Airhiavbere, “A Convolutional Neural Network Framework for Intelligent Intrusion Detection,” Scientific Journal of Computer Science, vol. 2, no. 1, pp. 50–59, Feb. 2026. https://doi.org/10.64539/sjcs.v2i1.2026.404.
[6] S. A. Oyedotun, G. P. Oise, and C. E. Ozobialu, “Towards Intelligent Cybersecurity in SCADA and DCS Environments: Anomaly Detection Using Multimodal Deep Learning and Explainable AI,” Journal of Science Research and Reviews, vol. 2, no. 3, pp. 20–31, Jul. 2025. https://doi.org/10.70882/josrar.2025.v2i3.76.
[7] M. Rani and Gagandeep, “An Efficient Network Intrusion Detection System Based on Feature Selection Using Evolutionary Algorithm Over Balanced Dataset,” Mobile Radio Communications and 5G Networks, 2022, pp. 179–193. https://doi.org/10.1007/978-981-16-7018-3_15.
[8] A. Y. Hussein, P. Falcarin, and A. T. Sadiq, “IoT Intrusion Detection Using Modified Random Forest Based on Double Feature Selection Methods,” in International Conference on Emerging Technology Trends in Internet of Things and Computing, 2022, pp. 61–78. https://doi.org/10.1007/978-3-030-97255-4_5.
[9] S. Sharma, S. Mohan, P. Aryan, and R. V. S. Devi, “Cybersecurity Optimization Using Particle Swarm Optimization and Machine Learning in Intrusion Detection Systems,” in 2025 IEEE 4th International Conference for Advancement in Technology (ICONAT), IEEE, Sep. 2025, pp. 1–5. https://doi.org/10.1109/ICONAT66879.2025.11362892.
[10] M. S. Siddique, Md. A. R. Khan, I. Ahammad, N. Nath, J. R. Das, and F. Rahman, “An intelligent intrusion detection system for cyber-physical systems using GAN-LSTM networks,” Franklin Open, vol. 11, p. 100281, Jun. 2025. https://doi.org/10.1016/j.fraope.2025.100281.
[11] S. A. Elsaid and A. Binbusayyis, “An optimized isolation forest based intrusion detection system for heterogeneous and streaming data in the industrial Internet of Things (IIoT) networks,” Discover Applied Sciences, vol. 6, no. 9, p. 483, Sep. 2024. https://doi.org/10.1007/s42452-024-06165-w.
[12] G. P. Oise, O. C. Nwabuokei, O. J. Akpowehbve, B. A. Eyitemi, and N. B. Unuigbokhai, “Towards Smarter Cyber Defense: Leveraging Deep Learning for Threat Identification and Prevention,” FUDMA Journal of Sciences, vol. 9, no. 3, pp. 122–128, Mar. 2025. https://doi.org/10.33003/fjs-2025-0903-3264.
[13] S. Agrawal et al., “Federated Learning for intrusion detection system: Concepts, challenges and future directions,” Comput. Commun., vol. 195, pp. 346–361, Nov. 2022. https://doi.org/10.1016/j.comcom.2022.09.012.
[14] F. Folino, G. Folino, M. Guarascio, F. S. Pisani, and L. Pontieri, “On learning effective ensembles of deep neural networks for intrusion detection,” Information Fusion, vol. 72, pp. 48–69, Aug. 2021. https://doi.org/10.1016/j.inffus.2021.02.007.
[15] S. A. Oyedotun et al., “The Role of Internal Audit in Fraud Detection and Prevention: A Multi-Contextual Review and Research Agenda,” Journal of Science Research and Reviews, vol. 2, no. 2, pp. 76–85, May 2025. https://doi.org/10.70882/josrar.2025.v2i2.51.
[16] N. B. Unuigbokhai et al., “Advancements in Federated Learning for Secure Data Sharing in Financial Services,” FUDMA Journal of Sciences, vol. 9, no. 5, pp. 80–86, May 2025. https://doi.org/10.33003/fjs-2025-0905-3207.
[17] G. P. Oise et al., “Decentralized Deep Learning in Healthcare: Addressing Data Privacy with Federated Learning,” FUDMA Journal of Sciences, vol. 9, no. 6, pp. 19–26, Jun. 2025. https://doi.org/10.33003/fjs-2025-0906-3714.
[18] Q. Lin, R. Ming, K. Zhang, and H. Luo, “Privacy-Enhanced Intrusion Detection and Defense for Cyber-Physical Systems: A Deep Reinforcement Learning Approach,” Security and Communication Networks, vol. 2022, 2022. https://doi.org/10.1155/2022/4996427.
[19] S. Vladov et al., “Neural Network DDoS Mitigation System With Forensic Audit Support for Cyber Police,” IEEE Access, vol. 13, pp. 204628–204655, 2025. https://doi.org/10.1109/ACCESS.2025.3634478.
[20] Z. Yu, H. Gao, X. Cong, N. Wu, and H. H. Song, “A Survey on Cyber-Physical Systems Security,” IEEE Internet Things J., vol. 10, no. 24, pp. 21670–21686, Dec. 2023. https://doi.org/10.1109/JIOT.2023.3289625.
[21] M. Arafah, I. Phillips, A. Adnane, W. Hadi, M. Alauthman, and A. K. Al-Banna, “Anomaly-based network intrusion detection using denoising autoencoder and Wasserstein GAN synthetic attacks,” Appl. Soft Comput., vol. 168, no. 8, pp. 6247–6256, Jan. 2025. https://doi.org/10.1016/j.asoc.2024.112455.
[22] M. Wang, K. Zheng, Y. Yang, and X. Wang, “An Explainable Machine Learning Framework for Intrusion Detection Systems,” IEEE Access, vol. 8, pp. 73127–73141, 2020. https://doi.org/10.1109/ACCESS.2020.2988359.
[23] A. Alabdulatif, N. N. Thilakarathne, and Z. K. Lawal, “A Review on Security and Privacy Issues Pertaining to Cyber-Physical Systems in the Industry 5.0 Era,” Computers, Materials and Continua, vol. 80, no. 3, pp. 3917–3943, 2024. https://doi.org/10.32604/cmc.2024.054150.
[24] ICS Security Dataset, “HAI Security Dataset,” 2023. https://www.kaggle.com/datasets/icsdataset/hai-security-dataset.
[25] V. Selvakkumaran and R. Anandan, “Performance Analysis on Intrusion Detection System using Fuzzy Neural Network Approach,” International Journal of Advanced Science and Engineering, vol. 12, no. 2, pp. 5753–5763, Dec. 2025. https://doi.org/10.29294/ijase.12.2.2025.5753-5763.
[26] G. P. Oise, “E-ViTNet: A lightweight vision transformer with oppositional cat swarm optimization for automated E-Waste sorting,” Next Research, vol. 6, p. 101373, Apr. 2026. https://doi.org/10.1016/j.nexres.2026.101373.
[27] S. M. Rajagopal, M. Supriya, and R. Buyya, “FedSDM: Federated learning based smart decision making module for ECG data in IoT integrated Edge–Fog–Cloud computing environments,” Internet of Things (Netherlands), vol. 22, Jul. 2023. https://doi.org/10.1016/j.iot.2023.100784.
[28] A. Mohamed, J. Heilala, and N. S. Madonsela, “Machine Learning-Based Intrusion Detection Systems for Enhancing Cybersecurity,” in 2023 Second International Conference On Smart Technologies For Smart Nation (SmartTechCon), IEEE, Aug. 2023, pp. 366–370. https://doi.org/10.1109/SmartTechCon57526.2023.10391626.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Godfrey Perfectson Oise, Susan Konyeha, Felix Oshiorenoya Uloko, Kevin Chinedu Pius, Enovwo Eferoba–Idio, Michael Uyiosa Edobor, Evans Mintah, Osahon Ukpebor, Oludare Sokoya, Tejiri Jessa
This work is licensed under a Creative Commons Attribution 4.0 International License.
