<![CDATA[Cyber-physical engineering systems (CPES) form the backbone of critical infrastructures such as power generation, industrial automation, and water treatment facilities. Because cyber intrusions in these environments can directly disrupt physical processes, reliable intrusion detection mechanisms are essential for maintaining operational safety and system resilience. However, many existing intrusion detection approaches rely on supervised learning techniques that require large volumes of labeled attack data, which are rarely available in real industrial environments. In addition, advanced detection methods often introduce significant computational overhead, limiting their practicality for deployment in resource-constrained cyber-physical systems. To address these challenges, this study proposes a one-class anomaly detection framework based on the Isolation Forest algorithm for monitoring cyber-physical engineering systems. The proposed approach learns the statistical distribution of normal operational behavior using multivariate sensor, actuator, and control signals, and identifies deviations from this learned pattern as potential cyber intrusions. The framework is evaluated using the Hardware-in-the-Loop–based Augmented Industrial Control System (HAI) Security Dataset, which provides realistic industrial process measurements under both normal and attack scenarios. Experimental results show that the model achieves overall accuracy (0.89) and strong performance in identifying normal operational states (F1-score = 0.94). However, attack detection shows moderate recall (0.48) but low precision (0.04) due to class imbalance and overlapping anomaly score distributions. These findings indicate that Isolation Forest serves as a computationally efficient baseline anomaly detection mechanism for real-time CPS monitoring, while highlighting the need for hybrid and temporally aware detection strategies to improve attack discrimination in industrial cyber-physical environments.]]>
Copyrights © 2026
