Advancements in Anomaly Detection: A Review of Machine Learning Applications in Cyber-Physical System Networks

Advancements in Anomaly Detection: A Review of Machine Learning Applications in Cyber-Physical System Networks | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Advancements in Anomaly Detection: A Review of Machine Learning Applications in Cyber-Physical System Networks Asma Ahmed This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-4412375/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract In the practical world, Cyber-Physical Systems have integrated physical systems and software management in the cyber-world, with networks responsible for information interchange. CPSs are key technologies for various industrial domains, including intelligent medical systems, transport systems, and smart grids. The advancements in cybersecurity have surpassed the rapid growth of CPS, with new security challenges and threat models that lack an integrated and cohesive framework. The review methodology includes the search strategy along with the inclusion and exclusion criteria of fifteen studies conducted in the past ten years. The studies specific to the relevant topic have been added, while the others have been excluded. According to the results, Machine Learning (ML) algorithms and systems can synthesize data. It is employed in cyber-physical security to alleviate concerns regarding the safety and reliability of the findings. ML offers a solution to complex problems, enhancing computer-human interaction and enabling problem-solving in areas where custom-built algorithms are impractical. A comprehensive overview of the application of ML across various domains, such as smart grids, smart vehicles, healthcare systems, and environmental monitoring, has been included. However, a few challenges are associated with implementing ML techniques in CPS networks, including feature selection complexity, model performance, deployment challenges, algorithm biases, model mismatches, and the need to foster a robust safety culture. Overall, integrating ML techniques with CPS networks holds promise for enhancing system safety, reliability, and security but requires ongoing refinement and adaptation to address existing limitations and emerging threats. Machine Learning Algorithm Cyber-Physical System Anomalies Intrusions Challenges Applications 1. Introduction Cyber-physical systems or CPS have been integrated and combined with physical and cyber components like sensors and actuators into an integrated real-time control system (Bansal & Kumar, 2020 ). Along with common communication protocols, communication links have been used to connect various systems, such as computer networks and the Internet. "Conventional Industrial Control Systems" (ICS), "Supervisory Control and Data Acquisition" (SCADA), and the more recent Internet of Things (IoT)-based smart systems are all included in the broad field of CPS (Kim & Park, 2021 ). In the practical world, CPSs have integrated physical systems and software management in the cyber world, with networks responsible for information interchange (Kim et al., 2019 ). Technological developments in communications allow for low latency real-time communications, which enables the remote control of multiple physical systems and offers intelligent services to CPS users. CPSs constitute crucial technologies for a variety of industrial applications, such as smart grids, medical systems, and intelligent transportation systems. (Wolf & Serpanos, 2017 ). The advancements in cybersecurity have surpassed the rapid growth of CPS, with new security challenges and threat models that lack an integrated and cohesive framework for secure design, risk mitigation, malware and resistance (Wolf & Serpanos, 2017 ). CPSs can be divided into application, physical and transmission layers. The 4.0 industrial development has enabled real-time perception, information crevices and dynamic control. With the development of Industry 4.0, CPSs can enable macro-level engineering systems to benefit from real-time perception, dynamic control, and information service. However, the diversity of CPS applications across IoT networks makes them vulnerable to physical and cyber attackers, specifically for message transmission in smart manufacturing operations (Zhou et al., 2020 ). The physical environment could sustain significant harm by the attack on CPS. There is a possibility of both passive and active attacks against each layer of CPS. Additionally, CPS is more susceptible to attacks than traditional IT systems. These attacks can originate from the Internet, which is already being used as the transmission layer, and from within CPS itself (Peng et al., 2013 ). Attacks at the perception layer, for instance, target nodes like sensors and actuators; attacks at the application layer involve unauthorized access that compromises user privacy while on the other hand, attacks at the transmission layer focus on data loss or damage as well as security concerns during data transmission (Lu et al., 2013 ). Therefore, analysing potential attacks and creating a strong security architecture is necessary. Within computer science, Machine learning (ML) examines algorithms and systems capable of data synthesis (Colelli et al., 2021 ). It is employed in cyber-physical security to alleviate concerns regarding safety and reliability, and it is closely related to artificial intelligence and data mining (Shin et al., 2018 ). Complex relationships in various CPS components, such as sophisticated application software, diverse network protocols, and substantial physical systems in multiple components. ML techniques model these. However, ML techniques require several labelled datasets and cannot capture the distinctive characteristics of CPS, like spatiotemporal relationships. To represent the immutable nature of CPS, an intrusion detection system (IDS) captures physical characteristics and utilizes them to ensure network transmission security (Eiteneuer & Niggemann, 2020 ). 2. Methodology 2.1. Search Strategy The literature review examines the opportunities and challenges associated with the ML approach for detecting anomalies in cyber system networks through a comprehensive analysis of published studies. It employs a multi-phase process that includes finding authentic scholarly sources, extracting relevant research studies, and evaluating each study separately and collectively. A comprehensive research methodology for the ML models for anomaly detection has been added, comprising specific keywords, search criteria, and database collection. The search strategy of the review has been added, as shown in Table I. Table 1 Search Strategy S.no Search strategy 1. ("Machine Learning for Anomalies Detection") AND ("ML models in Cyber networks") AND ("Anomalies of cyber network system") AND ("Security measures of Cyber Networks") AND ("Cyber-Physical System Networks Unsupervised Anomaly Detection") AND ("Machine Learning for CPS Security") 2. ("Security Models of Cyber Network System") AND ("Cyber Attacks in Cyber Network Systems") AND ("Unauthorized Access Cyber-Physical System Networks") AND ("Attack Detection In Cyber-Physical Systems") 3. ("Opportunities/Challenges of ML Models in CPS Network") AND ("Limitation of ML Models in CPS network") 2.2. Inclusion and Exclusion criteria The inclusion and exclusion criteria have been added to ensure the target approach of the study and to define the selection process, as shown in Table II. Table 2 Inclusion and Exclusion Criteria Inclusion criteria Exclusion criteria Research articles, case studies, and review articles directly related to ML Models of CPS Network were included. Research articles, case studies, and review articles unrelated to the ML Models of the CPS Network were not included. Materials providing up-to-date information within the last ten years have been included. Invalid sources that do not reflect the current state of regulations have not been included. Information related to ML models was included only Information not associated with ML models was not included. Studies that related keywords to the title were included in this review. Studies having no relation with keywords to the title were not included in this review. 2.3. Data Extraction and Analysis In the review, fifteen studies were selected based on the following criteria: titles, publishers, objective of the model, model for detection and their opportunities and limitations that matched the purpose of the current investigation. The extracted data from the 15 articles was coded, categorized, and arranged according to relevant themes discussed during the data collection process, which was carried out using thematic analysis. The themes were designed considering the recurrent keywords in the paper. 3. Results The results of the review of fifteen studies have been discussed in Table III. Table 3 Results of Findings S. No Authors Publication Objective of Model Model of Detection Opportunities Limitations 1. (Colelli et al., 2021 ) IEEE Security threats in CPS. Random Forests (RF) RF is a supervised learning algorithm that can be used for both classification and regression. The main feature of this type of algorithm is the use of many weak predictors, i.e. single decision trees, where collaboration gives rise to a single strong predictor, i.e. a more accurate model obtained by merging the various decision trees. The classifiers involved are weakly related to each other. Hence, there needs to be little dependence between the models associated with the various classifiers and the training set, as there will be a reduction in variance and the classification error. 2. (Ramachandran et al., 2023 ) Tech Science Press Intends to recognize and detect strange behaviour in the CPS environment. Aquila Optimization with Machine Learning-Based Anomaly Detection (AOPTML-AD) model The obtained values highlighted that the AOPTML-AD model had reported better results than other models. It has resulted in a maximal accuracy of 97.27%. Managing long lead times for hardware, ensuring alignment between hardware and software development, and addressing cross-team communication issues are significant challenges in building hardware-reliant CPS. 3. (Almuqren et al., 2023 ) MDPI Detection and classification of intrusions in the CPS platform. Explainable Artificial Intelligence-Enabled Intrusion Detection Technique for Secure Cyber-Physical Systems (XAIID-SCPS) The technique integrates the XAI approach LIME for better understanding and explains the black-box method's ability to classify intrusions accurately. The simulation values of the XAIID-SCPS technique and the outcomes prove the promising performance over other recent approaches. Manual data labelling for abnormal states is inefficient, and monitoring manipulation attacks pose challenges. Automated data collection processes are needed for efficient analysis and detection. 4. (Duhayyim et al., 2022 ) MDPI Projected for the classification and identification of intrusions from the CPS environment. SFSA-DLIDS Though the FURIA model resulted in a reasonable accuracy of 98.82%, it accomplished maximum accuracy of 99.44%. Concluded that the SFSA-DLIDS model has shown enhanced security in the CPS environment. Outlier detection approaches should be integrated to improve the overall detection efficiency of the SFSA-DLIDS technique. 5. (Catillo et al., 2023 ) Elsevier A novel intrusion detection approach. CPS-GUARD A novel intrusion detection approach based on a single semi-supervised autoencoder and a technique to set the threshold to discriminate normal operations from attacks. Imperfect training data requires outlier-aware deep autoencoders for accurate anomaly detection while setting appropriate thresholds for distinguishing normal operations from attacks. This requires self-tuning methods for real-world operations. 6. (Nagarajan et al., 2022 ) Elsevier For anomaly detection and accurately estimated the posterior probabilities of anomalous and legitimate events in CPSs. GMM-KF integrated deep CNN model Military applications secure confidential information, medical applications transfer health records securely to patients or practitioners, and in smart cities, obtain the secure transmission of data through various sources. the Huge data processing can be less efficient, but with some improvements in the model, this limitation can be overcome. Furthermore, reduction in performance when new anomalies are identified. 7. (Zhang et al., 2023 ) MDPI Anomaly Detection for Next-Generation Double Deep Q-learning Partially Labeled Anomaly Detection Technique (DDQLPADT) Quite consistent and reliable while identifying anomalies in the considered datasets. It can manage complex and unique data environments while managing anomalies. Despite that, it only allows non-anomaly data for further processing, the communication cost of the NG-CPS network could be significantly improved. The challenge of handling imperfect training data can impact anomaly detection accuracy. This limitation underscores the need for strategies to mitigate imperfections in training data to ensure reliable anomaly detection outcomes. 8. (Bellettini & Rrushi, 2008 ) Springer Anomaly intrusion detection model State-of-the-art system call monitors The model detects persistent interposition attacks by intercepting and modifying the I/O data stream of a target process without system calls. It uses shuffle operations and product machines to obfuscate legitimate function call paths, offering a unique approach to anomaly detection in control systems. Implementing a Modbus model on a process incurs a 6% performance penalty but may not cover all attack scenarios and may have limitations in detecting sophisticated manipulation of control protocols. 9. (Alohali et al., 2022 ) Springer CCPS in industry 4.0 environment addressing security concerns An AI-enabled multimodal fusion-based intrusion detection system (AIMMF-IDS AIMMF-IDS technique has shown effectual outcomes with the least training and testing time. In the future, the AIMMF-IDS technique will be deployed in the big data environment to handle the massive generation of networking data. Outlier detection and feature reduction approaches can boost intrusion detection performance. 10. (Alguliyev et al., 2021 ) Springer Cyber-attack detection on cyber-physical systems Hybrid DeepGCL model The study combines three parallel neural architectures, employing the SPOCU activation function in hidden layers and a modified Adam optimizer to improve performance detecting and preventing cyber-attacks on cyber-physical systems, outperforming recent machine learning techniques. The Hybrid DeepGCL model's generalizability may be limited due to its limited scope, considering only two datasets (raw water treatment plant and gasoil heater loop process). Future research should evaluate the model on multiple datasets to improve its effectiveness and applicability. 11. (Wang et al., 2018 ) Springer Detection of network intrusion NIDS based on Naïve Bayes algorithm With the built patterns, the framework detects attacks in the datasets using the naïve Bayes Classifier algorithm. Compared to the Neural network-based approach. The framework had a higher detection rate, was less time-consuming and had a low cost factor. However, it generates somewhat more false positives. Naïve Bayes' assumption of independent attributes and sensitivity to feature selection can impact its accuracy in real-world scenarios, particularly when dealing with interrelated features, potentially requiring further research to improve performance. 12. (Saied et al., 2016 ) Elsevier To detect TCP, UDP and ICMP DDoS attacks Artificial Neural Network algorithm Compared to signature-based and other related academic research, our approach produced higher detection accuracy (98%) than other approaches. It managed to detect known (100%) and unknown (95%) DDoS attacks that are similar to what it was trained with (up-to-date patterns). The framework did not detect some unknown DDoS attacks. This means that improper training or old patterns can result in poor detection. This is due to the the fact that the algorithm detects based on scenarios, so more scenarios assist the ANN in understanding the nature of DDoS attacks. 13. (Ramadan, 2020 ) MDPI To prevent critical WSNs—sinkhole attack in smart cities Multipath-Based Intrusion Detection System (MBIDS) The study proposes clustering for energy-saving wireless sensor networks, simple intrusion detection algorithms for smart cities, and a cross-layer technique for application and network layer detection. The computation required for the MBIDS algorithm is relatively high. The algorithm's effectiveness may depend on the network size and complexity of the smart city environment. 14. (Sarker et al., 2020 ) MDPI Detecting various cyber-attacks or anomalies in a network Intrusion Detection Tree ("IntruDTree") The ML-based security model effectively predicts accuracy for unseen test cases and efficiently reduces computational costs by processing fewer features while generating the resultant tree-like model. It may generate false positives and negatives, requiring adaptation to new threats. Their computational efficiency, data quality, and scalability depend on the training data. 15. (Sarker et al., 2020 ) Elsevier Intrusion detection Clustering-based unsupervised intrusion detection (CBUID). The time complexity of CBUID is linear in terms of the size of the dataset and the number of attributes. The experiments demonstrated that the method outperforms the existing methods in terms of accuracy and detecting unknown intrusions. The interpretability of the clusters generated by CBUID may be limited, making it challenging to understand how intrusions are identified or categorized within the model. 4. Discussion 4.1. Cyber-Physical System Network A new technical infrastructure called Cyber-physical systems (CPS) combines communication, computation, and control technologies to apply feedback control to distributed embedded computing systems (Liu et al., 2017 ). In embedded systems, these systems transform conventional networks and embedded systems, facilitating dynamic, safe, real-time, reliable collaboration with physical systems (Sztipanovits et al., 2015 ) In CPS systems, data acquisition modules ensure accuracy and real-time capability by gathering data from distributed field services. According to service demands, the data is passed to the layer responsible for information processing, such as statistical processing of data, uncertainty management, data security, and feedback control (Rajkumar, 2012 ). CPS networking applications include digital medical equipment, distributed power systems, aviation and aircraft management, industrial control, and many other fields. It can also positively impact the economy and fundamentally alter the operation of current engineering physical systems (Aguida et al., 2020 ). However, the connectivity and openness increased the vulnerability to cyber and physical attacks. Current intrusion detection (IDS) methods or systems cannot detect cyber-physical attacks promptly. This is due to the increased risk of attacks during the product manufacturing and development life-cycle, the time it takes for an IDS to detect true alarms, and the network complexity. These challenges should be resolved by applying advanced approaches (Wu & Moon, 2019 ). 4.2. Machine Learning-Based Anomaly Detection in CPS Networks In recent years, ML techniques have demonstrated outstanding outcomes, reducing development costs and providing practical solutions to complex tasks in Computer-Programmed Systems (Gu & Easwaran, 2019 ). In CPS, ML has been applied to various decision-making and management tasks, such as surgical robots, self-driving and energy control. The safety concerns of ML-based CPS networks raise the need to improve system safety and reliability (Bojarski et al., 2016 ; Jain et al., 2018 ) ML offers a solution to complex problems where conventional programming approaches fall short, enhancing computer-human interaction and enabling problem-solving in areas where custom-built algorithms are impractical (Hasan et al., 2024 ). ML algorithms learn from examples of correct behaviour and serve as meta-algorithms for generating algorithms based on desired outputs. The study of ML expands the range of problems computers can solve and deepens our understanding of learning processes. ML research explores the computational foundations of learning, inspiring novel ML model designs and bridging the gap between computation and learning (Hasan et al., 2024 ; Jaisingh et al., 2024 ). 4.3. Taxonomy of Few Cyber Attacks The technical and nontechnical challenges in the environment system are called CPS challenges. Networking, energy management, cloud computing, complexity, privacy, stability, data management, security concerns, and other areas have presented challenges for the CPS (Bedi et al., 2016 ). CPS is a complex system that integrates digital and physical domains, making it vulnerable to cyber and physical attacks. Physical attacks target the CPS's infrastructure and control systems, ranging from equipment sabotage to unauthorized access (Kumar, 2024 ). Attackers exploit vulnerabilities to manipulate the underlying architecture, such as uncontrolled voltage flow disrupting hardware functionality. In the cyber domain, threats include denial of service (DoS), man-in-the-middle, masquerade, replay attacks, and cyber intrusions. Cyber-attacks involve unauthorized nodes infiltrating networks and assuming trusted identities, compromising CPS hardware, software, networks, and data (Kumar, 2024 ). A few of the common threats to the CPS network have been discussed below (Yaacoub et al., 2020 ) 4.3.1. Spoofing It is the practice of a malicious unknown source disguising themselves as a reputable organization. In this case, attackers might spoof sensors by sending inaccurate or misleading measurements to the control centre. 4.3.2. Sabotage In this case, the traffic of legal communications has been intercepted and reassigned to an unknown third party to disrupt the communication protocol. For instance, attackers might physically damage exposed CPS components throughout the power grid to disrupt service, which could result in a complete or partial blackout. 4.3.3. Service Disruption/Denial In this case, the attackers have been proficient in altering any device that might disrupt the communication, service or alteration in any configuration. This threat has been a major drawback for medical applications. 4.3.4. Tracking Due to the physical exposure of the devices, an attacker can acquire physical access to them, attach malicious devices, or follow legitimate ones. 4.4. Methods of Machine Learning Algorithms ML has become an established method for intrusion detection in CPS networks. ML aims to facilitate knowledge acquisition. This technique has produced a model that distinguishes between normal and abnormal classes. Anomaly detection is classified into three categories based on the function of training data used to create the CPS model (Injadat et al., 2018 ). The three broad categories have been discussed below 4.4.1. Supervised Learning Algorithm (SLA) SLA uses labelled training data to map inputs to outputs. They deduce a function for new data samples by analyzing the training data. Regression and classification make up the learning process; classification produces a limited number of definite classes, like binary or multitudinous. For examined instances, regression tasks yield continuous values; for example, a 97% probability of malware and a 3% probability of not (Liang et al., 2019 ). The process of SLA is to create a predictive model for both the normal and anomalous classes, followed by their comparison. The two major problems associated with this approach were fewer anomalies in the training set than in typical cases; second, it is difficult to identify accurate and representative labels, particularly for the anomaly class (Nassif et al., 2021 ). 4.4.2. Unsupervised Learning Algorithm (ULA) Compared to anomalies, the high common normal instances in the test dataset might lead to a high false alarm rate in SLA (Nassif et al., 2021 ). Conversely, ULA focuses on accomplishing more general objectives such as density estimation, clustering, and dimensionality reduction by using all input samples as unlabeled. Video noise reduction and discrimination were done using dimensionality reduction. Clustering is a technique for organizing data using mathematical, probabilistic, or statistical methods like self-orienting feature maps or TSK-DBN fuzzy learning (Nassif et al., 2021 ). Density estimation is the statistical approach to target data distribution in noise reduction and traffic density estimation (Yeshwanth et al., 2017 ). 4.4.3. Reinforcement Learning Algorithm (RLA) Semi-supervised techniques, or RLA, have been more common than supervised methods. This technique works under the assumption that the training dataset contains only labelled instances for the typical class, which means they do not require anomaly class labels. Instead of labelled input, it utilizes reward values to guide decision-making. Each execution enhances the model's overall decision-making by increasing rewards, resulting in a perception-action-learning loop (Nassif et al., 2021 ). Reinforcement methods typically use search policy or approximation of function value. Search policy implies determining the best policy using gradient-based or gradient-free techniques. For example, Google's Alpha Go has applied a search policy to learn autonomously and perform better without human intervention (Arulkumaran et al., 2017 ; Gibney, 2016 ; Liang et al., 2019 ). Value function approximation, on the other hand, calculates the expected benefits of actions to maximize learning. The quality function has guided its learning process and results (Liang et al., 2019 ). 4.5. Application of ML in Detection of Anomalies in CPS Network System 4.5.1. Smart Grid Smart Grids enhance the electric power grid by providing advanced monitoring, control, and communication, enabling efficient energy use for generators, consumers, and distributors. Cybersecurity is crucial for devices like Intelligent Electronic Devices (IEDs), requiring adequate protection and anomaly detection techniques. Real-time communication between IEDs is essential to protect human lives and their assets (Sahani et al., 2023 ). The interconnected power grid, consisting of substations, transmission lines, and transformers, connected to the Internet through a communication network. The smart grid quickly adapts to alterations in electrical demand and responds digitally to unfavorable fluctuations. However, failure to detect intrusions can lead to system failure (Banik et al., 2023 ; Quincozes et al., 2021 ). ML has been used to detect intrusions in smart grids by analyzing data to identify anomalies or suspicious activities (Kumar, 2024 ). In smart grids, ML-based intrusion detection systems (IDS) train algorithms on historical data to identify patterns and deviations that may indicate security breaches. These systems are trained on transmission and distribution power components datasets, allowing them to distinguish between normal and abnormal system behaviour. Key aspects of ML-based IDS include techniques, dataset generation processes, performance metrics, and future research directions (Sahani et al., 2023 ). 4.5.2. Smart Vehicles The rise of connected, smart and autonomous vehicles (CPS) has shifted significantly in the direction of a transportation system that replaces traditional human-operated vehicles with intelligent automation and robust communication. These vehicles minimize decision-making errors by operating with the same level of intelligence, control, and agility as human drivers (Abdallah et al., 2023 ). However, they also bring aspects of driver unpredictability and geographic diversity. SVs face risks from cyberattacks, such as cloning essential data, attacks on radars and telematics services, sensor deception, and camera sensor attacks (Alsulami et al., 2023 ). ML techniques are used extensively in intrusion detection in smart vehicles to improve cybersecurity measures (Banafshehvaragh & Rahmani, 2023 ). ML algorithms like K-Nearest Neighbor, Support Vector Machines, deep learning algorithms like LSTM and GRU, and ensemble learning models have been used to analyze data and identify abnormal behaviour (Aloqaily et al., 2019 ; Anbalagan et al., 2023 ). ML-based intrusion detection systems (IDS) are crucial in safeguarding advanced automotive systems from cyber threats. The use of supervised and unsupervised ML algorithms and deep learning techniques has shown promising results (Dini et al., 2023 ). 4.5.3. Health Care System IoT and wireless communications are revolutionizing medical applications, including early diagnosis, real-time monitoring, and emergency response (Hady et al., 2020 ). These technologies can reduce healthcare costs and improve health outcomes. Wearable sensors can monitor the vital signs of community residents, enabling healthcare providers to provide remote monitoring and diagnosis services (Fotouhi et al., 2016 ). However, security threats are a concern, as Health-CPS deals with complex medical data and requires to ensure confidentiality, accessibility, legitimacy, and accuracy. It is critical to identify and prevent intrusions because attackers have the potential to threaten lives of the patients. Insecure Healthcare 4.0 methods can result in health data privacy breaches, offering hackers an access to private data such as user’s email accounts and patient health reports. (Savanović et al., 2023 ). ML algorithms enhance healthcare systems' responsiveness to real-time security threats. They enable big data analysis, detecting abnormal patterns and potential breaches early. Deep learning algorithms automate security classification, eliminating manual intervention and providing end-to-end solutions. They also effectively detect zero-day attacks and new vulnerabilities; which traditional signature-based methods may struggle to identify. This makes healthcare systems more adaptable and responsive to security threats (Si-Ahmed et al., 2023 ). 4.5.4. Environmental Monitoring Advanced technologies like IoT and ML are crucial for monitoring air quality and noise levels for a healthy life (Gupta et al., 2018 ). In a study, a real-time IoT system makes it possible to predict noise and analyze air quality in the surrounding area. The system's portability, affordability, and compact size with sensors and GPU edge devices were a major focus. The SVM model was used for real-time prediction than any other model in the ML experiments conducted in real-time. The web interface included a map view so end users could visualise anticipated outcomes (Shah et al., 2020 ). In the agriculture sector, several ML-based developments have been made to control the growth of plants efficiently. In a study, the "gCrop" system uses IoT, ML, and WSN for plant growth monitoring has been used, providing 98% prediction accuracy (Shinde & Siddiqui, 2018 ). Another study measures the leaf area index using SVM and Gaussian process models with 89% accuracy (Shinde & Siddiqui, 2018 ). An expert system using AI and Naive Bayes method is used in agriculture to monitor fertilizer, pesticides, and water irrigation (Amado & Cruz, 2018 ). These technologies contribute to improving living conditions and enhancing urban development. The activity of photosynthesis of natural artificial biocenosis should be monitored as it is crucial for life on Earth (Khruschev et al., 2022 ). Decreased production of photosynthesis due to anthropogenic influences might have irreversible damage. Technologies are being developed to continuously monitor the state of terrestrial plants and microalgae's photosynthetic apparatus. Information sources for assessing (Laisk et al., 2002 ). ML methods are being considered for determining functional parameters of photosynthesis based on local and distant optical assessments, including classical and regression methods, analysis techniques of unsupervised cluster, methods of classification, and artificial neural networks (Khruschev et al., 2022 ). 4.6. Challenges in Implementing ML Techniques Feature Selection The features chosen for ML model training significantly impact the training time and accuracy of ML Models. However, choosing the right features for the ML model's training has been challenging. Techniques for feature selection that automatically select high-level features may offer a viable remedy for this problem (Liu & Lang, 2019 ; Sharma et al., 2022 ). 4.6.1. Model Performance It has been noticed that ML techniques have learned and represented real-world problem features as a nested hierarchy of concepts for achieving exemplary performance and flexibility (Picon Ruiz et al., 2020 ). However, the quality of training data and custom features determines how well ML techniques can perform (Kumar & Alqahtani, 2023 ). 4.6.2. Deployment Challenges In the application of ML models, differences in computation platforms can be crucial for safety. Unexpected obstacles or changes in operational environments post-deployment can lead to Incorrect predictions can impact the safety of the system, humans, and the environment. Additionally, while practical for many domains, online learning methods are currently unsuitable for safety-critical applications due to the inability to control data distribution (Pereira & Thomas, 2020 ). 4.6.3. Biases ML models, known as algorithm bias, can introduce bias during the model selection process. This bias can stem from various sources within the ML pipeline and may impact the fairness and reliability of the model (Pereira & Thomas, 2020 ). 4.6.4. Mismatch Model One of the major concern in the model selection phase was that, the chosen ML model or architecture may not fully align with the specific requirements of application. This mismatch can occur due to factors such as training data size, the amount of relevant features, and the trade-off between model accuracy and comprehensibility. Additionally, computational power limitations may restrict the selected models' complexity, potentially leading to decreased performance (Ashmore et al., 2021 ; Pereira & Thomas, 2020 ). 4.6.5. Safety Culture ML systems, being probabilistic, may conflict with the culture safety typically taken up in advancing safety-critical systems (Amirah et al., 2024 ). Since the operation of MLS depends on numerical parameters taken from datasets, its engineering has been less understood than that of general software rather than explicit programming for a specific task. Bridging the gap between traditional safety practices and the technology-focused culture of ML poses a challenge in ensuring the safety of CPS (Amirah et al., 2024 ; Serban, 2019 ). 4.7. Conclusion In conclusion, integrating ML techniques in the CPS network has represented a significant advancement towards enhancing system safety, reliability, and efficiency. ML-based anomaly detection systems offer a promising solution to the complex challenges of cyber and physical attacks in various domains. By leveraging ML algorithms, CPS networks can effectively detect and respond to anomalies, mitigating potential threats and ensuring the seamless operation of critical infrastructure. However, implementing ML techniques in CPS networks also presents several limitations that could be addressed to get an efficient method for anomaly detection in CPS networks. Declarations Acknowledgement The authors extend their appreciation to the University of Tabuk. Search Strategy Available upon request. References Abdallah, E. E., Aloqaily, A., & Fayez, H. (2023). Identifying Intrusion Attempts on Connected and Autonomous Vehicles: A Survey. Procedia Computer Science , 220 , 307-314. Aguida, M. A., Ouchani, S., & Benmalek, M. (2020). A review on cyber-physical systems: models and architectures. 2020 IEEE 29th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Alguliyev, R., Imamverdiyev, Y., & Sukhostat, L. (2021). Hybrid DeepGCL model for cyber-attacks detection on cyber-physical systems. Neural Computing and Applications , 33 (16), 10211-10226. Almuqren, L., Maashi, M. S., Alamgeer, M., Mohsen, H., Hamza, M. A., & Abdelmageed, A. A. (2023). Explainable artificial intelligence enabled intrusion detection technique for secure cyber-physical systems. Applied Sciences , 13 (5), 3081. Alohali, M. A., Al-Wesabi, F. N., Hilal, A. M., Goel, S., Gupta, D., & Khanna, A. (2022). Artificial intelligence enabled intrusion detection systems for cognitive cyber-physical systems in industry 4.0 environment. Cognitive Neurodynamics , 16 (5), 1045-1057. Aloqaily, M., Otoum, S., Al Ridhawi, I., & Jararweh, Y. (2019). An intrusion detection system for connected vehicles in smart cities. Ad Hoc Networks , 90 , 101842. Alsulami, A. A., Al-Haija, Q. A., Alturki, B., Alqahtani, A., & Alsini, R. (2023). Security strategy for autonomous vehicle cyber-physical systems using transfer learning. Journal of Cloud Computing , 12 (1), 181. Amado, T. M., & Cruz, J. C. D. (2018). Development of machine learning-based predictive models for air quality monitoring and characterization. TENCON 2018-2018 IEEE Region 10 Conference, Amirah, N. A., Him, N. F. N., Rashid, A., Rasheed, R., Zaliha, T. N., & Afthanorhan, A. (2024). Fostering a Safety Culture in Manufacturing Industry through Safety Behavior: A Structural Equation Modelling Approach. Journal of Safety and Sustainability . Anbalagan, S., Raja, G., Gurumoorthy, S., Suresh, R. D., & Dev, K. (2023). IIDS: Intelligent intrusion detection system for sustainable development in autonomous vehicles. IEEE Transactions on Intelligent Transportation Systems . Arulkumaran, K., Deisenroth, M. P., Brundage, M., & Bharath, A. A. (2017). Deep reinforcement learning: A brief survey. IEEE Signal Processing Magazine , 34 (6), 26-38. Ashmore, R., Calinescu, R., & Paterson, C. (2021). Assuring the machine learning lifecycle: Desiderata, methods, and challenges. ACM Computing Surveys (CSUR) , 54 (5), 1-39. Banafshehvaragh, S. T., & Rahmani, A. M. (2023). Intrusion, anomaly, and attack detection in smart vehicles. Microprocessors and Microsystems , 96 , 104726. Banik, S., Banik, T., & Banik, S. (2023). Intrusion Detection System in Smart Grid-A Review. Bansal, S., & Kumar, D. (2020). IoT ecosystem: A survey on devices, gateways, operating systems, middleware and communication. International Journal of Wireless Information Networks , 27 (3), 340-364. Bedi, G., Venayagamoorthy, G. K., & Singh, R. (2016). Navigating the challenges of Internet of Things (IoT) for power and energy systems. 2016 Clemson University Power Systems Conference (PSC), Bellettini, C., & Rrushi, J. L. (2008). A product machine model for anomaly detection of interposition attacks on cyber-physical systems. IFIP International Information Security Conference, Bojarski, M., Del Testa, D., Dworakowski, D., Firner, B., Flepp, B., Goyal, P., Jackel, L. D., Monfort, M., Muller, U., & Zhang, J. (2016). End to end learning for self-driving cars. arXiv preprint arXiv:1604.07316 . Catillo, M., Pecchia, A., & Villano, U. (2023). CPS-GUARD: Intrusion detection for cyber-physical systems and IoT devices using outlier-aware deep autoencoders. Computers & Security , 129 , 103210. Colelli, R., Magri, F., Panzieri, S., & Pascucci, F. (2021). Anomaly-based intrusion detection system for cyber-physical system security. 2021 29th Mediterranean Conference on Control and Automation (MED), Dini, P., Elhanashi, A., Begni, A., Saponara, S., Zheng, Q., & Gasmi, K. (2023). Overview on Intrusion Detection Systems Design Exploiting Machine Learning for Networking Cybersecurity. Applied Sciences , 13 (13), 7507. Duhayyim, M. A., Alissa, K. A., Alrayes, F. S., Alotaibi, S. S., Tag El Din, E. M., Abdelmageed, A. A., Yaseen, I., & Motwakel, A. (2022). Evolutionary-based deep stacked autoencoder for intrusion detection in a cloud-based cyber-physical system. Applied Sciences , 12 (14), 6875. Eiteneuer, B., & Niggemann, O. (2020). Lstm for model-based anomaly detection in cyber-physical systems. arXiv preprint arXiv:2010.15680 . Fotouhi, H., Causevic, A., Lundqvist, K., & Björkman, M. (2016). Communication and Security in Health Monitoring Systems--A Review. 2016 IEEE 40th annual computer software and applications conference (COMPSAC), Gibney, E. (2016). Google AI algorithm masters ancient game of Go. Nature , 529 (7587), 445-446. Gu, X., & Easwaran, A. (2019). Towards safe machine learning for cps: infer uncertainty from training data. Proceedings of the 10th ACM/IEEE International Conference on Cyber-Physical Systems, Gupta, A., Gupta, A., Jain, K., & Gupta, S. (2018). Noise pollution and impact on children health. The Indian Journal of Pediatrics , 85 (4), 300-306. Hady, A. A., Ghubaish, A., Salman, T., Unal, D., & Jain, R. (2020). Intrusion detection system for healthcare systems using medical and network data: A comparison study. IEEE Access , 8 , 106576-106584. Hasan, M. K., Abdulkadir, R. A., Islam, S., Gadekallu, T. R., & Safie, N. (2024). A review on machine learning techniques for secured cyber-physical systems in smart grid networks. Energy Reports , 11 , 1268-1290. Injadat, M., Salo, F., Nassif, A. B., Essex, A., & Shami, A. (2018). Bayesian optimization with machine learning algorithms towards anomaly detection. 2018 IEEE global communications conference (GLOBECOM), Jain, A., Nghiem, T., Morari, M., & Mangharam, R. (2018). Learning and control using Gaussian processes. 2018 ACM/IEEE 9th international conference on cyber-physical systems (ICCPS), Jaisingh, W., Nanjundan, P., & George, J. P. (2024). Machine Learning in Cyber Threats Intelligent System. In Artificial Intelligence for Cyber Defense and Smart Policing (pp. 1-20). Chapman and Hall/CRC. Khruschev, S., Plyusnina, T. Y., Antal, T., Pogosyan, S., Riznichenko, G. Y., & Rubin, A. (2022). Machine learning methods for assessing photosynthetic activity: environmental monitoring applications. Biophysical Reviews , 14 (4), 821-842. Kim, D., Won, Y., Kim, S., Eun, Y., Park, K.-J., & Johansson, K. H. (2019). Sampling rate optimization for IEEE 802.11 wireless control systems. Proceedings of the 10th ACM/IEEE International Conference on Cyber-Physical Systems, Kim, S., & Park, K.-J. (2021). A survey on machine-learning based security design for cyber-physical systems. Applied Sciences , 11 (12), 5458. Kumar, A. (2024). Cybersecurity Threat Detection using Machine Learning and Network Analysis. Journal of Artificial Intelligence General science (JAIGS) ISSN: 3006-4023 , 1 (1), 38-46. Kumar, G., & Alqahtani, H. (2023). Machine Learning Techniques for Intrusion Detection Systems in SDN-Recent Advances, Challenges and Future Directions. CMES-Computer Modeling in Engineering & Sciences , 134 (1). Laisk, A., Oja, V., Rasulov, B., Rämma, H., Eichelmann, H., Kasparova, I., Pettai, H., Padu, E., & Vapaavuori, E. (2002). A computer‐operated routine of gas exchange and optical measurements to diagnose photosynthetic apparatus in leaves. Plant, Cell & Environment , 25 (7), 923-943. Liang, F., Hatcher, W. G., Liao, W., Gao, W., & Yu, W. (2019). Machine learning for security and the internet of things: the good, the bad, and the ugly. Ieee Access , 7 , 158126-158147. Liu, H., & Lang, B. (2019). Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences , 9 (20), 4396. Liu, Y., Peng, Y., Wang, B., Yao, S., & Liu, Z. (2017). Review on cyber-physical systems. IEEE/CAA Journal of Automatica Sinica , 4 (1), 27-40. Lu, T., Xu, B., Guo, X., Zhao, L., & Xie, F. (2013). A new multilevel framework for cyber-physical system security. First international Workshop on the Swarm at the Edge of the Cloud, Nagarajan, S. M., Deverajan, G. G., Bashir, A. K., Mahapatra, R. P., & Al-Numay, M. S. (2022). IADF-CPS: Intelligent anomaly detection framework towards cyber physical systems. Computer Communications , 188 , 81-89. Nassif, A. B., Talib, M. A., Nasir, Q., & Dakalbab, F. M. (2021). Machine learning for anomaly detection: A systematic review. Ieee Access , 9 , 78658-78700. Peng, Y., Lu, T., Liu, J., Gao, Y., Guo, X., & Xie, F. (2013). Cyber-physical system risk assessment. 2013 ninth international conference on intelligent information hiding and multimedia signal processing, Pereira, A., & Thomas, C. (2020). Challenges of machine learning applied to safety-critical cyber-physical systems. Machine Learning and Knowledge Extraction , 2 (4), 579-602. Picon Ruiz, A., Alvarez Gila, A., Irusta, U., & Echazarra Huguet, J. (2020). Why deep learning performs better than classical machine learning? Dyna Ingenieria E Industria . Quincozes, S. E., Mossé, D., Passos, D., Albuquerque, C., Ochi, L. S., & dos Santos, V. F. (2021). On the performance of GRASP-based feature selection for CPS intrusion detection. IEEE Transactions on Network and Service Management , 19 (1), 614-626. Rajkumar, R. (2012). A cyber–physical future. Proceedings of the IEEE , 100 (Special Centennial Issue), 1309-1312. Ramachandran, A., Gayathri, K., Alkhayyat, A., & Malik, R. Q. (2023). Aquila Optimization with Machine Learning-Based Anomaly Detection Technique in Cyber-Physical Systems. Computer Systems Science & Engineering , 46 (2). Ramadan, R. A. (2020). Efficient intrusion detection algorithms for smart cities-based wireless sensing technologies. Journal of Sensor and Actuator Networks , 9 (3), 39. Sahani, N., Zhu, R., Cho, J.-H., & Liu, C.-C. (2023). Machine learning-based intrusion detection for smart grid computing: A survey. ACM Transactions on Cyber-Physical Systems , 7 (2), 1-31. Saied, A., Overill, R. E., & Radzik, T. (2016). Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing , 172 , 385-393. Sarker, I. H., Abushark, Y. B., Alsolami, F., & Khan, A. I. (2020). Intrudtree: a machine learning based cyber security intrusion detection model. Symmetry , 12 (5), 754. Savanović, N., Toskovic, A., Petrovic, A., Zivkovic, M., Damaševičius, R., Jovanovic, L., Bacanin, N., & Nikolic, B. (2023). Intrusion detection in healthcare 4.0 internet of things systems via metaheuristics optimized machine learning. Sustainability , 15 (16), 12563. Serban, A. C. (2019). Designing safety critical software systems to manage inherent uncertainty. 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), Shah, S. K., Tariq, Z., Lee, J., & Lee, Y. (2020). Real-time machine learning for air quality and environmental noise detection. 2020 IEEE International Conference on Big Data (Big Data), Sharma, B., Sharma, L., & Lal, C. (2022). Feature selection and deep learning technique for intrusion detection system in IoT. Proceedings of International Conference on Computational Intelligence: ICCI 2020, Shin, J., Baek, Y., Lee, J., & Lee, S. (2018). Cyber-physical attack detection and recovery based on RNN in automotive brake systems. Applied Sciences , 9 (1), 82. Shinde, D., & Siddiqui, N. (2018). IOT Based environment change monitoring & controlling in greenhouse using WSN. 2018 International Conference on Information, Communication, Engineering and Technology (ICICET), Si-Ahmed, A., Al-Garadi, M. A., & Boustia, N. (2023). Survey of Machine Learning based intrusion detection methods for Internet of Medical Things. Applied Soft Computing , 110227. Sztipanovits, J., Koutsoukos, X., Karsai, G., Kottenstette, N., Antsaklis, P., Gupta, V., Goodwine, B., Baras, J., & Wang, S. (2015). Toward a science of cyber–physical system integration. Proceedings of the IEEE , 100 (1), 29-44. Wang, Y., Li, Y., Tian, D., Wang, C., Wang, W., Hui, R., Guo, P., & Zhang, H. (2018). A novel intrusion detection system based on advanced naive Bayesian classification. 5G for Future Wireless Networks: First International Conference, 5GWN 2017, Beijing, China, April 21-23, 2017, Proceedings 1, Wolf, M., & Serpanos, D. (2017). Safety and security in cyber-physical systems and internet-of-things systems. Proceedings of the IEEE , 106 (1), 9-20. Wu, M., & Moon, Y. B. (2019). Intrusion detection of cyber-physical attacks in manufacturing systems: A review. ASME International Mechanical Engineering Congress and Exposition, Yaacoub, J.-P. A., Salman, O., Noura, H. N., Kaaniche, N., Chehab, A., & Malli, M. (2020). Cyber-physical systems security: Limitations, issues and future trends. Microprocessors and microsystems , 77 , 103201. Yeshwanth, C., Sooraj, P. A., Sudhakaran, V., & Raveendran, V. (2017). Estimation of intersection traffic density on decentralized architectures with deep networks. 2017 International Smart Cities Conference (ISC2), Zhang, Y., Jamjoom, M., & Ullah, Z. (2023). Double Deep Q-Network Next-Generation Cyber-Physical Systems: A Reinforcement Learning-Enabled Anomaly Detection Framework for Next-Generation Cyber-Physical Systems. Electronics , 12 (17), 3632. Zhou, X., Liang, W., Shimizu, S., Ma, J., & Jin, Q. (2020). Siamese neural network based few-shot learning for anomaly detection in industrial cyber-physical systems. IEEE Transactions on Industrial Informatics , 17 (8), 5790-5798. Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-4412375","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":304567879,"identity":"d5615fa1-aee2-4887-b7aa-bd7fa00aade7","order_by":0,"name":"Asma Ahmed","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABC0lEQVRIiWNgGAWjYLACxgYgcYCBDcI7DuIVMDBIEK/lzAEgx4AkLTcS8Gvh7z+d+OHnjm1yfNcOH3vwMwfIuPn4mPQHAxs5yQbmh49uYGqRuJG7WbL3zG1jydtp6Ya928CMNIkDBmnG0gxsxsY5WKy5wbtBgrftduKG2zlmErzboIwDBocT5zHwsElj0SJ//uzmn3/bbteDVEr+3QZk3DyDX4vBgdxt0kBbEgyAWqSBtiQY3OCBaJmNQ4vhjdxt1rJttw1nAr0gLbsNyDiTlmxxBugXyWbsfpEDOuzm27bb8ny3k49Jvt0GZBw/fPBGRYWNnMTx5oePsXkfD2AmTfkoGAWjYBSMAgQAAPBNdUy5X1X9AAAAAElFTkSuQmCC","orcid":"","institution":"University of Tabuk","correspondingAuthor":true,"prefix":"","firstName":"Asma","middleName":"","lastName":"Ahmed","suffix":""}],"badges":[],"createdAt":"2024-05-13 09:54:36","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-4412375/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-4412375/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":58158548,"identity":"003bba7b-76e9-481c-91a7-a17ff08c2884","added_by":"auto","created_at":"2024-06-11 23:07:21","extension":"pdf","order_by":0,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":803358,"visible":true,"origin":"","legend":"","description":"","filename":"manuscript.pdf","url":"https://assets-eu.researchsquare.com/files/rs-4412375/v1/49fab7d4-9c1e-49b9-81df-9c7801b58240.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Advancements in Anomaly Detection: A Review of Machine Learning Applications in Cyber-Physical System Networks","fulltext":[{"header":"1. Introduction","content":"\u003cp\u003eCyber-physical systems or CPS have been integrated and combined with physical and cyber components like sensors and actuators into an integrated real-time control system (Bansal \u0026amp; Kumar, \u003cspan citationid=\"CR15\" class=\"CitationRef\"\u003e2020\u003c/span\u003e). Along with common communication protocols, communication links have been used to connect various systems, such as computer networks and the Internet. \"Conventional Industrial Control Systems\" (ICS), \"Supervisory Control and Data Acquisition\" (SCADA), and the more recent Internet of Things (IoT)-based smart systems are all included in the broad field of CPS (Kim \u0026amp; Park, \u003cspan citationid=\"CR35\" class=\"CitationRef\"\u003e2021\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eIn the practical world, CPSs have integrated physical systems and software management in the cyber world, with networks responsible for information interchange (Kim et al., \u003cspan citationid=\"CR34\" class=\"CitationRef\"\u003e2019\u003c/span\u003e). Technological developments in communications allow for low latency real-time communications, which enables the remote control of multiple physical systems and offers intelligent services to CPS users. CPSs constitute crucial technologies for a variety of industrial applications, such as smart grids, medical systems, and intelligent transportation systems. (Wolf \u0026amp; Serpanos, \u003cspan citationid=\"CR64\" class=\"CitationRef\"\u003e2017\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eThe advancements in cybersecurity have surpassed the rapid growth of CPS, with new security challenges and threat models that lack an integrated and cohesive framework for secure design, risk mitigation, malware and resistance (Wolf \u0026amp; Serpanos, \u003cspan citationid=\"CR64\" class=\"CitationRef\"\u003e2017\u003c/span\u003e). CPSs can be divided into application, physical and transmission layers. The 4.0 industrial development has enabled real-time perception, information crevices and dynamic control. With the development of Industry 4.0, CPSs can enable macro-level engineering systems to benefit from real-time perception, dynamic control, and information service. However, the diversity of CPS applications across IoT networks makes them vulnerable to physical and cyber attackers, specifically for message transmission in smart manufacturing operations (Zhou et al., \u003cspan citationid=\"CR69\" class=\"CitationRef\"\u003e2020\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eThe physical environment could sustain significant harm by the attack on CPS. There is a possibility of both passive and active attacks against each layer of CPS. Additionally, CPS is more susceptible to attacks than traditional IT systems. These attacks can originate from the Internet, which is already being used as the transmission layer, and from within CPS itself (Peng et al., \u003cspan citationid=\"CR45\" class=\"CitationRef\"\u003e2013\u003c/span\u003e). Attacks at the perception layer, for instance, target nodes like sensors and actuators; attacks at the application layer involve unauthorized access that compromises user privacy while on the other hand, attacks at the transmission layer focus on data loss or damage as well as security concerns during data transmission (Lu et al., \u003cspan citationid=\"CR42\" class=\"CitationRef\"\u003e2013\u003c/span\u003e). Therefore, analysing potential attacks and creating a strong security architecture is necessary.\u003c/p\u003e \u003cp\u003eWithin computer science, Machine learning (ML) examines algorithms and systems capable of data synthesis (Colelli et al., \u003cspan citationid=\"CR20\" class=\"CitationRef\"\u003e2021\u003c/span\u003e). It is employed in cyber-physical security to alleviate concerns regarding safety and reliability, and it is closely related to artificial intelligence and data mining (Shin et al., \u003cspan citationid=\"CR59\" class=\"CitationRef\"\u003e2018\u003c/span\u003e). Complex relationships in various CPS components, such as sophisticated application software, diverse network protocols, and substantial physical systems in multiple components. ML techniques model these. However, ML techniques require several labelled datasets and cannot capture the distinctive characteristics of CPS, like spatiotemporal relationships. To represent the immutable nature of CPS, an intrusion detection system (IDS) captures physical characteristics and utilizes them to ensure network transmission security (Eiteneuer \u0026amp; Niggemann, \u003cspan citationid=\"CR23\" class=\"CitationRef\"\u003e2020\u003c/span\u003e).\u003c/p\u003e"},{"header":"2. Methodology","content":"\u003cdiv id=\"Sec3\" class=\"Section2\"\u003e \u003ch2\u003e2.1. Search Strategy\u003c/h2\u003e \u003cp\u003eThe literature review examines the opportunities and challenges associated with the ML approach for detecting anomalies in cyber system networks through a comprehensive analysis of published studies. It employs a multi-phase process that includes finding authentic scholarly sources, extracting relevant research studies, and evaluating each study separately and collectively. A comprehensive research methodology for the ML models for anomaly detection has been added, comprising specific keywords, search criteria, and database collection. The search strategy of the review has been added, as shown in Table I.\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"Yes\" id=\"Tab1\" border=\"1\"\u003e \u003ccaption language=\"En\"\u003e \u003cdiv class=\"CaptionNumber\"\u003eTable 1\u003c/div\u003e \u003cdiv class=\"CaptionContent\"\u003e \u003cp\u003eSearch Strategy\u003c/p\u003e \u003c/div\u003e \u003c/caption\u003e \u003ccolgroup cols=\"2\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eS.no\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eSearch strategy\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e\u003cb\u003e1.\u003c/b\u003e\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\"Machine Learning for Anomalies Detection\") AND (\"ML models in Cyber networks\") AND (\"Anomalies of cyber network system\") AND (\"Security measures of Cyber Networks\") AND (\"Cyber-Physical System Networks Unsupervised Anomaly Detection\") AND (\"Machine Learning for CPS Security\")\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e\u003cb\u003e2.\u003c/b\u003e\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\"Security Models of Cyber Network System\") AND (\"Cyber Attacks in Cyber Network Systems\") AND (\"Unauthorized Access Cyber-Physical System Networks\") AND (\"Attack Detection In Cyber-Physical Systems\")\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e\u003cb\u003e3.\u003c/b\u003e\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(\"Opportunities/Challenges of ML Models in CPS Network\") AND (\"Limitation of ML Models in CPS network\")\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec4\" class=\"Section2\"\u003e \u003ch2\u003e2.2. Inclusion and Exclusion criteria\u003c/h2\u003e \u003cp\u003eThe inclusion and exclusion criteria have been added to ensure the target approach of the study and to define the selection process, as shown in Table II.\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"Yes\" id=\"Tab2\" border=\"1\"\u003e \u003ccaption language=\"En\"\u003e \u003cdiv class=\"CaptionNumber\"\u003eTable 2\u003c/div\u003e \u003cdiv class=\"CaptionContent\"\u003e \u003cp\u003eInclusion and Exclusion Criteria\u003c/p\u003e \u003c/div\u003e \u003c/caption\u003e \u003ccolgroup cols=\"2\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eInclusion criteria\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eExclusion criteria\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eResearch articles, case studies, and review articles directly related to ML Models of CPS Network were included.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eResearch articles, case studies, and review articles unrelated to the ML Models of the CPS Network were not included.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eMaterials providing up-to-date information within the last ten years have been included.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eInvalid sources that do not reflect the current state of regulations have not been included.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eInformation related to ML models was included only\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eInformation not associated with ML models was not included.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003eStudies that related keywords to the title were included in this review.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003eStudies having no relation with keywords to the title were not included in this review.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec5\" class=\"Section2\"\u003e \u003ch2\u003e2.3. Data Extraction and Analysis\u003c/h2\u003e \u003cp\u003eIn the review, fifteen studies were selected based on the following criteria: titles, publishers, objective of the model, model for detection and their opportunities and limitations that matched the purpose of the current investigation. The extracted data from the 15 articles was coded, categorized, and arranged according to relevant themes discussed during the data collection process, which was carried out using thematic analysis. The themes were designed considering the recurrent keywords in the paper.\u003c/p\u003e \u003c/div\u003e"},{"header":"3. Results","content":"\u003cp\u003eThe results of the review of fifteen studies have been discussed in Table III.\u003c/p\u003e \u003cp\u003e \u003cdiv class=\"gridtable\"\u003e\u003ctable float=\"Yes\" id=\"Tab3\" border=\"1\"\u003e \u003ccaption language=\"En\"\u003e \u003cdiv class=\"CaptionNumber\"\u003eTable 3\u003c/div\u003e \u003cdiv class=\"CaptionContent\"\u003e \u003cp\u003eResults of Findings\u003c/p\u003e \u003c/div\u003e \u003c/caption\u003e \u003ccolgroup cols=\"7\"\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c1\" colnum=\"1\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c2\" colnum=\"2\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c3\" colnum=\"3\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c4\" colnum=\"4\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c5\" colnum=\"5\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c6\" colnum=\"6\"\u003e\u003c/div\u003e \u003cdiv align=\"left\" class=\"colspec\" colname=\"c7\" colnum=\"7\"\u003e\u003c/div\u003e \u003cthead\u003e \u003ctr\u003e \u003cth align=\"left\" colname=\"c1\"\u003e \u003cp\u003eS. No\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c2\"\u003e \u003cp\u003eAuthors\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c3\"\u003e \u003cp\u003ePublication\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c4\"\u003e \u003cp\u003eObjective of Model\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c5\"\u003e \u003cp\u003eModel of Detection\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c6\"\u003e \u003cp\u003eOpportunities\u003c/p\u003e \u003c/th\u003e \u003cth align=\"left\" colname=\"c7\"\u003e \u003cp\u003eLimitations\u003c/p\u003e \u003c/th\u003e \u003c/tr\u003e \u003c/thead\u003e \u003ctbody\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e1.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Colelli et al., \u003cspan citationid=\"CR20\" class=\"CitationRef\"\u003e2021\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eIEEE\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eSecurity threats in CPS.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eRandom Forests (RF)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eRF is a supervised learning algorithm that can be used for both classification and regression. The main feature of this type of algorithm is the use of many weak predictors, i.e. single decision trees, where collaboration gives rise to a single strong predictor, i.e. a more accurate model obtained by merging the various decision trees.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eThe classifiers involved are weakly related to each other. Hence, there needs to be little dependence between the models associated with the various classifiers and the training set, as there will be a reduction in variance and the classification error.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e2.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Ramachandran et al., \u003cspan citationid=\"CR50\" class=\"CitationRef\"\u003e2023\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eTech Science Press\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eIntends to recognize and detect strange behaviour in the\u003c/p\u003e \u003cp\u003eCPS environment.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eAquila Optimization with Machine Learning-Based Anomaly Detection (AOPTML-AD) model\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eThe obtained values highlighted that the AOPTML-AD model had reported better results than other models. It has resulted in a maximal accuracy of 97.27%.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eManaging long lead times for hardware, ensuring alignment between hardware and software development, and addressing cross-team communication issues are significant challenges in building hardware-reliant CPS.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e3.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Almuqren et al., \u003cspan citationid=\"CR4\" class=\"CitationRef\"\u003e2023\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eMDPI\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eDetection and classification of intrusions in the CPS platform.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eExplainable Artificial Intelligence-Enabled Intrusion Detection Technique for Secure Cyber-Physical Systems\u003c/p\u003e \u003cp\u003e(XAIID-SCPS)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eThe technique integrates the XAI approach LIME for better understanding and explains the black-box method's ability to classify intrusions accurately. The simulation values of the XAIID-SCPS technique and the outcomes prove the promising performance over other recent approaches.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eManual data labelling for abnormal states is inefficient, and monitoring manipulation attacks pose challenges. Automated data collection processes are needed for efficient analysis and detection.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e4.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Duhayyim et al., \u003cspan citationid=\"CR22\" class=\"CitationRef\"\u003e2022\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eMDPI\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eProjected for the classification and identification of intrusions from the CPS environment.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eSFSA-DLIDS\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eThough the FURIA model resulted in a reasonable accuracy\u003c/p\u003e \u003cp\u003eof 98.82%, it accomplished maximum accuracy\u003c/p\u003e \u003cp\u003eof 99.44%. Concluded that the SFSA-DLIDS model has shown enhanced security in the CPS environment.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eOutlier detection approaches should be integrated to improve the overall detection efficiency of the SFSA-DLIDS technique.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e5.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Catillo et al., \u003cspan citationid=\"CR19\" class=\"CitationRef\"\u003e2023\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eElsevier\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eA novel intrusion detection approach.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eCPS-GUARD\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eA novel intrusion detection approach based on a single semi-supervised autoencoder and a technique to set the threshold to discriminate normal operations from attacks.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eImperfect training data requires outlier-aware deep autoencoders for accurate anomaly detection while setting appropriate thresholds for distinguishing normal operations from attacks. This requires self-tuning methods for real-world operations.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e6.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Nagarajan et al., \u003cspan citationid=\"CR43\" class=\"CitationRef\"\u003e2022\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eElsevier\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eFor anomaly detection\u003c/p\u003e \u003cp\u003eand accurately estimated the posterior probabilities of anomalous and legitimate events in CPSs.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eGMM-KF integrated deep CNN model\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eMilitary applications secure confidential information, medical applications transfer health records securely to patients or practitioners, and in smart cities, obtain the secure transmission of data\u003c/p\u003e \u003cp\u003ethrough various sources.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003ethe\u003c/p\u003e \u003cp\u003eHuge data processing can be less efficient, but with some improvements in the model, this limitation can be overcome. Furthermore, reduction in performance when new anomalies are\u003c/p\u003e \u003cp\u003eidentified.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e7.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Zhang et al., \u003cspan citationid=\"CR68\" class=\"CitationRef\"\u003e2023\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eMDPI\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eAnomaly Detection for Next-Generation\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eDouble Deep Q-learning Partially Labeled Anomaly Detection Technique (DDQLPADT)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eQuite consistent and reliable while identifying anomalies in the considered datasets. It can manage complex and unique data environments while managing anomalies. Despite that, it only allows non-anomaly data for further processing, the communication cost of the NG-CPS network could be significantly improved.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eThe challenge of handling imperfect training data can impact anomaly detection accuracy. This limitation underscores the need for strategies to mitigate imperfections in training data to ensure reliable anomaly detection outcomes.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e8.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Bellettini \u0026amp; Rrushi, \u003cspan citationid=\"CR17\" class=\"CitationRef\"\u003e2008\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eSpringer\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eAnomaly intrusion detection model\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eState-of-the-art system call monitors\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eThe model detects persistent interposition attacks by intercepting and modifying the I/O data stream of a target process without system calls. It uses shuffle operations and product machines to obfuscate legitimate function call paths, offering a unique approach to anomaly detection in control systems.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eImplementing a Modbus model on a process incurs a 6% performance penalty but may not cover all attack scenarios and may have limitations in detecting sophisticated manipulation of control protocols.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e9.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Alohali et al., \u003cspan citationid=\"CR5\" class=\"CitationRef\"\u003e2022\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eSpringer\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eCCPS in industry 4.0 environment addressing security concerns\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eAn AI-enabled multimodal fusion-based intrusion detection system (AIMMF-IDS\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eAIMMF-IDS technique has shown effectual outcomes with the least training and testing time. In the future, the AIMMF-IDS technique will be deployed in the big data environment to handle the massive generation of networking data.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eOutlier detection and feature reduction approaches can boost intrusion detection performance.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e10.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Alguliyev et al., \u003cspan citationid=\"CR3\" class=\"CitationRef\"\u003e2021\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eSpringer\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eCyber-attack detection on cyber-physical\u003c/p\u003e \u003cp\u003esystems\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eHybrid DeepGCL model\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eThe study combines three parallel neural architectures, employing the SPOCU activation function in hidden layers and a modified Adam optimizer to improve performance detecting and preventing cyber-attacks on cyber-physical systems, outperforming recent machine learning techniques.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eThe Hybrid DeepGCL model's generalizability may be limited due to its limited scope, considering only two datasets (raw water treatment plant and gasoil heater loop process). Future research should evaluate the model on multiple datasets to improve its effectiveness and applicability.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e11.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Wang et al., \u003cspan citationid=\"CR63\" class=\"CitationRef\"\u003e2018\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eSpringer\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eDetection of network intrusion\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eNIDS\u003c/p\u003e \u003cp\u003ebased on Na\u0026iuml;ve Bayes algorithm\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eWith the built patterns, the\u003c/p\u003e \u003cp\u003eframework detects attacks in the datasets using the\u003c/p\u003e \u003cp\u003ena\u0026iuml;ve Bayes Classifier algorithm. Compared to the\u003c/p\u003e \u003cp\u003eNeural network-based approach. The framework had a higher detection rate, was less time-consuming and had a low\u003c/p\u003e \u003cp\u003ecost factor. However, it generates somewhat more false\u003c/p\u003e \u003cp\u003epositives.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eNa\u0026iuml;ve Bayes' assumption of independent attributes and sensitivity to feature selection can impact its accuracy in real-world scenarios, particularly when dealing with interrelated features, potentially requiring further research to improve performance.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e12.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Saied et al., \u003cspan citationid=\"CR53\" class=\"CitationRef\"\u003e2016\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eElsevier\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eTo detect TCP, UDP and ICMP DDoS attacks\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eArtificial Neural Network algorithm\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eCompared to signature-based and other related academic research, our approach produced higher detection accuracy (98%) than other approaches. It managed to detect known (100%) and unknown (95%) DDoS attacks that are similar to what it was trained with (up-to-date patterns).\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eThe framework did not detect some unknown DDoS attacks. This means that improper\u003c/p\u003e \u003cp\u003etraining or old patterns can result in poor detection.\u003c/p\u003e \u003cp\u003eThis is due to the\u003c/p\u003e \u003cp\u003ethe fact that the algorithm detects based on scenarios, so more\u003c/p\u003e \u003cp\u003escenarios assist the ANN in understanding the nature of DDoS attacks.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e13.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Ramadan, \u003cspan citationid=\"CR51\" class=\"CitationRef\"\u003e2020\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eMDPI\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eTo prevent critical WSNs\u0026mdash;sinkhole attack in smart cities\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eMultipath-Based Intrusion Detection System (MBIDS)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eThe study proposes clustering for energy-saving wireless sensor networks, simple intrusion detection algorithms for smart cities, and a cross-layer technique for application and network layer detection.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eThe computation required for the MBIDS algorithm is relatively high.\u003c/p\u003e \u003cp\u003eThe algorithm's effectiveness may depend on the network size and complexity of the smart city environment.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e14.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Sarker et al., \u003cspan citationid=\"CR54\" class=\"CitationRef\"\u003e2020\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eMDPI\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eDetecting various cyber-attacks or anomalies in a network\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eIntrusion Detection Tree (\"IntruDTree\")\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eThe ML-based security model effectively predicts accuracy for unseen test cases and efficiently reduces computational costs by processing fewer features while generating the resultant tree-like model.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eIt may generate false positives and negatives, requiring adaptation to new threats. Their computational efficiency, data quality, and scalability depend on the training data.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003ctr\u003e \u003ctd align=\"left\" colname=\"c1\"\u003e \u003cp\u003e15.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c2\"\u003e \u003cp\u003e(Sarker et al., \u003cspan citationid=\"CR54\" class=\"CitationRef\"\u003e2020\u003c/span\u003e)\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c3\"\u003e \u003cp\u003eElsevier\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c4\"\u003e \u003cp\u003eIntrusion detection\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c5\"\u003e \u003cp\u003eClustering-based unsupervised intrusion detection (CBUID).\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c6\"\u003e \u003cp\u003eThe time complexity of\u003c/p\u003e \u003cp\u003eCBUID is linear in terms of the size of the dataset and the number\u003c/p\u003e \u003cp\u003eof attributes. The experiments demonstrated that the\u003c/p\u003e \u003cp\u003emethod outperforms the existing methods in terms of accuracy and detecting unknown intrusions.\u003c/p\u003e \u003c/td\u003e \u003ctd align=\"left\" colname=\"c7\"\u003e \u003cp\u003eThe interpretability of the clusters generated by CBUID may be limited, making it challenging to understand how intrusions are identified or categorized within the model.\u003c/p\u003e \u003c/td\u003e \u003c/tr\u003e \u003c/tbody\u003e \u003c/colgroup\u003e \u003c/table\u003e\u003c/div\u003e \u003c/p\u003e"},{"header":"4. Discussion","content":"\u003cdiv id=\"Sec8\" class=\"Section2\"\u003e \u003ch2\u003e4.1. Cyber-Physical System Network\u003c/h2\u003e \u003cp\u003eA new technical infrastructure called Cyber-physical systems (CPS) combines communication, computation, and control technologies to apply feedback control to distributed embedded computing systems (Liu et al., \u003cspan citationid=\"CR41\" class=\"CitationRef\"\u003e2017\u003c/span\u003e). In embedded systems, these systems transform conventional networks and embedded systems, facilitating dynamic, safe, real-time, reliable collaboration with physical systems (Sztipanovits et al., \u003cspan citationid=\"CR62\" class=\"CitationRef\"\u003e2015\u003c/span\u003e)\u003c/p\u003e \u003cp\u003eIn CPS systems, data acquisition modules ensure accuracy and real-time capability by gathering data from distributed field services. According to service demands, the data is passed to the layer responsible for information processing, such as statistical processing of data, uncertainty management, data security, and feedback control (Rajkumar, \u003cspan citationid=\"CR49\" class=\"CitationRef\"\u003e2012\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eCPS networking applications include digital medical equipment, distributed power systems, aviation and aircraft management, industrial control, and many other fields. It can also positively impact the economy and fundamentally alter the operation of current engineering physical systems (Aguida et al., \u003cspan citationid=\"CR2\" class=\"CitationRef\"\u003e2020\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eHowever, the connectivity and openness increased the vulnerability to cyber and physical attacks. Current intrusion detection (IDS) methods or systems cannot detect cyber-physical attacks promptly. This is due to the increased risk of attacks during the product manufacturing and development life-cycle, the time it takes for an IDS to detect true alarms, and the network complexity. These challenges should be resolved by applying advanced approaches (Wu \u0026amp; Moon, \u003cspan citationid=\"CR65\" class=\"CitationRef\"\u003e2019\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec9\" class=\"Section2\"\u003e \u003ch2\u003e4.2. Machine Learning-Based Anomaly Detection in CPS Networks\u003c/h2\u003e \u003cp\u003eIn recent years, ML techniques have demonstrated outstanding outcomes, reducing development costs and providing practical solutions to complex tasks in Computer-Programmed Systems (Gu \u0026amp; Easwaran, \u003cspan citationid=\"CR26\" class=\"CitationRef\"\u003e2019\u003c/span\u003e). In CPS, ML has been applied to various decision-making and management tasks, such as surgical robots, self-driving and energy control. The safety concerns of ML-based CPS networks raise the need to improve system safety and reliability (Bojarski et al., \u003cspan citationid=\"CR18\" class=\"CitationRef\"\u003e2016\u003c/span\u003e; Jain et al., \u003cspan citationid=\"CR31\" class=\"CitationRef\"\u003e2018\u003c/span\u003e)\u003c/p\u003e \u003cp\u003eML offers a solution to complex problems where conventional programming approaches fall short, enhancing computer-human interaction and enabling problem-solving in areas where custom-built algorithms are impractical (Hasan et al., \u003cspan citationid=\"CR29\" class=\"CitationRef\"\u003e2024\u003c/span\u003e). ML algorithms learn from examples of correct behaviour and serve as meta-algorithms for generating algorithms based on desired outputs. The study of ML expands the range of problems computers can solve and deepens our understanding of learning processes. ML research explores the computational foundations of learning, inspiring novel ML model designs and bridging the gap between computation and learning (Hasan et al., \u003cspan citationid=\"CR29\" class=\"CitationRef\"\u003e2024\u003c/span\u003e; Jaisingh et al., \u003cspan citationid=\"CR32\" class=\"CitationRef\"\u003e2024\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec10\" class=\"Section2\"\u003e \u003ch2\u003e4.3. Taxonomy of Few Cyber Attacks\u003c/h2\u003e \u003cp\u003eThe technical and nontechnical challenges in the environment system are called CPS challenges. Networking, energy management, cloud computing, complexity, privacy, stability, data management, security concerns, and other areas have presented challenges for the CPS (Bedi et al., \u003cspan citationid=\"CR16\" class=\"CitationRef\"\u003e2016\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eCPS is a complex system that integrates digital and physical domains, making it vulnerable to cyber and physical attacks. Physical attacks target the CPS's infrastructure and control systems, ranging from equipment sabotage to unauthorized access (Kumar, \u003cspan citationid=\"CR36\" class=\"CitationRef\"\u003e2024\u003c/span\u003e). Attackers exploit vulnerabilities to manipulate the underlying architecture, such as uncontrolled voltage flow disrupting hardware functionality. In the cyber domain, threats include denial of service (DoS), man-in-the-middle, masquerade, replay attacks, and cyber intrusions. Cyber-attacks involve unauthorized nodes infiltrating networks and assuming trusted identities, compromising CPS hardware, software, networks, and data (Kumar, \u003cspan citationid=\"CR36\" class=\"CitationRef\"\u003e2024\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eA few of the common threats to the CPS network have been discussed below (Yaacoub et al., \u003cspan citationid=\"CR66\" class=\"CitationRef\"\u003e2020\u003c/span\u003e)\u003c/p\u003e \u003cdiv id=\"Sec11\" class=\"Section3\"\u003e \u003ch2\u003e4.3.1. Spoofing\u003c/h2\u003e \u003cp\u003eIt is the practice of a malicious unknown source disguising themselves as a reputable organization. In this case, attackers might spoof sensors by sending inaccurate or misleading measurements to the control centre.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec12\" class=\"Section3\"\u003e \u003ch2\u003e4.3.2. Sabotage\u003c/h2\u003e \u003cp\u003eIn this case, the traffic of legal communications has been intercepted and reassigned to an unknown third party to disrupt the communication protocol. For instance, attackers might physically damage exposed CPS components throughout the power grid to disrupt service, which could result in a complete or partial blackout.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec13\" class=\"Section3\"\u003e \u003ch2\u003e4.3.3. Service Disruption/Denial\u003c/h2\u003e \u003cp\u003eIn this case, the attackers have been proficient in altering any device that might disrupt the communication, service or alteration in any configuration. This threat has been a major drawback for medical applications.\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec14\" class=\"Section3\"\u003e \u003ch2\u003e4.3.4. Tracking\u003c/h2\u003e \u003cp\u003eDue to the physical exposure of the devices, an attacker can acquire physical access to them, attach malicious devices, or follow legitimate ones.\u003c/p\u003e \u003c/div\u003e \u003c/div\u003e \u003cdiv id=\"Sec15\" class=\"Section2\"\u003e \u003ch2\u003e4.4. Methods of Machine Learning Algorithms\u003c/h2\u003e \u003cp\u003eML has become an established method for intrusion detection in CPS networks. ML aims to facilitate knowledge acquisition. This technique has produced a model that distinguishes between normal and abnormal classes. Anomaly detection is classified into three categories based on the function of training data used to create the CPS model (Injadat et al., \u003cspan citationid=\"CR30\" class=\"CitationRef\"\u003e2018\u003c/span\u003e). The three broad categories have been discussed below\u003c/p\u003e \u003cdiv id=\"Sec16\" class=\"Section3\"\u003e \u003ch2\u003e4.4.1. Supervised Learning Algorithm (SLA)\u003c/h2\u003e \u003cp\u003eSLA uses labelled training data to map inputs to outputs. They deduce a function for new data samples by analyzing the training data. Regression and classification make up the learning process; classification produces a limited number of definite classes, like binary or multitudinous. For examined instances, regression tasks yield continuous values; for example, a 97% probability of malware and a 3% probability of not (Liang et al., \u003cspan citationid=\"CR39\" class=\"CitationRef\"\u003e2019\u003c/span\u003e). The process of SLA is to create a predictive model for both the normal and anomalous classes, followed by their comparison. The two major problems associated with this approach were fewer anomalies in the training set than in typical cases; second, it is difficult to identify accurate and representative labels, particularly for the anomaly class (Nassif et al., \u003cspan citationid=\"CR44\" class=\"CitationRef\"\u003e2021\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec17\" class=\"Section3\"\u003e \u003ch2\u003e4.4.2. Unsupervised Learning Algorithm (ULA)\u003c/h2\u003e \u003cp\u003eCompared to anomalies, the high common normal instances in the test dataset might lead to a high false alarm rate in SLA (Nassif et al., \u003cspan citationid=\"CR44\" class=\"CitationRef\"\u003e2021\u003c/span\u003e). Conversely, ULA focuses on accomplishing more general objectives such as density estimation, clustering, and dimensionality reduction by using all input samples as unlabeled. Video noise reduction and discrimination were done using dimensionality reduction. Clustering is a technique for organizing data using mathematical, probabilistic, or statistical methods like self-orienting feature maps or TSK-DBN fuzzy learning (Nassif et al., \u003cspan citationid=\"CR44\" class=\"CitationRef\"\u003e2021\u003c/span\u003e). Density estimation is the statistical approach to target data distribution in noise reduction and traffic density estimation (Yeshwanth et al., \u003cspan citationid=\"CR67\" class=\"CitationRef\"\u003e2017\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec18\" class=\"Section3\"\u003e \u003ch2\u003e4.4.3. Reinforcement Learning Algorithm (RLA)\u003c/h2\u003e \u003cp\u003eSemi-supervised techniques, or RLA, have been more common than supervised methods. This technique works under the assumption that the training dataset contains only labelled instances for the typical class, which means they do not require anomaly class labels. Instead of labelled input, it utilizes reward values to guide decision-making. Each execution enhances the model's overall decision-making by increasing rewards, resulting in a perception-action-learning loop (Nassif et al., \u003cspan citationid=\"CR44\" class=\"CitationRef\"\u003e2021\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eReinforcement methods typically use search policy or approximation of function value. Search policy implies determining the best policy using gradient-based or gradient-free techniques. For example, Google's Alpha Go has applied a search policy to learn autonomously and perform better without human intervention (Arulkumaran et al., \u003cspan citationid=\"CR11\" class=\"CitationRef\"\u003e2017\u003c/span\u003e; Gibney, \u003cspan citationid=\"CR25\" class=\"CitationRef\"\u003e2016\u003c/span\u003e; Liang et al., \u003cspan citationid=\"CR39\" class=\"CitationRef\"\u003e2019\u003c/span\u003e). Value function approximation, on the other hand, calculates the expected benefits of actions to maximize learning. The quality function has guided its learning process and results (Liang et al., \u003cspan citationid=\"CR39\" class=\"CitationRef\"\u003e2019\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003c/div\u003e \u003cdiv id=\"Sec19\" class=\"Section2\"\u003e \u003ch2\u003e4.5. Application of ML in Detection of Anomalies in CPS Network System\u003c/h2\u003e \u003cdiv id=\"Sec20\" class=\"Section3\"\u003e \u003ch2\u003e4.5.1. Smart Grid\u003c/h2\u003e \u003cp\u003eSmart Grids enhance the electric power grid by providing advanced monitoring, control, and communication, enabling efficient energy use for generators, consumers, and distributors. Cybersecurity is crucial for devices like Intelligent Electronic Devices (IEDs), requiring adequate protection and anomaly detection techniques. Real-time communication between IEDs is essential to protect human lives and their assets (Sahani et al., \u003cspan citationid=\"CR52\" class=\"CitationRef\"\u003e2023\u003c/span\u003e). The interconnected power grid, consisting of substations, transmission lines, and transformers, connected to the Internet through a communication network. The smart grid quickly adapts to alterations in electrical demand and responds digitally to unfavorable fluctuations. However, failure to detect intrusions can lead to system failure (Banik et al., \u003cspan citationid=\"CR14\" class=\"CitationRef\"\u003e2023\u003c/span\u003e; Quincozes et al., \u003cspan citationid=\"CR48\" class=\"CitationRef\"\u003e2021\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eML has been used to detect intrusions in smart grids by analyzing data to identify anomalies or suspicious activities (Kumar, \u003cspan citationid=\"CR36\" class=\"CitationRef\"\u003e2024\u003c/span\u003e). In smart grids, ML-based intrusion detection systems (IDS) train algorithms on historical data to identify patterns and deviations that may indicate security breaches. These systems are trained on transmission and distribution power components datasets, allowing them to distinguish between normal and abnormal system behaviour. Key aspects of ML-based IDS include techniques, dataset generation processes, performance metrics, and future research directions (Sahani et al., \u003cspan citationid=\"CR52\" class=\"CitationRef\"\u003e2023\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec21\" class=\"Section3\"\u003e \u003ch2\u003e4.5.2. Smart Vehicles\u003c/h2\u003e \u003cp\u003eThe rise of connected, smart and autonomous vehicles (CPS) has shifted significantly in the direction of a transportation system that replaces traditional human-operated vehicles with intelligent automation and robust communication. These vehicles minimize decision-making errors by operating with the same level of intelligence, control, and agility as human drivers (Abdallah et al., \u003cspan citationid=\"CR1\" class=\"CitationRef\"\u003e2023\u003c/span\u003e). However, they also bring aspects of driver unpredictability and geographic diversity. SVs face risks from cyberattacks, such as cloning essential data, attacks on radars and telematics services, sensor deception, and camera sensor attacks (Alsulami et al., \u003cspan citationid=\"CR7\" class=\"CitationRef\"\u003e2023\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eML techniques are used extensively in intrusion detection in smart vehicles to improve cybersecurity measures (Banafshehvaragh \u0026amp; Rahmani, \u003cspan citationid=\"CR13\" class=\"CitationRef\"\u003e2023\u003c/span\u003e). ML algorithms like K-Nearest Neighbor, Support Vector Machines, deep learning algorithms like LSTM and GRU, and ensemble learning models have been used to analyze data and identify abnormal behaviour (Aloqaily et al., \u003cspan citationid=\"CR6\" class=\"CitationRef\"\u003e2019\u003c/span\u003e; Anbalagan et al., \u003cspan citationid=\"CR10\" class=\"CitationRef\"\u003e2023\u003c/span\u003e). ML-based intrusion detection systems (IDS) are crucial in safeguarding advanced automotive systems from cyber threats. The use of supervised and unsupervised ML algorithms and deep learning techniques has shown promising results (Dini et al., \u003cspan citationid=\"CR21\" class=\"CitationRef\"\u003e2023\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec22\" class=\"Section3\"\u003e \u003ch2\u003e4.5.3. Health Care System\u003c/h2\u003e \u003cp\u003eIoT and wireless communications are revolutionizing medical applications, including early diagnosis, real-time monitoring, and emergency response (Hady et al., \u003cspan citationid=\"CR28\" class=\"CitationRef\"\u003e2020\u003c/span\u003e). These technologies can reduce healthcare costs and improve health outcomes. Wearable sensors can monitor the vital signs of community residents, enabling healthcare providers to provide remote monitoring and diagnosis services (Fotouhi et al., \u003cspan citationid=\"CR24\" class=\"CitationRef\"\u003e2016\u003c/span\u003e). However, security threats are a concern, as Health-CPS deals with complex medical data and requires to ensure confidentiality, accessibility, legitimacy, and accuracy. It is critical to identify and prevent intrusions because attackers have the potential to threaten lives of the patients. Insecure Healthcare 4.0 methods can result in health data privacy breaches, offering hackers an access to private data such as user\u0026rsquo;s email accounts and patient health reports. (Savanović et al., \u003cspan citationid=\"CR55\" class=\"CitationRef\"\u003e2023\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eML algorithms enhance healthcare systems' responsiveness to real-time security threats. They enable big data analysis, detecting abnormal patterns and potential breaches early. Deep learning algorithms automate security classification, eliminating manual intervention and providing end-to-end solutions. They also effectively detect zero-day attacks and new vulnerabilities; which traditional signature-based methods may struggle to identify. This makes healthcare systems more adaptable and responsive to security threats (Si-Ahmed et al., \u003cspan citationid=\"CR61\" class=\"CitationRef\"\u003e2023\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec23\" class=\"Section3\"\u003e \u003ch2\u003e4.5.4. Environmental Monitoring\u003c/h2\u003e \u003cp\u003eAdvanced technologies like IoT and ML are crucial for monitoring air quality and noise levels for a healthy life (Gupta et al., \u003cspan citationid=\"CR27\" class=\"CitationRef\"\u003e2018\u003c/span\u003e). In a study, a real-time IoT system makes it possible to predict noise and analyze air quality in the surrounding area. The system's portability, affordability, and compact size with sensors and GPU edge devices were a major focus. The SVM model was used for real-time prediction than any other model in the ML experiments conducted in real-time. The web interface included a map view so end users could visualise anticipated outcomes (Shah et al., \u003cspan citationid=\"CR57\" class=\"CitationRef\"\u003e2020\u003c/span\u003e).\u003c/p\u003e \u003cp\u003eIn the agriculture sector, several ML-based developments have been made to control the growth of plants efficiently. In a study, the \"gCrop\" system uses IoT, ML, and WSN for plant growth monitoring has been used, providing 98% prediction accuracy (Shinde \u0026amp; Siddiqui, \u003cspan citationid=\"CR60\" class=\"CitationRef\"\u003e2018\u003c/span\u003e). Another study measures the leaf area index using SVM and Gaussian process models with 89% accuracy (Shinde \u0026amp; Siddiqui, \u003cspan citationid=\"CR60\" class=\"CitationRef\"\u003e2018\u003c/span\u003e). An expert system using AI and Naive Bayes method is used in agriculture to monitor fertilizer, pesticides, and water irrigation (Amado \u0026amp; Cruz, \u003cspan citationid=\"CR8\" class=\"CitationRef\"\u003e2018\u003c/span\u003e). These technologies contribute to improving living conditions and enhancing urban development.\u003c/p\u003e \u003cp\u003eThe activity of photosynthesis of natural artificial biocenosis should be monitored as it is crucial for life on Earth (Khruschev et al., \u003cspan citationid=\"CR33\" class=\"CitationRef\"\u003e2022\u003c/span\u003e). Decreased production of photosynthesis due to anthropogenic influences might have irreversible damage. Technologies are being developed to continuously monitor the state of terrestrial plants and microalgae's photosynthetic apparatus. Information sources for assessing (Laisk et al., \u003cspan citationid=\"CR38\" class=\"CitationRef\"\u003e2002\u003c/span\u003e). ML methods are being considered for determining functional parameters of photosynthesis based on local and distant optical assessments, including classical and regression methods, analysis techniques of unsupervised cluster, methods of classification, and artificial neural networks (Khruschev et al., \u003cspan citationid=\"CR33\" class=\"CitationRef\"\u003e2022\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003c/div\u003e \u003cdiv id=\"Sec24\" class=\"Section2\"\u003e \u003ch2\u003e4.6. Challenges in Implementing ML Techniques\u003c/h2\u003e \u003cp\u003e \u003cem\u003eFeature Selection\u003c/em\u003e \u003c/p\u003e \u003cp\u003eThe features chosen for ML model training significantly impact the training time and accuracy of ML Models. However, choosing the right features for the ML model's training has been challenging. Techniques for feature selection that automatically select high-level features may offer a viable remedy for this problem (Liu \u0026amp; Lang, \u003cspan citationid=\"CR40\" class=\"CitationRef\"\u003e2019\u003c/span\u003e; Sharma et al., \u003cspan citationid=\"CR58\" class=\"CitationRef\"\u003e2022\u003c/span\u003e).\u003c/p\u003e \u003cdiv id=\"Sec25\" class=\"Section3\"\u003e \u003ch2\u003e4.6.1. Model Performance\u003c/h2\u003e \u003cp\u003eIt has been noticed that ML techniques have learned and represented real-world problem features as a nested hierarchy of concepts for achieving exemplary performance and flexibility (Picon Ruiz et al., \u003cspan citationid=\"CR47\" class=\"CitationRef\"\u003e2020\u003c/span\u003e). However, the quality of training data and custom features determines how well ML techniques can perform (Kumar \u0026amp; Alqahtani, \u003cspan citationid=\"CR37\" class=\"CitationRef\"\u003e2023\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec26\" class=\"Section3\"\u003e \u003ch2\u003e4.6.2. Deployment Challenges\u003c/h2\u003e \u003cp\u003eIn the application of ML models, differences in computation platforms can be crucial for safety. Unexpected obstacles or changes in operational environments post-deployment can lead to Incorrect predictions can impact the safety of the system, humans, and the environment. Additionally, while practical for many domains, online learning methods are currently unsuitable for safety-critical applications due to the inability to control data distribution (Pereira \u0026amp; Thomas, \u003cspan citationid=\"CR46\" class=\"CitationRef\"\u003e2020\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec27\" class=\"Section3\"\u003e \u003ch2\u003e4.6.3. Biases\u003c/h2\u003e \u003cp\u003eML models, known as algorithm bias, can introduce bias during the model selection process. This bias can stem from various sources within the ML pipeline and may impact the fairness and reliability of the model (Pereira \u0026amp; Thomas, \u003cspan citationid=\"CR46\" class=\"CitationRef\"\u003e2020\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec28\" class=\"Section3\"\u003e \u003ch2\u003e4.6.4. Mismatch Model\u003c/h2\u003e \u003cp\u003eOne of the major concern in the model selection phase was that, the chosen ML model or architecture may not fully align with the specific requirements of application. This mismatch can occur due to factors such as training data size, the amount of relevant features, and the trade-off between model accuracy and comprehensibility. Additionally, computational power limitations may restrict the selected models' complexity, potentially leading to decreased performance (Ashmore et al., \u003cspan citationid=\"CR12\" class=\"CitationRef\"\u003e2021\u003c/span\u003e; Pereira \u0026amp; Thomas, \u003cspan citationid=\"CR46\" class=\"CitationRef\"\u003e2020\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003cdiv id=\"Sec29\" class=\"Section3\"\u003e \u003ch2\u003e4.6.5. Safety Culture\u003c/h2\u003e \u003cp\u003eML systems, being probabilistic, may conflict with the culture safety typically taken up in advancing safety-critical systems (Amirah et al., \u003cspan citationid=\"CR9\" class=\"CitationRef\"\u003e2024\u003c/span\u003e). Since the operation of MLS depends on numerical parameters taken from datasets, its engineering has been less understood than that of general software rather than explicit programming for a specific task. Bridging the gap between traditional safety practices and the technology-focused culture of ML poses a challenge in ensuring the safety of CPS (Amirah et al., \u003cspan citationid=\"CR9\" class=\"CitationRef\"\u003e2024\u003c/span\u003e; Serban, \u003cspan citationid=\"CR56\" class=\"CitationRef\"\u003e2019\u003c/span\u003e).\u003c/p\u003e \u003c/div\u003e \u003c/div\u003e \u003cdiv id=\"Sec30\" class=\"Section2\"\u003e \u003ch2\u003e4.7. Conclusion\u003c/h2\u003e \u003cp\u003eIn conclusion, integrating ML techniques in the CPS network has represented a significant advancement towards enhancing system safety, reliability, and efficiency. ML-based anomaly detection systems offer a promising solution to the complex challenges of cyber and physical attacks in various domains. By leveraging ML algorithms, CPS networks can effectively detect and respond to anomalies, mitigating potential threats and ensuring the seamless operation of critical infrastructure. However, implementing ML techniques in CPS networks also presents several limitations that could be addressed to get an efficient method for anomaly detection in CPS networks.\u003c/p\u003e \u003c/div\u003e"},{"header":"Declarations","content":"\u003cp\u003e\u003cstrong\u003eAcknowledgement\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe authors extend their appreciation to the University of Tabuk.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eSearch Strategy\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eAvailable upon request.\u0026nbsp;\u003c/p\u003e"},{"header":"References","content":"\u003col\u003e\n\u003cli\u003eAbdallah, E. E., Aloqaily, A., \u0026amp; Fayez, H. (2023). Identifying Intrusion Attempts on Connected and Autonomous Vehicles: A Survey. \u003cem\u003eProcedia Computer Science\u003c/em\u003e,\u003cem\u003e 220\u003c/em\u003e, 307-314.\u003c/li\u003e\n\u003cli\u003eAguida, M. A., Ouchani, S., \u0026amp; Benmalek, M. (2020). A review on cyber-physical systems: models and architectures. 2020 IEEE 29th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE),\u003c/li\u003e\n\u003cli\u003eAlguliyev, R., Imamverdiyev, Y., \u0026amp; Sukhostat, L. (2021). Hybrid DeepGCL model for cyber-attacks detection on cyber-physical systems. \u003cem\u003eNeural Computing and Applications\u003c/em\u003e,\u003cem\u003e 33\u003c/em\u003e(16), 10211-10226.\u003c/li\u003e\n\u003cli\u003eAlmuqren, L., Maashi, M. S., Alamgeer, M., Mohsen, H., Hamza, M. A., \u0026amp; Abdelmageed, A. A. (2023). Explainable artificial intelligence enabled intrusion detection technique for secure cyber-physical systems. \u003cem\u003eApplied Sciences\u003c/em\u003e,\u003cem\u003e 13\u003c/em\u003e(5), 3081.\u003c/li\u003e\n\u003cli\u003eAlohali, M. A., Al-Wesabi, F. N., Hilal, A. M., Goel, S., Gupta, D., \u0026amp; Khanna, A. (2022). Artificial intelligence enabled intrusion detection systems for cognitive cyber-physical systems in industry 4.0 environment. \u003cem\u003eCognitive Neurodynamics\u003c/em\u003e,\u003cem\u003e 16\u003c/em\u003e(5), 1045-1057.\u003c/li\u003e\n\u003cli\u003eAloqaily, M., Otoum, S., Al Ridhawi, I., \u0026amp; Jararweh, Y. (2019). An intrusion detection system for connected vehicles in smart cities. \u003cem\u003eAd Hoc Networks\u003c/em\u003e,\u003cem\u003e 90\u003c/em\u003e, 101842.\u003c/li\u003e\n\u003cli\u003eAlsulami, A. A., Al-Haija, Q. A., Alturki, B., Alqahtani, A., \u0026amp; Alsini, R. (2023). Security strategy for autonomous vehicle cyber-physical systems using transfer learning. \u003cem\u003eJournal of Cloud Computing\u003c/em\u003e,\u003cem\u003e 12\u003c/em\u003e(1), 181.\u003c/li\u003e\n\u003cli\u003eAmado, T. M., \u0026amp; Cruz, J. C. D. (2018). Development of machine learning-based predictive models for air quality monitoring and characterization. TENCON 2018-2018 IEEE Region 10 Conference,\u003c/li\u003e\n\u003cli\u003eAmirah, N. A., Him, N. F. N., Rashid, A., Rasheed, R., Zaliha, T. N., \u0026amp; Afthanorhan, A. (2024). Fostering a Safety Culture in Manufacturing Industry through Safety Behavior: A Structural Equation Modelling Approach. \u003cem\u003eJournal of Safety and Sustainability\u003c/em\u003e.\u003c/li\u003e\n\u003cli\u003eAnbalagan, S., Raja, G., Gurumoorthy, S., Suresh, R. D., \u0026amp; Dev, K. (2023). IIDS: Intelligent intrusion detection system for sustainable development in autonomous vehicles. \u003cem\u003eIEEE Transactions on Intelligent Transportation Systems\u003c/em\u003e.\u003c/li\u003e\n\u003cli\u003eArulkumaran, K., Deisenroth, M. P., Brundage, M., \u0026amp; Bharath, A. A. (2017). Deep reinforcement learning: A brief survey. \u003cem\u003eIEEE Signal Processing Magazine\u003c/em\u003e,\u003cem\u003e 34\u003c/em\u003e(6), 26-38.\u003c/li\u003e\n\u003cli\u003eAshmore, R., Calinescu, R., \u0026amp; Paterson, C. (2021). Assuring the machine learning lifecycle: Desiderata, methods, and challenges. \u003cem\u003eACM Computing Surveys (CSUR)\u003c/em\u003e,\u003cem\u003e 54\u003c/em\u003e(5), 1-39.\u003c/li\u003e\n\u003cli\u003eBanafshehvaragh, S. T., \u0026amp; Rahmani, A. M. (2023). Intrusion, anomaly, and attack detection in smart vehicles. \u003cem\u003eMicroprocessors and Microsystems\u003c/em\u003e,\u003cem\u003e 96\u003c/em\u003e, 104726.\u003c/li\u003e\n\u003cli\u003eBanik, S., Banik, T., \u0026amp; Banik, S. (2023). Intrusion Detection System in Smart Grid-A Review.\u003c/li\u003e\n\u003cli\u003eBansal, S., \u0026amp; Kumar, D. (2020). IoT ecosystem: A survey on devices, gateways, operating systems, middleware and communication. \u003cem\u003eInternational Journal of Wireless Information Networks\u003c/em\u003e,\u003cem\u003e 27\u003c/em\u003e(3), 340-364.\u003c/li\u003e\n\u003cli\u003eBedi, G., Venayagamoorthy, G. K., \u0026amp; Singh, R. (2016). Navigating the challenges of Internet of Things (IoT) for power and energy systems. 2016 Clemson University Power Systems Conference (PSC),\u003c/li\u003e\n\u003cli\u003eBellettini, C., \u0026amp; Rrushi, J. L. (2008). A product machine model for anomaly detection of interposition attacks on cyber-physical systems. IFIP International Information Security Conference,\u003c/li\u003e\n\u003cli\u003eBojarski, M., Del Testa, D., Dworakowski, D., Firner, B., Flepp, B., Goyal, P., Jackel, L. D., Monfort, M., Muller, U., \u0026amp; Zhang, J. (2016). End to end learning for self-driving cars. \u003cem\u003earXiv preprint arXiv:1604.07316\u003c/em\u003e.\u003c/li\u003e\n\u003cli\u003eCatillo, M., Pecchia, A., \u0026amp; Villano, U. (2023). CPS-GUARD: Intrusion detection for cyber-physical systems and IoT devices using outlier-aware deep autoencoders. \u003cem\u003eComputers \u0026amp; Security\u003c/em\u003e,\u003cem\u003e 129\u003c/em\u003e, 103210.\u003c/li\u003e\n\u003cli\u003eColelli, R., Magri, F., Panzieri, S., \u0026amp; Pascucci, F. (2021). Anomaly-based intrusion detection system for cyber-physical system security. 2021 29th Mediterranean Conference on Control and Automation (MED),\u003c/li\u003e\n\u003cli\u003eDini, P., Elhanashi, A., Begni, A., Saponara, S., Zheng, Q., \u0026amp; Gasmi, K. (2023). Overview on Intrusion Detection Systems Design Exploiting Machine Learning for Networking Cybersecurity. \u003cem\u003eApplied Sciences\u003c/em\u003e,\u003cem\u003e 13\u003c/em\u003e(13), 7507.\u003c/li\u003e\n\u003cli\u003eDuhayyim, M. A., Alissa, K. A., Alrayes, F. S., Alotaibi, S. S., Tag El Din, E. M., Abdelmageed, A. A., Yaseen, I., \u0026amp; Motwakel, A. (2022). Evolutionary-based deep stacked autoencoder for intrusion detection in a cloud-based cyber-physical system. \u003cem\u003eApplied Sciences\u003c/em\u003e,\u003cem\u003e 12\u003c/em\u003e(14), 6875.\u003c/li\u003e\n\u003cli\u003eEiteneuer, B., \u0026amp; Niggemann, O. (2020). Lstm for model-based anomaly detection in cyber-physical systems. \u003cem\u003earXiv preprint arXiv:2010.15680\u003c/em\u003e.\u003c/li\u003e\n\u003cli\u003eFotouhi, H., Causevic, A., Lundqvist, K., \u0026amp; Bj\u0026ouml;rkman, M. (2016). Communication and Security in Health Monitoring Systems--A Review. 2016 IEEE 40th annual computer software and applications conference (COMPSAC),\u003c/li\u003e\n\u003cli\u003eGibney, E. (2016). Google AI algorithm masters ancient game of Go. \u003cem\u003eNature\u003c/em\u003e,\u003cem\u003e 529\u003c/em\u003e(7587), 445-446.\u003c/li\u003e\n\u003cli\u003eGu, X., \u0026amp; Easwaran, A. (2019). Towards safe machine learning for cps: infer uncertainty from training data. Proceedings of the 10th ACM/IEEE International Conference on Cyber-Physical Systems,\u003c/li\u003e\n\u003cli\u003eGupta, A., Gupta, A., Jain, K., \u0026amp; Gupta, S. (2018). Noise pollution and impact on children health. \u003cem\u003eThe Indian Journal of Pediatrics\u003c/em\u003e,\u003cem\u003e 85\u003c/em\u003e(4), 300-306.\u003c/li\u003e\n\u003cli\u003eHady, A. A., Ghubaish, A., Salman, T., Unal, D., \u0026amp; Jain, R. (2020). Intrusion detection system for healthcare systems using medical and network data: A comparison study. \u003cem\u003eIEEE Access\u003c/em\u003e,\u003cem\u003e 8\u003c/em\u003e, 106576-106584.\u003c/li\u003e\n\u003cli\u003eHasan, M. K., Abdulkadir, R. A., Islam, S., Gadekallu, T. R., \u0026amp; Safie, N. (2024). A review on machine learning techniques for secured cyber-physical systems in smart grid networks. \u003cem\u003eEnergy Reports\u003c/em\u003e,\u003cem\u003e 11\u003c/em\u003e, 1268-1290.\u003c/li\u003e\n\u003cli\u003eInjadat, M., Salo, F., Nassif, A. B., Essex, A., \u0026amp; Shami, A. (2018). Bayesian optimization with machine learning algorithms towards anomaly detection. 2018 IEEE global communications conference (GLOBECOM),\u003c/li\u003e\n\u003cli\u003eJain, A., Nghiem, T., Morari, M., \u0026amp; Mangharam, R. (2018). Learning and control using Gaussian processes. 2018 ACM/IEEE 9th international conference on cyber-physical systems (ICCPS),\u003c/li\u003e\n\u003cli\u003eJaisingh, W., Nanjundan, P., \u0026amp; George, J. P. (2024). Machine Learning in Cyber Threats Intelligent System. In \u003cem\u003eArtificial Intelligence for Cyber Defense and Smart Policing\u003c/em\u003e (pp. 1-20). Chapman and Hall/CRC.\u003c/li\u003e\n\u003cli\u003eKhruschev, S., Plyusnina, T. Y., Antal, T., Pogosyan, S., Riznichenko, G. Y., \u0026amp; Rubin, A. (2022). Machine learning methods for assessing photosynthetic activity: environmental monitoring applications. \u003cem\u003eBiophysical Reviews\u003c/em\u003e,\u003cem\u003e 14\u003c/em\u003e(4), 821-842.\u003c/li\u003e\n\u003cli\u003eKim, D., Won, Y., Kim, S., Eun, Y., Park, K.-J., \u0026amp; Johansson, K. H. (2019). Sampling rate optimization for IEEE 802.11 wireless control systems. Proceedings of the 10th ACM/IEEE International Conference on Cyber-Physical Systems,\u003c/li\u003e\n\u003cli\u003eKim, S., \u0026amp; Park, K.-J. (2021). A survey on machine-learning based security design for cyber-physical systems. \u003cem\u003eApplied Sciences\u003c/em\u003e,\u003cem\u003e 11\u003c/em\u003e(12), 5458.\u003c/li\u003e\n\u003cli\u003eKumar, A. (2024). Cybersecurity Threat Detection using Machine Learning and Network Analysis. \u003cem\u003eJournal of Artificial Intelligence General science (JAIGS) ISSN: 3006-4023\u003c/em\u003e,\u003cem\u003e 1\u003c/em\u003e(1), 38-46.\u003c/li\u003e\n\u003cli\u003eKumar, G., \u0026amp; Alqahtani, H. (2023). Machine Learning Techniques for Intrusion Detection Systems in SDN-Recent Advances, Challenges and Future Directions. \u003cem\u003eCMES-Computer Modeling in Engineering \u0026amp; Sciences\u003c/em\u003e,\u003cem\u003e 134\u003c/em\u003e(1).\u003c/li\u003e\n\u003cli\u003eLaisk, A., Oja, V., Rasulov, B., R\u0026auml;mma, H., Eichelmann, H., Kasparova, I., Pettai, H., Padu, E., \u0026amp; Vapaavuori, E. (2002). A computer‐operated routine of gas exchange and optical measurements to diagnose photosynthetic apparatus in leaves. \u003cem\u003ePlant, Cell \u0026amp; Environment\u003c/em\u003e,\u003cem\u003e 25\u003c/em\u003e(7), 923-943.\u003c/li\u003e\n\u003cli\u003eLiang, F., Hatcher, W. G., Liao, W., Gao, W., \u0026amp; Yu, W. (2019). Machine learning for security and the internet of things: the good, the bad, and the ugly. \u003cem\u003eIeee Access\u003c/em\u003e,\u003cem\u003e 7\u003c/em\u003e, 158126-158147.\u003c/li\u003e\n\u003cli\u003eLiu, H., \u0026amp; Lang, B. (2019). Machine learning and deep learning methods for intrusion detection systems: A survey. \u003cem\u003eApplied Sciences\u003c/em\u003e,\u003cem\u003e 9\u003c/em\u003e(20), 4396.\u003c/li\u003e\n\u003cli\u003eLiu, Y., Peng, Y., Wang, B., Yao, S., \u0026amp; Liu, Z. (2017). Review on cyber-physical systems. \u003cem\u003eIEEE/CAA Journal of Automatica Sinica\u003c/em\u003e,\u003cem\u003e 4\u003c/em\u003e(1), 27-40.\u003c/li\u003e\n\u003cli\u003eLu, T., Xu, B., Guo, X., Zhao, L., \u0026amp; Xie, F. (2013). A new multilevel framework for cyber-physical system security. First international Workshop on the Swarm at the Edge of the Cloud,\u003c/li\u003e\n\u003cli\u003eNagarajan, S. M., Deverajan, G. G., Bashir, A. K., Mahapatra, R. P., \u0026amp; Al-Numay, M. S. (2022). IADF-CPS: Intelligent anomaly detection framework towards cyber physical systems. \u003cem\u003eComputer Communications\u003c/em\u003e,\u003cem\u003e 188\u003c/em\u003e, 81-89.\u003c/li\u003e\n\u003cli\u003eNassif, A. B., Talib, M. A., Nasir, Q., \u0026amp; Dakalbab, F. M. (2021). Machine learning for anomaly detection: A systematic review. \u003cem\u003eIeee Access\u003c/em\u003e,\u003cem\u003e 9\u003c/em\u003e, 78658-78700.\u003c/li\u003e\n\u003cli\u003ePeng, Y., Lu, T., Liu, J., Gao, Y., Guo, X., \u0026amp; Xie, F. (2013). Cyber-physical system risk assessment. 2013 ninth international conference on intelligent information hiding and multimedia signal processing,\u003c/li\u003e\n\u003cli\u003ePereira, A., \u0026amp; Thomas, C. (2020). Challenges of machine learning applied to safety-critical cyber-physical systems. \u003cem\u003eMachine Learning and Knowledge Extraction\u003c/em\u003e,\u003cem\u003e 2\u003c/em\u003e(4), 579-602.\u003c/li\u003e\n\u003cli\u003ePicon Ruiz, A., Alvarez Gila, A., Irusta, U., \u0026amp; Echazarra Huguet, J. (2020). Why deep learning performs better than classical machine learning? \u003cem\u003eDyna Ingenieria E Industria\u003c/em\u003e.\u003c/li\u003e\n\u003cli\u003eQuincozes, S. E., Moss\u0026eacute;, D., Passos, D., Albuquerque, C., Ochi, L. S., \u0026amp; dos Santos, V. F. (2021). On the performance of GRASP-based feature selection for CPS intrusion detection. \u003cem\u003eIEEE Transactions on Network and Service Management\u003c/em\u003e,\u003cem\u003e 19\u003c/em\u003e(1), 614-626.\u003c/li\u003e\n\u003cli\u003eRajkumar, R. (2012). A cyber\u0026ndash;physical future. \u003cem\u003eProceedings of the IEEE\u003c/em\u003e,\u003cem\u003e 100\u003c/em\u003e(Special Centennial Issue), 1309-1312.\u003c/li\u003e\n\u003cli\u003eRamachandran, A., Gayathri, K., Alkhayyat, A., \u0026amp; Malik, R. Q. (2023). Aquila Optimization with Machine Learning-Based Anomaly Detection Technique in Cyber-Physical Systems. \u003cem\u003eComputer Systems Science \u0026amp; Engineering\u003c/em\u003e,\u003cem\u003e 46\u003c/em\u003e(2).\u003c/li\u003e\n\u003cli\u003eRamadan, R. A. (2020). Efficient intrusion detection algorithms for smart cities-based wireless sensing technologies. \u003cem\u003eJournal of Sensor and Actuator Networks\u003c/em\u003e,\u003cem\u003e 9\u003c/em\u003e(3), 39.\u003c/li\u003e\n\u003cli\u003eSahani, N., Zhu, R., Cho, J.-H., \u0026amp; Liu, C.-C. (2023). Machine learning-based intrusion detection for smart grid computing: A survey. \u003cem\u003eACM Transactions on Cyber-Physical Systems\u003c/em\u003e,\u003cem\u003e 7\u003c/em\u003e(2), 1-31.\u003c/li\u003e\n\u003cli\u003eSaied, A., Overill, R. E., \u0026amp; Radzik, T. (2016). Detection of known and unknown DDoS attacks using Artificial Neural Networks. \u003cem\u003eNeurocomputing\u003c/em\u003e,\u003cem\u003e 172\u003c/em\u003e, 385-393.\u003c/li\u003e\n\u003cli\u003eSarker, I. H., Abushark, Y. B., Alsolami, F., \u0026amp; Khan, A. I. (2020). Intrudtree: a machine learning based cyber security intrusion detection model. \u003cem\u003eSymmetry\u003c/em\u003e,\u003cem\u003e 12\u003c/em\u003e(5), 754.\u003c/li\u003e\n\u003cli\u003eSavanović, N., Toskovic, A., Petrovic, A., Zivkovic, M., Dama\u0026scaron;evičius, R., Jovanovic, L., Bacanin, N., \u0026amp; Nikolic, B. (2023). Intrusion detection in healthcare 4.0 internet of things systems via metaheuristics optimized machine learning. \u003cem\u003eSustainability\u003c/em\u003e,\u003cem\u003e 15\u003c/em\u003e(16), 12563.\u003c/li\u003e\n\u003cli\u003eSerban, A. C. (2019). Designing safety critical software systems to manage inherent uncertainty. 2019 IEEE International Conference on Software Architecture Companion (ICSA-C),\u003c/li\u003e\n\u003cli\u003eShah, S. K., Tariq, Z., Lee, J., \u0026amp; Lee, Y. (2020). Real-time machine learning for air quality and environmental noise detection. 2020 IEEE International Conference on Big Data (Big Data),\u003c/li\u003e\n\u003cli\u003eSharma, B., Sharma, L., \u0026amp; Lal, C. (2022). Feature selection and deep learning technique for intrusion detection system in IoT. Proceedings of International Conference on Computational Intelligence: ICCI 2020,\u003c/li\u003e\n\u003cli\u003eShin, J., Baek, Y., Lee, J., \u0026amp; Lee, S. (2018). Cyber-physical attack detection and recovery based on RNN in automotive brake systems. \u003cem\u003eApplied Sciences\u003c/em\u003e,\u003cem\u003e 9\u003c/em\u003e(1), 82.\u003c/li\u003e\n\u003cli\u003eShinde, D., \u0026amp; Siddiqui, N. (2018). IOT Based environment change monitoring \u0026amp; controlling in greenhouse using WSN. 2018 International Conference on Information, Communication, Engineering and Technology (ICICET),\u003c/li\u003e\n\u003cli\u003eSi-Ahmed, A., Al-Garadi, M. A., \u0026amp; Boustia, N. (2023). Survey of Machine Learning based intrusion detection methods for Internet of Medical Things. \u003cem\u003eApplied Soft Computing\u003c/em\u003e, 110227.\u003c/li\u003e\n\u003cli\u003eSztipanovits, J., Koutsoukos, X., Karsai, G., Kottenstette, N., Antsaklis, P., Gupta, V., Goodwine, B., Baras, J., \u0026amp; Wang, S. (2015). Toward a science of cyber\u0026ndash;physical system integration. \u003cem\u003eProceedings of the IEEE\u003c/em\u003e,\u003cem\u003e 100\u003c/em\u003e(1), 29-44.\u003c/li\u003e\n\u003cli\u003eWang, Y., Li, Y., Tian, D., Wang, C., Wang, W., Hui, R., Guo, P., \u0026amp; Zhang, H. (2018). A novel intrusion detection system based on advanced naive Bayesian classification. 5G for Future Wireless Networks: First International Conference, 5GWN 2017, Beijing, China, April 21-23, 2017, Proceedings 1,\u003c/li\u003e\n\u003cli\u003eWolf, M., \u0026amp; Serpanos, D. (2017). Safety and security in cyber-physical systems and internet-of-things systems. \u003cem\u003eProceedings of the IEEE\u003c/em\u003e,\u003cem\u003e 106\u003c/em\u003e(1), 9-20.\u003c/li\u003e\n\u003cli\u003eWu, M., \u0026amp; Moon, Y. B. (2019). Intrusion detection of cyber-physical attacks in manufacturing systems: A review. ASME International Mechanical Engineering Congress and Exposition,\u003c/li\u003e\n\u003cli\u003eYaacoub, J.-P. A., Salman, O., Noura, H. N., Kaaniche, N., Chehab, A., \u0026amp; Malli, M. (2020). Cyber-physical systems security: Limitations, issues and future trends. \u003cem\u003eMicroprocessors and microsystems\u003c/em\u003e,\u003cem\u003e 77\u003c/em\u003e, 103201.\u003c/li\u003e\n\u003cli\u003eYeshwanth, C., Sooraj, P. A., Sudhakaran, V., \u0026amp; Raveendran, V. (2017). Estimation of intersection traffic density on decentralized architectures with deep networks. 2017 International Smart Cities Conference (ISC2),\u003c/li\u003e\n\u003cli\u003eZhang, Y., Jamjoom, M., \u0026amp; Ullah, Z. (2023). Double Deep Q-Network Next-Generation Cyber-Physical Systems: A Reinforcement Learning-Enabled Anomaly Detection Framework for Next-Generation Cyber-Physical Systems. \u003cem\u003eElectronics\u003c/em\u003e,\u003cem\u003e 12\u003c/em\u003e(17), 3632.\u003c/li\u003e\n\u003cli\u003eZhou, X., Liang, W., Shimizu, S., Ma, J., \u0026amp; Jin, Q. (2020). Siamese neural network based few-shot learning for anomaly detection in industrial cyber-physical systems. \u003cem\u003eIEEE Transactions on Industrial Informatics\u003c/em\u003e,\u003cem\u003e 17\u003c/em\u003e(8), 5790-5798.\u003c/li\u003e\n\u003c/ol\u003e"}],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":true,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":false,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":false,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Machine Learning, Algorithm, Cyber-Physical System, Anomalies, Intrusions, Challenges, Applications","lastPublishedDoi":"10.21203/rs.3.rs-4412375/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-4412375/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eIn the practical world, Cyber-Physical Systems have integrated physical systems and software management in the cyber-world, with networks responsible for information interchange. CPSs are key technologies for various industrial domains, including intelligent medical systems, transport systems, and smart grids. The advancements in cybersecurity have surpassed the rapid growth of CPS, with new security challenges and threat models that lack an integrated and cohesive framework. The review methodology includes the search strategy along with the inclusion and exclusion criteria of fifteen studies conducted in the past ten years. The studies specific to the relevant topic have been added, while the others have been excluded. According to the results, Machine Learning (ML) algorithms and systems can synthesize data. It is employed in cyber-physical security to alleviate concerns regarding the safety and reliability of the findings. ML offers a solution to complex problems, enhancing computer-human interaction and enabling problem-solving in areas where custom-built algorithms are impractical. A comprehensive overview of the application of ML across various domains, such as smart grids, smart vehicles, healthcare systems, and environmental monitoring, has been included. However, a few challenges are associated with implementing ML techniques in CPS networks, including feature selection complexity, model performance, deployment challenges, algorithm biases, model mismatches, and the need to foster a robust safety culture. Overall, integrating ML techniques with CPS networks holds promise for enhancing system safety, reliability, and security but requires ongoing refinement and adaptation to address existing limitations and emerging threats.\u003c/p\u003e","manuscriptTitle":"Advancements in Anomaly Detection: A Review of Machine Learning Applications in Cyber-Physical System Networks","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-05-22 12:36:22","doi":"10.21203/rs.3.rs-4412375/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"19c8d1f3-d71e-484a-9bab-793818f878f2","owner":[],"postedDate":"May 22nd, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2024-06-11T22:59:14+00:00","versionOfRecord":[],"versionCreatedAt":"2024-05-22 12:36:22","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-4412375","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-4412375","identity":"rs-4412375","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}