AI-driven cyber defense strengthens resilience of critical infrastructure

Industrial control systems (ICS), the backbone of critical infrastructure from power plants to manufacturing plants, are increasingly under threat from sophisticated cyberattacks. A new study outlines a comprehensive solution that blends artificial intelligence with advanced cryptography to safeguard ICS against evolving risks.

The paper, titled AI-Driven Attack Detection and Cryptographic Privacy Protection for Cyber-Resilient Industrial Control Systems, was published in IoT in 2025. It provides one of the most complete frameworks to date for enhancing ICS cyber-resilience by integrating high-accuracy machine learning detection models with robust encryption protocols, tested both in simulation and on hardware.

How can AI improve detection of attacks on critical infrastructure?

ICS are particularly vulnerable because they often rely on legacy systems, lack strong authentication, and cannot tolerate downtime, the study says. To address these weaknesses, the researchers deployed machine learning models on the ICS-Flow dataset, which includes real-world attack types such as denial-of-service, man-in-the-middle, and replay intrusions.

Among the models tested, XGBoost achieved 99.92% accuracy for binary intrusion detection, while a Decision Tree reached 99.81% accuracy for multi-class classification, outperforming other algorithms in both speed and reliability. These results show that tree-based classifiers are not only accurate but also computationally efficient, making them well-suited for real-time industrial environments.

The framework does not rely solely on static models. An LSTM autoencoder was added to detect anomalies in time-series data, flagging subtle shifts in operational behavior that could indicate emerging threats. To handle evolving attack strategies, the ADWIN drift detector was incorporated, enabling the system to adapt to new traffic patterns without retraining from scratch.

Together, these techniques ensure that both known and novel threats can be identified with minimal delay, strengthening the first line of defense in ICS cybersecurity.

What role does cryptography play in securing industrial systems?

While detection is crucial, the researchers argue that it must be paired with strong encryption to protect the integrity and confidentiality of ICS communications. To this end, the study implemented two complementary cryptographic schemes:

• AES-CBC combined with HMAC, which provides confidentiality and message integrity checks.

• AES-GCM integrated with RSA, which delivers authenticated encryption and secure key exchange.

The AES-GCM with RSA scheme was shown to resist advanced adversary models, meeting stringent security standards such as IND-CPA and IND-CCA. In contrast, the AES-CBC approach, while effective, was limited to IND-CPA security. Together, the protocols were validated against brute-force attacks, tampering, and man-in-the-middle attempts, ensuring that communications within ICS networks remain secure.

The paper also highlights the practical challenges of deploying encryption in resource-constrained environments. While AES-GCM offers strong protection, its implementation requires careful nonce management to prevent vulnerabilities. The researchers note that further optimization, particularly through hardware acceleration, could enhance performance without sacrificing security.

Can the framework be deployed in real time?

A major concern for ICS cybersecurity is whether proposed solutions can run effectively at the edge, where delays could have catastrophic consequences. To test real-time feasibility, the authors deployed the Decision Tree model on a PYNQ Zynq board, an edge computing device. The model achieved an inference time of just 0.11 seconds, confirming that the approach is suitable for live deployment in industrial environments.

This result is significant because it demonstrates that AI-based detection and cryptographic protection can be integrated into existing systems without introducing operational delays. The ability to run efficiently on edge hardware ensures that ICS can respond quickly to threats even in environments with limited connectivity.

However, the authors also acknowledge limitations. The computational cost of advanced cryptographic methods remains a hurdle, particularly for smaller, resource-limited devices. They propose exploring FPGA-based acceleration to reduce overhead and make large-scale adoption more practical.