Normal State and Transitions IDS (NSTIDS): Cyber-Attack Detection for Industrial Processes

Abstract

With the increasing reliance on modern information technologies for real-time and remote management of critical infrastructures, the risk of cyber-attacks has escalated. Industrial Intrusion Detection Systems (IIDSs) play a crucial role in identifying such attacks by monitoring the system for abnormal behavior. However, existing IIDSs have limitations in detecting anomalous states and fail to capture normal transitions in well-behaved industrial processes, including those in Food, Water, Oil, Gas, and Petrochemical industries. This paper presents the Normal State and Transitions IDS (NSTIDS), an advanced IIDS designed to detect both anomalous states and transitions in industrial processes. NSTIDS leverages historical process data to automatically extract a model of normal behavior. To evaluate the effectiveness of the proposed IIDS, a milk pasteurization process was simulated and NSTIDS was examined against some well-known classification algorithms on different cases. The results demonstrate high detection rate and low False Positive Rate (FPR) of NSTIDS in discriminating anomalous behaviors from normal ones, compared to classifiers. This shows the proposed NSTIDS offers significant potential in safeguarding critical infrastructures in various domains, ensuring the integrity and reliability of operations.

Authors

Abdullah Khalili, Mostafa Mohammadpourfard, Yang Weng, Manohar Chamana, Suhas Pol

Keywords

Intrusion detection system, critical infrastructure, industrial process , cybersecurity

---

Publication Type

Conference

---

Digital Object Identifier

https://doi.org/10.1109/TPEC63981.2025.10906892

---

Full Citation

A. Khalili, M. Mohammadpourfard, Y. Weng, M. Chamana and S. Pol, Normal State and Transitions IDS (NSTIDS): Cyber-Attack Detection for Industrial Processes, 2025 IEEE Texas Power and Energy Conference (TPEC), College Station, TX, USA, 2025, pp.

View Article