Towards Intelligent Cybersecurity in SCADA and DCS Environments: Anomaly Detection Using Multimodal Deep Learning and Explainable AI
Samuel Abiodun Oyedotun, Godfrey Perfectson Oise, Chukwuma Emmanuel Ozobialu
Abstract
Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS), are increasingly becoming targets of sophisticated cyber threats. This heightened vulnerability is primarily driven by the convergence of Information Technology (IT) and Operational Technology (OT), as well as the rapid adoption of Industry 4. 4.0 technologies. Traditional intrusion detection systems (IDS) often fall short in addressing the unique characteristics of ICS environments, which include strict real- time operational constraints, the use of legacy systems, and the presence of heterogeneous data sources.To overcome these limitations, this paper presents a novel multimodal deep learning framework for robust anomaly detection in ICS networks. The proposed model integrates Convolutional Neural Networks (CNNs), Long Short- Term Memory (LSTM) networks, and Autoencoders to effectively capture spatial, temporal, and nonlinear features from ICS traffic. The framework is trained and evaluated using the HAI Security Dataset, a realistic ICS dataset that includes various attack scenarios. The hybrid model demonstrates strong performance, achieving an accuracy of 92%, an Area Under the Curve (AUC) of 0. 97, and a perfect recall score in detecting cyberattacks, indicating its potential effectiveness in real- world applications.To improve the transparency and trustworthiness of the detection outcomes, the framework incorporates explainable AI (XAI) techniques, including SHAP (Shapley Additive exPlanations) and LIME (Local Interpretable Model- agnostic Explanations). These tools provide insights into model decisions and help operators understand the reasoning behind anomaly classifications. The paper discusses practical deployment challenges such as scalability, latency, and integration with existing ICS architectures. It also explores promising future research directions, including the application of federated learning for decentralized data privacy, digital twin technology for dynamic system modeling, and the development of resilient models tailored for real-time industrial cybersecurity operations.