Application of Artificial Intelligence for Real-Time Intrusion and Anomaly Detection in Industrial Control Systems

Cyber-Physical Systems (CPS).

Artificial Intelligence (AI) has emerged as a key enabler for enhancing cybersecurity operations in these environments. Within Security Operations Centers (SOCs) adapted for Operational

Technology (OT), AI supports continuous monitoring, behavioral analytics, and anomaly detection by processing large volumes of heterogeneous data. Machine learning techniques enable the identification of subtle deviations from expected system behavior, improving the detection of advanced threats such as lateral movement, insider activity, and protocol misuse.

However, the effective application of AI in CPS cybersecurity requires more than isolated detection capabilities. This paper proposes the integration of AI within the iCPS Cybersecurity methodology, which defines cybersecurity as a continuous operational process structured around a cycle of observation, contextual analysis, decision-making, response, and validation.

This approach emphasizes the importance of contextual intelligence, enabling risk prioritization and decision-making based on operational impact rather than purely technical severity.

The proposed approach is evaluated through a case study of an AI-supported cybersecurity architecture applied to industrial environments. The analysis considers both simulated and operational scenarios, including typical attack patterns in OT networks, and examines how AI contributes to improving detection and response processes while maintaining alignment with standards such as IEC 62443 and NIST SP 800-82.

The results indicate that AI-enhanced cybersecurity operations, when combined with a contextdriven and continuous security model, result in measurable improvements in detection accuracy, reduction of false positives, and significant decreases in detection and response times.

At the same time, challenges related to data integration, model validation, and explainability remain critical factors for successful deployment.

This work contributes to the field by demonstrating how AI can be integrated into a structured cybersecurity methodology tailored for cyber-physical systems, enabling a transition from static, control-based approaches to continuous, adaptive, and context-aware security operations.