CYBERSECURITY IN INDUSTRIAL CONTROL SYSTEMS: A SYSTEMATIC LITERATURE REVIEW ON AI-BASED THREAT DETECTION FOR SCADA AND IOT NETWORKS

Abstract

The increasing integration of Industrial Control Systems (ICS) with Internet of Things (IoT) technologies and Supervisory Control and Data Acquisition (SCADA) networks has brought unparalleled efficiency and automation to critical infrastructure sectors, including energy, water, manufacturing, and transportation. However, this digital convergence has also significantly expanded the cyber threat landscape, making ICS more vulnerable to sophisticated cyberattacks. This systematic literature review critically examines the role of Artificial Intelligence (AI)-based techniques in enhancing threat detection capabilities across SCADA and IoT-enabled ICS environments. Following PRISMA guidelines, 162 peer-reviewed articles published between 2015 and 2024 were analyzed to identify prevailing trends, methodologies, and performance outcomes in AI-driven threat detection. The review highlights the adoption of machine learning (ML), deep learning (DL), and hybrid AI models for anomaly detection, intrusion detection, and malware classification, with particular focus on real-time data analytics and predictive capabilities. Among the reviewed studies, neural networks, support vector machines, and ensemble models were frequently applied, achieving detection accuracies exceeding 90% in simulated and real-world ICS environments. Additionally, the review uncovers sector-specific vulnerabilities, including protocol-level weaknesses (e.g., Modbus, DNP3), data imbalance challenges, and adversarial attack risks in deep learning models. This study provides an integrative view of the AI-cybersecurity nexus in industrial systems and offers future research directions for building resilient, adaptive, and intelligent security frameworks for critical infrastructures.