System failures and cyberattacks represent a persistent risk to process integrity in the context of industrial control systems (ICS) and SCADA infrastructures. This study introduces an unsupervised anomaly detection framework based on hybrid self-organizing maps (SOMs/gSOMs) enhanced through a local nonlinear optimization process. The proposed model captures the latent topological structure of industrial data and refines the boundaries between normal and abnormal states. The experimental validation of this model was conducted on the SWaT and BATADAL datasets, with comparative experiments involving the PCA combined with K-means, Isolation Forest, and Local Outlier Factor method. The obtained results demonstrate the superior accuracy, stability, and low computational demands of the proposed method, enabling its deployment on embedded or resource-constrained systems. The visual topology provided by SOMs supports result explainability and facilitates human-centered decision processes. Overall, this approach proved effective for the real-time monitoring of critical infrastructures and in the future it could be integrated with explainable artificial intelligence frameworks, contributing to a trustworthy anomaly detection in Industry 4.0 environments.
Self-organizing maps, Unsupervised anomaly detection, Industrial control systems, SCADA security, Explainable artificial intelligence.
Mihaela Hortensia HOJDA, Marilena Carmen UZLĂU, Geo-Alexandru SPÎNULESCU, Sebastian GABOR, Diana Andreea MÂNDRICEL, "Hybrid Self-organizing Maps for Anomaly Detection in Critical Industrial Infrastructures", Studies in Informatics and Control, ISSN 1220-1766, vol. 34(4), pp. 121-130, 2025. https://doi.org/10.24846/v34i4y202511
All articles published by Studies in Informatics and Control (SIC) are published in accordance with the terms and conditions of the Creative Commons Attribution License (CC BY-NC-SA 4.0).