Explainable SCADA Hybrid IDS: Gaps and Hypothesis
2025 66th International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS 2025): Proceedings 2025
Heinrihs Kristians Skrodelis, Andrejs Romānovs, Arnis Liekniņš

Industrial control systems (ICS) and supervisory control and data acquisition (SCADA) networks face increasing cyber risk as IT/OT convergence, remote access, and IIoT expand the attack surface. Signature-based intrusion detection systems (IDS) offer high precision on known threats but limited zero-day coverage, while anomaly-based IDS generalize to novel behaviors at the cost of false positives and opaque decisions. We hypothesize that an explainable hybrid IDS–running a signature engine in parallel with an ML-based anomaly detector, fusing alerts, and attaching operator-oriented explanations via explainable AI (XAI; e.g., SHAP values)—can improve operational usefulness. We outline a lightweight taxonomy, a reference pipeline, a qualitative gap matrix, and a concise evaluation plan designed to be testable on public ICS datasets. This positions a practical path toward higher coverage with actionable, human-centered alerts.


Keywords
Industrial control systems; SCADA; intrusion de-tection systems; hybrid detection; explainable artificial intelli-gence; Shapley values; anomaly detection (PDF) Explainable SCADA Hybrid IDS: Gaps and Hypothesis. Available from: https://www.researchgate.net/publication/397694202_Explainable_SCADA_Hybrid_IDS_Gaps_and_Hypothesis [accessed Dec 11 2025].
DOI
10.1109/ITMS67030.2025.11236701
Hyperlink
https://ieeexplore.ieee.org/document/11236701

Skrodelis, H., Romānovs, A., Liekniņš, A. Explainable SCADA Hybrid IDS: Gaps and Hypothesis. In: 2025 66th International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS 2025): Proceedings, Latvia, Riga, 9-10 October, 2025. Piscataway: IEEE, 2025, Article number 11236701. ISBN 979-8-3315-4529-1. e-ISBN 979-8-3315-4528-4. ISSN 2771-6953. e-ISSN 2771-6937. Available from: doi:10.1109/ITMS67030.2025.11236701

 Publication language
English (en)
  • Publication Type
    Full-text conference paper published in conference proceedings indexed in SCOPUS or WOS database
  • Funding for basic activity
    State funding for education
  • Field of research
    2. Engineering and technology
  • Sub-field of research
    2.2 Electrical engineering, Electronic engineering, Information and communication engineering
  • Research platform
    Information and Communication
  • ID: 41713
  • Citation count
    0
The Scientific Library of the Riga Technical University.
E-mail: uzzinas@rtu.lv; Phone: +371 28399196
CONTACTS

IT Service Centre
6B Kipsalas Street, Riga LV-1048, Latvia
Phone: +371 67089999
E-mail: it@rtu.lv
LINKS

Research
Open Science
© Riga Technical University 2025
We use cookies to improve the user experience of the portal and provide more convenient usage. By continuing to use the portal, you agree that you use cookies.
Accept Read more