Threat Detection in Critical Infrastructure Using AI Models

Abstract

This paper presents a comprehensive AI-driven framework tailored for intelligent threat detection and response within critical infrastructure systems, including but not limited to energy grids, water treatment facilities, and transportation networks. With the rapid convergence of IT and Operational Technology (OT) systems, traditional security solutions have struggled to detect and mitigate evolving cyber threats. To address this challenge, we build upon the pioneering work of Kothamali et al. [1], who introduced a machine learning-centric approach to cybersecurity threat modeling. Our study advances their foundational principles by adapting them to the complex, real-time environments of Industrial Control Systems (ICS), where threats often manifest through subtle, context-specific deviations. The proposed framework combines pattern recognition, behavioral analytics, and both supervised and unsupervised learning techniques to identify and analyze advanced persistent threats (APTs), stealthy intrusions, and operational anomalies that conventional tools frequently miss. We incorporate a hybrid CNN-LSTM architecture to capture spatial and temporal features in sensor-level traffic and implement a real-time alert engine that prioritizes and communicates threats to security teams via SIEM systems. The results from our simulated infrastructure testbed highlight the framework’s high accuracy and robustness, reaffirming the adaptability and practical relevance of Kothamali et al. [1] theoretical model in defending modern cyber-physical systems against sophisticated adversaries.