DOI: 10.3390/app16136545 ISSN: 2076-3417

A Systematic Literature Review of Intrusion Detection and Prevention Frameworks for Industrial Communication Protocols Using ML and DL

Khawla Al-Tarawneh, Ahmad Sharieh, Sherenaz Al-Haj Baddar

This systematic literature review examines 31 peer-reviewed articles released in 2021–2025. It offers a coherent summary of intrusion detection and prevention systems based on machine learning and deep learning of industrial communication protocols. The review categorizes the studies depending on research focus, experimental setup, datasets, and analytical methods. According to the quantitative analysis results, the most suitable model for use in this case is the hybrid deep learning architecture, which includes the combination of Transformer-LSTM models and MODLSTM models, with 29% of the reviewed studies using these models and achieving detection rates of over 99%. Federated learning was mentioned in about 9.7% of the studies, and for 67% of them, real-world data was not available, indicating a lack of access to real-world data. These models are prevalently implemented to identify Denial-of-Service, Man-in-the-Middle, and data injection attacks. The results show that Modbus/TCP is the most studied protocol, which indicates how common it is in industrial systems. Meanwhile, other more recent protocols like MQTT and OPC UA are gaining momentum. Another insight revealed by this review is the tendency towards the use of more realistic validation techniques. Hardware-in-the-loop simulations and physical testbeds are in use in many studies. Integrated solutions which comprise a combination of edge, fog, and cloud computing are gaining popularity. Federated learning (utilized in 6.45% of the selected corpus) and software-defined networking are two emerging directions. Although these developments have taken place, there are still critical gaps, including the scarcity of real-world datasets combined with a lack of robust approaches to address scalability and privacy complications. Furthermore, recent IIoT protocols have not been thoroughly evaluated. The study highlights the need for adaptive and lightweight frameworks and the importance of implementing mechanisms that ensure privacy. There is also a need to have standardized evaluation criteria. These factors combined are instrumental for creating secure, resilient, and interoperable industrial networks during the Industry 4.0 period.

More from our Archive