Abstract
The increasing convergence of Industrial Control Systems (ICS) with critical infrastructure, such as smart grids, has increased their exposure to advanced cyber threats, demanding advanced security frameworks to maintain security and operational integrity. This paper shows an innovative cybersecurity approach for ICS, using the IEC 60870-5-104 dataset, that combines machine learning, cryptographic resilience, and forensic analysis to predict and neutralize various attack vectors-containing false data injections, denial-of-service assaults, and covert rogue infiltrations. The approach uses a hybrid ecosystem combining synthetic data augmentation via the Synthetic Minority Oversampling Technique, a Random Forest Classifier with an accuracy of 1.00, and real-time anomaly detection through an Isolation Forest. Various components in this study are individual components and function independently. This framework is strengthened by a dynamic AES-256-CBC encryption technique that achieves a cryptographic complexity above [Formula: see text] against ciphertext-only attacks using BLAKE3-derived keys verified by cryptanalytic research. Various security tests, such as the Chi-square test, Shannon entropy test, pattern detection test, and other tests have been evaluated to validate the strength of the model. Additionally, the proposed system was evaluated against evolving and zero-day attack patterns through real-time streaming simulations using an unsupervised Isolation Forest model. A Bayesian-driven forensic methodology further enhances the strength by examining post-attack dynamics, exposing systemic vulnerabilities, and enabling precise attribution. With far-reaching effects on operational strength and national security, this study fills critical gaps in ICS security.