Machine Learning-Based Early Incident Detection System in a Bakery Plant's Industrial Network: A Cognitive Model for Counteracting Hybrid Threats

Gulshat Amirkhanova¹Dmytro Ihorovych Prokopovych-Tkachenko²Saltanat Almykhametovna Adilzhanova¹Zubchenko Nazar²Liya Bektemir^1*

• ¹Al-Farabi Kazakh National University, Almaty, Kazakhstan
• ²University of Customs and Finance, Dnipto, Ukraine

In the context of growing cyber risks to critical industries, including bakery complexes, this paper proposes a cognitive architecture for early incident detection in the operational technology (OT) network. The architecture integrates User and Entity Behavior Analytics (UEBA), a Security Information and Event Management (SIEM) system, and Zero Trust principles, focusing on hybrid threats: from external attacks on industrial controllers, such asprogrammable logic controllers (PLCs) to internal operator errors. At the analytics layer, two complementary deep learning pipelines are used: a convolutional neural network (CNN) + long short-term memory (LSTM) (CNN+LSTM) model for detecting low-level network patterns (Byte2Image) and an autoencoder (AE) combined with LSTM (AE+LSTM model)for predicting time-series data and identifying anomalies in equipment telemetry. An adaptive threshold decision procedure is introduced for the first time, optimizing both accuracy and computational resources on edge nodes (computing devices deployed near controllers, gateways, and sensors). The architecture complies with the International Electrotechnical Commission (IEC) 62443 and International Organization for Standardizationa(ISO)/IEC 27019 standards. High performance metrics, specifically Precision, were demonstrated in the bakery plant's digital twin scenarios.