Modern cyberattacks in cyber-physical systems (CPS) rapidly evolve and cannot be deterred effectively with most current methods which focused on characterizing past threats. Adaptive anomaly detection (AAD) is among the most promising techniques to detect evolving cyberattacks focused on fast data processing and model adaptation. AAD has been researched in the literature extensively; however, to the best of our knowledge, our work is the first systematic literature review (SLR) on the current research within this field. We present a comprehensive SLR, gathering 397 relevant papers and systematically analyzing 65 of them (47 research and 18 survey papers) on AAD in CPS studies from 2013 to 2023 (November). We introduce a novel taxonomy considering attack types, CPS application, learning paradigm, data management, and algorithms. Our analysis indicates, among other findings, that reviewed works focused on a single aspect of adaptation (either data processing or model adaptation) but rarely in both at the same time. We aim to help researchers to advance the state of the art and help practitioners to become familiar with recent progress in this field. We identify the limitations of the state of the art and provide recommendations for future research directions.

翻译：现代信息物理系统(CPS)中的网络攻击快速发展，而当前多数方法主要关注刻画历史威胁，难以有效应对。自适应异常检测(AAD)是最具前景的检测演化型网络攻击的技术之一，其核心在于快速数据处理与模型自适应。尽管AAD已在文献中得到广泛研究，但据我们所知，本研究是该领域首次开展的系统性文献综述(SLR)。我们通过全面的SLR方法，收集了397篇相关文献，并系统分析了其中65篇（47篇研究论文与18篇综述论文），这些论文涵盖了2013年至2023年11月期间CPS中AAD的研究。我们提出了一种新颖的分类体系，涵盖攻击类型、CPS应用领域、学习范式、数据管理及算法等多个维度。分析结果表明，现有研究多集中于自适应过程的单一维度（数据处理或模型自适应），而鲜有同时兼顾两者的工作。本研究旨在帮助研究人员推动该领域前沿进展，并协助从业者了解最新研究动态。我们指出了当前研究存在的局限性，并为未来研究方向提出了建议。