Existing CPS anomaly detection methods rely on static datasets, exhibiting poor generalization and limited resilience against unknown stealthy attacks. To address this, we propose Evo-Defender—a novel evolutionary defense framework grounded in a dynamic, closed-loop adversarial co-evolution paradigm. The attacker module employs guided fuzzing coupled with evolutionary algorithms to generate diverse, non-redundant attack scenarios; the defender leverages incremental learning to continuously refine its detection model, thereby enhancing robustness against previously unseen attacks. Evaluated on two real-world CPS testbeds—the Tennessee Eastman process and a robotic assembly station—Evo-Defender achieves up to a 2.7% end-to-end detection performance gain over state-of-the-art methods under unknown attack conditions, while significantly improving training data efficiency and model adaptation speed. Its core contribution lies in pioneering the integration of evolution-driven, co-adaptive attack-defense mechanisms into CPS security, enabling sustained, autonomous enhancement of detection capability.

Cyber-physical systems (CPSs) are used extensively in critical infrastructure, underscoring the need for anomaly detection systems that are able to catch even the most motivated attackers. Traditional anomaly detection techniques typically do `one-off' training on datasets crafted by experts or generated by fuzzers, potentially limiting their ability to generalize to unseen and more subtle attack strategies. Stopping at this point misses a key opportunity: a defender can actively challenge the attacker to find more nuanced attacks, which in turn can lead to more effective detection capabilities. Building on this concept, we propose Evo-Defender, an evolutionary framework that iteratively strengthens CPS defenses through a dynamic attacker-defender interaction. Evo-Defender includes a smart attacker that employs guided fuzzing to explore diverse, non-redundant attack strategies, while the self-evolving defender uses incremental learning to adapt to new attack patterns. We implement Evo-Defender on two realistic CPS testbeds: the Tennessee Eastman process and a Robotic Arm Assembly Workstation, injecting over 600 attack scenarios. In end-to-end attack detection experiments, Evo-Defender achieves up to 2.7% higher performance than state-of-the-art baselines on unseen scenarios, while utilizing training data more efficiently for faster and more robust detection.