This work addresses the challenge of logic-layer deception attacks in industrial water treatment systems, which can subvert the causal logic of control processes without triggering conspicuous numerical anomalies, thereby evading conventional threshold-based or computationally intensive detection mechanisms. To counter this threat, the authors propose Ti-iLSTM, a lightweight on-device anomaly detection framework that uniquely integrates logic-aware supervision with Tiny Deep Learning–based sequence modeling. Designed for resource-constrained programmable logic controllers (PLCs), Ti-iLSTM achieves highly accurate and efficient detection of logic-layer anomalies. Through strategic model compression and deployment optimizations, the framework substantially reduces memory footprint and computational overhead while attaining an F1-score of 0.983 and ROC-AUC of 0.998 on the SWaT dataset. Its cross-scenario applicability is further validated on the WADI dataset.

Industrial Water Treatment Systems (IWTS) are safety critical cyber-physical infrastructures and due to increased connectivity, these systems are exposed to cyber threats that can manipulate process behaviour without creating obvious devices outliers. In particular, logic-layer deception anomalies can preserve numerically plausible measurements while breaking expected cause-and-effect relationships in the control process. These attacks are difficult to detect using threshold-based monitoring or require heavy server-oriented anomaly detection models. This paper explores the potential of Tiny Deep Learning (TinyDL) to provide lightweight on-device logic-level anomaly detection for resource constrained Programmable Logic Controllers (PLCs). We propose a novel framework, TinyDL-based incremental LSTM (Ti-iLSTM) which optimises the memory and space foot print of Long Short-Term Memory (LSTM), to detect logic-layer inconsistencies in Programmable Logic Controller (PLC) based Industrial Water Treatment Systems (IWTS). Experiments on the publicly available SWaT dataset show that the optimised model achieves high detection performance (F1-score=0.983 and ROC-AUC=0.998). A deployment-style validation on the WADI dataset confirms that the proposed light-weight framework remains applicable beyond a single dataset. The research demonstrates that combining logic-aware supervision with Tiny Deep Learning (TinyDL) sequence learning creates an efficient and accurate anomaly detection suitable for resource constrained Programmable Logic Controllers (PLCs) in industrial environments.