Reconciling security verification with operational data privacy in critical infrastructure regulation remains challenging. Method: This paper proposes the first attack detection framework supporting zero-knowledge verification of temporal alarm authenticity, built upon a dual-track zk-SNARK architecture that jointly integrates state-space modeling and residual-driven statistical hypothesis testing—ensuring both temporal consistency of system-state evolution and verifiability of statistical significance. Contribution/Results: It is the first to enable zero-knowledge compliance proofs for ICS temporal anomaly alerts without exposing raw operational data. Evaluated on real-world industrial control system datasets, the framework achieves high efficiency (proof generation <1.5 s), rigorous security (under SNARKs’ trusted setup assumptions), and strong privacy guarantees, enabling scalable deployment. It establishes a verifiable, practical technical paradigm for privacy-preserving regulatory oversight.

Industrial control systems (ICS) form the operational backbone of critical infrastructure networks (CIN) such as power grids, water supply systems, and gas pipelines. As cyber threats to these systems escalate, regulatory agencies are imposing stricter compliance requirements to ensure system-wide security and reliability. A central challenge, however, is enabling regulators to verify the effectiveness of detection mechanisms without requiring utilities to disclose sensitive operational data. In this paper, we introduce zkSTAR, a cyberattack detection framework that leverages zk-SNARKs to reconcile these requirements and enable provable detection guarantees while preserving data confidentiality. Our approach builds on established residual-based statistical hypothesis testing methods applied to state-space detection models. Specifically, we design a two-pronged zk-SNARK architecture that enforces temporal consistency of the state-space dynamics and statistical consistency of the detection tests, allowing regulators to temporally verify alarm correctness without visibility into utility-level data. We formally analyze the soundness and zero knowledge properties of our framework and validate its practical feasibility through computational experiments on real-world ICS datasets. As a result, our work demonstrates a scalable, privacy-preserving alternative for regulatory compliance for ICS driven critical infrastructure networks.