This paper proposes a hybrid anomaly detection method for Cyber-Physical Systems (CPSs) that combines signature-based detection for known threats, threshold-based metrics for immutable physical characteristics, and behavior-based detection using Ensemble Learning (EL). The method aims to improve predictive performance over traditional ML-based approaches. The hybrid approach uses a divide-and-conquer strategy to offload detection of certain threats to computationally inexpensive methods, reducing the need for large behavioral datasets. The method was validated using two public datasets, Edge-IIoTset2023 and CICIoT2023, showing accuracy improvements of 4–7% over conventional ML classifiers. The study highlights the effectiveness of EL in handling imbalanced datasets and improving predictive performance in CPS environments. The paper also discusses the challenges of anomaly detection in CPSs, including the scarcity of real-world data and the need for robust, scalable methods. The proposed method leverages multiple ML algorithms to enhance accuracy, with results showing that boosting ensemble methods achieved the highest accuracy improvements. The study concludes that EL is a promising approach for anomaly detection in CPSs, offering higher accuracy and better performance in diverse environments. The paper also emphasizes the importance of interpretability and the need for careful selection of base classifiers to maximize strengths and minimize weaknesses. The results demonstrate that EL can significantly improve the predictive performance of anomaly detection in CPSs, making it a valuable tool for enhancing system availability and safety.This paper proposes a hybrid anomaly detection method for Cyber-Physical Systems (CPSs) that combines signature-based detection for known threats, threshold-based metrics for immutable physical characteristics, and behavior-based detection using Ensemble Learning (EL). The method aims to improve predictive performance over traditional ML-based approaches. The hybrid approach uses a divide-and-conquer strategy to offload detection of certain threats to computationally inexpensive methods, reducing the need for large behavioral datasets. The method was validated using two public datasets, Edge-IIoTset2023 and CICIoT2023, showing accuracy improvements of 4–7% over conventional ML classifiers. The study highlights the effectiveness of EL in handling imbalanced datasets and improving predictive performance in CPS environments. The paper also discusses the challenges of anomaly detection in CPSs, including the scarcity of real-world data and the need for robust, scalable methods. The proposed method leverages multiple ML algorithms to enhance accuracy, with results showing that boosting ensemble methods achieved the highest accuracy improvements. The study concludes that EL is a promising approach for anomaly detection in CPSs, offering higher accuracy and better performance in diverse environments. The paper also emphasizes the importance of interpretability and the need for careful selection of base classifiers to maximize strengths and minimize weaknesses. The results demonstrate that EL can significantly improve the predictive performance of anomaly detection in CPSs, making it a valuable tool for enhancing system availability and safety.