This research addresses the challenge of anomaly detection in Industrial Control Systems (ICS), recognizing the increasing importance of cyber security in these environments due to recent incidents and evolving technical and regulatory frameworks and mechanisms introduced. It does that by proposing a comprehensive hybrid modelling approach to anomaly detection that bridges the gap between theoretical research and practical applications in real-world industrial settings. Specifically, this methodology focuses on generating a custom dataset for anomaly detection, avoiding the limitations associated with artificial datasets. It does that by merging expert-based formal modelling with Machine Learning (ML) modelling in a Model-Driven Engineering approach aiming at assuring the security and reliability of critical control systems from the transportation and logistics domains. This research contributes to these fields by offering a logical, traceable, and adaptable framework for anomaly detection in ICS, addressing the current challenges identified in literature and regulatory requirements.