To address severe class imbalance in industrial control network traffic and the semantic distortion introduced by generic oversampling methods such as SMOTE, a protocol-semantics-driven hybrid sampling algorithm (KAK-PACS) is proposed. Sampling is performed on a protocol state automaton integrating protocol semantics and process knowledge. An automaton-constrained dual-trajectory counterfactual strategy generates protocol-compliant minority attack trajectories that closely resemble real attacks, while a kernel-alignment-based condensation mechanism selects representative prototypes from normal samples to achieve information-preserving undersampling. Experiments on the SWaT and PowerCPS datasets show that, on the GTCN detector, Macro-F1 and AUC-PR improve by over 20% compared with no sampling, SMOTE, and TimeGAN, with consistent gains across multiple detectors. The results indicate that KAK-PACS strengthens minority representation without disrupting normal operating structures, improving accuracy and robustness for imbalanced industrial control traffic anomaly detection.