Causal Inference-Based Adversarial Domain Adaptation for Cross-Domain Industrial Intrusion Detection

Causal Inference-Based Adversarial Domain Adaptation for Cross-Domain Industrial Intrusion Detection

The intrusion detection system (IDS) ensures the safe and stable operation of the industrial control system (ICS). However, due to the lack of data in ICS and the influences of numerous communication protocols, the detection performance of the IDS constructed with the unbalanced dataset of ICS is li...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on industrial informatics 2025-01, Vol.21 (1), p.970-979
Hauptverfasser: Chen, Yongle, Ji, Yubo, Wang, Haoran, Hao, Xiaoyan, Yang, Yuli, Ma, Yao, Yu, Dan
Format: Artikel
Sprache:eng
Schlagworte:
Adaptation models
Adversarial domain adaptation
causal inference
Data models
Datasets
Feature extraction
Industrial control
industrial control system (ICS)
Industrial electronics
Inference
Integrated circuit modeling
Intrusion detection
Intrusion detection systems
Payloads
Protocols
Target detection
Training
Transfer learning
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 979
container_issue 1
container_start_page 970
container_title IEEE transactions on industrial informatics
container_volume 21
creator Chen, Yongle
Ji, Yubo
Wang, Haoran
Hao, Xiaoyan
Yang, Yuli
Ma, Yao
Yu, Dan
description The intrusion detection system (IDS) ensures the safe and stable operation of the industrial control system (ICS). However, due to the lack of data in ICS and the influences of numerous communication protocols, the detection performance of the IDS constructed with the unbalanced dataset of ICS is limited. In this article, a causal inference-based adversarial adaptive approach is proposed to improve the detection performance. First, the data feature space mapping between cross-domain datasets is realized through causal inference. Second, the graph structure relationship and time series features contained in the data features are mined and two-dimensional. Finally, IDS is constructed through common domain-adversarial transfer learning based on high-impact features and fine-tuning based on remaining features. This method can not only construct a cross-application or cross-protocol IDS with a high F1-score for imbalanced data, but also detect some new attacks in the target domain. As for the problem of cross-domain data imbalance, the F1-scores of the trained ICS model in the two cross-domain tasks respectively reached 97.27% and 97.78%. In the detection of new attacks in the target domain, the trained ICS model achieved an average F1-score of 97% for known attacks and the best F1-scores of the two cross-domain tasks reached 90% and 56%.
doi_str_mv 10.1109/TII.2024.3470902
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_ieee_primary_10721255</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10721255</ieee_id><sourcerecordid>3155821018</sourcerecordid><originalsourceid>FETCH-LOGICAL-c175t-5a29e6d68bf4e32003f3be19d3092beeaf008abf08defbbdc571e544942394f13</originalsourceid><addsrcrecordid>eNpNkDtPwzAQgC0EEqWwMzBEYk45v5p4LCmPSJVYymw58VlK1SbFdpD49zi0A9NZd9_57j5C7iksKAX1tK3rBQMmFlwUoIBdkBlVguYAEi7TW0qacwb8mtyEsAPgBXA1I7YyYzD7rO4deuxbzJ9NQJut7Df6YHyXauvhYLo-pcwxmtgNfeYGn1V-CCE_1-rejiH-0XUf_Rgmao0R24m_JVfO7APeneOcfL6-bKv3fPPxVlerTd7SQsZcGqZwaZdl4wSmXYE73iBVloNiDaJxAKVpHJQWXdPYVhYUpRBKMK6Eo3xOHk__Hv3wNWKIejeMvk8jNU8CSkaBlomCE9VOF3h0-ui7g_E_moKeXOrkUk8u9dllank4tXSI-A8vGGVS8l_nRnDU</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3155821018</pqid></control><display><type>article</type><title>Causal Inference-Based Adversarial Domain Adaptation for Cross-Domain Industrial Intrusion Detection</title><source>IEEE Electronic Library (IEL)</source><creator>Chen, Yongle ; Ji, Yubo ; Wang, Haoran ; Hao, Xiaoyan ; Yang, Yuli ; Ma, Yao ; Yu, Dan</creator><creatorcontrib>Chen, Yongle ; Ji, Yubo ; Wang, Haoran ; Hao, Xiaoyan ; Yang, Yuli ; Ma, Yao ; Yu, Dan</creatorcontrib><description>The intrusion detection system (IDS) ensures the safe and stable operation of the industrial control system (ICS). However, due to the lack of data in ICS and the influences of numerous communication protocols, the detection performance of the IDS constructed with the unbalanced dataset of ICS is limited. In this article, a causal inference-based adversarial adaptive approach is proposed to improve the detection performance. First, the data feature space mapping between cross-domain datasets is realized through causal inference. Second, the graph structure relationship and time series features contained in the data features are mined and two-dimensional. Finally, IDS is constructed through common domain-adversarial transfer learning based on high-impact features and fine-tuning based on remaining features. This method can not only construct a cross-application or cross-protocol IDS with a high F1-score for imbalanced data, but also detect some new attacks in the target domain. As for the problem of cross-domain data imbalance, the F1-scores of the trained ICS model in the two cross-domain tasks respectively reached 97.27% and 97.78%. In the detection of new attacks in the target domain, the trained ICS model achieved an average F1-score of 97% for known attacks and the best F1-scores of the two cross-domain tasks reached 90% and 56%.</description><identifier>ISSN: 1551-3203</identifier><identifier>EISSN: 1941-0050</identifier><identifier>DOI: 10.1109/TII.2024.3470902</identifier><identifier>CODEN: ITIICH</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Adaptation models ; Adversarial domain adaptation ; causal inference ; Data models ; Datasets ; Feature extraction ; Industrial control ; industrial control system (ICS) ; Industrial electronics ; Inference ; Integrated circuit modeling ; Intrusion detection ; Intrusion detection systems ; Payloads ; Protocols ; Target detection ; Training ; Transfer learning</subject><ispartof>IEEE transactions on industrial informatics, 2025-01, Vol.21 (1), p.970-979</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2025</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c175t-5a29e6d68bf4e32003f3be19d3092beeaf008abf08defbbdc571e544942394f13</cites><orcidid>0009-0001-9367-9256 ; 0000-0003-0999-8543 ; 0000-0002-1000-1109</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10721255$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10721255$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Chen, Yongle</creatorcontrib><creatorcontrib>Ji, Yubo</creatorcontrib><creatorcontrib>Wang, Haoran</creatorcontrib><creatorcontrib>Hao, Xiaoyan</creatorcontrib><creatorcontrib>Yang, Yuli</creatorcontrib><creatorcontrib>Ma, Yao</creatorcontrib><creatorcontrib>Yu, Dan</creatorcontrib><title>Causal Inference-Based Adversarial Domain Adaptation for Cross-Domain Industrial Intrusion Detection</title><title>IEEE transactions on industrial informatics</title><addtitle>TII</addtitle><description>The intrusion detection system (IDS) ensures the safe and stable operation of the industrial control system (ICS). However, due to the lack of data in ICS and the influences of numerous communication protocols, the detection performance of the IDS constructed with the unbalanced dataset of ICS is limited. In this article, a causal inference-based adversarial adaptive approach is proposed to improve the detection performance. First, the data feature space mapping between cross-domain datasets is realized through causal inference. Second, the graph structure relationship and time series features contained in the data features are mined and two-dimensional. Finally, IDS is constructed through common domain-adversarial transfer learning based on high-impact features and fine-tuning based on remaining features. This method can not only construct a cross-application or cross-protocol IDS with a high F1-score for imbalanced data, but also detect some new attacks in the target domain. As for the problem of cross-domain data imbalance, the F1-scores of the trained ICS model in the two cross-domain tasks respectively reached 97.27% and 97.78%. In the detection of new attacks in the target domain, the trained ICS model achieved an average F1-score of 97% for known attacks and the best F1-scores of the two cross-domain tasks reached 90% and 56%.</description><subject>Adaptation models</subject><subject>Adversarial domain adaptation</subject><subject>causal inference</subject><subject>Data models</subject><subject>Datasets</subject><subject>Feature extraction</subject><subject>Industrial control</subject><subject>industrial control system (ICS)</subject><subject>Industrial electronics</subject><subject>Inference</subject><subject>Integrated circuit modeling</subject><subject>Intrusion detection</subject><subject>Intrusion detection systems</subject><subject>Payloads</subject><subject>Protocols</subject><subject>Target detection</subject><subject>Training</subject><subject>Transfer learning</subject><issn>1551-3203</issn><issn>1941-0050</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2025</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpNkDtPwzAQgC0EEqWwMzBEYk45v5p4LCmPSJVYymw58VlK1SbFdpD49zi0A9NZd9_57j5C7iksKAX1tK3rBQMmFlwUoIBdkBlVguYAEi7TW0qacwb8mtyEsAPgBXA1I7YyYzD7rO4deuxbzJ9NQJut7Df6YHyXauvhYLo-pcwxmtgNfeYGn1V-CCE_1-rejiH-0XUf_Rgmao0R24m_JVfO7APeneOcfL6-bKv3fPPxVlerTd7SQsZcGqZwaZdl4wSmXYE73iBVloNiDaJxAKVpHJQWXdPYVhYUpRBKMK6Eo3xOHk__Hv3wNWKIejeMvk8jNU8CSkaBlomCE9VOF3h0-ui7g_E_moKeXOrkUk8u9dllank4tXSI-A8vGGVS8l_nRnDU</recordid><startdate>202501</startdate><enddate>202501</enddate><creator>Chen, Yongle</creator><creator>Ji, Yubo</creator><creator>Wang, Haoran</creator><creator>Hao, Xiaoyan</creator><creator>Yang, Yuli</creator><creator>Ma, Yao</creator><creator>Yu, Dan</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0009-0001-9367-9256</orcidid><orcidid>https://orcid.org/0000-0003-0999-8543</orcidid><orcidid>https://orcid.org/0000-0002-1000-1109</orcidid></search><sort><creationdate>202501</creationdate><title>Causal Inference-Based Adversarial Domain Adaptation for Cross-Domain Industrial Intrusion Detection</title><author>Chen, Yongle ; Ji, Yubo ; Wang, Haoran ; Hao, Xiaoyan ; Yang, Yuli ; Ma, Yao ; Yu, Dan</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c175t-5a29e6d68bf4e32003f3be19d3092beeaf008abf08defbbdc571e544942394f13</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2025</creationdate><topic>Adaptation models</topic><topic>Adversarial domain adaptation</topic><topic>causal inference</topic><topic>Data models</topic><topic>Datasets</topic><topic>Feature extraction</topic><topic>Industrial control</topic><topic>industrial control system (ICS)</topic><topic>Industrial electronics</topic><topic>Inference</topic><topic>Integrated circuit modeling</topic><topic>Intrusion detection</topic><topic>Intrusion detection systems</topic><topic>Payloads</topic><topic>Protocols</topic><topic>Target detection</topic><topic>Training</topic><topic>Transfer learning</topic><toplevel>online_resources</toplevel><creatorcontrib>Chen, Yongle</creatorcontrib><creatorcontrib>Ji, Yubo</creatorcontrib><creatorcontrib>Wang, Haoran</creatorcontrib><creatorcontrib>Hao, Xiaoyan</creatorcontrib><creatorcontrib>Yang, Yuli</creatorcontrib><creatorcontrib>Ma, Yao</creatorcontrib><creatorcontrib>Yu, Dan</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on industrial informatics</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Chen, Yongle</au><au>Ji, Yubo</au><au>Wang, Haoran</au><au>Hao, Xiaoyan</au><au>Yang, Yuli</au><au>Ma, Yao</au><au>Yu, Dan</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Causal Inference-Based Adversarial Domain Adaptation for Cross-Domain Industrial Intrusion Detection</atitle><jtitle>IEEE transactions on industrial informatics</jtitle><stitle>TII</stitle><date>2025-01</date><risdate>2025</risdate><volume>21</volume><issue>1</issue><spage>970</spage><epage>979</epage><pages>970-979</pages><issn>1551-3203</issn><eissn>1941-0050</eissn><coden>ITIICH</coden><abstract>The intrusion detection system (IDS) ensures the safe and stable operation of the industrial control system (ICS). However, due to the lack of data in ICS and the influences of numerous communication protocols, the detection performance of the IDS constructed with the unbalanced dataset of ICS is limited. In this article, a causal inference-based adversarial adaptive approach is proposed to improve the detection performance. First, the data feature space mapping between cross-domain datasets is realized through causal inference. Second, the graph structure relationship and time series features contained in the data features are mined and two-dimensional. Finally, IDS is constructed through common domain-adversarial transfer learning based on high-impact features and fine-tuning based on remaining features. This method can not only construct a cross-application or cross-protocol IDS with a high F1-score for imbalanced data, but also detect some new attacks in the target domain. As for the problem of cross-domain data imbalance, the F1-scores of the trained ICS model in the two cross-domain tasks respectively reached 97.27% and 97.78%. In the detection of new attacks in the target domain, the trained ICS model achieved an average F1-score of 97% for known attacks and the best F1-scores of the two cross-domain tasks reached 90% and 56%.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/TII.2024.3470902</doi><tpages>10</tpages><orcidid>https://orcid.org/0009-0001-9367-9256</orcidid><orcidid>https://orcid.org/0000-0003-0999-8543</orcidid><orcidid>https://orcid.org/0000-0002-1000-1109</orcidid></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1551-3203
ispartof IEEE transactions on industrial informatics, 2025-01, Vol.21 (1), p.970-979
issn 1551-3203
1941-0050
language eng
recordid cdi_ieee_primary_10721255
source IEEE Electronic Library (IEL)
subjects Adaptation models
Adversarial domain adaptation
causal inference
Data models
Datasets
Feature extraction
Industrial control
industrial control system (ICS)
Industrial electronics
Inference
Integrated circuit modeling
Intrusion detection
Intrusion detection systems
Payloads
Protocols
Target detection
Training
Transfer learning
title Causal Inference-Based Adversarial Domain Adaptation for Cross-Domain Industrial Intrusion Detection
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-08T08%3A07%3A44IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Causal%20Inference-Based%20Adversarial%20Domain%20Adaptation%20for%20Cross-Domain%20Industrial%20Intrusion%20Detection&rft.jtitle=IEEE%20transactions%20on%20industrial%20informatics&rft.au=Chen,%20Yongle&rft.date=2025-01&rft.volume=21&rft.issue=1&rft.spage=970&rft.epage=979&rft.pages=970-979&rft.issn=1551-3203&rft.eissn=1941-0050&rft.coden=ITIICH&rft_id=info:doi/10.1109/TII.2024.3470902&rft_dat=%3Cproquest_RIE%3E3155821018%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=3155821018&rft_id=info:pmid/&rft_ieee_id=10721255&rfr_iscdi=true