TRACER: Attack-Aware Divide-and-Conquer Transformer for Intrusion Detection in Industrial Internet of Things

IF 11.7 1区 计算机科学 Q1 AUTOMATION & CONTROL SYSTEMS
Minyue Wu;Ying Zheng;David Shan-Hill Wong;Yanwei Wang;Xiaoya Hu
{"title":"TRACER: Attack-Aware Divide-and-Conquer Transformer for Intrusion Detection in Industrial Internet of Things","authors":"Minyue Wu;Ying Zheng;David Shan-Hill Wong;Yanwei Wang;Xiaoya Hu","doi":"10.1109/TII.2025.3547050","DOIUrl":null,"url":null,"abstract":"Industrial Internet of Things (IIoT) enables smart factories, production, and logistics. However, any vulnerability in the network can lead to severe consequences for both industries and individuals. Being essential cybersecurity tools for IIoT, intrusion detection systems (IDS) play an important role in detecting network attacks. However, IDS can suffer from inaccuracy due to the rare nature of cyberattacks, a.k.a. sample imbalance. In this article, we introduce a transformer-based model termed aTtack-awaRe divide-And-ConquEr tRansformer (<sc>Tracer</small>) for both anomaly detection and attack classification, which only needs network traffic data instead of content data. In particular, <sc>Tracer</small> incorporates attack-aware learnable queries to enhance category-specific information. A hierarchical divide-and-conquer decoder is also designed tailored to these queries, which is effective in enhancing the accuracy of minority classes. <sc>Tracer</small> aims to detect complex, imbalanced traffic attacks without the need for data balancing samplers or separate classifiers. <sc>Tracer</small> achieves remarkable 98.8% accuracy in anomaly detection on the UNSW-NB15 dataset, with 0.3% false alarm rate. It also reports multiclass attack accuracy of 86.02%, 96.17%, and 99.48% on the UNSW-NB15, Edge-IIoT, and CICIDS-2017 dataset, respectively, increasing the detection accuracy by about 1%–10%. The results suggest our <sc>Tracer</small> model shows potential to be an effective and easy-to-use solution for generic intrusion detection in IIoT.","PeriodicalId":13301,"journal":{"name":"IEEE Transactions on Industrial Informatics","volume":"21 6","pages":"4924-4934"},"PeriodicalIF":11.7000,"publicationDate":"2025-03-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Industrial Informatics","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10931790/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Industrial Internet of Things (IIoT) enables smart factories, production, and logistics. However, any vulnerability in the network can lead to severe consequences for both industries and individuals. Being essential cybersecurity tools for IIoT, intrusion detection systems (IDS) play an important role in detecting network attacks. However, IDS can suffer from inaccuracy due to the rare nature of cyberattacks, a.k.a. sample imbalance. In this article, we introduce a transformer-based model termed aTtack-awaRe divide-And-ConquEr tRansformer (Tracer) for both anomaly detection and attack classification, which only needs network traffic data instead of content data. In particular, Tracer incorporates attack-aware learnable queries to enhance category-specific information. A hierarchical divide-and-conquer decoder is also designed tailored to these queries, which is effective in enhancing the accuracy of minority classes. Tracer aims to detect complex, imbalanced traffic attacks without the need for data balancing samplers or separate classifiers. Tracer achieves remarkable 98.8% accuracy in anomaly detection on the UNSW-NB15 dataset, with 0.3% false alarm rate. It also reports multiclass attack accuracy of 86.02%, 96.17%, and 99.48% on the UNSW-NB15, Edge-IIoT, and CICIDS-2017 dataset, respectively, increasing the detection accuracy by about 1%–10%. The results suggest our Tracer model shows potential to be an effective and easy-to-use solution for generic intrusion detection in IIoT.
TRACER:用于工业物联网入侵检测的攻击感知分治变压器
工业物联网(IIoT)实现了智能工厂、智能生产和智能物流。然而,网络中的任何漏洞都可能给行业和个人带来严重后果。入侵检测系统(IDS)是工业物联网必不可少的网络安全工具,在检测网络攻击方面发挥着重要作用。然而,由于网络攻击的罕见性,IDS可能会出现不准确的情况,即样本不平衡。在本文中,我们介绍了一种基于转换器的模型,称为攻击感知分治转换器(Tracer),用于异常检测和攻击分类,它只需要网络流量数据,而不需要内容数据。特别是,Tracer集成了攻击感知的可学习查询,以增强特定类别的信息。还针对这些查询设计了分层分治解码器,有效地提高了少数类的准确性。Tracer旨在检测复杂的、不平衡的流量攻击,而不需要数据平衡采样器或单独的分类器。Tracer在UNSW-NB15数据集上的异常检测准确率达到了惊人的98.8%,虚警率为0.3%。在UNSW-NB15、Edge-IIoT和CICIDS-2017数据集上,多类攻击准确率分别达到86.02%、96.17%和99.48%,检测准确率提高约1%-10%。结果表明,我们的Tracer模型显示出成为工业物联网中通用入侵检测的有效且易于使用的解决方案的潜力。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IEEE Transactions on Industrial Informatics
IEEE Transactions on Industrial Informatics 工程技术-工程:工业
CiteScore
24.10
自引率
8.90%
发文量
1202
审稿时长
5.1 months
期刊介绍: The IEEE Transactions on Industrial Informatics is a multidisciplinary journal dedicated to publishing technical papers that connect theory with practical applications of informatics in industrial settings. It focuses on the utilization of information in intelligent, distributed, and agile industrial automation and control systems. The scope includes topics such as knowledge-based and AI-enhanced automation, intelligent computer control systems, flexible and collaborative manufacturing, industrial informatics in software-defined vehicles and robotics, computer vision, industrial cyber-physical and industrial IoT systems, real-time and networked embedded systems, security in industrial processes, industrial communications, systems interoperability, and human-machine interaction.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信