Minyue Wu;Ying Zheng;David Shan-Hill Wong;Yanwei Wang;Xiaoya Hu
{"title":"TRACER: Attack-Aware Divide-and-Conquer Transformer for Intrusion Detection in Industrial Internet of Things","authors":"Minyue Wu;Ying Zheng;David Shan-Hill Wong;Yanwei Wang;Xiaoya Hu","doi":"10.1109/TII.2025.3547050","DOIUrl":null,"url":null,"abstract":"Industrial Internet of Things (IIoT) enables smart factories, production, and logistics. However, any vulnerability in the network can lead to severe consequences for both industries and individuals. Being essential cybersecurity tools for IIoT, intrusion detection systems (IDS) play an important role in detecting network attacks. However, IDS can suffer from inaccuracy due to the rare nature of cyberattacks, a.k.a. sample imbalance. In this article, we introduce a transformer-based model termed aTtack-awaRe divide-And-ConquEr tRansformer (<sc>Tracer</small>) for both anomaly detection and attack classification, which only needs network traffic data instead of content data. In particular, <sc>Tracer</small> incorporates attack-aware learnable queries to enhance category-specific information. A hierarchical divide-and-conquer decoder is also designed tailored to these queries, which is effective in enhancing the accuracy of minority classes. <sc>Tracer</small> aims to detect complex, imbalanced traffic attacks without the need for data balancing samplers or separate classifiers. <sc>Tracer</small> achieves remarkable 98.8% accuracy in anomaly detection on the UNSW-NB15 dataset, with 0.3% false alarm rate. It also reports multiclass attack accuracy of 86.02%, 96.17%, and 99.48% on the UNSW-NB15, Edge-IIoT, and CICIDS-2017 dataset, respectively, increasing the detection accuracy by about 1%–10%. The results suggest our <sc>Tracer</small> model shows potential to be an effective and easy-to-use solution for generic intrusion detection in IIoT.","PeriodicalId":13301,"journal":{"name":"IEEE Transactions on Industrial Informatics","volume":"21 6","pages":"4924-4934"},"PeriodicalIF":11.7000,"publicationDate":"2025-03-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Industrial Informatics","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10931790/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Industrial Internet of Things (IIoT) enables smart factories, production, and logistics. However, any vulnerability in the network can lead to severe consequences for both industries and individuals. Being essential cybersecurity tools for IIoT, intrusion detection systems (IDS) play an important role in detecting network attacks. However, IDS can suffer from inaccuracy due to the rare nature of cyberattacks, a.k.a. sample imbalance. In this article, we introduce a transformer-based model termed aTtack-awaRe divide-And-ConquEr tRansformer (Tracer) for both anomaly detection and attack classification, which only needs network traffic data instead of content data. In particular, Tracer incorporates attack-aware learnable queries to enhance category-specific information. A hierarchical divide-and-conquer decoder is also designed tailored to these queries, which is effective in enhancing the accuracy of minority classes. Tracer aims to detect complex, imbalanced traffic attacks without the need for data balancing samplers or separate classifiers. Tracer achieves remarkable 98.8% accuracy in anomaly detection on the UNSW-NB15 dataset, with 0.3% false alarm rate. It also reports multiclass attack accuracy of 86.02%, 96.17%, and 99.48% on the UNSW-NB15, Edge-IIoT, and CICIDS-2017 dataset, respectively, increasing the detection accuracy by about 1%–10%. The results suggest our Tracer model shows potential to be an effective and easy-to-use solution for generic intrusion detection in IIoT.
期刊介绍:
The IEEE Transactions on Industrial Informatics is a multidisciplinary journal dedicated to publishing technical papers that connect theory with practical applications of informatics in industrial settings. It focuses on the utilization of information in intelligent, distributed, and agile industrial automation and control systems. The scope includes topics such as knowledge-based and AI-enhanced automation, intelligent computer control systems, flexible and collaborative manufacturing, industrial informatics in software-defined vehicles and robotics, computer vision, industrial cyber-physical and industrial IoT systems, real-time and networked embedded systems, security in industrial processes, industrial communications, systems interoperability, and human-machine interaction.