Lingzi Zhu, Bo Zhao, Jiabao Guo, Minzhi Ji, Junru Peng
{"title":"工业入侵检测的前沿框架:隐私保护、成本友好,并由联邦学习提供支持","authors":"Lingzi Zhu, Bo Zhao, Jiabao Guo, Minzhi Ji, Junru Peng","doi":"10.1007/s10489-025-06404-6","DOIUrl":null,"url":null,"abstract":"<div><p>With the networking of industrially deployed facilities in distributed environments, industrial control systems (ICS) are facing an escalating number of attacks, emphasizing the criticality of intrusion detection systems. Currently, machine learning-based intrusion detection systems have been extensively researched. However, the sensitivity of ICS data poses a challenge of scarce labeled data for these systems. Additionally, distributed ICS necessitate privacy-preserving collaborative detection. To address these challenges, some solutions combining federated learning and transfer learning have been proposed. Nonetheless, these solutions often overlook the clustering characteristics of factory equipment and the constraints posed by limited computational and communication resources. Therefore, we propose GC-FADA, a chained cross-domain collaborative intrusion detection framework, to effectively address the interplay between labeled data scarcity, privacy protection, and resource constraints in ICS intrusion detection techniques. Firstly, GC-FADA used the adversarial domain adaptation scheme to train the local model to alleviate the performance limitation of intrusion detection model caused by labeled data scarcity. Then, to reduce the communication overhead between the nodes in the factory communication network and protect client privacy, GC-FADA utilizes the geographical clustering characteristics of the factory devices and proposes a FL-based grouped chain learning structure to achieve collaborative training. Finally, GC-FADA achieves privacy protection with low computational overhead by utilizing patterns from lightweight pseudo-random generators instead of complex cryptographic primitives. Extensive experiments conducted on real industrial SCADA datasets validate the effectiveness and rationality of the proposed approach, proving that GC-FADA outperforms major domain adaptation methods in terms of accuracy while reducing computation and communication costs. In the cross-domain learning task on the two data sets, the detection accuracy of our GC-FADA reaches 88.7% and 98.29% respectively, and the detection accuracy of various network attacks is mostly more than 90%.</p></div>","PeriodicalId":8041,"journal":{"name":"Applied Intelligence","volume":"55 7","pages":""},"PeriodicalIF":3.4000,"publicationDate":"2025-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A cutting-edge framework for industrial intrusion detection: Privacy-preserving, cost-friendly, and powered by federated learning\",\"authors\":\"Lingzi Zhu, Bo Zhao, Jiabao Guo, Minzhi Ji, Junru Peng\",\"doi\":\"10.1007/s10489-025-06404-6\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>With the networking of industrially deployed facilities in distributed environments, industrial control systems (ICS) are facing an escalating number of attacks, emphasizing the criticality of intrusion detection systems. Currently, machine learning-based intrusion detection systems have been extensively researched. However, the sensitivity of ICS data poses a challenge of scarce labeled data for these systems. Additionally, distributed ICS necessitate privacy-preserving collaborative detection. To address these challenges, some solutions combining federated learning and transfer learning have been proposed. Nonetheless, these solutions often overlook the clustering characteristics of factory equipment and the constraints posed by limited computational and communication resources. Therefore, we propose GC-FADA, a chained cross-domain collaborative intrusion detection framework, to effectively address the interplay between labeled data scarcity, privacy protection, and resource constraints in ICS intrusion detection techniques. Firstly, GC-FADA used the adversarial domain adaptation scheme to train the local model to alleviate the performance limitation of intrusion detection model caused by labeled data scarcity. Then, to reduce the communication overhead between the nodes in the factory communication network and protect client privacy, GC-FADA utilizes the geographical clustering characteristics of the factory devices and proposes a FL-based grouped chain learning structure to achieve collaborative training. Finally, GC-FADA achieves privacy protection with low computational overhead by utilizing patterns from lightweight pseudo-random generators instead of complex cryptographic primitives. Extensive experiments conducted on real industrial SCADA datasets validate the effectiveness and rationality of the proposed approach, proving that GC-FADA outperforms major domain adaptation methods in terms of accuracy while reducing computation and communication costs. In the cross-domain learning task on the two data sets, the detection accuracy of our GC-FADA reaches 88.7% and 98.29% respectively, and the detection accuracy of various network attacks is mostly more than 90%.</p></div>\",\"PeriodicalId\":8041,\"journal\":{\"name\":\"Applied Intelligence\",\"volume\":\"55 7\",\"pages\":\"\"},\"PeriodicalIF\":3.4000,\"publicationDate\":\"2025-04-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Applied Intelligence\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://link.springer.com/article/10.1007/s10489-025-06404-6\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Intelligence","FirstCategoryId":"94","ListUrlMain":"https://link.springer.com/article/10.1007/s10489-025-06404-6","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
A cutting-edge framework for industrial intrusion detection: Privacy-preserving, cost-friendly, and powered by federated learning
With the networking of industrially deployed facilities in distributed environments, industrial control systems (ICS) are facing an escalating number of attacks, emphasizing the criticality of intrusion detection systems. Currently, machine learning-based intrusion detection systems have been extensively researched. However, the sensitivity of ICS data poses a challenge of scarce labeled data for these systems. Additionally, distributed ICS necessitate privacy-preserving collaborative detection. To address these challenges, some solutions combining federated learning and transfer learning have been proposed. Nonetheless, these solutions often overlook the clustering characteristics of factory equipment and the constraints posed by limited computational and communication resources. Therefore, we propose GC-FADA, a chained cross-domain collaborative intrusion detection framework, to effectively address the interplay between labeled data scarcity, privacy protection, and resource constraints in ICS intrusion detection techniques. Firstly, GC-FADA used the adversarial domain adaptation scheme to train the local model to alleviate the performance limitation of intrusion detection model caused by labeled data scarcity. Then, to reduce the communication overhead between the nodes in the factory communication network and protect client privacy, GC-FADA utilizes the geographical clustering characteristics of the factory devices and proposes a FL-based grouped chain learning structure to achieve collaborative training. Finally, GC-FADA achieves privacy protection with low computational overhead by utilizing patterns from lightweight pseudo-random generators instead of complex cryptographic primitives. Extensive experiments conducted on real industrial SCADA datasets validate the effectiveness and rationality of the proposed approach, proving that GC-FADA outperforms major domain adaptation methods in terms of accuracy while reducing computation and communication costs. In the cross-domain learning task on the two data sets, the detection accuracy of our GC-FADA reaches 88.7% and 98.29% respectively, and the detection accuracy of various network attacks is mostly more than 90%.
期刊介绍:
With a focus on research in artificial intelligence and neural networks, this journal addresses issues involving solutions of real-life manufacturing, defense, management, government and industrial problems which are too complex to be solved through conventional approaches and require the simulation of intelligent thought processes, heuristics, applications of knowledge, and distributed and parallel processing. The integration of these multiple approaches in solving complex problems is of particular importance.
The journal presents new and original research and technological developments, addressing real and complex issues applicable to difficult problems. It provides a medium for exchanging scientific research and technological achievements accomplished by the international community.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
