抵御CPS中的新攻击：入侵检测系统的几次类增量适应策略

IF 4.7 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Network and Service Management Pub Date : 2025-02-20 DOI:10.1109/TNSM.2025.3543773

Xinrui Dong;Yingxu Lai;Xiao Zhang;Xinyu Xu

{"title":"抵御CPS中的新攻击：入侵检测系统的几次类增量适应策略","authors":"Xinrui Dong;Yingxu Lai;Xiao Zhang;Xinyu Xu","doi":"10.1109/TNSM.2025.3543773","DOIUrl":null,"url":null,"abstract":"The deep integration of physical devices and communication networks has increased the security risks of cyber-physical systems (CPSs) compared to traditional control systems. Deep learning-based intrusion detection systems (IDSs) play a crucial role in ensuring CPSs security. However, the existing IDSs often rely on known attack features, rendering them unable to withstand emerging new attacks arising from the dynamic evolution of intrusion behaviors. This paper aims to develop an IDSs with high adaptability and strong generalization capabilities, which is capable of rapidly adapting to new attack classes with only a few new samples. To achieve this objective, we propose CAT-IDS, a few-shot class-incremental adaptation strategy for an IDS to counteract new attacks on CPSs. We design a highly symmetric classifier structure for CAT-IDS that can flexibly adjust the classification space to adapt to new attacks. Furthermore, we calibrate the biased distribution formed by a few training samples through statistical feature transfer. In order to prevent the model from forgetting old attack information during the adaptation process, we devise hybrid features for attack detection. These features contain essential information for both old and new class classifications. We demonstrate the effectiveness of CAT-IDS through multiple experiments on three CPSs datasets. The results show that CAT-IDS achieves an average accuracy improvement of approximately 4. 5% compared to the state-of-the-art methods, demonstrating its superior ability to adapt to new attacks while maintaining high performance in classifying existing attacks.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"22 3","pages":"2473-2488"},"PeriodicalIF":4.7000,"publicationDate":"2025-02-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Counteracting New Attacks in CPS: A Few-Shot Class-Incremental Adaptation Strategy for Intrusion Detection System\",\"authors\":\"Xinrui Dong;Yingxu Lai;Xiao Zhang;Xinyu Xu\",\"doi\":\"10.1109/TNSM.2025.3543773\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The deep integration of physical devices and communication networks has increased the security risks of cyber-physical systems (CPSs) compared to traditional control systems. Deep learning-based intrusion detection systems (IDSs) play a crucial role in ensuring CPSs security. However, the existing IDSs often rely on known attack features, rendering them unable to withstand emerging new attacks arising from the dynamic evolution of intrusion behaviors. This paper aims to develop an IDSs with high adaptability and strong generalization capabilities, which is capable of rapidly adapting to new attack classes with only a few new samples. To achieve this objective, we propose CAT-IDS, a few-shot class-incremental adaptation strategy for an IDS to counteract new attacks on CPSs. We design a highly symmetric classifier structure for CAT-IDS that can flexibly adjust the classification space to adapt to new attacks. Furthermore, we calibrate the biased distribution formed by a few training samples through statistical feature transfer. In order to prevent the model from forgetting old attack information during the adaptation process, we devise hybrid features for attack detection. These features contain essential information for both old and new class classifications. We demonstrate the effectiveness of CAT-IDS through multiple experiments on three CPSs datasets. The results show that CAT-IDS achieves an average accuracy improvement of approximately 4. 5% compared to the state-of-the-art methods, demonstrating its superior ability to adapt to new attacks while maintaining high performance in classifying existing attacks.\",\"PeriodicalId\":13423,\"journal\":{\"name\":\"IEEE Transactions on Network and Service Management\",\"volume\":\"22 3\",\"pages\":\"2473-2488\"},\"PeriodicalIF\":4.7000,\"publicationDate\":\"2025-02-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Network and Service Management\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10896749/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network and Service Management","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10896749/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

与传统的控制系统相比，物理设备与通信网络的深度融合增加了网络物理系统（cps）的安全风险。基于深度学习的入侵检测系统（ids）在确保cps安全方面发挥着至关重要的作用。然而，现有的入侵防御系统往往依赖于已知的攻击特征，无法抵御由于入侵行为的动态演变而产生的新攻击。本文的目标是开发一种具有高适应性和强泛化能力的入侵防御系统，能够在少量新样本的情况下快速适应新的攻击类别。为了实现这一目标，我们提出了CAT-IDS，这是一种针对入侵防御系统的几次类别增量适应策略，以抵消对cps的新攻击。我们设计了一种高度对称的CAT-IDS分类器结构，可以灵活调整分类空间以适应新的攻击。此外，我们通过统计特征转移来校准由少数训练样本形成的偏态分布。为了防止模型在适应过程中忘记旧的攻击信息，我们设计了混合特征进行攻击检测。这些特性包含新旧类分类的基本信息。我们通过在三个cps数据集上的多个实验证明了CAT-IDS的有效性。结果表明，CAT-IDS的平均精度提高了约4%。与最先进的方法相比，提高了5%，证明了其在适应新攻击的同时保持对现有攻击分类的高性能的卓越能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Counteracting New Attacks in CPS: A Few-Shot Class-Incremental Adaptation Strategy for Intrusion Detection System

The deep integration of physical devices and communication networks has increased the security risks of cyber-physical systems (CPSs) compared to traditional control systems. Deep learning-based intrusion detection systems (IDSs) play a crucial role in ensuring CPSs security. However, the existing IDSs often rely on known attack features, rendering them unable to withstand emerging new attacks arising from the dynamic evolution of intrusion behaviors. This paper aims to develop an IDSs with high adaptability and strong generalization capabilities, which is capable of rapidly adapting to new attack classes with only a few new samples. To achieve this objective, we propose CAT-IDS, a few-shot class-incremental adaptation strategy for an IDS to counteract new attacks on CPSs. We design a highly symmetric classifier structure for CAT-IDS that can flexibly adjust the classification space to adapt to new attacks. Furthermore, we calibrate the biased distribution formed by a few training samples through statistical feature transfer. In order to prevent the model from forgetting old attack information during the adaptation process, we devise hybrid features for attack detection. These features contain essential information for both old and new class classifications. We demonstrate the effectiveness of CAT-IDS through multiple experiments on three CPSs datasets. The results show that CAT-IDS achieves an average accuracy improvement of approximately 4. 5% compared to the state-of-the-art methods, demonstrating its superior ability to adapt to new attacks while maintaining high performance in classifying existing attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Network and Service Management Computer Science-Computer Networks and Communications

CiteScore

9.30

自引率

15.10%

发文量

325

期刊介绍： IEEE Transactions on Network and Service Management will publish (online only) peerreviewed archival quality papers that advance the state-of-the-art and practical applications of network and service management. Theoretical research contributions (presenting new concepts and techniques) and applied contributions (reporting on experiences and experiments with actual systems) will be encouraged. These transactions will focus on the key technical issues related to: Management Models, Architectures and Frameworks; Service Provisioning, Reliability and Quality Assurance; Management Functions; Enabling Technologies; Information and Communication Models; Policies; Applications and Case Studies; Emerging Technologies and Standards.