Low-latency and interpretable intrusion detection for IIoT using self-supervised learning with entropy-based masking

The Industrial Internet of Things (IIoT) has enhanced data connectivity across domains like smart city and industry. But this advancement has also created several security risks necessitating robust security measures. One critical challenge in developing effective intrusion detection systems (IDS) for IIoT is class imbalance in training datasets. In most cases, benign traffic predominates, leading to biased model training and underperformance in detecting rare attacks. To address these issues and effectively detect both normal and various attack categories, even with label scarcity and class imbalance, we propose a low-latency gradient boosting framework for efficient intrusion detection. Our approach uses Self-supervised learning (SSL) to improve efficiency and robustness. This hybrid approach employs a Masked Autoencoder (MAE) for robust representation extraction from unlabeled data, followed by classification using LightGBM. To enhance the learning capability of proposed framework, we fuse an entropy-based masking strategy within the MAE. This allows features with high uncertainty to be masked with high probability during training. This targeted feature selection enables the model to reconstruct the most informative features. As a result, the model’s robustness is improved and it can capture strong feature dependencies, even in the presence of imbalanced and label-scarce data. We validate our model’s effectiveness on three publicly available datasets i.e. BoT-IoT, ToN-IoT, and WUSTL-IIoT. Proposed framework improves inference time by a factor of 104 over State-of-The-Art (SOTA) methods. It also achieves a precision, recall and F1-score of 99%, 93% and 95% respectively which are comparable to existing SOTA methods.