Clustering-Enhanced Domain Adaptation for Cross-Domain Intrusion Detection in Industrial Control Systems
Summary: arXiv:2604.12183v1 Announce Type: cross
Abstract
Industrial control systems operate in dynamic environments where traffic distributions vary across scenarios, labeled samples are limited, and unknown attacks frequently emerge, posing significant challenges to cross-domain intrusion detection. To address this issue, this paper proposes a clustering-enhanced domain adaptation method for industrial control traffic.
Framework Overview
The proposed framework consists of two key components aimed at enhancing the efficiency and accuracy of intrusion detection in industrial control systems:
- Feature-Based Transfer Learning Module: This module projects source and target domains into a shared latent subspace through spectral-transform-based feature alignment. It iteratively reduces distribution discrepancies, enabling accurate cross-domain detection.
- Clustering Enhancement Strategy: This strategy combines K-Medoids clustering with PCA-based dimensionality reduction to improve cross-domain correlation estimation. It also aims to reduce performance degradation caused by manual parameter tuning.
Experimental Results
The experimental results demonstrate significant improvements in detecting unknown attacks compared to five baseline models:
- Detection accuracy increased by up to 49%.
- F-score exhibited larger gains, indicating enhanced performance in precision and recall.
- The method demonstrated stronger stability across various scenarios.
Furthermore, the clustering enhancement strategy further boosts detection accuracy by up to 26% on representative tasks, showcasing the effectiveness of the proposed method.
Conclusion
The findings suggest that the proposed clustering-enhanced domain adaptation method effectively alleviates data scarcity and domain shift issues, providing a practical solution for robust cross-domain intrusion detection in dynamic industrial environments. This advancement not only enhances the security of industrial control systems but also opens avenues for future research in the field of intrusion detection.