Search papers, labs, and topics across Lattice.
This paper introduces a clustering-enhanced domain adaptation framework to improve cross-domain intrusion detection in industrial control systems. The method uses spectral-transform-based feature alignment to project source and target domains into a shared latent space, and then employs K-Medoids clustering with PCA to enhance cross-domain correlation estimation. Experiments demonstrate that the proposed method significantly improves unknown attack detection accuracy by up to 49% compared to baseline models, and the clustering enhancement strategy further boosts accuracy by up to 26%.
Achieve up to 49% better accuracy in detecting unknown attacks in industrial control systems by cleverly combining transfer learning and clustering to adapt to changing traffic patterns.
Industrial control systems operate in dynamic environments where traffic distributions vary across scenarios, labeled samples are limited, and unknown attacks frequently emerge, posing significant challenges to cross-domain intrusion detection. To address this issue, this paper proposes a clustering-enhanced domain adaptation method for industrial control traffic. The framework contains two key components. First, a feature-based transfer learning module projects source and target domains into a shared latent subspace through spectral-transform-based feature alignment and iteratively reduces distribution discrepancies, enabling accurate cross-domain detection. Second, a clustering enhancement strategy combines K-Medoids clustering with PCA-based dimensionality reduction to improve cross-domain correlation estimation and reduce performance degradation caused by manual parameter tuning. Experimental results show that the proposed method significantly improves unknown attack detection. Compared with five baseline models, it increases detection accuracy by up to 49%, achieves larger gains in F-score, and demonstrates stronger stability. Moreover, the clustering enhancement strategy further boosts detection accuracy by up to 26% on representative tasks. These results suggest that the proposed method effectively alleviates data scarcity and domain shift, providing a practical solution for robust cross-domain intrusion detection in dynamic industrial environments.
