Abstract:
Due to the lack of effective attack detection measures, cyberattacks may cause strong damage to industrial cyber–physical systems (CPSs). The embedding of attack categori...Show MoreMetadata
Abstract:
Due to the lack of effective attack detection measures, cyberattacks may cause strong damage to industrial cyber–physical systems (CPSs). The embedding of attack categories learned by the existing attack detection methods is highly coupled to each other with fuzzy boundaries and overlapped neighborhood, leading to weak robustness and high false positive rates. To address these issues, in this article, we propose a few-shot attack detection method based on decoupled prototype learning (DPL-FSAD), aiming to enhance the detection accuracy and generalization capabilities for malicious attacks in CPS. Specifically, we first introduce feature contrastive learning to extract differentiated features from highly similar samples, achieving compact intraclass and sparse interclass feature embedding space. To solve the problem of fuzzy boundaries of different attack categories, prototype contrastive learning is then employed to reduce the coupling degree among prototypes and enhance their discriminability. A regularization term is exploited to mitigate the overfitting problem by reducing the gap between the feature embedding and prototypes. Furthermore, an orthogonal constraint is employed to separate prototypes of different attack types, generating a decoupled prototype embedding space. The experimental results on three public cyberattack datasets show that, compared with the suboptimal model a few-shot learning model with Siamese convolutional neural network (FSL-SCNN), the proposed DPL-FSAD can improve the precision by 5.53%, F1-score by 3.3%, and reduce the false positive rate by 2.37% in average, which proves that the space decoupled prototype learning is effective for improving the generalization and robustness of industrial CPS attack detection in few-shot scenario.
Published in: IEEE Transactions on Industrial Informatics ( Volume: 20, Issue: 10, October 2024)