A Lightweight and Dynamic Open-Set Intrusion Detection for Industrial Internet of Things

Abstract

Recently intrusion detection technology has been deployed in the Industrial Internet of Things (IIoT), which is an efficacious approach to enhancing security. However, identifying previously unseen and unknown attacks, referred to as the open-set problem, has become increasingly difficult due to the openness of IoT architecture and the continuous evolution of attack patterns. Moreover, existing open-set intrusion detection solutions are challenging to be applied directly to IIoT because of their unique characteristics, such as limited computational and storage capabilities, long detection times, and the inability to continuously learn. In this paper, we propose an efficient, lightweight, and dynamic open-set intrusion detection scheme for IIoT. It consists of three stages: the known attack classification stage focuses on extracting features from known data to efficiently classify normal data and known attacks; the unknown attack recognition stage analyzes the distribution of reconstruction errors to effectively distinguish between known data and unknown attacks; and the dynamic update detection stage introduces a lightweight detection architecture for unknown attacks detection, significantly reducing the computational overhead and storage requirements of IIoT devices. Simultaneously, it learns from and updates with newly detected unknown attacks to further optimize detection capabilities. We conduct experiments on four widely used datasets to evaluate the performance of open-set intrusion detection for IIoT. The experimental results delineate the superiority of our proposed method over four state-of-the-art approaches in open-set intrusion detection. Meanwhile, our proposed lightweight model updating method significantly reduces detection time by over 65% and memory overhead by over 80% compared to retraining methods, while achieving an average detection accuracy of 96%.