EfficientTransformer: A Dynamic Anomaly Detection Model for Industrial Control Networks
As industrial control network threats become increasingly complex, traditional intrusion detection systems (IDS) struggle to capture implicit relationships due to feature redundancy and intricate feature interactions. This leads to increased computational complexity and higher detection latency, mak...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10902390/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850071919076835328 |
|---|---|
| author | Jinyang Liu Guogang Wang Xuejun Zong Bowei Ning Kan He |
| author_facet | Jinyang Liu Guogang Wang Xuejun Zong Bowei Ning Kan He |
| author_sort | Jinyang Liu |
| collection | DOAJ |
| description | As industrial control network threats become increasingly complex, traditional intrusion detection systems (IDS) struggle to capture implicit relationships due to feature redundancy and intricate feature interactions. This leads to increased computational complexity and higher detection latency, making it difficult for industrial control systems(ICS) to meet the fast and accurate response requirements for security events. In this study, we propose a dynamic anomaly detection model for industrial control networks, named EfficientTransformer. The model uses a 1D Convolutional Neural Network (1D-CNN) to extract local features from the data, while a linear multi-head self-attention mechanism, replacing the traditional Transformer’s multi-head attention mechanism, provides global learning capabilities. This reduces computational complexity and enables efficient parallel learning. Additionally, to address the issue of class imbalance, the model incorporates a weighted cross-entropy loss function that assigns higher weights to the minority class of abnormal traffic, thereby improving the model’s anomaly detection ability. This innovation further mitigates issues of feature redundancy and complex feature interactions, enhancing the model’s dynamic processing capability and accuracy. The method was validated on the Oil and Gas Gathering and Transportation Full-Process Industrial Platform Attack-Defense Field, and the Catalytic Reforming Unit Process Platform at the Key Laboratory of Information Security for the Petrochemical Industry in Liaoning Province. Experimental results show that the proposed EfficientTransformer improves accuracy by 1.01% and 2.26% compared to the standard Transformer on the two datasets and significantly reduces testing time, demonstrating its applicability in the field of industrial information security. |
| format | Article |
| id | doaj-art-95dbaaf0b8c64932a5dc504ab09f5b2b |
| institution | DOAJ |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-95dbaaf0b8c64932a5dc504ab09f5b2b2025-08-20T02:47:10ZengIEEEIEEE Access2169-35362025-01-0113379313794510.1109/ACCESS.2025.354565910902390EfficientTransformer: A Dynamic Anomaly Detection Model for Industrial Control NetworksJinyang Liu0https://orcid.org/0009-0000-0211-865XGuogang Wang1Xuejun Zong2https://orcid.org/0009-0000-0084-2775Bowei Ning3Kan He4College of Information Engineering, Shenyang University of Chemical Technology, Shenyang, Liaoning, ChinaCollege of Information Engineering, Shenyang University of Chemical Technology, Shenyang, Liaoning, ChinaCollege of Information Engineering, Shenyang University of Chemical Technology, Shenyang, Liaoning, ChinaKey Laboratory of Information Security for Petrochemical Industry, Shenyang, Liaoning, ChinaCollege of Information Engineering, Shenyang University of Chemical Technology, Shenyang, Liaoning, ChinaAs industrial control network threats become increasingly complex, traditional intrusion detection systems (IDS) struggle to capture implicit relationships due to feature redundancy and intricate feature interactions. This leads to increased computational complexity and higher detection latency, making it difficult for industrial control systems(ICS) to meet the fast and accurate response requirements for security events. In this study, we propose a dynamic anomaly detection model for industrial control networks, named EfficientTransformer. The model uses a 1D Convolutional Neural Network (1D-CNN) to extract local features from the data, while a linear multi-head self-attention mechanism, replacing the traditional Transformer’s multi-head attention mechanism, provides global learning capabilities. This reduces computational complexity and enables efficient parallel learning. Additionally, to address the issue of class imbalance, the model incorporates a weighted cross-entropy loss function that assigns higher weights to the minority class of abnormal traffic, thereby improving the model’s anomaly detection ability. This innovation further mitigates issues of feature redundancy and complex feature interactions, enhancing the model’s dynamic processing capability and accuracy. The method was validated on the Oil and Gas Gathering and Transportation Full-Process Industrial Platform Attack-Defense Field, and the Catalytic Reforming Unit Process Platform at the Key Laboratory of Information Security for the Petrochemical Industry in Liaoning Province. Experimental results show that the proposed EfficientTransformer improves accuracy by 1.01% and 2.26% compared to the standard Transformer on the two datasets and significantly reduces testing time, demonstrating its applicability in the field of industrial information security.https://ieeexplore.ieee.org/document/10902390/Intrusion detectionindustrial control networktransformer1D-CNNfeature extraction |
| spellingShingle | Jinyang Liu Guogang Wang Xuejun Zong Bowei Ning Kan He EfficientTransformer: A Dynamic Anomaly Detection Model for Industrial Control Networks IEEE Access Intrusion detection industrial control network transformer 1D-CNN feature extraction |
| title | EfficientTransformer: A Dynamic Anomaly Detection Model for Industrial Control Networks |
| title_full | EfficientTransformer: A Dynamic Anomaly Detection Model for Industrial Control Networks |
| title_fullStr | EfficientTransformer: A Dynamic Anomaly Detection Model for Industrial Control Networks |
| title_full_unstemmed | EfficientTransformer: A Dynamic Anomaly Detection Model for Industrial Control Networks |
| title_short | EfficientTransformer: A Dynamic Anomaly Detection Model for Industrial Control Networks |
| title_sort | efficienttransformer a dynamic anomaly detection model for industrial control networks |
| topic | Intrusion detection industrial control network transformer 1D-CNN feature extraction |
| url | https://ieeexplore.ieee.org/document/10902390/ |
| work_keys_str_mv | AT jinyangliu efficienttransformeradynamicanomalydetectionmodelforindustrialcontrolnetworks AT guogangwang efficienttransformeradynamicanomalydetectionmodelforindustrialcontrolnetworks AT xuejunzong efficienttransformeradynamicanomalydetectionmodelforindustrialcontrolnetworks AT boweining efficienttransformeradynamicanomalydetectionmodelforindustrialcontrolnetworks AT kanhe efficienttransformeradynamicanomalydetectionmodelforindustrialcontrolnetworks |