IDG-SemiAD: An Immune Detector Generation-Based Collaborative Learning Scheme for Semi-supervised Anomaly Detection in Industrial Cyber-physical Systems

Abstract

Anomaly detection is a critical line of defense to ensure the network security of industrial cyber-physical systems. However, a significant issue in the anomaly detection is the insufficient labels of anomaly classes. With emergence of the new and unknown network attacks, accurately labeling these attacks can be a costly task. The issue of inadequate labeling may negatively impact the detection performance of many existing anomaly detection methods. To meet this gap, this paper proposes a semi-supervised collaborative learning paradigm called IDG-SemiAD, based on an immune detector generation algorithm. First, we design an immune detector generation algorithm based on a chaos map to generate abnormal samples from self-samples. Then, these abnormal samples are combined with self-samples and given specific labels to form a new training set. Finally, the LightGBM classifier is used for training and detection. Experiments on the widely used public dataset BATADAL show that the proposed IDG-SemiAD outperforms the classical v-detector method in terms of recall and f-score, with improvements of 8.2% and 8%, respectively, and outperforms deep learning-based anomaly detection methods, with a maximum improvements of up to 89.7% and 59.5% respectively.