计算机科学

计算机科学 ›› 2026, Vol. 53 ›› Issue (3): 443-452.doi: 10.11896/jsjkx.241200167

• 信息安全 • 上一篇    下一篇

基于Transformer的域自适应物联网流量入侵检测方法

朱枫1, 叶宗国1, 李鹏1,2, 徐鹤1,2   

  1. 1 南京邮电大学计算机学院 南京 210023
    2 江苏省无线传感网络高技术研究重点实验室 南京 210023
  • 收稿日期:2024-12-23 修回日期:2025-03-07 发布日期:2026-03-12
  • 通讯作者: 李鹏(lipeng@njupt.edu.cn)
  • 作者简介:(zhufeng@njupt.edu.cn)
  • 基金资助:
    国家自然科学基金(61902196,62102196);江苏省科技支撑计划(BE2019740);江苏省六大人才高峰高层次人才项目(RJFW-111)

Transformer-based Domain Adaptation Method for IoT Traffic Intrusion Detection

ZHU Feng1, YE Zongguo1, LI Peng1,2, XU He1,2   

  1. 1 College of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China
    2 Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks, Nanjing 210023, China
  • Received:2024-12-23 Revised:2025-03-07 Online:2026-03-12
  • About author:ZHU Feng,born in 1987,Ph.D,assistant professor,master supervisor.His main research interests include cyberspace security,Internet of Things security and operating system security.
    LI Peng,born in 1979,Ph.D,professor,Ph.D supervisor,is a member of CCF(No.48573M).His main research interests include computer communication networks,clouding computing and information security.
  • Supported by:
    National Natural Science Foundation of China(61902196,62102196),Scientific and Technological Support Project of Jiangsu Province(BE2019740) and Six Talent Peaks Project of Jiangsu Province(RJFW-111).

PDF (PC)

99

摘要: 随着物联网(Internet of Things,IoT)设备的普及,使用入侵检测来保护IoT设备免受恶意攻击至关重要。但是,IoT的数据稀缺性限制了传统入侵检测方法的效果。同时,现有基于域自适应的入侵检测方法的对齐方式粗糙,忽略了内在语义属性的转移,降低了特征的可区分性。为解决上述问题,提出了一种基于Transformer的域自适应物联网入侵检测(Transformer-Based Domain-Adaptive IoT Intrusion Detection,TDAIID)模型,从域间、类间和样本间3个层次对齐互联网入侵(Network Intrusion,NI)域和物联网入侵(Internet of Things Intrusion,II)域。交叉注意力机制聚焦于NI源域和II目标域中相同类别样本之间的相似特征,实现样本级别的域特征对齐;多重几何语义对齐从域级和类级两个角度进行语义对齐,有助于交叉注意力机制学习更丰富、更准确的源NI域知识。此外,为了充分挖掘未标记II目标域的潜力,从几何角度提出了一种动态中心感知伪标签算法,用于提高伪标签标记的准确性,有效降低错误分配伪标签造成的负迁移。在多个常用入侵检测数据集上的综合实验表明,TDAIID模型的性能优于当前先进的基线模型。

关键词: 域自适应, 物联网, 入侵检测, 交叉注意力, 迁移学习

Abstract: With the proliferation of IoT devices,intrusion detection systems(IDS) are essential to safeguard IoT networks from malicious attacks.However,the scarcity of IoT-specific data limits the effectiveness of traditional methods,while existing domain adaptation approaches often rely on coarse alignment,overlooking intrinsic semantic properties and lowering feature discriminabi-lity.To address these issues,this paper proposes a semi-supervised domain adaptation model,named TDAIID.This model aligns NI domain and II domain at domain,class,and sample levels.The cross-attention mechanism ensures fine-grained feature alignment by focusing on similarities between same-class samples in the source and target domains.Multiple geometric semantic alignment is semantically aligned from both domain-level and class-level perspectives,facilitating the cross-attention mechanism in learning richer and more accurate knowledge from the source NI domain.To fully exploit unlabeled target data,a dynamic center-aware pseudo-labeling algorithm is proposed to improve pseudo-label accuracy and mitigate negative transfer caused by mislabe-ling.Experiments on several widely-used intrusion detection datasets demonstrate that the TDAIID model outperforms state-of-the-art baseline methods,showcasing its superior performance on IoT intrusion detection.

Key words: Domain adaptation, Internet of Things, Intrusion detection, Cross-attention, Transfer learning

中图分类号: 

  • TP391
[1]LU Z,XU H,PAN J.Study on Intrusion Detection in IoTs Environment Based on GAN&CNN[J].Chinese Journal of Sensors and Actuators,2025,38(10):1853-1861.
[2]ZHAO J,JIANG W.IoT Intrusion Detection Model Integrating Improved TCN and DRSN[J].Journal of Chinese Computer Systems,2025,46(2):474-481.
[3]XIE Y,LIU L.RFLE Algorithm Based on the Internet ofThings Intrusion Detection Model[J].Journal of Air & Space Early Warning Research,2025,39(3):203-208.
[4]ELHADJ B,THOMAS W,WALAA H.A Critical Review ofPractices and Challenges in Intrusion Detection Systems for IoT:Toward Universal and Resilient Systems[J].IEEE Communications Surveys & Tutorials,2018,20(4):3496-3509.
[5]PAN S,YANG Q.A Survey on Transfer Learning[J].IEEE Transactions on Knowledge and Data Engineering,2010,22(10):1345-1359.
[6]ZHUANG D,QI Z,DUAN K,et al.A Comprehensive Survey on Transfer Learning[J].Proceedings of the IEEE,2021,109(1):43-76.
[7]LY V,QUANG U N,DIEP N N,et al.Deep Transfer Learning for IoT Attack Detection[J],IEEE Access,2020,8:107335-107344.
[8]PENG Y,CHEN X,CHEN S,et al.Cross-Domain Anomalous Traffic Detection Based on Transfer Learning[J].Journal of Beijing University of Posts and Telecommunications.2021,44(2):33-39.
[9]CHRISTIAN D,RAPHAEL L C,JESSICA S,et al.IoT-Botnet Detection and Isolation by Access Routers[C]//9th Internatio-nal Conference on the Network of the Future.2018:88-95.
[10]DOUGLAS H S,KENNETH M Z,CHEN Y.Ultra-lightweight Deep Packet Anomaly Detection for Internet of Things Devices[C]//IEEE 34th International Performance Computing and Communications Conference.2015:1-8.
[11]VALERIAN R,PEDRO M S S,ALBERTO H C,et al.Federated Learning for Malware Detection in IoT Devices[J].Compu-ter Networks,2022,204:108693.
[12]MOJTABA E,ZAFFAR H J,MASSIMO V,et al.Passban IDS:An Intelligent Anomaly-based Intrusion Detection System for IoT Edge Devices[J].IEEE Internet of Things Journal,2020,7(8):6882-6897.
[13]SARUMATHI M,ABBAS J.A Lightweight Intrusion Detection for Sybil Attack under Mobile RPL in the Internet of Things[J].IEEE Internet of Things Journal,2020,7(1):379-388.
[14]LI Z,XU C,DENG K,et al.A Subspace-based Few-shot Intrusion Detection System for the Internet of Things[J].Frontiers of Information Technology & Electronic Engineering,2025,26(6):862-876.
[15]XIE B,LI S,LYU F,et al.A Collaborative Alignment Framework of Transferable Knowledge Extraction for Unsupervised Domain Adaptation[J].IEEE Transactions on Knowledge and Data Engineering,2023,35(7):6518-6533.
[16]YAO Y,ZHANG Y,LI X,et al.Discriminative DistributionAlignment:A Unified Framework for Heterogeneous Domain Adaptation[J].Pattern Recognition,2020,101:107165.
[17]NING J,GUAN G,WANG Y,et al.Malware Traffic Classification Using Domain Adaptation and Ladder Network for Secure Industrial Internet of Things[J].IEEE Internet of Things Journal,2022,9(18):17058-17069.
[18]HU X,ZHU C,CHENG G,et al.A Deep Subdomain AdaptationNetwork with Attention Mechanism for Malware Variant Traffic Identification at an IoT Edge Gateway[J].IEEE Internet of Things Journal,2022,10(5):3814-3826.
[19]WU J,WANG Y,DAI H,et al.Adaptive Bi-Recommendationand Self-Improving Network for Heterogeneous Domain Adaptation-Assisted IoT Intrusion Detection[J].IEEE Internet of Things Journal,2023,10(15):13205-13220.
[20]LIAM D M,SIAMAK L,WAI W L,et al.FlowTransformer:A Transformer Framework for Flow-based Network Intrusion Detection Systems[J].Expert Systems with Applications,2023,241:122564.
[21]LI X,HOU Y,WANG P,et al.Trear:Transformer-Based RGB-D Egocentric Action Recognition[J].IEEE Transactions on Cognitive and Developmental Systems,2022,14(1):246-252.
[22]HU R,AMANPREET S.UniT:Multimodal Multitask Learning with a Unified Transformer[C]//2021 IEEE/CVF International Conference on Computer Vision.2021:1419-1429.
[23]BHARATH B D,BENJAMIN K,RÉMI F,et al.DeepJDOT:Deep Joint Distribution Optimal Transport for Unsupervised Domain Adaptation[C]//15th European Conference on Compu-ter Vision.2018:467-483.
[24]WU J,WANG Y,XIE B,et al.Joint Semantic Transfer Network for IoT Intrusion Detection[J].IEEE Internet of Things Journal,2023,10(4):3368-3383.
[25]NOUR M,JILL S.UNSW-NB15:A Comprehensive Data Set for Network Intrusion Detection Systems(UNSW-NB15 Network Data Set)[C]//2015 Military Communications and Information Systems Conference.2015:1-6.
[26]IMANS,ARASH H L,GHORBANI A,et al.Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization[C]//4th International Conference on Information Systems Security and Privacy.2018:108-116.
[27]NICKOLAOS K,NOUR M,ELENA S,et al.Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics:Bot-IoT Dataset[J].Future Generation Computer Systems,2019,100:779-796.
[28]BOOIJ T M,IRINA C,ERIK M,et al.ToN_IoT:The Role of Heterogeneity and the Need for Standardization of Features and Attack Types in IoT Network Intrusion Data Sets[J].IEEE Internet of Things Journal,2022,9(1):485-496.
[29]MOHANAD S,SIAMAK L,MARIUS P.Towards a Standard Feature Set for Network Intrusion Detection System Datasets[J].Mobile Networks and Applications,2022,27:357-370.
[30]YAN Z,WU Y,LI G,et al.Multi-level Consistency Learning for Semi-supervised Domain Adaptation[C]//31th International Joint Conference on Artificial Intelligence.2022:1530-1536.
[31]YU Y,LIN H.Semi-Supervised Domain Adaptation with SourceLabel Adaptation[C]//2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition.2023:24100-24109.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市两江新区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发