Skip to main content

Advertisement

Springer Nature Link
Log in

A cutting-edge framework for industrial intrusion detection: Privacy-preserving, cost-friendly, and powered by federated learning

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

With the networking of industrially deployed facilities in distributed environments, industrial control systems (ICS) are facing an escalating number of attacks, emphasizing the criticality of intrusion detection systems. Currently, machine learning-based intrusion detection systems have been extensively researched. However, the sensitivity of ICS data poses a challenge of scarce labeled data for these systems. Additionally, distributed ICS necessitate privacy-preserving collaborative detection. To address these challenges, some solutions combining federated learning and transfer learning have been proposed. Nonetheless, these solutions often overlook the clustering characteristics of factory equipment and the constraints posed by limited computational and communication resources. Therefore, we propose GC-FADA, a chained cross-domain collaborative intrusion detection framework, to effectively address the interplay between labeled data scarcity, privacy protection, and resource constraints in ICS intrusion detection techniques. Firstly, GC-FADA used the adversarial domain adaptation scheme to train the local model to alleviate the performance limitation of intrusion detection model caused by labeled data scarcity. Then, to reduce the communication overhead between the nodes in the factory communication network and protect client privacy, GC-FADA utilizes the geographical clustering characteristics of the factory devices and proposes a FL-based grouped chain learning structure to achieve collaborative training. Finally, GC-FADA achieves privacy protection with low computational overhead by utilizing patterns from lightweight pseudo-random generators instead of complex cryptographic primitives. Extensive experiments conducted on real industrial SCADA datasets validate the effectiveness and rationality of the proposed approach, proving that GC-FADA outperforms major domain adaptation methods in terms of accuracy while reducing computation and communication costs. In the cross-domain learning task on the two data sets, the detection accuracy of our GC-FADA reaches 88.7% and 98.29% respectively, and the detection accuracy of various network attacks is mostly more than 90%.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Algorithm 1
Fig. 4
Algorithm 2
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Explore related subjects

Discover the latest articles and news from researchers in related subjects, suggested using machine learning.

Data Availability

The data of our prototype is available via https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets

References

  1. Kaouk M, Flaus JM, Potet ML, Groz R (2019) A review of intrusion detection systems for industrial control systems. In: 2019 6th International Conference on Control, Decision and Information Technologies, pp 1699–1704

  2. Mrabet ZE, Kaabouch N, Ghazi HE, Ghazi HE (2018) Cyber-security in smart grid: Survey and challenges. Comput Electr Eng 67:469–482

    MATH  Google Scholar 

  3. Guan S, Zhuang Z, Tao H, Chen Y, Stojanovic V, Paszke W (2023) Feedback-aided pd-type iterative learning control for time-varying systems with non-uniform trial lengths. Trans Inst Meas Control 45(11):2015–2026

    MATH  Google Scholar 

  4. Tao H, Zheng J, Wei J, Paszke W, Rogers E, Stojanovic V (2023) Repetitive process based indirect-type iterative learning control for batch processes with model uncertainty and input delay. J Process Control 132:103112

    MATH  Google Scholar 

  5. Araujo-Filho PF, Kaddoum G, Campelo DR, Gondim Santos A, Macêdo D, Zanchettin C (2021) Intrusion detection for cyber–physical systems using generative adversarial networks in fog environment. IEEE Internet Things J 8(8):6247–6256

    Google Scholar 

  6. Sun M, Lai Y, Wang Y, Liu J, Mao B, Gu H (2023) Intrusion detection system based on in-depth understandings of industrial control logic. IEEE Trans Ind Inf 19(3):2295–2306

    MATH  Google Scholar 

  7. Yang Q, Liu Y, Chen T, Tong Y (2019) Federated machine learning: Concept and applications. ACM Trans Intell Syst Technol 10(2):1–19

    MATH  Google Scholar 

  8. Huong TT, Bac TP, Long DM, Luong TD, Dan NM, Quang LA, Cong LT, Thang BD, Tran KP (2021) Detecting cyberattacks using anomaly detection in industrial control systems: A federated learning approach. Computers in Industry 132:103509

    Google Scholar 

  9. Zhang Z, Wu L, He D, Wang Q, Wu D, Shi X, Ma C (2022) G-vcfl: Grouped verifiable chained privacy-preserving federated learning. IEEE Trans Netw Serv Manag 19(4):4219–4231

    MATH  Google Scholar 

  10. Zhang J, Cheng X, Wang C, Wang Y, Shi Z, Jin J, Song A, Zhao W, Wen L, Zhang T (2022) Fedada: Fast-convergent adaptive federated learning in heterogeneous mobile edge computing environment. World Wide Web 25(5):1971–1998

    MATH  Google Scholar 

  11. Wang R, Huang W, Shi M, Wang J, Shen C, Zhu Z (2022) Federated adversarial domain generalization network: A novel machinery fault diagnosis method with data privacy. Knowl-Based Syst 256:109880

    Google Scholar 

  12. Sharma S, Xing C, Liu Y, Kang Y (2019) Secure and efficient federated transfer learning. In: 2019 IEEE International Conference on Big Data, pp 2569–2576

  13. Zhang Z, Wu L, Ma C, Li J, Wang J, Wang Q, Yu S (2023) Lsfl: A lightweight and secure federated learning scheme for edge computing. IEEE Trans Inf Forensic Secur 18:365–379

    MATH  Google Scholar 

  14. Yuan J, Yu S (2014) Privacy preserving back-propagation neural network learning made practical with cloud computing. IEEE Trans Parallel Distrib Syst 25(1):212–221

    MATH  Google Scholar 

  15. Zeng LL, Fan Z, Su J, Gan M, Peng L, Shen H, Hu D (2022) Gradient matching federated domain adaptation for brain image classification. IEEE Trans Neural Netw Learn Syst 35(6):1–15

    MATH  Google Scholar 

  16. Zhang Z, Wu L, He D, Li J, Cao S, Wu X (2023) Communication-efficient and byzantine-robust federated learning for mobile edge computing networks. IEEE Netw 37(4):112–119

    MATH  Google Scholar 

  17. Cui J, Zong L, Xie J, Tang M (2023) A novel multi-module integrated intrusion detection system for high-dimensional imbalanced data. Appl Intell 53(1):272–288

    MATH  Google Scholar 

  18. Hou J, Liu F, Zhuang X (2019) A new intrusion detection model based on gru and salient feature approach. In: Dependability in sensor, cloud, and big data systems and applications: 5th international conference, pp 405–415

  19. Tang TA, Mhamdi L, McLernon D, Zaidi SAR, Ghogho M (2016) Deep learning approach for network intrusion detection in software defined networking. In: 2016 international conference on wireless networks and mobile communications, pp 258–263

  20. Xun Y, Liu J, Kato N, Fang Y, Zhang Y (2020) Automobile driver fingerprinting: A new machine learning based authentication scheme. IEEE Trans Ind Inf 16(2):1417–1426

    MATH  Google Scholar 

  21. Lohiya R, Thakkar A (2021) A review on machine learning and deep learning perspectives of ids for iot: Recent updates, security issues, and challenges. Arch Comput Methods Eng 28(7):3211–3243

    MATH  Google Scholar 

  22. Beaver JM, Borges-Hink RC, Buckner MA (2013) An evaluation of machine learning methods to detect malicious scada communications. In: 2013 12th international conference on machine learning and applications, vol 2, pp 54–59

  23. Zoppi T, Gharib M, Atif M, Bondavalli A (2021) Meta-learning to improve unsupervised intrusion detection in cyber-physical systems. ACM Trans Cyber-Phys Syst 5:1–27

    MATH  Google Scholar 

  24. Tao H, Shi H, Qiu J, Jin G, Stojanovic V (2023) Planetary gearbox fault diagnosis based on fdknn-dgat with few labeled data. Meas Sci Technol 35(2):025036

    MATH  Google Scholar 

  25. Li W, Huang R, Li J, Liao Y, Chen Z, He G, Yan R, Gryllias K (2022) A perspective survey on deep transfer learning for fault diagnosis in industrial scenarios: Theories, applications and challenges. Mech Syst Signal Process 167:108487

    MATH  Google Scholar 

  26. Mehedi ST, Anwar A, Rahman Z, Ahmed K, Islam R (2023) Dependable intrusion detection system for iot: A deep transfer learning based approach. IEEE Trans Ind Inf 19(1):1006–1017

    Google Scholar 

  27. Liu R, Ma W, Guo J (2024) A multi-constraint transfer approach with additional auxiliary domains for iot intrusion detection under unbalanced samples distribution. Appl Intell 54(1):1179–1217

    MATH  Google Scholar 

  28. Singla A, Bertino E, Verma D (2020) Preparing network intrusion detection deep learning models with minimal data using adversarial domain adaptation. In: Proceedings of the 15th ACM Asia conference on computer and communications security, pp 127–140

  29. Singh NB, Singh MM, Sarkar A, Mandal JK (2021) A novel wide & deep transfer learning stacked gru framework for network intrusion detection. J Inf Secur Appl 61:102899

    MATH  Google Scholar 

  30. Ning J, Gui G, Wang Y, Yang J, Adebisi B, Ci S, Gacanin H, Adachi F (2022) Malware traffic classification using domain adaptation and ladder network for secure industrial internet of things. IEEE Internet Things J 9(18):17058–17069

    Google Scholar 

  31. Lan J, Liu X, Li B, Zhao J (2023) A novel hierarchical attention-based triplet network with unsupervised domain adaptation for network intrusion detection. Appl Intell 53(10):11705–11726

    MATH  Google Scholar 

  32. Wu J, Dai H, Wang Y, Ye K, Xu C (2023) Heterogeneous domain adaptation for iot intrusion detection: A geometric graph alignment approach. IEEE Internet Things J 10(12):10764–10777

    MATH  Google Scholar 

  33. Rahman SA, Tout H, Talhi C, Mourad A (2020) Internet of things intrusion detection: Centralized, on-device, or federated learning? IEEE Netw 34(6):310–317

    Google Scholar 

  34. Agrawal S, Sarkar S, Aouedi O, Yenduri G, Piamrat K, Alazab M, Bhattacharya S, Maddikunta PKR, Gadekallu TR (2022) Federated learning for intrusion detection system: Concepts, challenges and future directions. Comput Commun 195:346–361

    Google Scholar 

  35. Huang X, Liu J, Lai Y, Mao B, Lyu H (2023) Eefed: Personalized federated learning of execution &evaluation dual network for cps intrusion detection. IEEE Trans Inf Forensic Secur 18:41–56

    MATH  Google Scholar 

  36. Wang KIK, Zhou X, Liang W, Yan Z, She J (2022) Federated transfer learning based cross-domain prediction for smart manufacturing. IEEE Trans Ind Inf 18(6):4088–4096

    MATH  Google Scholar 

  37. Otoum Y, Yadlapalli SK, Nayak A (2022) Ftliot: A federated transfer learning framework for securing iot. In: GLOBECOM 2022 - 2022 IEEE Global Communications Conference, pp 1146–1151

  38. Fan Y, Li Y, Zhan M, Cui H, Zhang Y (2020) Iotdefender: A federated transfer learning intrusion detection framework for 5g iot. In: 2020 IEEE 14th international conference on big data science and engineering, pp 88–95

  39. Ma J, Du M, Zheng H, Feng X (2021) Unsupervised federated adversarial domain adaptation for heterogeneous internet of things. In: 2021 17th international conference on mobility, sensing and networking, pp 520–5270

  40. Liu Y, Kang Y, Xing C, Chen T, Yang Q (2020) A secure federated transfer learning framework. IEEE Intell Syst 35(4):70–82

    MATH  Google Scholar 

  41. Zhang W, Li X (2022) Federated transfer learning for intelligent fault diagnostics using deep adversarial networks with data privacy. IEEE/ASME Trans Mechatron 27(1):430–439

  42. Vela M, Saxena N, Irizarry M (2011) Efficient neighbor list creation for cellular networks. Google Patents. US Patent 8,086,237

  43. Zhao H, Wang C, Zhu Y, Lin W (2019) P2p network based on neighbor-neighbor lists. J Phys Conf Ser 1168:032072

    MATH  Google Scholar 

  44. McMahan B, Moore E, Ramage D, Hampson S, Y Arcas BA (2017) Communication-efficient learning of deep networks from decentralized data. In: Artificial intelligence and statistics, pp 1273–1282

  45. Morris T, Gao W (2014) Industrial control system traffic data sets for intrusion detection research. In: Critical Infrastructure Protection VIII: 8th IFIP WG 11.10 International Conference, pp 65–78

  46. Chen Y, Su S, Yu D, He H, Wang X, Ma Y, Guo H (2022) Cross-domain industrial intrusion detection deep model trained with imbalanced data. IEEE Internet Things J 10(1):584–596

    Google Scholar 

  47. Ganin Y, Ustinova E, Ajakan H, Germain P, Larochelle H, Laviolette F, Marchand M, Lempitsky V (2016) Domain-adversarial training of neural networks. J Mach Learn Res 17(1):2096–2030

    MathSciNet  MATH  Google Scholar 

  48. Pei Z, Cao Z, Long M, Wang J (2018) Multi-adversarial domain adaptation. In: Proceedings of the AAAI conference on artificial intelligence, vol 32

  49. Schneble W, Thamilarasu G (2019) Attack detection using federated learning in medical cyber-physical systems. Proceedings - international conference on computer communications and networks 29:1–8

    MATH  Google Scholar 

  50. Breiman L (2001) Random forests. Mach learn 45:5–32

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank the Editor-in-Chief, the Associate Editor, and the reviewers for their insightful comments and suggestions.

Funding

The work described in this paper is supported by the Primary Research & Development Plan of Hubei Province (No.2020BAA003).

Author information

Authors and Affiliations

  1. School of Cyber Science and Engineering, Wuhan University, Wuhan, 433000, China

    Lingzi Zhu, Bo Zhao, Jiabao Guo, Minzhi Ji & Junru Peng

Authors
  1. Lingzi Zhu
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Bo Zhao
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Jiabao Guo
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Minzhi Ji
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Junru Peng
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

Lingzi Zhu proposed the concept of this study, wrote the original draft preparation, methodology and software. Bo Zhao provided the methodology. Jiabao Guo implemented the visualization. Minzhi Ji and Junru Peng contributed to the discussion of this study.

Corresponding authors

Correspondence to Lingzi Zhu or Bo Zhao.

Ethics declarations

Conflict of interest:

The authors declare that they have no conflict of interest.

Ethics approval:

Not applicable.

Human Participants and/or Animals:

Not applicable.

Consent for publication:

All authors reviewed and provided consents for publication.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhu, L., Zhao, B., Guo, J. et al. A cutting-edge framework for industrial intrusion detection: Privacy-preserving, cost-friendly, and powered by federated learning. Appl Intell 55, 611 (2025). https://doi.org/10.1007/s10489-025-06404-6

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10489-025-06404-6

Keywords