A lightweight approach for network intrusion detection in industrial cyber-physical systems based on knowledge distillation and deep metric learning

With the rapid development of technology and science, machine learning approaches and deep learning methods have been widely applied in industrial Cyber-Physical Systems. However, there are still some challenging issues for anomaly detection to classify various attacks in industrial CPS to ensure the cyber security, especially when dealing with resource-constrained IoT devices. In this paper, we propose a Knowledge Distillation model based on Triplet Convolution Neural Network to improve the model performance and greatly enhance the speed of anomaly detection for industrial CPS as well as reduce the complexity of the model. Specifically, during the training process, we design a robust model loss function to improve the training stability of the model. A new neural network training method called K-fold cross training is also proposed to enhance the accuracy of anomaly detection. A lot of experimental results demonstrate that the performance metrics of KD-TCNN on the benchmark datasets NSL-KDD and CIC IDS2017 have significant advantages over traditional deep learning approaches and the recent state-of-the-art models. Furthermore, when compared to the original model, our model's computational cost and size are both reduced by roughly 86% with just 0.4% accuracy loss.