A Robust PPO-optimized Tabular Transformer Framework for Intrusion Detection in Industrial IoT Systems
This addresses network security for Industrial IoT systems, but it is incremental as it combines existing methods (TabTransformer and PPO) for a specific domain.
The paper tackles intrusion detection in Industrial IoT systems with class-imbalanced and few-shot attack scenarios by integrating a TabTransformer with Proximal Policy Optimization, achieving a macro F1-score of 97.73% and accuracy of 98.85%, including an 88.79% F1-score on rare man-in-the-middle attacks.
In this paper, we propose a robust and reinforcement-learning-enhanced network intrusion detection system (NIDS) designed for class-imbalanced and few-shot attack scenarios in Industrial Internet of Things (IIoT) environments. Our model integrates a TabTransformer for effective tabular feature representation with Proximal Policy Optimization (PPO) to optimize classification decisions via policy learning. Evaluated on the TON\textunderscore IoT benchmark, our method achieves a macro F1-score of 97.73\% and accuracy of 98.85\%. Remarkably, even on extremely rare classes like man-in-the-middle (MITM), our model achieves an F1-score of 88.79\%, showcasing strong robustness and few-shot detection capabilities. Extensive ablation experiments confirm the complementary roles of TabTransformer and PPO in mitigating class imbalance and improving generalization. These results highlight the potential of combining transformer-based tabular learning with reinforcement learning for real-world NIDS applications.