Semi-supervised Intrusion Detection Method in Industrial Cyber-Physical System with Deep Contractive Autoencoder

To effectively address the intrusion detection limitations of industrial cyber-physical systems, particularly their feature selection issues and lack of labeled attack data, we propose a semisupervised intrusion detection method based on a deep contractive autoencoder. Based on the two-sample Kolmogorov-Smirnov (KS) test, we select the stable features by analyzing the probability distribution of the data. This semisupervised approach builds the desired intrusion detection model by leveraging reconstruction errors. Furthermore, the normal operational mode of the system is learned through the deep contractive autoencoder, which is integrated with a contractive penalty term to enhance feature representation. Additionally, the F₁ threshold algorithm is employed to determine the optimal anomaly threshold. Finally, we validate the proposed method through simulations conducted in PyCharm, and the results indicate that the two-sample KS test effectively extracts the stable features of the data. Compared with conventional methods, the proposed method demonstrates reduced reliance on labeled data and improved detection performance, particularly in terms of the F₁ score, precision, and recall.