Frequency-Domain Anomaly Detection for Encrypted Traffic in Industrial Control Systems

Download PDF
Open Webpage

Zhangfa Wu, Huifang Li, Yi Hua, Nguyen H. Tran, Hongping Gan

Published: 01 Jan 2025, Last Modified: 09 Nov 2025IEEE Transactions on Industrial InformaticsEveryoneRevisionsCC BY-SA 4.0
Abstract: Industrial control systems (ICSs) are becoming increasingly interconnected, rendering them susceptible to cyber attacks. Timely detection of anomalies in encrypted data flows is crucial for ensuring the reliability and security of ICS. Although deep learning-based anomaly detection methods have made significant strides, their implementation in point-by-point mapping paradigms often necessitates a tradeoff between feature representation and computational efficiency, especially in resource-constrained environments. In addition, these methods face challenges with class imbalance and limited labeled anomaly data. To address these challenges, we propose a frequency-domain anomaly detection (FreAD) framework specifically tailored for encrypted data flows in ICS. FreAD utilizes a frequency-domain feature fusion encoding module to capture global temporal dependencies. An anomaly scoring network integrates a small amount of labeled data along with pseudolabeled data generated from the modified Z-score algorithm, effectively addressing class imbalance. Furthermore, the frequency-domain deviation prior module can alleviate the contraction of interclass distances during unsupervised training. Extensive experiments demonstrate that FreAD significantly surpasses other state-of-the-art anomaly detection algorithms.