As IoT devices become widely, it is crucial to protect them from malicious intrusions. However, the data scarcity of IoT limits the applicability of traditional intrusion detection methods, which are highly data-dependent. To address this, in this paper we propose the Open-Set Dandelion Network (OSDN) based on unsupervised heterogeneous domain adaptation in an open-set manner. The OSDN model performs intrusion knowledge transfer from the knowledge-rich source network intrusion domain to facilitate more accurate intrusion detection for the data-scarce target IoT intrusion domain. Under the open-set setting, it can also detect newly-emerged target domain intrusions that are not observed in the source domain. To achieve this, the OSDN model forms the source domain into a dandelion-like feature space in which each intrusion category is compactly grouped and different intrusion categories are separated, i.e., simultaneously emphasising inter-category separability and intra-category compactness. The dandelion-based target membership mechanism then forms the target dandelion. Then, the dandelion angular separation mechanism achieves better inter-category separability, and the dandelion embedding alignment mechanism further aligns both dandelions in a finer manner. To promote intra-category compactness, the discriminating sampled dandelion mechanism is used. Assisted by the intrusion classifier trained using both known and generated unknown intrusion knowledge, a semantic dandelion correction mechanism emphasises easily-confused categories and guides better inter-category separability. Holistically, these mechanisms form the OSDN model that effectively performs intrusion knowledge transfer to benefit IoT intrusion detection. Comprehensive experiments on several intrusion datasets verify the effectiveness of the OSDN model, outperforming three state-of-the-art baseline methods by 16.9%.

翻译：随着物联网设备的广泛普及，保护其免受恶意入侵至关重要。然而，物联网数据的稀缺性限制了传统入侵检测方法的适用性，这些方法高度依赖数据。针对这一问题，本文提出了一种基于无监督异构域适应的开放集蒲公英网络（OSDN），该网络采用开放集方式运行。OSDN模型从知识丰富的源网络入侵域进行入侵知识迁移，以促进对数据稀缺的目标物联网入侵域进行更准确的检测。在开放集设置下，它还能检测源域中未出现的新兴目标域入侵。为实现这一目标，OSDN模型将源域构建成蒲公英状的特征空间，其中每个入侵类别紧密分组且不同类别相互分离，即同时强调类别间可分性和类别内紧凑性。基于蒲公英的目标隶属机制随后形成目标蒲公英。接着，蒲公英角度分离机制实现更好的类别间可分性，而蒲公英嵌入对齐机制进一步以更精细的方式对齐两个蒲公英。为促进类别内紧凑性，采用判别性采样蒲公英机制。在利用已知和生成的未知入侵知识训练得到的入侵分类器的辅助下，语义蒲公英校正机制强调易混淆类别并引导更好的类别间可分性。整体上，这些机制共同构成OSDN模型，有效执行入侵知识迁移以提升物联网入侵检测性能。在多个入侵数据集上的综合实验验证了OSDN模型的有效性，其性能比三种最先进的基线方法高出16.9%。