As IoT devices become widely, it is crucial to protect them from malicious intrusions. However, the data scarcity of IoT limits the applicability of traditional intrusion detection methods, which are highly data-dependent. To address this, in this paper we propose the Open-Set Dandelion Network (OSDN) based on unsupervised heterogeneous domain adaptation in an open-set manner. The OSDN model performs intrusion knowledge transfer from the knowledge-rich source network intrusion domain to facilitate more accurate intrusion detection for the data-scarce target IoT intrusion domain. Under the open-set setting, it can also detect newly-emerged target domain intrusions that are not observed in the source domain. To achieve this, the OSDN model forms the source domain into a dandelion-like feature space in which each intrusion category is compactly grouped and different intrusion categories are separated, i.e., simultaneously emphasising inter-category separability and intra-category compactness. The dandelion-based target membership mechanism then forms the target dandelion. Then, the dandelion angular separation mechanism achieves better inter-category separability, and the dandelion embedding alignment mechanism further aligns both dandelions in a finer manner. To promote intra-category compactness, the discriminating sampled dandelion mechanism is used. Assisted by the intrusion classifier trained using both known and generated unknown intrusion knowledge, a semantic dandelion correction mechanism emphasises easily-confused categories and guides better inter-category separability. Holistically, these mechanisms form the OSDN model that effectively performs intrusion knowledge transfer to benefit IoT intrusion detection. Comprehensive experiments on several intrusion datasets verify the effectiveness of the OSDN model, outperforming three state-of-the-art baseline methods by 16.9%.

翻译：随着物联网设备的广泛普及，保护其免受恶意入侵至关重要。然而，物联网数据稀缺限制了传统入侵检测方法的适用性，这些方法高度依赖数据。为解决这一问题，本文提出了一种基于无监督异构域适应的开集蒲公英网络（OSDN）。OSDN模型以开集方式从知识丰富的源网络入侵域进行入侵知识迁移，从而促进对数据稀缺的目标物联网入侵域进行更精确的入侵检测。在开集设定下，该模型还能检测源域中未出现的新兴目标域入侵类型。为此，OSDN模型将源域构建为蒲公英状特征空间，其中每种入侵类别被紧密分组，不同类别相互分离，即同时强调类别间可分性与类别内紧致性。基于蒲公英的目标成员机制随后形成目标蒲公英。接着，蒲公英角度分离机制实现更优的类别间可分性，而蒲公英嵌入对齐机制以更精细的方式对齐两个蒲公英。为提升类别内紧致性，采用判别采样蒲公英机制。借助基于已知与生成的未知入侵知识训练的入侵分类器，语义蒲公英校正机制重点处理易混淆类别，并引导更优的类别间可分性。整体上，这些机制构成了OSDN模型，能有效进行入侵知识迁移以助力物联网入侵检测。在多个入侵数据集上的综合实验验证了OSDN模型的有效性，其性能比三种最先进的基线方法平均提升16.9%。