The rapid expansion of the Internet of Things (IoT) has raised increasing concern about targeted cyber attacks. Previous research primarily focused on static Intrusion Detection Systems (IDSs), which employ offline training to safeguard IoT systems. However, such static IDSs struggle with real-world scenarios where IoT system behaviors and attack strategies can undergo rapid evolution, necessitating dynamic and adaptable IDSs. In response to this challenge, we propose AOC-IDS, a novel online IDS that features an autonomous anomaly detection module (ADM) and a labor-free online framework for continual adaptation. In order to enhance data comprehension, the ADM employs an Autoencoder (AE) with a tailored Cluster Repelling Contrastive (CRC) loss function to generate distinctive representation from limited or incrementally incoming data in the online setting. Moreover, to reduce the burden of manual labeling, our online framework leverages pseudo-labels automatically generated from the decision-making process in the ADM to facilitate periodic updates of the ADM. The elimination of human intervention for labeling and decision-making boosts the system's compatibility and adaptability in the online setting to remain synchronized with dynamic environments. Experimental validation using the NSL-KDD and UNSW-NB15 datasets demonstrates the superior performance and adaptability of AOC-IDS, surpassing the state-of-the-art solutions. The code is released at https://github.com/xinchen930/AOC-IDS.

翻译：物联网（IoT）的快速扩展使得针对性的网络攻击愈发引人关注。现有研究主要聚焦于静态入侵检测系统（IDS），通过离线训练保障物联网系统安全。然而，此类静态IDS难以应对物联网系统行为与攻击策略快速演变的真实场景，亟需动态自适应的IDS。针对这一挑战，我们提出AOC-IDS——一种新型在线IDS，包含自主异常检测模块（ADM）与无需人工干预的持续自适应在线框架。为增强数据理解能力，ADM采用配备定制化聚类排斥对比（CRC）损失函数的自编码器（AE），从在线场景中有限或增量到达的数据中生成差异化表征。此外，为减轻人工标注负担，我们的在线框架利用ADM决策过程自动生成的伪标签，实现ADM的周期性更新。消除人工标注与决策的干预，提升了系统在在线场景中与动态环境保持同步的兼容性与适应性。基于NSL-KDD与UNSW-NB15数据集的实验验证表明，AOC-IDS的性能与适应性超越现有最优方案，代码已开源至https://github.com/xinchen930/AOC-IDS。