Lightweight IDS Models Show ~90% Performance Drop Across Industrial Networks轻量级工业网络入侵检测模型跨域泛化严重失效
S 1.7T11 sources1 个来源R7-research
Researchers trained four lightweight intrusion detection architectures (Decision Tree, small MLP, 1D-CNN, LSTM) on Edge-IIoTset and evaluated them without retraining on two independent datasets (Gotham 2025, WUSTL-IIoT-2021) to assess cross-domain generalization.
F1 scores collapsed dramatically from ~0.97 in-domain to 0.09–0.28 cross-domain across all models; the "port shortcut" vulnerability persists despite mitigation attempts, with top features appearing 96–435x more frequently in source-domain attack traffic than targets.
Balanced sampling reversed dataset difficulty rankings compared to natural imbalanced distributions; the best cross-domain performer (SmallLSTM) showed weakest adversarial robustness; few-shot recovery was architecture-dependent, with Decision Tree and LSTM recovering substantially while 1D-CNN barely improved.