Yongle Chen,Sida Su,Dan Yu,Hao He,Xiaojian Wang,Yao Ma,Hao Guo

DOI: https://doi.org/10.1109/jiot.2022.3201888

IF: 10.6

2022-12-24

IEEE Internet of Things Journal

Abstract:Constrained by the high acquisition and labeling cost, traffic data in industrial control systems (ICSs) are usually extremely imbalanced. Deep-learning-based (DL) industrial control intrusion detection systems (IDSs) are not applicable to dynamic networks and show a limited detection performance. In this article, we enhanced the information transmission link in adversarial domain adaptation (DA) and proposed an information-enhanced adversarial DA (IADA) method. Our method could train a cross-domain industrial intrusion detection deep model with imbalanced data and maintained high detection accuracy. The experimental results based on SCADA network layer data showed that the detection accuracy of the gated recurrent unit model trained in IADA reached 93.7% and 91.3% in the two transfer tasks with a significant cross-domain discrepancy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yanjie Li,Xiaoyu Ji,Chenggang Li,Xiaofeng Xu,Wei Yan,Xu Yan,Yanjiao Chen,Wenyuan Xu

DOI: https://doi.org/10.1109/iceiec49280.2020.9152334

2020-01-01

Abstract:In recent years, artificial intelligence has been widely used in the field of network security, which has significantly improved the effect of network security analysis and detection. However, because the power industrial control system is faced with the problem of shortage of attack data, the direct deployment of the network intrusion detection system based on artificial intelligence is faced with the problems of lack of data, low precision, and high false alarm rate. To solve this problem, we propose an anomaly traffic detection method based on cross-domain knowledge transferring. By using the TrAdaBoost algorithm, we achieve a lower error rate than using LSTM alone.

Bosong Chain,Qian Zheng,Xuan Nie,Jianchao Jia,Gang Pan

DOI: https://doi.org/10.1109/cis-ram61939.2024.10673131

2024-01-01

Abstract:Utilizing the advantages of both single-mode detections in infrared-radar dual-mode guidance systems is a crucial research direction for precise weapon guidance. Infrared images and radar high resolution range profile (HRRP) have high-dimensional feature spaces, leading to a certain degree of data heterogeneity. The difficulty of capturing targets varies across different scenes, leading to an imbalance in data distribution and consequently, a poor generalization ability of the model. We aim to improve the performance in the target domain by leveraging the knowledge from the source domain and adjusting the model to adapt to the data distribution in the target domain. We propose a dual-mode object detection algorithm, CenterNet-PK, which effectively extracts radar features and establishes temporal correlations using one-dimensional convolution and Bidirectional Gated Recurrent Units (Bi-GRU). Additionally, it incorporates Cross-modal Attention to fully leverage radar features for infrared detection tasks. Building upon this, we develop a domain adaptation (DA) multimodal detection framework to enhance the generalization of the model in various complex scenarios, employing adversarial training to narrow the domain shift. Experimental results demonstrate that the proposed algorithm achieves high detection accuracy and robustness in infrared-radar dual-mode detection tasks. Extensive experiments on DA-detection task from urban to outdoor scenes show that the proposed framework outperforms the baseline. The code is available at https://github.com/chaibosong/CIS-RAM.

Haonan Peng,Chunming Wu,Yanfeng Xiao

DOI: https://doi.org/10.3390/app132111629

2023-01-01

Applied Sciences

Abstract:The importance of network security has become increasingly prominent due to the rapid development of network technology. Network intrusion detection systems (NIDSs) play a crucial role in safeguarding networks from malicious attacks and intrusions. However, the issue of class imbalance in the dataset presents a significant challenge to NIDSs. In order to address this concern, this paper proposes a new NIDS called CBF-IDS, which combines convolutional neural networks (CNNs) and bidirectional long short-term memory networks (BiLSTMs) while employing the focal loss function. By utilizing CBF-IDS, spatial and temporal features can be extracted from network traffic. Moreover, during model training, CBF-IDS applies the focal loss function to give more weight to minority class samples, thereby mitigating the impact of class imbalance on model performance. In order to evaluate the effectiveness of CBF-IDS, experiments were conducted on three benchmark datasets: NSL-KDD, UNSW-NB15, and CIC-IDS2017. The experimental results demonstrate that CBF-IDS outperforms other classification models, achieving superior detection performance.

Yawen Xue,Jie Pan,Yangyang Geng,Zeyu Yang,Mengxiang Liu,Ruilong Deng

DOI: https://doi.org/10.1109/ticps.2024.3406505

2024-01-01

Abstract:Industrial control systems (ICSs) are becoming increasingly interconnected as the rapid convergence of information technology (IT) and operation technology (OT) networks, and meanwhile massive attack surfaces have been exposed. However, traditional intrusion detection systems (IDSs) are difficult to be directly deployed in ICSs due to the hard real-time requirement and rare patching chance. Besides, the design of effective and practical IDSs is hampered by the lack of benchmarking ICS cybersecurity datasets. To bridge the gaps, this paper makes the first attempt by open-sourcing the developed ICS cybersecurity datasets and proposing a decision fusion based real-time IDS. Firstly, we design a customized cybersecurity dataset in a full-hardware and high-fidelity platform, including 7 types of cyber threats tailored for ICSs. The collected dataset includes network traffic, sensor readings, actuator status, and system parameters, providing the state-of-the-art benchmark dataset for ICSs consisting of cross-layer characteristics. Furthermore, we design an online decision fusion-based IDS by strategically integrating 4 widely-used machine learning models. The proposed IDS is deployed on a real-time running ethanol distillation, surpassing the performance of single detection models in terms of precision and F1-score, which substantially enhances intrusion detection accuracy and cybersecurity of ICS.

Zhenqin Yin,Yue Zhuo,Zhiqiang Ge

DOI: https://doi.org/10.1016/j.ress.2023.109299

IF: 7.247

2023-01-01

Reliability Engineering & System Safety

Abstract:As indispensable parts of industrial production control, data-driven industrial intelligent systems (IIS) achieve efficient executions of significant tasks such as fault classification (FC), fault detection (FD), and soft sensing (SS). Recently, machine learning models have been proven vulnerable to adversarial attacks, where the transfer-based attacks provide highly feasible attacks on systems in real-world black-box scenarios. In this paper, to study the practical security risks of IIS, we investigate transferable adversarial attacks from: (1) showing the existence of transferable adversarial examples across different industrial tasks; (2) exploring factors (e.g., data feature, model structure, and attack method) affecting transferability under multi-scenarios; (3) proposing a new method to enhance the transferability; (4) providing guidelines on practical system deployments to defend against transferable adversarial threats. The attacks demonstrate generality on two types of datasets, Tennessee Eastman industrial process (TEP) and WM-811K wafer map dataset, and the experiment results show that: (1) transfer is asymmetric and complex models are relatively stable with low sample transferability; (2) iterative and single-step methods have opposite performance characteristics under the intra-and cross-task transfer; (3) overfitting of optimization methods leads to weak transferability; (4) smoothing gradients and widening intermediate layer perturbations are effective directions for improving transferability.

Xinrui Dong,Yingxu Lai

DOI: https://doi.org/10.1109/ISADS56919.2023.10092008

2023-01-01

Abstract:The integration of industrialization and informatization has exposed industrial control systems (ICSs) to increasingly serious security challenges. Currently, the mainstream method to protect the security of ICSs is intrusion detection system (IDS) based on deep-learning. However, these methods depend on a massive amount of high-quality data. Owing to the characteristics and protocol limitations, ICSs data usually experience low-quality and data imbalance problems, which significantly affects the accuracy of IDS.In this study, an IDS for ICS that combines data expansion algorithm and CNN was proposed. A novel normalized neighborhood weighted convex combined random sample (NNW-CCRS) oversampling algorithm was designed, which automatically attenuates the effects of noise and expanding imbalanced data to produce balanced ICS datasets. By reducing the impact of imbalanced ICS data on IDSs, our system effectively protects the security of ICS. Secure Water Treatment dataset (SWaT) was used for experimental validation. The experimental results confirmed that the accuracy of the proposed system improved by approximately 20%, compared to the ICS without data expansion.

Bakht Sher Ali,Inam Ullah,Tamara Al Shloul,Izhar Ahmed Khan,Ijaz Khan,Yazeed Yasin Ghadi,Akmalbek Abdusalomov,Rashid Nasimov,Khmaies Ouahada,Habib Hamam

DOI: https://doi.org/10.1007/s11227-023-05764-5

2024-01-01

Abstract:The growing volume of data, especially in cases of imbalanced datasets, has posed significant challenges in the classification process, particularly when it comes to identifying cyberattacks on industrial control systems (ICS) networks, which have been a source of concern due to the significant destructive impact of viruses such as Slammer, worms, Stuxnet, Duqu, Seismic Net, and Flame on critical infrastructures in various countries. The key challenge is constructing the intrusion detection system (IDS) framework to deal with imbalanced datasets. Many researchers work especially on binary classification, but multi-classification is a more challenging and still active research area. To deal with the multi-class imbalanced classification problem, we outline an instance-based intrusion detection technique named ICS-IDS, for intrusion detection in ICS systems specific to SCADA networks. The developed technique consists of two core components, the data preparation component, and the detection component. The data preparation component uses the normalization, Fisher Discriminant Analysis, and k-neighbor’s method to scale the data, reduce the dimensionality, and resample the dataset, respectively. To learn the latent representations and discern harmful vectors from attacked data, the detection/recognition component leverages an efficient instance-based learner. The proposed ICS-IDS model outperforms existing attractive methods in detecting sophisticated attack vectors in ICS data, achieving 99% accuracy and 99% detection rates (DR) on an industrial network dataset. This proves the methodology's practicality for implementing security in real-world ICS networks.

Yongchao Zhang,Zhaohui Ren,Shihua Zhou,Tianzhuang Yu

DOI: https://doi.org/10.1088/1361-6501/abcad4

IF: 2.398

2020-01-01

Measurement Science and Technology

Abstract:Recently, most cross-domain fault diagnosis methods focus on single source domain adaptation. However, it is usually possible to obtain multiple labeled source domains in real industrial scenarios. The question of how to use multiple source domains to extract common domain-invariant features and obtain satisfactory diagnosis results is a difficult one. This paper proposes a novel adversarial domain adaptation with a classifier alignment method (ADACL) to address the issue of multiple source domain adaptation. The main elements of ADACL consist of a universal feature extractor, multiple classifiers and a domain discriminator. The parameters of the main elements are simultaneously updated via a cross-entropy loss, a domain distribution alignment loss and a domain classifier alignment loss. Under the framework of multiple loss cooperative learning, not only is the distribution discrepancy among all domains minimized, but so is the prediction discrepancy of target domain data among all classifiers. Two experimental cases on two source domains and three source domains verify that the ADACL can remarkably enhance the cross-domain diagnostic performance under diverse operating conditions. In addition, the diagnostic performance of different methods is extensively evaluated under noisy environments with a different signal-to-noise ratio.

Zhenqin Yin,Lingjian Ye,Zhiqiang Ge

DOI: https://doi.org/10.1109/tii.2024.3431587

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:In recent years, more and more open environment have led to confidential links and data exposure, which seriously threatens the security of industrial systems. Adversarial attacks can easily fool machine learning models by adding tiny perturbations to input data. Industrial fault detection and classification (FDC) system is an indispensable part of ensuring production safety, but it is also not immune to the impact of adversarial risks. Once it is under attack, the disastrous consequences that may be caused to the industrial system are unimaginable. Adversarial training is among the most effective defense methods to protect those data-driven intelligent systems. This article studies a novel reweighted adversarial training approach called adversarial weight prediction networks. By assigning more appropriate weights to different data samples, we can make better use of the limited model capacity of the industrial FDC system. Particularly, predicting weights through a synchronized network overcomes the limitations of insufficient information and nontransferability of existing statistical methods. Performance evaluation on three industrial cases containing structured and image data shows the superior generalization and stability of our proposed method.

Jie Wang,Pengfei Li,Weiqiang Kong,Ran An

DOI: https://doi.org/10.3390/math10162872

IF: 2.4

2022-08-12

Mathematics

Abstract:With the rapid development of network technologies, the network security of industrial control systems has aroused widespread concern. As a defense mechanism, an ideal intrusion detection system (IDS) can effectively detect abnormal behaviors in a system without affecting the performance of the industrial control system (ICS). Many deep learning methods are used to build an IDS, which rely on massive numbers of variously labeled samples for model training. However, network traffic is imbalanced, and it is difficult for researchers to obtain sufficient attack samples. In addition, the attack variants are rich, and constructing all possible attack types in advance is impossible. In order to overcome these challenges and improve the performance of an IDS, this paper presents a novel intrusion detection approach which integrates a one-dimensional convolutional autoencoder (1DCAE) and support vector data description (SVDD) for the first time. For the two-stage training process, 1DCAE fails to retain the key features of intrusion detection and SVDD has to add restrictions, so a joint optimization solution is introduced. A three-stage optimization process is proposed to obtain better performance. Experiments on the benchmark intrusion detection dataset NSL-KDD show that the proposed method can effectively detect various unknown attacks, learning with only normal traffic. Compared with the recent state-of-art intrusion detection baselines, the proposed method is improved in most metrics.

mathematics

Jiashu Wu,Hao Dai,Yang Wang,Kejiang Ye,Chengzhong Xu

DOI: https://doi.org/10.1109/jiot.2023.3239872

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Data scarcity hinders the usability of data-dependent algorithms when tackling IoT intrusion detection (IID). To address this, we utilize the data-rich network intrusion detection (NID) domain to facilitate more accurate intrusion detection for IID domains. In this article, a geometric graph alignment (GGA) approach is leveraged to mask the geometric heterogeneities between domains for better intrusion knowledge transfer. Specifically, each intrusion domain is formulated as a graph where vertices and edges represent intrusion categories and category-wise inter-relationships, respectively. The overall shape is preserved via a confused discriminator incapable to identify adjacency matrices between different intrusion domain graphs. A rotation avoidance mechanism and a center point matching mechanism are used to avoid graph misalignment due to rotation and symmetry, respectively. Besides, category-wise semantic knowledge is transferred to act as vertex-level alignment. To exploit the target data, a pseudo-label (PL) election mechanism that jointly considers network prediction, geometric property, and neighborhood information is used to produce fine-grained PL assignment. Upon aligning the intrusion graphs geometrically from different granularities, the transferred intrusion knowledge can boost IID performance. Comprehensive experiments on several intrusion data sets demonstrate state-of-the-art performance of the GGA approach and validate the usefulness of GGA-constituting components.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiming Chen,Xiangshan Gao,Ruilong Deng,Yang He,Chongrong Fang,Peng Cheng

DOI: https://doi.org/10.1109/tdsc.2020.3037500

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Deploying machine learning (ML)-based intrusion detection systems (IDS) is an effective way to improve the security of industrial control systems (ICS). However, ML models themselves are vulnerable to adversarial examples, generated by deliberately adding subtle perturbation to the input sample that some people are not aware of, causing the model to give a false output with high confidence. In this article, our goal is to investigate the possibility of stealthy cyber attacks towards IDS, including injection attack, function code attack and reconnaissance attack, and enhance its robustness to adversarial attack. However, adversarial algorithms are subject to communication protocol and legal range of data in ICS, unlike only limited by the distance between original samples and newly generated samples in image domain. We propose two strategies - optimal solution attack and GAN attack - oriented to flexibility and volume of data, formulating an optimization problem to find stealthy attacks, where the former is appropriate for not too large and more flexible samples while the latter provides a more efficient solution for larger and not too flexible samples. Finally, we conduct experiments on a semi-physical ICS testbed with a high detection performance ensemble ML-based detector to show the effectiveness of our attacks. The results indicate that new samples of reconnaissance and function code attack produced by both optimal solution and GAN algorithm possess 80 percent higher probability to evade the detector, still maintaining the same attack effect. In the meantime, we adopt adversarial training as a method to defend against adversarial attack. After training on the mixture of orginal dataset and newly generated samples, the detector becomes more robust to adversarial examples.

Lirui Deng,Youjian Zhao,Heng Bao

DOI: https://doi.org/10.1007/978-981-19-8285-9_5

2022-01-01

Abstract:AbstractThe network intrusion detection system (NIDS) plays an essential role in network security. Although many data-driven approaches from the field of machine learning have been proposed to increase the efficacy of NIDSs, it still suffers from extreme data imbalance and the performance of existing algorithms depends highly on training datasets. To counterpart the class-imbalanced problem in network intrusion detection, it is necessary for models to capture more representative clues within same categories instead of learning from only classification loss. In this paper, we proposed a self-supervised adversarial learning approach for intrusion detection, which utilize instance-level discrimination for better representation learning and employs a adversarial perturbation styled data augmentation to improve the robustness of NIDS on rarely seen attacking types. State-of-the-art result was achieved on multiple frequently-used datasets and experiment conducted on cross-dataset setting demonstrated good generalization ability.

Zengyu Cai,Hongyu Du,Haoqi Wang,Jianwei Zhang,Yajie Si,Pengrong Li

DOI: https://doi.org/10.3390/electronics12224653

IF: 2.9

2023-11-15

Electronics

Abstract:The imbalance between normal and attack samples in the industrial control systems (ICSs) network environment leads to the low recognition rate of the intrusion detection model for a few abnormal samples when classifying. Since traditional machine learning methods can no longer meet the needs of increasingly complex networks, many researchers use deep learning to replace traditional machine learning methods. However, when a large amount of unbalanced data is used for training, the detection performance of deep learning decreases significantly. This paper proposes an intrusion detection method for industrial control systems based on a 1D CWGAN. The 1D CWGAN is a network attack sample generation method that combines 1D CNN and WGAN. Firstly, the problem of low ICS intrusion detection accuracy caused by a few types of attack samples is analyzed. This method balances the number of various attack samples in the data set from the aspect of data enhancement to improve detection accuracy. According to the temporal characteristics of network traffic, the algorithm uses 1D convolution and 1D transposed convolution to construct the modeling framework of network traffic data of two competing networks and uses gradient penalty instead of weight cutting in the Wasserstein Generative Adversarial Network (WGAN) to generate virtual samples similar to real samples. After a large number of data sets are used for verification, the experimental results show that the method improves the classification performance of the CNN and BiSRU. For the CNN, after data balancing, the accuracy rate is increased by 0.75%, and the accuracy, recall rate and F1 are improved. Compared with the BiSRU without data processing, the accuracy of the s1D CWGAN-BiSRU is increased by 1.34%, and the accuracy, recall and F1 are increased by 7.2%, 3.46% and 5.29%.

engineering, electrical & electronic,computer science, information systems,physics, applied

Liyue Chen,Linian Wang,Jinyu Xu,Shuai Chen,Weiqiang Wang,Wenbiao Zhao,Qiyu Li,Leye Wang

2023-08-17

Abstract:Most state-of-the-art deep domain adaptation techniques align source and target samples in a global fashion. That is, after alignment, each source sample is expected to become similar to any target sample. However, global alignment may not always be optimal or necessary in practice. For example, consider cross-domain fraud detection, where there are two types of transactions: credit and non-credit. Aligning credit and non-credit transactions separately may yield better performance than global alignment, as credit transactions are unlikely to exhibit patterns similar to non-credit transactions. To enable such fine-grained domain adaption, we propose a novel Knowledge-Inspired Subdomain Adaptation (KISA) framework. In particular, (1) We provide the theoretical insight that KISA minimizes the shared expected loss which is the premise for the success of domain adaptation methods. (2) We propose the knowledge-inspired subdomain division problem that plays a crucial role in fine-grained domain adaption. (3) We design a knowledge fusion network to exploit diverse domain knowledge. Extensive experiments demonstrate that KISA achieves remarkable results on fraud detection and traffic demand prediction tasks.

Machine Learning,Artificial Intelligence

Guangyu Zhao,Peng Liu,Ke Sun,Yang,Tianyu Lan,Han Yang

DOI: https://doi.org/10.1371/journal.pone.0291750

IF: 3.7

2023-01-01

PLoS ONE

Abstract:To address the problems of attack category omission and poor generalization ability of traditional Intrusion Detection System (IDS) when processing unbalanced input data, an intrusion detection strategy based on conditional Generative Adversarial Networks (cGAN) is proposed. The cGAN generates attack samples that approximately obey the distribution pattern of input data and are randomly distributed within a certain bounded interval, which can avoid the redundancy caused by mechanical data widening. The experimental results show that the strategy has better performance indexes and stronger generalization ability in overall performance, which can solve insufficient classification performance and detection omission caused by unbalanced distribution of data categories and quantities.

Jiashu Wu,Yang Wang,Hao Dai,Chengzhong Xu,Kenneth B. Kent

DOI: https://doi.org/10.1109/jiot.2023.3262458

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:As Internet of Things devices become prevalent, using intrusion detection to protect IoT from malicious intrusions is of vital importance. However, the data scarcity of IoT hinders the effectiveness of traditional intrusion detection methods. To tackle this issue, in this paper, we propose the Adaptive Bi-Recommendation and Self-Improving Network (ABRSI) based on unsupervised heterogeneous domain adaptation (HDA). The ABRSI transfers enrich intrusion knowledge from a data-rich network intrusion source domain to facilitate effective intrusion detection for data-scarce IoT target domains. The ABRSI achieves fine-grained intrusion knowledge transfer via adaptive bi-recommendation matching. Matching the bi-recommendation interests of two recommender systems and the alignment of intrusion categories in the shared feature space form a mutual-benefit loop. Besides, the ABRSI uses a self-improving mechanism, autonomously improving the intrusion knowledge transfer from four ways. A hard pseudo label voting mechanism jointly considers recommender system decision and label relationship information to promote more accurate hard pseudo label assignment. To promote diversity and target data participation during intrusion knowledge transfer, target instances failing to be assigned with a hard pseudo label will be assigned with a probabilistic soft pseudo label, forming a hybrid pseudo-labelling strategy. Meanwhile, the ABRSI also makes soft pseudo-labels globally diverse and individually certain. Finally, an error knowledge learning mechanism is utilised to adversarially exploit factors that causes detection ambiguity and learns through both current and previous error knowledge, preventing error knowledge forgetfulness. Holistically, these mechanisms form the ABRSI model that boosts IoT intrusion detection accuracy via HDA-assisted intrusion knowledge transfer. Comprehensive experiments on several intrusion datasets demonstrate the state-of-the-art performance of the ABRSI method, outperforming its counterparts by 9.2%, and also verify the effectiveness of ABRSI constituting components and ABRSI’s overall efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Weijian Chi,Jiahang Liu,Xiaozhen Wang,Yue Ni,Ruilei Feng

DOI: https://doi.org/10.1109/tgrs.2024.3367922

IF: 8.2

2024-01-01

IEEE Transactions on Geoscience and Remote Sensing

Abstract:Recently, deep learning has shown great potential in areas, such as infrared small target detection, but due to the lack of sample datasets, especially the public infrared small target dataset, model training, and extensive research have been limited. Synthetic data that contain a lot of information about the shape and scene of the target are widely used to augment real-world data. However, due to the domain shift between the real and synthetic data domains, combining them directly may not lead to significant improvements or even worse results. In this article, we propose a semantic domain adaptive framework for cross-domain infrared small target detection (SDAISTD), which effectively decreases the domain shift between the real and synthetic data domains, leading to better training and detection results. Specially, SDAISTD uses a supervised learning adaptation approach from the feature perspective. The domain shift of cross-domain is diminished by extracting domain invariant features to align different feature distributions in the feature space. Additionally, we propose a semantic feature alignment (SFA) loss function that effectively mitigates semantic information misalignment and aligns category features. Extensive experiments and analyses conducted on two baselines demonstrate the generality and validity of our proposed framework. Remarkably, our framework outperforms several representative baseline models in the new state-of-the-art (SOTA) records.

imaging science & photographic technology,remote sensing,engineering, electrical & electronic,geochemistry & geophysics

ZhiLei Shao,Huailiang Zheng,Xueqian Wang,Bin Liang

DOI: https://doi.org/10.1109/iccad55197.2022.9853881

2022-01-01

Abstract:Aiming at the urgent demands of industrial fault detection, cross-domain detection is a promising strategy for overcoming the obstacle of the premise of data identical-distribution. This paper proposes a cross-domain anomaly detection method based on unsupervised representation learning and domain adaptation. In order to learn effective features from the original signals, the multidimensional scale loss and an improved instance-based discriminative loss are combined. The first one is for retaining structural information of the data and the second one is for obtaining domain-invariant characteristic. The proposed method is validated in two detection cases including manipulator and bearing. Detection results show that the proposed method has superior performance than several widely used detection methods.