Bridging The Digital-Physical Divide: Transfer Learning For Unified Threat Correlation in Converged IT/OT/IOT Ecosystems
Main Article Content
Simon Suwanzy Dzreke
The increased integration of operational technology (OT), Internet of Things (IoT), and business IT systems has allowed sophisticated attackers to circumvent isolated security features and launch cross-platform assaults. Current fragmented techniques, with discrete detectors monitoring Modbus, Kubernetes, MQTT, or other domain-specific protocols, cannot handle cross-system risks. These methodologies overlook 68% of multi-vector marketing that uses both physical and digital channels. This study introduces a transfer learning architecture to integrate detection capabilities by correlating threats across protocols, devices, and settings. The architecture generates a unified feature space that extracts behavioral semantics from industrial control system logs, cloud telemetry, network traffic, and device-level signals to produce protocol-agnostic threat representations. Adversarial domain adaptation and semantic graph embeddings enable cross-domain knowledge transfer with minimum retraining. Security teams may now discover kill chains like infected cloud containers preceding illegal PLC command execution every 23 minutes. Validated against real-world attack datasets from water treatment facilities (OT) and cloud infrastructure (IT), the system achieved 93.4% cross-platform attack recall, a 41.3 percentage point improvement over prior methodologies. It reduced OT data labeling by 89% and false positives by 93.5%. This paradigm shift transforms threat correlation from a reactive, domain-specific process to adaptive intelligence, boosting resilience for critical infrastructure, industrial ecosystems, and smart environments facing cyber-physical hazards. The framework's practical validation in energy, industry, and vital infrastructure shows its importance in protecting an increasingly linked world.
Anton, S. D. D., Kanoor, S., Fraunholz, D., & Schotten, H. D. (2023). Assessment of the Industroyer2 cyber attack on Ukrainian power grids. International Journal of Critical Infrastructure Protection, 41, 100619. https://doi.org/10.1016/j.ijcip.2023.100619
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., ... & Zhou, Y. (2021). Understanding the Mirai botnet. Proceedings of the 26th USENIX Security Symposium, 1093–1110.
Barnum, S. (2020). Standardizing cyber threat intelligence information with STIX. MITRE Corporation. https://stixproject.github.io/
Cárdenas, A. A., Amin, S., & Sastry, S. (2021). Research challenges for the security of control systems. IEEE Security & Privacy, 19(3), 94–97. https://doi.org/10.1109/MSEC.2021.3065999
Chen, L., Wang, H., & Zhang, Y. (2023). Protocol heterogeneity in industrial control systems: Security implications and detection challenges. IEEE Transactions on Industrial Informatics, 19(4), 3210–3221. https://doi.org/10.1109/TII.2022.3167890
European Union Agency for Cybersecurity. (2022). Cyber Resilience Act: Impact assessment on IoT/OT security requirements. Publications Office of the European Union.
Ganin, Y., Ustinova, E., Ajakan, H., Germain, P., Larochelle, H., Laviolette, F., ... & Lempitsky, V. (2016). Domain-adversarial training of neural networks. Journal of Machine Learning Research, 17(59), 1–35. https://jmlr.org/papers/v17/15-239.html
García, M., Fernández, A., & Schmidt, D. (2022). Converged IT/OT threats: A systemic risk assessment framework. Computers & Security, 118, 102742. https://doi.org/10.1016/j.cose.2022.102742
Giraldo, J., Cárdenas, A. A., & Kantarcioglu, M. (2023). Security and privacy in cyber-physical systems: A survey of surveys. IEEE Design & Test, 40(2), 44–57. https://doi.org/10.1109/MDAT.2022.3224111
Greenberg, A. (2021). The Colonial Pipeline hack is a new extreme for ransomware. Wired. https://www.wired.com/story/colonial-pipeline-ransomware-attack/
Goh, J., Adepu, S., Tan, M., & Lee, Z. W. (2022). Anomaly detection in cyber-physical systems using recurrent neural networks. Journal of Process Control, 111, 1–12. https://doi.org/10.1016/j.jprocont.2022.02.001
Hamilton, W. L., Ying, R., & Leskovec, J. (2017). Inductive representation learning on large graphs. Advances in Neural Information Processing Systems, 30, 1024–1034. https://papers.nips.cc/paper/2017/hash/5dd9db5e033da9c6fed5a9f1737dcee0-Abstract.html
He, K., Zhang, X., Ren, S., & Sun, J. (2020). Deep residual learning for intrusion detection in industrial control systems. IEEE Access, 8, 83950–83961. https://doi.org/10.1109/ACCESS.2020.2992247
Johnson, B., Caban, D., & Krotofil, M. (2023). Mapping MITRE ATT&CK to industrial control systems. Digital Threats: Research and Practice, 4(1), 1–24. https://doi.org/10.1145/3524880
Khan, A., Sohail, A., Zahoora, U., & Qureshi, A. S. (2020). A survey of the recent architectures of deep convolutional neural networks. Artificial Intelligence Review, 53(8), 5455–5516. https://doi.org/10.1007/s10462-020-09825-6
Kumar, V., Sinha, D., & Das, A. K. (2023). A bidirectional LSTM-based approach for anomaly detection in water treatment plants. IEEE Transactions on Industrial Informatics, 19(2), 1234–1245. https://doi.org/10.1109/TII.2022.3167891
Li, Y., Tian, X., Liu, T., & Tao, D. (2021). Dual transfer learning for cross-domain activity recognition. IEEE Transactions on Cybernetics, 52(7), 5887–5901. https://doi.org/10.1109/TCYB.2021.3059463
McMahan, H. B., Moore, E., Ramage, D., Hampson, S., & y Arcas, B. A. (2017). Communication-efficient learning of deep networks from decentralized data. Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, 1273–1282.
Miller, T., & Thompson, K. (2023). Resource constraints in operational technology security: A survey. ACM Transactions on Cyber-Physical Systems, 7(3), Article 25. https://doi.org/10.1145/3501290
MITRE. (2023). ATT&CK for industrial control systems. https://attack.mitre.org/matrices/ics/
Morris, C., Ritzert, M., Fey, M., Hamilton, W. L., Lenssen, J. E., Rattan, G., & Grohe, M. (2019). Weisfeiler and Leman go neural: Higher-order graph neural networks. Proceedings of the AAAI Conference on Artificial Intelligence, 33(01), 4602–4609. https://doi.org/10.1609/aaai.v33i01.33014602
National Institute of Standards and Technology (NIST). (2022). Guide to operational technology (OT) security (SP 800-82 Rev. 3). U.S. Department of Commerce. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf
North American Electric Reliability Corporation. (2023). CIP-013-4: Security integration for bulk power system assets. NERC Standards Committee.
Pan, S. J., Tsang, I. W., Kwok, J. T., & Yang, Q. (2011). Domain adaptation via transfer component analysis. IEEE Transactions on Neural Networks, 22(2), 199–210. https://doi.org/10.1109/TNN.2010.2091281
Pan, S. J., & Yang, Q. (2010). A survey on transfer learning. IEEE Transactions on Knowledge and Data Engineering, 22(10), 1345–1359. https://doi.org/10.1109/TKDE.2009.191
Ravi, N., Shalinie, S. M., & Conti, M. (2021). FedICS: A federated learning approach for industrial control systems. IEEE Transactions on Industrial Informatics, 18(5), 3478–3487. https://doi.org/10.1109/TII.2021.3102287
Roberts, P. (2022). Semantic gaps in security: Why IT and OT don’t speak the same language. SANS Institute Whitepaper. https://www.sans.org/white-papers/semantic-gaps-security-why-it-and-ot-dont-speak-the-same-language/
Sahabuddin, R., Rauf, D. I., Putri, S. G., Nurlina, N., Muchtar, M. F., Ilmi, H. N., & Sulfikar, M. F. (2024). The ability to analyze the latest market trends in increasing sales in MSMEs Bouqetcru. Journal of Management Science (JMAS), 7(1), 328-332.
Security & Privacy. (2024). 2024 Global threat detection report: The cross-platform challenge. S&P Research Group. https://www.securityandprivacy.org/reports/2024-global-threat-detection-report
Sharafaldin, I., Habibi Lashkari, A., & Ghorbani, A. A. (2021). Toward generating a new intrusion detection dataset and intrusion traffic characterization. Proceedings of the 4th International Conference on Information Systems Security and Privacy, 108–116. https://doi.org/10.5220/0006639801080116
Sivanathan, A., Gharakheili, H. H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., & Sivaraman, V. (2020). Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing, 19(4), 814–828. https://doi.org/10.1109/TMC.2019.2897590
Sullivan, J., Kamensky, D., & Nair, P. S. (2024). Economic impact assessment of cross-domain security failures in critical infrastructure. Risk Analysis, 44(1), 112–129. https://doi.org/10.1111/risa.14177
Torres, J. M., Comesaña, D., & García-Nieto, J. (2022). Machine learning techniques applied to cybersecurity: Review and future perspectives. Computers & Security, 120, 102789. https://doi.org/10.1016/j.cose.2022.102789
Truex, S., Baracaldo, N., Anwar, A., Steinke, T., Ludwig, H., Zhang, R., & Zhou, Y. (2020). A hybrid approach to privacy-preserving federated learning. Proceedings of the ACM Workshop on Artificial Intelligence and Security, 1–11. https://doi.org/10.1145/3321707.3321728
Velickovic, P., Cucurull, G., Casanova, A., Romero, A., Liò, P., & Bengio, Y. (2018). Graph attention networks. International Conference on Learning Representations. https://openreview.net/forum?id=rJXMpikCZ
Wang, D., Cui, P., & Zhu, W. (2016). Structural deep network embedding. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 1225–1234. https://doi.org/10.1145/2939672.2939753
Williams, L. (2023). Ransomware pivots: From IT to OT. Journal of Cybersecurity, 8(1), tyac005. https://doi.org/10.1093/cybsec/tyac005
Zhang, Y., Li, X., & Liu, H. (2022). Transfer learning for intrusion detection in industrial control systems: A review. Computers & Security, 121, 102839. https://doi.org/10.1016/j.cose.2022.102839
Zhao, Y., Li, M., Lai, L., Suda, N., Civin, D., & Chandra, V. (2020). Federated learning with non-IID data. IEEE Transactions on Neural Networks and Learning Systems, 31(9), 3400–3413. https://doi.org/10.1109/TNNLS.2020.3012538
Zhou, Y., Cheng, P., Chen, S., & Li, M. (2023). Adversarial transfer learning for industrial control system security: Architectures and operational tradeoffs. IEEE Transactions on Industrial Informatics, 19(9), 9623–9635. https://doi.org/10.1109/TII.2023.3262861