Bridging The Digital-Physical Divide: Transfer Learning For Unified Threat Correlation in Converged IT/OT/IOT Ecosystems
DOI:
10.47353/ecbis.v3i6.231Published:
2025-09-04Downloads
Abstract
The increased integration of operational technology (OT), Internet of Things (IoT), and business IT systems has allowed sophisticated attackers to circumvent isolated security features and launch cross-platform assaults. Current fragmented techniques, with discrete detectors monitoring Modbus, Kubernetes, MQTT, or other domain-specific protocols, cannot handle cross-system risks. These methodologies overlook 68% of multi-vector marketing that uses both physical and digital channels. This study introduces a transfer learning architecture to integrate detection capabilities by correlating threats across protocols, devices, and settings. The architecture generates a unified feature space that extracts behavioral semantics from industrial control system logs, cloud telemetry, network traffic, and device-level signals to produce protocol-agnostic threat representations. Adversarial domain adaptation and semantic graph embeddings enable cross-domain knowledge transfer with minimum retraining. Security teams may now discover kill chains like infected cloud containers preceding illegal PLC command execution every 23 minutes. Validated against real-world attack datasets from water treatment facilities (OT) and cloud infrastructure (IT), the system achieved 93.4% cross-platform attack recall, a 41.3 percentage point improvement over prior methodologies. It reduced OT data labeling by 89% and false positives by 93.5%. This paradigm shift transforms threat correlation from a reactive, domain-specific process to adaptive intelligence, boosting resilience for critical infrastructure, industrial ecosystems, and smart environments facing cyber-physical hazards. The framework's practical validation in energy, industry, and vital infrastructure shows its importance in protecting an increasingly linked world.
Keywords:
Cross-platform threat intelligence Transfer learning Operational technology (OT) security Cyber-physical systems IoT/OT/IT convergence Unified threat detection Industrial control systems Semantic threat correlation Modbus-to-Kubernetes attacksReferences
Anton, S. D. D., Kanoor, S., Fraunholz, D., & Schotten, H. D. (2023). Assessment of the Industroyer2 cyber attack on Ukrainian power grids. International Journal of Critical Infrastructure Protection, 41, 100619. https://doi.org/10.1016/j.ijcip.2023.100619
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., ... & Zhou, Y. (2021). Understanding the Mirai botnet. Proceedings of the 26th USENIX Security Symposium, 1093–1110.
Barnum, S. (2020). Standardizing cyber threat intelligence information with STIX. MITRE Corporation. https://stixproject.github.io/
Cárdenas, A. A., Amin, S., & Sastry, S. (2021). Research challenges for the security of control systems. IEEE Security & Privacy, 19(3), 94–97. https://doi.org/10.1109/MSEC.2021.3065999
Chen, L., Wang, H., & Zhang, Y. (2023). Protocol heterogeneity in industrial control systems: Security implications and detection challenges. IEEE Transactions on Industrial Informatics, 19(4), 3210–3221. https://doi.org/10.1109/TII.2022.3167890
European Union Agency for Cybersecurity. (2022). Cyber Resilience Act: Impact assessment on IoT/OT security requirements. Publications Office of the European Union.
Ganin, Y., Ustinova, E., Ajakan, H., Germain, P., Larochelle, H., Laviolette, F., ... & Lempitsky, V. (2016). Domain-adversarial training of neural networks. Journal of Machine Learning Research, 17(59), 1–35. https://jmlr.org/papers/v17/15-239.html
García, M., Fernández, A., & Schmidt, D. (2022). Converged IT/OT threats: A systemic risk assessment framework. Computers & Security, 118, 102742. https://doi.org/10.1016/j.cose.2022.102742
Giraldo, J., Cárdenas, A. A., & Kantarcioglu, M. (2023). Security and privacy in cyber-physical systems: A survey of surveys. IEEE Design & Test, 40(2), 44–57. https://doi.org/10.1109/MDAT.2022.3224111
Greenberg, A. (2021). The Colonial Pipeline hack is a new extreme for ransomware. Wired. https://www.wired.com/story/colonial-pipeline-ransomware-attack/
Goh, J., Adepu, S., Tan, M., & Lee, Z. W. (2022). Anomaly detection in cyber-physical systems using recurrent neural networks. Journal of Process Control, 111, 1–12. https://doi.org/10.1016/j.jprocont.2022.02.001
Hamilton, W. L., Ying, R., & Leskovec, J. (2017). Inductive representation learning on large graphs. Advances in Neural Information Processing Systems, 30, 1024–1034. https://papers.nips.cc/paper/2017/hash/5dd9db5e033da9c6fed5a9f1737dcee0-Abstract.html
He, K., Zhang, X., Ren, S., & Sun, J. (2020). Deep residual learning for intrusion detection in industrial control systems. IEEE Access, 8, 83950–83961. https://doi.org/10.1109/ACCESS.2020.2992247
Johnson, B., Caban, D., & Krotofil, M. (2023). Mapping MITRE ATT&CK to industrial control systems. Digital Threats: Research and Practice, 4(1), 1–24. https://doi.org/10.1145/3524880
Khan, A., Sohail, A., Zahoora, U., & Qureshi, A. S. (2020). A survey of the recent architectures of deep convolutional neural networks. Artificial Intelligence Review, 53(8), 5455–5516. https://doi.org/10.1007/s10462-020-09825-6
Kumar, V., Sinha, D., & Das, A. K. (2023). A bidirectional LSTM-based approach for anomaly detection in water treatment plants. IEEE Transactions on Industrial Informatics, 19(2), 1234–1245. https://doi.org/10.1109/TII.2022.3167891
Li, Y., Tian, X., Liu, T., & Tao, D. (2021). Dual transfer learning for cross-domain activity recognition. IEEE Transactions on Cybernetics, 52(7), 5887–5901. https://doi.org/10.1109/TCYB.2021.3059463
McMahan, H. B., Moore, E., Ramage, D., Hampson, S., & y Arcas, B. A. (2017). Communication-efficient learning of deep networks from decentralized data. Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, 1273–1282.
Miller, T., & Thompson, K. (2023). Resource constraints in operational technology security: A survey. ACM Transactions on Cyber-Physical Systems, 7(3), Article 25. https://doi.org/10.1145/3501290
MITRE. (2023). ATT&CK for industrial control systems. https://attack.mitre.org/matrices/ics/
Morris, C., Ritzert, M., Fey, M., Hamilton, W. L., Lenssen, J. E., Rattan, G., & Grohe, M. (2019). Weisfeiler and Leman go neural: Higher-order graph neural networks. Proceedings of the AAAI Conference on Artificial Intelligence, 33(01), 4602–4609. https://doi.org/10.1609/aaai.v33i01.33014602
National Institute of Standards and Technology (NIST). (2022). Guide to operational technology (OT) security (SP 800-82 Rev. 3). U.S. Department of Commerce. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf
North American Electric Reliability Corporation. (2023). CIP-013-4: Security integration for bulk power system assets. NERC Standards Committee.
Pan, S. J., Tsang, I. W., Kwok, J. T., & Yang, Q. (2011). Domain adaptation via transfer component analysis. IEEE Transactions on Neural Networks, 22(2), 199–210. https://doi.org/10.1109/TNN.2010.2091281
Pan, S. J., & Yang, Q. (2010). A survey on transfer learning. IEEE Transactions on Knowledge and Data Engineering, 22(10), 1345–1359. https://doi.org/10.1109/TKDE.2009.191
Ravi, N., Shalinie, S. M., & Conti, M. (2021). FedICS: A federated learning approach for industrial control systems. IEEE Transactions on Industrial Informatics, 18(5), 3478–3487. https://doi.org/10.1109/TII.2021.3102287
Roberts, P. (2022). Semantic gaps in security: Why IT and OT don’t speak the same language. SANS Institute Whitepaper. https://www.sans.org/white-papers/semantic-gaps-security-why-it-and-ot-dont-speak-the-same-language/
Sahabuddin, R., Rauf, D. I., Putri, S. G., Nurlina, N., Muchtar, M. F., Ilmi, H. N., & Sulfikar, M. F. (2024). The ability to analyze the latest market trends in increasing sales in MSMEs Bouqetcru. Journal of Management Science (JMAS), 7(1), 328-332.
Security & Privacy. (2024). 2024 Global threat detection report: The cross-platform challenge. S&P Research Group. https://www.securityandprivacy.org/reports/2024-global-threat-detection-report
Sharafaldin, I., Habibi Lashkari, A., & Ghorbani, A. A. (2021). Toward generating a new intrusion detection dataset and intrusion traffic characterization. Proceedings of the 4th International Conference on Information Systems Security and Privacy, 108–116. https://doi.org/10.5220/0006639801080116
Sivanathan, A., Gharakheili, H. H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., & Sivaraman, V. (2020). Classifying IoT devices in smart environments using network traffic characteristics. IEEE Transactions on Mobile Computing, 19(4), 814–828. https://doi.org/10.1109/TMC.2019.2897590
Sullivan, J., Kamensky, D., & Nair, P. S. (2024). Economic impact assessment of cross-domain security failures in critical infrastructure. Risk Analysis, 44(1), 112–129. https://doi.org/10.1111/risa.14177
Torres, J. M., Comesaña, D., & García-Nieto, J. (2022). Machine learning techniques applied to cybersecurity: Review and future perspectives. Computers & Security, 120, 102789. https://doi.org/10.1016/j.cose.2022.102789
Truex, S., Baracaldo, N., Anwar, A., Steinke, T., Ludwig, H., Zhang, R., & Zhou, Y. (2020). A hybrid approach to privacy-preserving federated learning. Proceedings of the ACM Workshop on Artificial Intelligence and Security, 1–11. https://doi.org/10.1145/3321707.3321728
Velickovic, P., Cucurull, G., Casanova, A., Romero, A., Liò, P., & Bengio, Y. (2018). Graph attention networks. International Conference on Learning Representations. https://openreview.net/forum?id=rJXMpikCZ
Wang, D., Cui, P., & Zhu, W. (2016). Structural deep network embedding. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 1225–1234. https://doi.org/10.1145/2939672.2939753
Williams, L. (2023). Ransomware pivots: From IT to OT. Journal of Cybersecurity, 8(1), tyac005. https://doi.org/10.1093/cybsec/tyac005
Zhang, Y., Li, X., & Liu, H. (2022). Transfer learning for intrusion detection in industrial control systems: A review. Computers & Security, 121, 102839. https://doi.org/10.1016/j.cose.2022.102839
Zhao, Y., Li, M., Lai, L., Suda, N., Civin, D., & Chandra, V. (2020). Federated learning with non-IID data. IEEE Transactions on Neural Networks and Learning Systems, 31(9), 3400–3413. https://doi.org/10.1109/TNNLS.2020.3012538
Zhou, Y., Cheng, P., Chen, S., & Li, M. (2023). Adversarial transfer learning for industrial control system security: Architectures and operational tradeoffs. IEEE Transactions on Industrial Informatics, 19(9), 9623–9635. https://doi.org/10.1109/TII.2023.3262861
License
Copyright (c) 2025 Simon Suwanzy Dzreke
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Downloads
How to Cite
