Fig 1.
Framework of the Cross-Domain Adaptive Anomaly Detection Network (CDA-ADN).
The process begins with multivariate IoT traffic data () as input. The data is segmented into fixed-length sequences before being processed by a GRU-based Conditional Variational Autoencoder to extract latent representations while preserving temporal dependencies. Input-output adaptation layers align feature distributions between the source and target domains, reducing domain discrepancies. Contrastive learning further enhances feature separation, enabling robust anomaly detection based on the learned representations. Anomalies are identified using a threshold on reconstruction error or feature deviations.
Fig 2.
Two-stage training workflow of CDA-ADN.
Stage I pre-trains the model on source-domain normal traffic to learn general normal representations. Stage II performs lightweight adaptation on the target domain using only a small subset of normal samples, where only the domain-specific adaptation components are fine-tuned while the shared encoder-decoder is kept fixed. After adaptation, the model is directly applied to the target domain to compute anomaly scores and make anomaly decisions.
Table 1.
Training setup summary.
Table 2.
Cross-domain detection performance from WUSTL-IIoT-2021 (source) to ACI-IoT-2023 (target). Values are reported as mean ± standard deviation over five independent runs.
Table 3.
Cross-domain detection performance from WUSTL-IIoT-2021 (source) to ToN_IoT (target). Values are reported as mean ± standard deviation over five independent runs.
Fig 3.
MCC and sensitivity comparison across different models (mean ± standard deviation).
Table 4.
Ablation study results on the target domain (mean ± std).
Table 5.
Sensitivity of CDA-ADN to the balance coefficient α and margin m on the target domain (accuracy, mean ± std over five runs).