A Robust PPO-optimized Tabular Transformer Framework for Intrusion Detection in Industrial IoT Systems

TL;DR

This paper introduces a robust intrusion detection framework for Industrial IoT that combines a TabTransformer with PPO reinforcement learning, achieving high accuracy and strong performance on rare attack classes.

Contribution

It presents a novel integration of TabTransformer and PPO to enhance detection in class-imbalanced, few-shot attack scenarios in IIoT environments.

Findings

Achieves 97.73% macro F1-score and 98.85% accuracy on TON_IoT benchmark.

Detects rare MITM attacks with an F1-score of 88.79%.

Demonstrates the effectiveness of combining transformer-based tabular learning with reinforcement learning.

Abstract

In this paper, we propose a robust and reinforcement-learning-enhanced network intrusion detection system (NIDS) designed for class-imbalanced and few-shot attack scenarios in Industrial Internet of Things (IIoT) environments. Our model integrates a TabTransformer for effective tabular feature representation with Proximal Policy Optimization (PPO) to optimize classification decisions via policy learning. Evaluated on the TON\textunderscore IoT benchmark, our method achieves a macro F1-score of 97.73\% and accuracy of 98.85\%. Remarkably, even on extremely rare classes like man-in-the-middle (MITM), our model achieves an F1-score of 88.79\%, showcasing strong robustness and few-shot detection capabilities. Extensive ablation experiments confirm the complementary roles of TabTransformer and PPO in mitigating class imbalance and improving generalization. These results highlight the potential of combining transformer-based tabular learning with reinforcement learning for real-world NIDS applications.