Contrastive-KAN: A Semi-Supervised Intrusion Detection Framework for Cybersecurity with scarce Labeled Data

TL;DR

Contrastive-KAN introduces a semi-supervised intrusion detection framework leveraging contrastive learning and the Kolmogorov-Arnold Network to effectively detect cyberattacks with minimal labeled data, outperforming existing methods in accuracy and robustness.

Contribution

This paper presents a novel semi-supervised contrastive learning approach using KAN for intrusion detection, addressing data scarcity and improving detection performance in cybersecurity.

Findings

Outperforms existing contrastive learning methods in intrusion detection accuracy.

Requires only a small fraction of labeled data to achieve high performance.

Demonstrates superior robustness and interpretability compared to traditional models.

Abstract

In the era of the Fourth Industrial Revolution, cybersecurity and intrusion detection systems are vital for the secure and reliable operation of IoT and IIoT environments. A key challenge in this domain is the scarcity of labeled cyberattack data, as most industrial systems operate under normal conditions. This data imbalance, combined with the high cost of annotation, hinders the effective training of machine learning models. Moreover, the rapid detection of attacks is essential, especially in critical infrastructure, to prevent large-scale disruptions. To address these challenges, we propose a real-time intrusion detection system based on a semi-supervised contrastive learning framework using the Kolmogorov-Arnold Network (KAN). Our method leverages abundant unlabeled data to effectively distinguish between normal and attack behaviors. We validate our approach on three benchmark datasets, UNSW-NB15, BoT-IoT, and Gas Pipeline, using only 2.20%, 1.28%, and 8% of labeled samples, respectively, to simulate real-world conditions. Experimental results show that our method outperforms existing contrastive learning-based approaches. We further compare KAN with a traditional multilayer perceptron (MLP), demonstrating KAN's superior performance in both detection accuracy and robustness under limited supervision. KAN's ability to model complex relationships, along with its learnable activation functions, is also explored and visualized, offering interpretability and the potential for rule extraction. The method supports multi-class classification and proves effective in safety, critical environments where reliability is paramount.