A Robust PPO-optimized Tabular Transformer Framework for Intrusion Detection in Industrial IoT Systems
Yuanya She
TL;DR
The paper addresses intrusion detection in industrial IoT under severe class imbalance and few-shot attack scenarios. It introduces a PPO-optimized Tabular Transformer framework that encodes mixed-type tabular features and learns a multi-class policy, guided by a composite reward that promotes balanced and confident predictions. On the TON_IoT benchmark, it achieves a macro F1 of 97.73% and accuracy of 98.85%, with MITM detection yielding a macro-level F1 of 88.79%, and ablations confirm the necessity of both the transformer-based encoder and PPO optimization. The work demonstrates robust, few-shot-capable NIDS suitable for real-world industrial deployments, highlighting the value of combining transformer-based tabular learning with reinforcement learning for security in IIoT systems.
Abstract
In this paper, we propose a robust and reinforcement-learning-enhanced network intrusion detection system (NIDS) designed for class-imbalanced and few-shot attack scenarios in Industrial Internet of Things (IIoT) environments. Our model integrates a TabTransformer for effective tabular feature representation with Proximal Policy Optimization (PPO) to optimize classification decisions via policy learning. Evaluated on the TON\textunderscore IoT benchmark, our method achieves a macro F1-score of 97.73\% and accuracy of 98.85\%. Remarkably, even on extremely rare classes like man-in-the-middle (MITM), our model achieves an F1-score of 88.79\%, showcasing strong robustness and few-shot detection capabilities. Extensive ablation experiments confirm the complementary roles of TabTransformer and PPO in mitigating class imbalance and improving generalization. These results highlight the potential of combining transformer-based tabular learning with reinforcement learning for real-world NIDS applications.