A lightweight federated learning threat detection method in an industrial control scene

By employing techniques such as principal component analysis, structured pruning, knowledge distillation, and Byzantine fault tolerance in industrial control systems, the computational and communication bottlenecks of federated learning in industrial control scenarios have been resolved, enabling efficient and real-time threat detection and protection, and adapting to dynamic threat environments.

CN122160157APending Publication Date: 2026-06-05CHINA YANGTZE POWER

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHINA YANGTZE POWER
Filing Date
2026-03-27
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing technologies in industrial control systems suffer from limitations in computing and storage resources, insufficient bandwidth, data privacy protection challenges, and malicious node attacks, making it difficult to deploy federated learning in industrial control scenarios and achieve efficient, real-time threat detection.

Method used

A lightweight feature extraction method combining principal component analysis and temporal statistical features is adopted. Combined with Laplace noise differential privacy protection, a model compression strategy of structured pruning and knowledge distillation is designed to construct a three-layer federated learning architecture. Adaptive weight calculation and Byzantine fault tolerance mechanism are introduced. Model differential encoding and two-level caching mechanism are adopted to realize incremental learning and distributed threat intelligence sharing.

Benefits of technology

It significantly reduces computational and communication overhead, ensures detection accuracy and privacy security, improves the robustness and real-time performance of the model in resource-constrained environments, can adapt to dynamic threat environments, and achieve cross-domain integrated threat detection and collaborative protection.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160157A_ABST
    Figure CN122160157A_ABST
Patent Text Reader

Abstract

The application discloses a kind of light-weight federated learning threat detection methods under industrial control scene, each industrial control node local acquisition multi-source heterogeneous data, after pre-processing, light-weight feature extraction and dimension compression are carried out, Laplace noise is introduced to realize differential privacy protection, each node trains and carries out model compression simplified convolutional neural network, reduce communication cost by gradient sparsification and accumulation mechanism;Three-layer federated learning architecture is constructed, adaptive weight calculation method is designed, parameter alignment and knowledge distillation are used to realize heterogeneous model fusion, introduce Byzantine fault-tolerant algorithm to filter outlier gradient, use model difference coding and two-level cache architecture to reduce model distribution overhead, trigger incremental learning by sliding window monitoring concept drift, combined with elastic weight, consolidate and keep old task accuracy, establish decentralized threat intelligence sharing and multi-node collaborative response mechanism;The application systematically solves the key technical problems of federated learning threat detection in resource-constrained industrial control environment.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of industrial control system network security and federated learning technology, specifically involving a lightweight federated learning threat detection method in industrial control scenarios. Background Technology

[0002] Industrial Control Systems (ICS) are the core support for critical infrastructure in modern manufacturing, energy, and transportation. While the networking and interconnectivity of ICS improve production efficiency, they also face increasingly severe cybersecurity threats. Statistics show that cyberattacks targeting ICS have been growing rapidly in recent years, with global cyberattacks on ICS increasing by over 110% year-on-year in 2022, resulting in direct economic losses of tens of billions of dollars. Once an ICS is attacked, it can not only lead to production interruptions and economic losses, but also cause serious consequences such as equipment damage, environmental pollution, and even personal injury. Therefore, building an efficient, real-time, and reliable threat detection and protection system for ICS has become a major strategic requirement for ensuring the security of national critical infrastructure.

[0003] Traditional industrial control system (ICS) security technologies primarily include rule-based intrusion detection systems (IDS), signature-based firewalls, and physical isolation. These methods rely on databases of known threat signatures, identifying attack behaviors through pattern matching. While these technologies are effective in defending against known threats, they fall short when facing increasingly complex advanced persistent threats (APTs), zero-day vulnerability attacks, and targeted custom attacks. Furthermore, ICS systems generate multi-source, heterogeneous data, involving network traffic, device operating status, electromagnetic signals, and other multi-dimensional information, making it difficult for traditional methods to effectively integrate and comprehensively analyze this heterogeneous data. In recent years, intelligent threat detection technologies based on machine learning and deep learning have emerged. By automatically learning normal behavior patterns and abnormal characteristics, they can effectively identify unknown threats and variant attacks, demonstrating broad application prospects in the field of ICS security.

[0004] With the rapid development of edge computing and industrial IoT technologies, distributed collaborative threat detection has become an important direction for industrial control system (ICS) security. ICS typically consist of a large number of distributed nodes located in different network domains and physical spaces, each collecting local data and monitoring local security status. Traditional centralized threat detection methods require uploading all raw data to a central server for analysis. This model has three prominent problems: First, ICS networks are usually bandwidth-limited, and large-scale data transmission can cause severe network congestion, affecting the real-time transmission of control commands; second, uploading sensitive production data and equipment status information to the cloud poses a risk of data leakage, failing to meet the data privacy and trade secret protection requirements of industrial enterprises; third, centralized architectures have a single point of failure risk—if the central server is attacked or malfunctions, the entire security monitoring system will be paralyzed. In contrast, federated learning, as an emerging distributed machine learning paradigm, allows nodes to train models locally without sharing raw data, achieving global model optimization only by exchanging model parameters. It can achieve multi-node collaborative threat detection while protecting data privacy, providing a new technical path to solve the distributed security monitoring problem of ICS.

[0005] However, applying federated learning to industrial control (ICM) scenarios faces numerous technical challenges. First, ICM edge devices typically have limited computing power, storage space, and energy budgets, making it difficult to support the training and inference of complex deep learning models. Traditional federated learning methods employ large-scale neural network models with millions or even tens of millions of parameters, creating severe computing and storage bottlenecks when deployed on resource-constrained ICM devices. Second, ICM networks generally have low bandwidth and unstable communication. Traditional federated learning requires frequent uploading and downloading of large amounts of model parameters, resulting in huge communication overhead in bandwidth-limited environments, severely impacting system real-time performance. Calculations show that standard federated learning can take tens of seconds or even minutes for a single round of communication in a typical ICM network environment, failing to meet the millisecond or second-level real-time response requirements of ICM systems. Third, the data distribution of ICM system nodes typically exhibits highly non-independent and identically distributed (Non-IID) characteristics. Different nodes monitor significantly different equipment types, processes, and attack patterns, leading to slow convergence speeds and significant performance degradation in Non-IID data scenarios using traditional federated learning aggregation algorithms. Furthermore, industrial control systems (ICS) face the threat of malicious node poisoning attacks. Attackers may control certain nodes to upload malicious gradients, polluting the global model. Existing federated learning frameworks lack effective Byzantine fault tolerance mechanisms. Finally, the threat landscape of ICS continues to evolve, with new attack methods constantly emerging. Statically trained models struggle to adapt to the dynamically changing threat environment and require continuous learning and rapid update capabilities.

[0006] Existing research has attempted to apply federated learning to cybersecurity, but it primarily focuses on general IT network environments, failing to fully consider the specific characteristics of industrial control systems (ICS). Some studies have proposed model compression and communication optimization methods, but these often come at the cost of sacrificing detection accuracy and lack dedicated processing mechanisms for multi-source, heterogeneous data in ICS. Other studies have addressed the privacy and security of federated learning, but the computational overhead in resource-constrained environments is too high, making practical deployment on edge devices difficult. Furthermore, existing technologies generally lack a systematic optimization scheme covering the entire process from feature extraction, model training, global aggregation to continuous updates, thus failing to form a complete, lightweight federated learning threat detection system.

[0007] Therefore, there is an urgent need to develop a lightweight federated learning threat detection method specifically for industrial control scenarios. This method should be able to achieve efficient local training on resource-constrained edge devices, enable low-communication-overhead collaborative learning in bandwidth-limited industrial control networks, ensure model convergence and robustness in complex environments with heterogeneous data and malicious nodes, and possess continuous learning and rapid response capabilities. This would allow for the construction of a cross-domain comprehensive threat detection and collaborative protection platform covering network traffic, device status, and electromagnetic space, thereby comprehensively improving the security protection level of critical infrastructure in industrial control systems. Summary of the Invention

[0008] The purpose of this invention is to provide a lightweight federated learning threat detection method for industrial control scenarios, aiming to solve the key challenges of deploying federated learning in resource-constrained environments. Through distributed feature extraction, model compression optimization, adaptive aggregation, and incremental update techniques, it can significantly reduce computation and communication overhead while ensuring detection accuracy, thus meeting the real-time and resource constraints of industrial control systems.

[0009] To solve the above-mentioned technical problems, the technical solution adopted by the present invention is as follows: A lightweight federated learning threat detection method for industrial control scenarios includes the following steps: S1. Each industrial control node locally collects multi-source heterogeneous data. After data preprocessing, a lightweight feature extraction and dimensionality compression method combining principal component analysis and time-domain statistical features is used. Laplace noise is introduced to achieve differential privacy protection and generate a localized threat feature dataset. S2, each industrial control node trains a lightweight threat detection model based on a localized threat feature dataset, uses a structured pruning method to remove low-importance channels, and combines a knowledge distillation method to compress the model; after local training is completed, a gradient sparsity strategy is used to retain only the elements with the largest absolute gradient value, and a gradient accumulation mechanism is combined to compensate for information loss and reduce communication overhead. S3 constructs a three-layer federated learning architecture comprising a device layer, an edge layer, and a cloud layer, and designs an adaptive weight calculation method to determine the node aggregation weight; for heterogeneous model structures, it adopts parameter alignment and knowledge distillation fusion strategies to achieve flexible fusion; and it introduces a Byzantine fault-tolerant algorithm to identify and filter outlier gradients by calculating gradient distance. S4 employs model differential encoding technology to distribute only parameter changes and performs sparsification processing, combined with a two-level caching architecture of edge gateway-device node to reduce model distribution overhead; it monitors concept drift through a sliding window, and triggers an incremental learning mechanism when the detected model accuracy deviation exceeds a threshold; it establishes a distributed threat intelligence sharing mechanism; and it jointly determines the threat level through multi-node weighted voting, triggering a graded response strategy based on the threat score.

[0010] Preferably, in step S1, each industrial control node includes a PLC, RTU, and SCADA terminal; the multi-source heterogeneous data includes network traffic characteristics, equipment operating status parameters, and electromagnetic signals; the original multi-source heterogeneous data is organized in the form of a time series matrix, with data dimensions including the number of nodes N, the time window length T, and the original feature dimension D; data preprocessing includes time alignment, missing value imputation, and outlier filtering; time alignment unifies the sampling rate of all nodes to a fixed frequency of 100Hz to ensure data time synchronization; missing value imputation adopts a forward imputation strategy, using the nearest valid data point to fill in the missing values; outlier filtering is based on... Outliers were removed to ensure data quality; after preprocessing, the data underwent standardization using the Z-score standardization method, calculated as follows: ; in, This is the original data. For standardized data, Let j be the mean of the feature in dimension j. Standardization is used to eliminate differences in the dimensions of different features, providing a unified data foundation for subsequent feature extraction.

[0011] Preferably, in step S1, the specific method for lightweight feature extraction and dimensionality compression using a combination of principal component analysis and temporal statistical features is as follows: To address the limitation of computing resources in industrial control equipment, a lightweight feature extraction and dimensionality compression method combining principal component analysis (PCA) and time-domain statistical features is employed. Time-domain statistical feature extraction includes six statistical measures: mean, standard deviation, maximum, minimum, skewness, and kurtosis, used to characterize the time-domain properties of the signal. PCA is used to further reduce feature dimensionality. By calculating the eigenvalues ​​and eigenvectors of the covariance matrix, principal components with a cumulative variance contribution rate reaching a set threshold of 95% are selected as retained dimensions. The formula for determining it is: ; The formula for calculating the compression ratio is: ; in, For the first The eigenvalues ​​of each principal component, the dimension after eigenvalue compression The compressed feature vector is much smaller than the original dimension D; it retains the main information of the original data while significantly reducing storage and transmission overhead.

[0012] Preferably, in step S1, the specific method for introducing Laplace noise to achieve differential privacy protection is as follows: To protect sensitive data from industrial control equipment, Laplace noise is injected into the feature vectors to achieve differential privacy protection; the scale parameter of the Laplace noise is determined by the feature sensitivity and the privacy budget. They jointly decided that the privacy budget controls the balance between the strength of privacy protection and data availability, with a value ranging from 0.1 to 1.0; a smaller value... Larger values ​​offer stronger privacy protection but may reduce data quality; The values ​​maintain high data quality, but the strength of privacy protection is weakened; the feature calculation formula after differential privacy protection is: ; in, These are the original statistical characteristics. Features after adding noise For feature sensitivity, Representing Laplace distributed noise; introducing a feature quality evaluation metric to assess the feature quality after privacy protection: ; When characteristic quality index When the threshold is set to ≥0.85, the feature quality meets the requirements for subsequent training. Features that meet the feature quality are retained to construct a localized threat feature dataset. The localized threat feature dataset contains feature vectors and corresponding threat labels, which ensures both privacy and security and maintains the validity of the data.

[0013] Preferably, in step S2, the specific method for training the lightweight threat detection model is as follows: The lightweight threat detection model employs a simplified convolutional neural network architecture, comprising convolutional layers, pooling layers, and fully connected layers. Convolutional layers extract local feature patterns, with kernel weights stored as four-dimensional tensors, including the number of output channels, the number of input channels, and the kernel height and width. Pooling layers perform feature downsampling, reducing computation and enhancing feature robustness. Fully connected layers achieve the final threat classification, with weights stored as two-dimensional matrices, including the number of output neurons and the input feature dimension. Local model training utilizes a cross-entropy loss function combined with L2 regularization. The loss function formula is as follows: ; Where M is the number of local samples. For real labels, For the model's predicted output, The L2 regularization coefficient is... The regularization term is a set of model parameters to prevent overfitting and improve generalization ability.

[0014] Preferably, in step S2, removing low-importance channels using a structured pruning method includes the following steps: To address the limited storage and computing resources of industrial control edge devices, a structured pruning technique is employed to achieve model lightweighting. Structured pruning is based on channel-level importance assessment, calculating an importance score for each output channel of the convolutional layer. The importance score is defined as the sum of the absolute values ​​of all weight parameters for that channel. ; in, The importance score for the c-th output channel. Input the number of channels. k The kernel size is the convolution kernel size. The convolution kernel weights are used; after calculating the importance scores of all output channels, they are sorted from highest to lowest score, and the top p% of channels by importance score are retained, while the remaining channels are pruned; pruning rate. The calculation formula is: ; In the experiment, p was set to 30, meaning 30% of the important channels were retained, achieving a pruning rate of 70%. Structured pruning offers better hardware friendliness compared to unstructured pruning; the pruned model can run efficiently on general-purpose hardware without requiring special sparse computation support. After pruning, the model undergoes fine-tuning training to recover the accuracy loss caused by pruning. Fine-tuning uses a small learning rate, typically one-tenth of the initial training learning rate, and the number of training epochs is 20% to 30% of the original training epochs. Structured pruning technology significantly reduces the number of model parameters and computational complexity while maintaining model detection accuracy, enabling the model to run efficiently on resource-constrained industrial control equipment.

[0015] Preferably, in step S2, the specific method for achieving model compression by combining knowledge distillation is as follows: Building upon structured pruning, knowledge distillation is further employed to compress the model. Knowledge distillation guides the training of small student models using a large teacher model, enabling the student models to learn the knowledge representation capabilities of the teacher model. The teacher model uses the unpruned, full model and is trained to convergence on a local dataset. The student models employ a pruned, lightweight model structure and are trained using a distillation loss function. The distillation loss function combines the cross-entropy loss of the true labels and the knowledge distillation loss from the teacher model's output, and its calculation formula is as follows: ; in, For cross-entropy loss, For KL divergence loss, Output for the teacher model, For the student model output, T represents the temperature parameter. The balance coefficient; the temperature parameter T is used to soften the output probability distribution, and is preferably set to 3-5; balance coefficient By controlling the relative importance of real labels and teacher knowledge, the experiment set it to 0.3, meaning 30% of the weight was allocated to real labels and 70% to teacher knowledge. Knowledge distillation enabled the student model to maintain detection performance close to that of the teacher model even with a significant reduction in the number of parameters. By combining structured pruning and knowledge distillation techniques, the model compression ratio can reach 20 to 30 times, significantly reducing resource consumption while maintaining detection accuracy.

[0016] Preferably, in step S2, the specific method for using a gradient sparsity strategy to retain only the elements with the largest absolute gradient value, combined with a gradient accumulation mechanism to compensate for information loss and reduce communication overhead, is as follows: After local training is complete, the model gradient is calculated and a Top-K sparsity strategy is adopted to reduce communication overhead. The Top-K strategy only retains the K elements with the largest absolute gradient values, and sets the rest to zero. The value of K is set to 5% to 10% of the total number of model parameters, maximizing sparsity while ensuring model convergence. The sparsified gradient is expressed as: ; in, This represents the complete gradient. The sparsified gradient uses a compressed storage format, storing only the values ​​and indices of non-zero elements to further reduce storage and transmission overhead. To compensate for information loss caused by sparsification, a gradient accumulation mechanism is used, accumulating discarded gradients into the next update. The reduction in communication overhead is calculated using the following formula: ; in, The total number of model parameters; gradient sparsity technology reduces the communication volume to 5% to 10% of the original while ensuring model convergence, which significantly reduces the communication cost of federated learning and is particularly suitable for bandwidth-constrained industrial control network environments.

[0017] Preferably, in step S3, the specific method for constructing a three-layer federated learning architecture comprising a device layer, an edge layer, and a cloud layer is as follows: The device layer consists of multiple industrial control device nodes, which perform local data acquisition and model training; the edge layer consists of edge gateways, which are responsible for gradient aggregation and initial model updates of devices within the region; the cloud layer is the central server, which performs global model aggregation and parameter optimization. Compared with the traditional star-shaped federated learning architecture, the layered architecture significantly reduces the number of communication rounds and the load on the central server.

[0018] The device-level nodes first upload their local gradients to the nearest edge gateway. The edge gateway then performs regional aggregation and uploads the aggregation results to the cloud server. The cloud server integrates the aggregation results from all edge gateways to generate a global model update. The total time for hierarchical aggregation is calculated using the following formula: ; in, This represents the maximum training time at the device layer. The maximum aggregation time for the edge layer. The time is aggregated globally in the cloud; through a layered architecture, the number of communication hops is changed from one hop to two hops, but due to parallel aggregation, the overall communication time is actually reduced.

[0019] Preferably, in step S3, the specific method for determining the node aggregation weight using the adaptive weight calculation method is as follows: To address the issues of varying data quality and uneven model performance among different industrial control nodes, an adaptive weight calculation method is designed. The node weight consists of three parts: data quality weight, model performance weight, and equipment reliability weight. ; in, These are the weighting coefficients, set in the experiment. , , Data quality weights take into account both sample size and data quality score. ; in, For nodes i The number of samples, Data quality is scored; the data quality score is calculated based on feature variance and label balance. Feature variance reflects the information richness of the data, and label balance measures the balance of positive and negative sample distributions. Model performance weights are calculated based on the accuracy and F1 score of the node's local model. ; in, For nodes i Local model accuracy The F1 score is used; device credibility weights are derived by calculating the cosine similarity between the node's gradient and the median gradient; higher similarity indicates a more credible node; the global model update formula is: ; in, For global parameter models, The global learning rate, The adaptive weights for node i. Let t be the gradient of node i, t be the number of communication rounds, and N be the total number of participating nodes. The adaptive weighting mechanism gives nodes with high data quality, good model performance, and reliable devices a larger aggregation weight, thereby improving the convergence speed and final performance of the global model.

[0020] Preferably, in step S3, the specific method for achieving flexible fusion using parameter alignment and knowledge distillation fusion strategies for heterogeneous model structures is as follows: To address the issue of different model structures used by various industrial control equipment, a parameter alignment and fusion strategy is designed. Parameter dimension alignment employs zero-padding or truncation methods. For model parameters with smaller dimensions, zero vectors are padded at the end to align with the maximum dimension. For model parameters with larger dimensions, they are truncated to the maximum dimension. After parameter alignment, all node model parameters have the same dimension, allowing for direct aggregation. For models with significant structural differences, a knowledge distillation fusion method is used. Knowledge distillation does not directly aggregate model parameters but instead transmits knowledge through soft labels. Each node model generates a predicted probability distribution on the validation dataset as a soft label, and the fusion model is trained by minimizing the KL divergence with each node's soft labels. ; in, To validate the dataset, For the model of node i, As a fusion model, the knowledge distillation fusion method can handle heterogeneous models with arbitrary structures, and has greater adaptability and flexibility.

[0021] Preferably, in step S3, the Byzantine fault-tolerant algorithm is introduced, and the specific method for identifying and filtering outlier gradients by calculating gradient distance is as follows: The Krum algorithm is employed to identify and filter outlier gradients to defend against malicious nodes uploading abnormal gradients that could attack the global model. The Krum algorithm calculates a score for each gradient by summing its distances to its nearest neighbors; a smaller score indicates that the gradient is closer to the mainstream distribution. For each gradient, the nearest neighbors are identified. Nf-2 There are n gradients, where N is the total number of nodes. f To determine the maximum number of malicious nodes tolerated, calculate the sum of squared Euclidean distances between this gradient and the nearest nearest gradients as the score: ; in, Distance Recent Nf-2 The Krum algorithm selects the gradient with the smallest score from a set of gradients, filtering out outliers with abnormally high scores. It can tolerate a maximum of f malicious nodes, ensuring the global model remains uncontaminated. The convergence of the global model is verified by calculating the L2 norm of two consecutive parameter updates. ; in, To achieve a convergence threshold, the Byzantine fault tolerance mechanism significantly improves the security and robustness of the federated learning system, ensuring that a high-quality global model can still be trained even in the presence of malicious nodes.

[0022] Preferably, in step S4, the specific method for using model differential coding technology to only distribute parameter changes and perform sparsification processing, combined with the two-level caching architecture of edge gateway-device node to reduce model distribution overhead is as follows: To reduce communication overhead during model distribution, only the changes in global model parameters are distributed, rather than the complete model. Model differencing is calculated by subtracting the parameters from the previous round from the current round's global model parameters. ; The differential parameters are further sparsified, retaining only parameter variations whose absolute values ​​are greater than a threshold, which is set to 1% of the standard deviation of the differential parameters. The sparsified differential parameters are significantly reduced; experiments show that only about 5% of the parameters need to be transmitted. Node-local model updates use an incremental update method. ; in, The update coefficients are set to 0.9 to balance the contributions of the old and new models. Model differential coding technology reduces the amount of data distributed with each model update to about 5% of the original amount, significantly reducing communication overhead in scenarios with frequent model updates, making it particularly suitable for bandwidth-constrained industrial control network environments.

[0023] A two-level caching architecture, consisting of an edge gateway and device nodes, is implemented to reduce redundant model transmissions. The edge gateway caches the K most recent versions of model parameters, where K is set to 5, and the cache size is 5 times the size of a single model. When a device node requests a model update, it first queries the edge gateway cache. If the cache hits, the model is retrieved directly from the edge gateway; otherwise, it is downloaded from the cloud server and the cache is updated. The cache hit rate is defined as: ; in, To cache the hit count, This represents the total number of requests. Experiments show that the cache hit rate can reach over 70%. The cache replacement strategy uses the LRU algorithm, which evicts the least used model version when the cache is full, ensuring that the cache stores the most frequently used models. Model distribution time includes the transmission time from the cloud to the edge and from the edge to the device. Through the caching mechanism, the cloud-to-edge transmission can be omitted when the cache is hit, significantly reducing distribution latency. When the cache hit rate reaches 70%, model distribution time can be reduced by more than 50%, greatly improving system response speed.

[0024] Preferably, in step S4, the specific method for monitoring concept drift through a sliding window and triggering the incremental learning mechanism when the detected model accuracy deviation exceeds a threshold is as follows: Each node continuously monitors for new threat samples, and triggers an incremental learning mechanism when concept drift is detected. Concept drift detection is achieved by calculating the average deviation between the model accuracy and the baseline accuracy within a sliding window. ; in, W Set the sliding window size to 100 samples. As the baseline accuracy; when When set to 0.1, concept drift is detected, and the incremental learning mechanism is initiated; the incremental learning loss function combines the loss from new samples and the elastic weight consolidation term: ; in, For the loss of new samples, This is the elastic weighting consolidation coefficient. For parameters i The diagonal elements of the Fisher information matrix For the optimal parameters of the old task, the diagonal elements of the Fisher information matrix are used to measure the importance of the parameters to the old task. Important parameters are subject to stronger constraints during incremental learning, maintaining minimal changes. After incremental learning, the performance retention of the model on the old task is evaluated, requiring the accuracy of the old task to remain above 95% of the original level, ensuring that old knowledge is not forgotten while learning new knowledge. The online incremental learning mechanism enables the system to continuously adapt to new threats and maintain long-term effective detection capabilities.

[0025] Preferably, in step S4, the specific method for establishing a distributed threat intelligence sharing mechanism is as follows: When a node detects a new threat signature, it generates a threat intelligence vector and broadcasts it to other nodes in the network. The threat intelligence vector contains four fields: threat signature vector, threat type, confidence score, and timestamp. Threat intelligence propagation uses the Gossip protocol, where nodes forward intelligence to their neighbors with a certain probability. The propagation probability is calculated using the following formula: ; Where N is the total number of network nodes. Let be the degree of node i. The Gossip protocol is decentralized and highly fault-tolerant, making it suitable for distributed environments in industrial control networks. Intelligence coverage increases exponentially over time; theoretical analysis shows that the time required to reach 99% coverage is linearly related to network size. Through distributed intelligence sharing, new threat information can spread rapidly across the network, and each node can update its threat knowledge base in a timely manner, improving overall defense capabilities.

[0026] Preferably, in step S4, the specific method for jointly determining the threat level through multi-node weighted voting and triggering a graded response strategy based on the threat score is as follows: Nodes participating in the voting cast their votes based on the detection results of their local models. The voting results are multiplied by the node's credibility weight and then summed to obtain a threat score. Threat scores are categorized into four threat levels: critical threat (score ≥ 0.8), high threat (0.6 ≤ score < 0.8), medium threat (0.4 ≤ score < 0.6), and low threat (score < 0.4). Different threat levels trigger different response strategies: critical threats immediately isolate affected devices, high threats issue alarms and enhance monitoring, and medium and low threats only log. The response time calculation formula is as follows: ; in, For the detection time, For voting communication time, The execution time is defined as follows: detection time is related to the length of the input sequence and the degree of parallelism; voting communication time is related to the number of participating nodes and network bandwidth. The execution time varies depending on the action type, with isolation operations taking less than 100 milliseconds and alarm operations less than 50 milliseconds. The total system response time is required to be less than 500 milliseconds to meet the real-time requirements of industrial control systems. The collaborative threat response mechanism improves detection accuracy through multi-node joint judgment and balances security and availability through a tiered response strategy, achieving real-time threat defense through network-wide collaboration.

[0027] Preferably, a lightweight federated learning threat detection system for industrial control scenarios is provided, used to execute the lightweight federated learning threat detection method for industrial control scenarios, the system comprising: The distributed lightweight feature extraction module is configured on each industrial control node to collect multi-source heterogeneous data locally. After data preprocessing, it uses a combination of principal component analysis and time-domain statistical features to perform lightweight feature extraction and dimensionality compression, and introduces Laplace noise to achieve differential privacy protection, generating a localized threat feature dataset. The lightweight model training and compression module is configured on each industrial control node to train a lightweight threat detection model based on a localized threat feature dataset. It uses a structured pruning method to remove low-importance channels and combines a knowledge distillation method to compress the model. After local training is completed, a gradient sparsity strategy is used to retain only the elements with the largest absolute gradient value, and a gradient accumulation mechanism is combined to compensate for information loss and reduce communication overhead. The federated aggregation and optimization module, configured on edge gateways and cloud servers, is used to build a three-layer federated learning architecture including device layer, edge layer and cloud layer. It designs an adaptive weight calculation method to determine the node aggregation weight; for heterogeneous model structures, it adopts parameter alignment and knowledge distillation fusion strategies to achieve flexible fusion; and it introduces the Byzantine fault tolerance algorithm to identify and filter outlier gradients by calculating gradient distance. The continuous learning and collaborative response module, configured on edge gateways and industrial control nodes, uses model differential encoding technology to distribute only parameter changes and performs sparsification processing. Combined with a two-level caching architecture of edge gateway-device nodes, it reduces model distribution overhead. It monitors concept drift through a sliding window and triggers an incremental learning mechanism when the detected model accuracy deviation exceeds a threshold. It establishes a distributed threat intelligence sharing mechanism and jointly determines the threat level through multi-node weighted voting, triggering a graded response strategy based on the threat score.

[0028] Furthermore, the distributed lightweight feature extraction module includes: The multi-source data acquisition unit is used to collect network traffic characteristics, equipment operating status parameters and electromagnetic signals, and organize the raw data into a time series matrix form. The data preprocessing unit performs time alignment, missing value imputation, and outlier filtering, and standardizes the preprocessed data. The feature extraction and compression unit is used to extract time-domain statistical features and select principal components whose cumulative variance contribution rate reaches a set threshold through principal component analysis for dimensionality compression. Differential privacy protection units are used to inject Laplacian noise into feature vectors and select features that meet quality requirements through feature quality evaluation metrics to construct a localized threat feature dataset.

[0029] Furthermore, the lightweight model training and compression module includes: The model training unit is used to train a local threat detection model using a simplified convolutional neural network architecture, with cross-entropy loss function combined with L2 regularization. The structured pruning unit is used to calculate the importance score for each output channel of the convolutional layer, retain the channels with the top p% importance scores, prune the remaining channels, and fine-tune the pruned model. The knowledge distillation unit is used to train the model by using the unpruned full model as the teacher model and the pruned lightweight model as the student model, and to achieve model compression by using the distillation loss function. The gradient compression unit is used to retain the elements with the largest absolute gradient value using the Top-K sparsity strategy, store non-zero elements using a compressed storage format, and compensate for information loss through a gradient accumulation mechanism.

[0030] Furthermore, the federated aggregation and optimization module includes: The layered architecture unit is used to build a three-layer architecture of device layer, edge layer and cloud layer. The industrial control node of device layer uploads local gradients to edge gateway for regional aggregation, and edge gateway uploads the aggregation results to cloud server to generate global model update. An adaptive weighting unit is used to calculate the node aggregation weight by comprehensively considering data quality weight, model performance weight, and device reliability weight, and to perform global model updates based on the weights. Heterogeneous fusion unit is used to fuse heterogeneous models with different structures through parameter alignment or knowledge distillation fusion strategies; The Byzantine Fault Tolerance Unit (BFTU) is used to calculate the sum of the distances between each gradient and the nearest few gradients using the Krum algorithm. The gradient with the smallest score is selected as the aggregation benchmark, and outlier gradients are filtered out.

[0031] Furthermore, the continuous learning and collaborative response module includes: Differential coding and caching units are used to calculate the changes in global model parameters and perform sparsification processing. The model parameters of the most recent multiple versions are cached through the edge gateway to achieve incremental model updates. The incremental learning unit is used to monitor the model accuracy deviation through a sliding window. When the deviation exceeds a threshold, incremental learning is triggered. Combined with elastic weight consolidation terms, it can maintain the accuracy of old tasks while adapting to new threats. The intelligence sharing unit is used to generate a threat intelligence vector when a new threat signature is detected, and broadcasts and forwards it to neighboring nodes using the Gossip protocol. The collaborative response unit is used to jointly determine the threat level through weighted voting by multiple nodes and trigger a graded response strategy based on the threat score, including isolation of critical threats, high threat alerts, and logging of medium and low threats.

[0032] Preferably, a computer device includes a memory and a processor, which are interconnected. The memory stores computer instructions, and the processor executes the computer instructions to perform the lightweight federated learning threat detection method in the industrial control scenario.

[0033] Preferably, a computer-readable storage medium stores computer instructions, which are used to cause a computer to execute the lightweight federated learning threat detection method in the industrial control scenario.

[0034] The beneficial effects of the lightweight federated learning threat detection method in industrial control scenarios provided by this invention are as follows: 1. This invention adopts a lightweight feature extraction method that combines principal component analysis with time-domain statistical features. It significantly reduces storage and transmission overhead through dimensionality compression. At the same time, it innovatively introduces a differential privacy protection mechanism to achieve the optimal balance between privacy and data availability while ensuring feature quality. This solves the contradiction between sensitive data protection and efficient feature extraction in industrial control scenarios.

[0035] 2. This invention proposes a deep compression strategy that combines structured pruning and knowledge distillation, achieving a model compression ratio of tens of times while maintaining detection accuracy. Furthermore, it significantly reduces communication volume through gradient sparsification and accumulation mechanisms, effectively solving the computational bottleneck of resource-constrained industrial control equipment and the communication bottleneck of bandwidth-constrained networks.

[0036] 3. The adaptive weighted aggregation algorithm designed in this invention comprehensively considers three dimensions: data quality, model performance, and device reliability, giving higher weights to high-quality nodes and accelerating global model convergence. It innovatively introduces a Byzantine fault tolerance mechanism, which can tolerate a certain number of malicious node attacks, significantly improving the security and robustness of the federated learning system in industrial control environments.

[0037] 4. This invention constructs a complete continuous threat detection system. It significantly reduces model distribution overhead through model differential encoding and a two-level caching mechanism. It achieves adaptation to new threats while maintaining high accuracy of old tasks through online incremental learning. It achieves real-time threat defense across the entire network through distributed intelligence sharing and multi-node collaborative response. The system response time meets the strict real-time requirements of industrial control systems. Attached Figure Description

[0038] Figure 1 This is a schematic diagram of the process of the present invention; Figure 2 This is a schematic diagram of the system structure in an embodiment of the present invention; Figure 3 This is a schematic diagram of the structure of the distributed lightweight feature extraction module in an embodiment of the present invention; Figure 4 This is a schematic diagram of the lightweight model training and compression module in an embodiment of the present invention; Figure 5 This is a schematic diagram of the structure of the federated aggregation and optimization module in an embodiment of the present invention; Figure 6 This is a schematic diagram of the continuous learning and collaborative response module in an embodiment of the present invention; Figure 7 This is a radar chart comparing the performance of different methods in the embodiments of the present invention; Figure 8 This is a graph showing the change in accuracy as a function of communication rounds during model training in an embodiment of the present invention. Figure 9 This is a schematic diagram comparing the average communication overhead of the four methods in the embodiments of the present invention; Figure 10 This is a schematic diagram of the computer device structure in an embodiment of the present invention. Detailed Implementation

[0039] Example 1: like Figure 1 As shown, a lightweight federated learning threat detection method for industrial control scenarios includes the following steps: S1. Each industrial control node locally collects multi-source heterogeneous data. After data preprocessing, a lightweight feature extraction and dimensionality compression method combining principal component analysis and time-domain statistical features is used. Laplace noise is introduced to achieve differential privacy protection and generate a localized threat feature dataset. S2, each industrial control node trains a lightweight threat detection model based on a localized threat feature dataset, uses a structured pruning method to remove low-importance channels, and combines a knowledge distillation method to compress the model; after local training is completed, a gradient sparsity strategy is used to retain only the elements with the largest absolute gradient value, and a gradient accumulation mechanism is combined to compensate for information loss and reduce communication overhead. S3 constructs a three-layer federated learning architecture comprising a device layer, an edge layer, and a cloud layer, and designs an adaptive weight calculation method to determine the node aggregation weight; for heterogeneous model structures, it adopts parameter alignment and knowledge distillation fusion strategies to achieve flexible fusion; and it introduces a Byzantine fault-tolerant algorithm to identify and filter outlier gradients by calculating gradient distance. S4 employs model differential encoding technology to distribute only parameter changes and performs sparsification processing, combined with a two-level caching architecture of edge gateway-device node to reduce model distribution overhead; it monitors concept drift through a sliding window, and triggers an incremental learning mechanism when the detected model accuracy deviation exceeds a threshold; it establishes a distributed threat intelligence sharing mechanism; and it jointly determines the threat level through multi-node weighted voting, triggering a graded response strategy based on the threat score.

[0040] This embodiment uses industrial control network threat detection in a smart manufacturing workshop as an application scenario. The workshop contains 50 industrial control nodes distributed across 5 production areas, each equipped with one edge gateway. The entire system is coordinated globally by a single cloud-based central server. The industrial control nodes include 20 PLC controllers, 15 RTU remote terminal units, and 15 SCADA monitoring terminals. Each node is responsible for collecting and processing local equipment operating data and performing threat detection tasks.

[0041] Preferably, in step S1, each industrial control node includes a PLC, RTU, and SCADA terminal; the multi-source heterogeneous data includes network traffic characteristics, equipment operating status parameters, and electromagnetic signals; the original multi-source heterogeneous data is organized as a time series matrix, with data dimensions including the number of nodes N=50, time window length T=1000, and original feature dimension D=120; data preprocessing includes time alignment, missing value imputation, and outlier filtering; time alignment unifies the sampling rate of all nodes to a fixed frequency of 100Hz to ensure data time synchronization; missing value imputation adopts a forward imputation strategy, using the nearest valid data point to fill in the missing values; outlier filtering is based on... Outliers were removed to ensure data quality; after preprocessing, the data underwent standardization using the Z-score standardization method, calculated as follows: ; in, This is the original data. For standardized data, Let j be the mean of the feature in dimension j. Standard deviation; standardization eliminates differences in the dimensions of different features, providing a unified data foundation for subsequent feature extraction; taking temperature data collected by a PLC node as an example, the original data is... Calculate the mean Calculate the standard deviation The standardization result is Standardization eliminates the differences in the dimensions of different features, providing a unified data foundation for subsequent feature extraction.

[0042] Preferably, in step S1, the specific method for lightweight feature extraction and dimensionality compression using a combination of principal component analysis and temporal statistical features is as follows: To address the limitation of computing resources in industrial control equipment, a lightweight feature extraction and dimensionality compression method combining principal component analysis (PCA) and time-domain statistical features is employed. Time-domain statistical feature extraction includes six statistical measures: mean, standard deviation, maximum, minimum, skewness, and kurtosis, used to characterize the time-domain properties of the signal. PCA is used to further reduce feature dimensionality. By calculating the eigenvalues ​​and eigenvectors of the covariance matrix, principal components with a cumulative variance contribution rate reaching a set threshold of 95% are selected as retained dimensions. The formula for determining it is: ; The formula for calculating the compression ratio is: ; in, For the first The eigenvalues ​​of each principal component, the dimension after eigenvalue compression The compressed feature vector is much smaller than the original dimension D; the compressed feature vector retains the main information of the original data, while significantly reducing storage and transmission overhead; in this embodiment, the original feature dimension D=120, and after PCA analysis, the cumulative variance contribution rate of the first 35 principal components reaches 95.2%, so the retained dimension d=35.

[0043] In this example, the calculation yields: ; With a compression ratio of 29.17%, it significantly reduces storage and transmission costs while retaining more than 95% of the original data's information content.

[0044] Preferably, in step S1, the specific method for introducing Laplace noise to achieve differential privacy protection is as follows: To protect sensitive data from industrial control equipment, Laplace noise is injected into the feature vectors to achieve differential privacy protection; the scale parameter of the Laplace noise is determined by the feature sensitivity and the privacy budget. They jointly decided that the privacy budget controls the balance between the strength of privacy protection and data availability, with a value ranging from 0.1 to 1.0; a smaller value... Larger values ​​offer stronger privacy protection but may reduce data quality; The values ​​maintain high data quality, but the strength of privacy protection is weakened; the feature calculation formula after differential privacy protection is: ; in, These are the original statistical characteristics. Features after adding noise For feature sensitivity, Representing Laplace distributed noise; introducing a feature quality evaluation metric to assess the feature quality after privacy protection: ; When characteristic quality index When the threshold is set to ≥0.85, the feature quality meets the requirements for subsequent training. Features that meet the feature quality are retained to construct a localized threat feature dataset. The localized threat feature dataset contains feature vectors and corresponding threat labels, which ensures both privacy and security and maintains the validity of the data.

[0045] In this embodiment, a privacy budget is set. Feature sensitivity The Laplace noise scale is: Taking a certain eigenvalue as an example, the original eigenvalue... After adding Laplace noise, we get Calculations show that the overall characteristic quality index... This meets the quality requirements. Through the aforementioned differential privacy protection mechanism, the availability of feature data is maintained while ensuring data privacy and security, providing a high-quality, localized threat feature dataset for subsequent federated learning training.

[0046] Preferably, in step S2, the specific method for training the lightweight threat detection model is as follows: The lightweight threat detection model employs a simplified convolutional neural network architecture, comprising convolutional layers, pooling layers, and fully connected layers. Convolutional layers extract local feature patterns, with kernel weights stored as four-dimensional tensors, including the number of output channels, the number of input channels, and the kernel height and width. Pooling layers perform feature downsampling, reducing computation and enhancing feature robustness. Fully connected layers achieve the final threat classification, with weights stored as two-dimensional matrices, including the number of output neurons and the input feature dimension. Local model training utilizes a cross-entropy loss function combined with L2 regularization. The loss function formula is as follows: ; Where M is the number of local samples. For real labels, For the model's predicted output, The L2 regularization coefficient is... The regularization term is a set of model parameters to prevent overfitting and improve generalization ability.

[0047] Preferably, in step S2, removing low-importance channels using a structured pruning method includes the following steps: To address the limited storage and computing resources of industrial control edge devices, a structured pruning technique is employed to achieve model lightweighting. Structured pruning is based on channel-level importance assessment, calculating an importance score for each output channel of the convolutional layer. The importance score is defined as the sum of the absolute values ​​of all weight parameters for that channel. ; in, The importance score for the c-th output channel. Input the number of channels. k The kernel size is the convolution kernel size. The convolution kernel weights are used; after calculating the importance scores of all output channels, they are sorted from highest to lowest score, and the top p% of channels by importance score are retained, while the remaining channels are pruned; pruning rate. The calculation formula is: ; In the experiment, p was set to 30, meaning 30% of the important channels were retained, achieving a pruning rate of 70%. Structured pruning offers better hardware friendliness compared to unstructured pruning; the pruned model can run efficiently on general-purpose hardware without requiring special sparse computation support. After pruning, the model undergoes fine-tuning training to recover the accuracy loss caused by pruning. Fine-tuning uses a small learning rate, typically one-tenth of the initial training learning rate, and the number of training epochs is 20% to 30% of the original training epochs. Structured pruning technology significantly reduces the number of model parameters and computational complexity while maintaining model detection accuracy, enabling the model to run efficiently on resource-constrained industrial control equipment.

[0048] Preferably, in step S2, the specific method for achieving model compression by combining knowledge distillation is as follows: Building upon structured pruning, knowledge distillation is further employed to compress the model. Knowledge distillation guides the training of small student models using a large teacher model, enabling the student models to learn the knowledge representation capabilities of the teacher model. The teacher model uses the unpruned, full model and is trained to convergence on a local dataset. The student models employ a pruned, lightweight model structure and are trained using a distillation loss function. The distillation loss function combines the cross-entropy loss of the true labels and the knowledge distillation loss from the teacher model's output, and its calculation formula is as follows: ; in, For cross-entropy loss, For KL divergence loss, Output for the teacher model, For the student model output, T represents the temperature parameter. The balance coefficient; the temperature parameter T is used to soften the output probability distribution, and is preferably set to 3-5; balance coefficient By controlling the relative importance of real labels and teacher knowledge, the experiment set it to 0.3, meaning 30% of the weight was allocated to real labels and 70% to teacher knowledge. Knowledge distillation enabled the student model to maintain detection performance close to that of the teacher model even with a significant reduction in the number of parameters. By combining structured pruning and knowledge distillation techniques, the model compression ratio can reach 20 to 30 times, significantly reducing resource consumption while maintaining detection accuracy.

[0049] Preferably, in step S2, the specific method for using a gradient sparsity strategy to retain only the elements with the largest absolute gradient value, combined with a gradient accumulation mechanism to compensate for information loss and reduce communication overhead, is as follows: After local training is complete, the model gradient is calculated and a Top-K sparsity strategy is adopted to reduce communication overhead. The Top-K strategy only retains the K elements with the largest absolute gradient values, and sets the rest to zero. The value of K is set to 5% to 10% of the total number of model parameters, maximizing sparsity while ensuring model convergence. The sparsified gradient is expressed as: ; in, This represents the complete gradient. The sparsified gradient uses a compressed storage format, storing only the values ​​and indices of non-zero elements to further reduce storage and transmission overhead. To compensate for information loss caused by sparsification, a gradient accumulation mechanism is used, accumulating discarded gradients into the next update. The reduction in communication overhead is calculated using the following formula: ; in, The total number of model parameters; gradient sparsity technology reduces the communication volume to 5% to 10% of the original while ensuring model convergence, which significantly reduces the communication cost of federated learning and is particularly suitable for bandwidth-constrained industrial control network environments.

[0050] Preferably, in step S3, the specific method for constructing a three-layer federated learning architecture comprising a device layer, an edge layer, and a cloud layer is as follows: The device layer consists of multiple industrial control device nodes, which perform local data acquisition and model training; the edge layer consists of edge gateways, which are responsible for gradient aggregation and initial model updates of devices within the region; the cloud layer is the central server, which performs global model aggregation and parameter optimization. Compared with the traditional star-shaped federated learning architecture, the layered architecture significantly reduces the number of communication rounds and the load on the central server.

[0051] The device-level nodes first upload their local gradients to the nearest edge gateway. The edge gateway then performs regional aggregation and uploads the aggregation results to the cloud server. The cloud server integrates the aggregation results from all edge gateways to generate a global model update. The total time for hierarchical aggregation is calculated using the following formula: ; in, This represents the maximum training time at the device layer. The maximum aggregation time for the edge layer. The time is aggregated globally in the cloud; through a layered architecture, the number of communication hops is changed from one hop to two hops, but due to parallel aggregation, the overall communication time is actually reduced.

[0052] Preferably, in step S3, the specific method for determining the node aggregation weight using the adaptive weight calculation method is as follows: To address the issues of varying data quality and uneven model performance among different industrial control nodes, an adaptive weight calculation method is designed. The node weight consists of three parts: data quality weight, model performance weight, and equipment reliability weight. ; in, These are the weighting coefficients, set in the experiment. , , Data quality weights take into account both sample size and data quality score. ; in, For nodes i The number of samples, Data quality is scored; the data quality score is calculated based on feature variance and label balance. Feature variance reflects the information richness of the data, and label balance measures the balance of positive and negative sample distributions. Model performance weights are calculated based on the accuracy and F1 score of the node's local model. ; in, For nodes i Local model accuracy The F1 score is used; device credibility weights are derived by calculating the cosine similarity between the node's gradient and the median gradient; higher similarity indicates a more credible node; the global model update formula is: ; in, For global parameter models, The global learning rate, The adaptive weights for node i. Let t be the gradient of node i, t be the number of communication rounds, and N be the total number of participating nodes. The adaptive weighting mechanism gives nodes with high data quality, good model performance, and reliable devices a larger aggregation weight, thereby improving the convergence speed and final performance of the global model.

[0053] Preferably, in step S3, the specific method for achieving flexible fusion using parameter alignment and knowledge distillation fusion strategies for heterogeneous model structures is as follows: To address the issue of different model structures used by various industrial control equipment, a parameter alignment and fusion strategy is designed. Parameter dimension alignment employs zero-padding or truncation methods. For model parameters with smaller dimensions, zero vectors are padded at the end to align with the maximum dimension. For model parameters with larger dimensions, they are truncated to the maximum dimension. After parameter alignment, all node model parameters have the same dimension, allowing for direct aggregation. For models with significant structural differences, a knowledge distillation fusion method is used. Knowledge distillation does not directly aggregate model parameters but instead transmits knowledge through soft labels. Each node model generates a predicted probability distribution on the validation dataset as a soft label, and the fusion model is trained by minimizing the KL divergence with each node's soft labels. ; in, To validate the dataset, For the model of node i, As a fusion model, the knowledge distillation fusion method can handle heterogeneous models with arbitrary structures, and has greater adaptability and flexibility.

[0054] Preferably, in step S3, the Byzantine fault-tolerant algorithm is introduced, and the specific method for identifying and filtering outlier gradients by calculating gradient distance is as follows: The Krum algorithm is employed to identify and filter outlier gradients to defend against malicious nodes uploading abnormal gradients that could attack the global model. The Krum algorithm calculates a score for each gradient by summing its distances to its nearest neighbors; a smaller score indicates that the gradient is closer to the mainstream distribution. For each gradient, the nearest neighbors are identified. Nf-2 There are n gradients, where N is the total number of nodes. f To determine the maximum number of malicious nodes tolerated, calculate the sum of squared Euclidean distances between this gradient and the nearest nearest gradients as the score: ; in, Distance Recent Nf-2 The Krum algorithm selects the gradient with the smallest score from a set of gradients, filtering out outliers with abnormally high scores. It can tolerate a maximum of f malicious nodes, ensuring the global model remains uncontaminated. The convergence of the global model is verified by calculating the L2 norm of two consecutive parameter updates. ; in, To achieve a convergence threshold, the Byzantine fault tolerance mechanism significantly improves the security and robustness of the federated learning system, ensuring that a high-quality global model can still be trained even in the presence of malicious nodes.

[0055] Preferably, in step S4, the specific method for using model differential coding technology to only distribute parameter changes and perform sparsification processing, combined with the two-level caching architecture of edge gateway-device node to reduce model distribution overhead is as follows: To reduce communication overhead during model distribution, only the changes in global model parameters are distributed, rather than the complete model. Model differencing is calculated by subtracting the parameters from the previous round from the current round's global model parameters. ; The differential parameters are further sparsified, retaining only parameter variations whose absolute values ​​are greater than a threshold, which is set to 1% of the standard deviation of the differential parameters. The sparsified differential parameters are significantly reduced; experiments show that only about 5% of the parameters need to be transmitted. Node-local model updates use an incremental update method. ; in, The update coefficients are set to 0.9 to balance the contributions of the old and new models. Model differential coding technology reduces the amount of data distributed with each model update to about 5% of the original amount, significantly reducing communication overhead in scenarios with frequent model updates, making it particularly suitable for bandwidth-constrained industrial control network environments.

[0056] A two-level caching architecture, consisting of an edge gateway and device nodes, is implemented to reduce redundant model transmissions. The edge gateway caches the K most recent versions of model parameters, where K is set to 5, and the cache size is 5 times the size of a single model. When a device node requests a model update, it first queries the edge gateway cache. If the cache hits, the model is retrieved directly from the edge gateway; otherwise, it is downloaded from the cloud server and the cache is updated. The cache hit rate is defined as: ; in, To cache the hit count, This represents the total number of requests. Experiments show that the cache hit rate can reach over 70%. The cache replacement strategy uses the LRU algorithm, which evicts the least used model version when the cache is full, ensuring that the cache stores the most frequently used models. Model distribution time includes the transmission time from the cloud to the edge and from the edge to the device. Through the caching mechanism, the cloud-to-edge transmission can be omitted when the cache is hit, significantly reducing distribution latency. When the cache hit rate reaches 70%, model distribution time can be reduced by more than 50%, greatly improving system response speed.

[0057] Preferably, in step S4, the specific method for monitoring concept drift through a sliding window and triggering the incremental learning mechanism when the detected model accuracy deviation exceeds a threshold is as follows: Each node continuously monitors for new threat samples, and triggers an incremental learning mechanism when concept drift is detected. Concept drift detection is achieved by calculating the average deviation between the model accuracy and the baseline accuracy within a sliding window. ; in, W Set the sliding window size to 100 samples. As the baseline accuracy; when When set to 0.1, concept drift is detected, and the incremental learning mechanism is initiated; the incremental learning loss function combines the loss from new samples and the elastic weight consolidation term: ; in, For the loss of new samples, This is the elastic weighting consolidation coefficient. For parameters i The diagonal elements of the Fisher information matrix For the optimal parameters of the old task, the diagonal elements of the Fisher information matrix are used to measure the importance of the parameters to the old task. Important parameters are subject to stronger constraints during incremental learning, maintaining minimal changes. After incremental learning, the performance retention of the model on the old task is evaluated, requiring the accuracy of the old task to remain above 95% of the original level, ensuring that old knowledge is not forgotten while learning new knowledge. The online incremental learning mechanism enables the system to continuously adapt to new threats and maintain long-term effective detection capabilities.

[0058] Preferably, in step S4, the specific method for establishing a distributed threat intelligence sharing mechanism is as follows: When a node detects a new threat signature, it generates a threat intelligence vector and broadcasts it to other nodes in the network. The threat intelligence vector contains four fields: threat signature vector, threat type, confidence score, and timestamp. Threat intelligence propagation uses the Gossip protocol, where nodes forward intelligence to their neighbors with a certain probability. The propagation probability is calculated using the following formula: ; Where N is the total number of network nodes. Let be the degree of node i. The Gossip protocol is decentralized and highly fault-tolerant, making it suitable for distributed environments in industrial control networks. Intelligence coverage increases exponentially over time; theoretical analysis shows that the time required to reach 99% coverage is linearly related to network size. Through distributed intelligence sharing, new threat information can spread rapidly across the network, and each node can update its threat knowledge base in a timely manner, improving overall defense capabilities.

[0059] Preferably, in step S4, the specific method for jointly determining the threat level through multi-node weighted voting and triggering a graded response strategy based on the threat score is as follows: Nodes participating in the voting cast their votes based on the detection results of their local models. The voting results are multiplied by the node's credibility weight and then summed to obtain a threat score. Threat scores are categorized into four threat levels: critical threat (score ≥ 0.8), high threat (0.6 ≤ score < 0.8), medium threat (0.4 ≤ score < 0.6), and low threat (score < 0.4). Different threat levels trigger different response strategies: critical threats immediately isolate affected devices, high threats issue alarms and enhance monitoring, and medium and low threats only log. The response time calculation formula is as follows: ; in, For the detection time, For voting communication time, The execution time is defined as follows: detection time is related to the length of the input sequence and the degree of parallelism; voting communication time is related to the number of participating nodes and network bandwidth. The execution time varies depending on the action type, with isolation operations taking less than 100 milliseconds and alarm operations less than 50 milliseconds. The total system response time is required to be less than 500 milliseconds to meet the real-time requirements of industrial control systems. The collaborative threat response mechanism improves detection accuracy through multi-node joint judgment and balances security and availability through a tiered response strategy, achieving real-time threat defense through network-wide collaboration.

[0060] like Figure 2 As shown, a lightweight federated learning threat detection system for industrial control scenarios is used to execute the aforementioned lightweight federated learning threat detection method for industrial control scenarios. The system includes: The distributed lightweight feature extraction module is configured on each industrial control node to collect multi-source heterogeneous data locally. After data preprocessing, it uses a combination of principal component analysis and time-domain statistical features to perform lightweight feature extraction and dimensionality compression, and introduces Laplace noise to achieve differential privacy protection, generating a localized threat feature dataset. The lightweight model training and compression module is configured on each industrial control node to train a lightweight threat detection model based on a localized threat feature dataset. It uses a structured pruning method to remove low-importance channels and combines a knowledge distillation method to compress the model. After local training is completed, a gradient sparsity strategy is used to retain only the elements with the largest absolute gradient value, and a gradient accumulation mechanism is combined to compensate for information loss and reduce communication overhead. The federated aggregation and optimization module, configured on edge gateways and cloud servers, is used to build a three-layer federated learning architecture including device layer, edge layer and cloud layer. It designs an adaptive weight calculation method to determine the node aggregation weight; for heterogeneous model structures, it adopts parameter alignment and knowledge distillation fusion strategies to achieve flexible fusion; and it introduces the Byzantine fault tolerance algorithm to identify and filter outlier gradients by calculating gradient distance. The continuous learning and collaborative response module, configured on edge gateways and industrial control nodes, uses model differential encoding technology to distribute only parameter changes and performs sparsification processing. Combined with a two-level caching architecture of edge gateway-device nodes, it reduces model distribution overhead. It monitors concept drift through a sliding window and triggers an incremental learning mechanism when the detected model accuracy deviation exceeds a threshold. It establishes a distributed threat intelligence sharing mechanism and jointly determines the threat level through multi-node weighted voting, triggering a graded response strategy based on the threat score.

[0061] like Figure 3 As shown, the distributed lightweight feature extraction module further includes: The multi-source data acquisition unit is used to collect network traffic characteristics, equipment operating status parameters and electromagnetic signals, and organize the raw data into a time series matrix form. The data preprocessing unit performs time alignment, missing value imputation, and outlier filtering, and standardizes the preprocessed data. The feature extraction and compression unit is used to extract time-domain statistical features and select principal components whose cumulative variance contribution rate reaches a set threshold through principal component analysis for dimensionality compression. Differential privacy protection units are used to inject Laplacian noise into feature vectors and select features that meet quality requirements through feature quality evaluation metrics to construct a localized threat feature dataset.

[0062] like Figure 4 As shown, the lightweight model training and compression module further includes: The model training unit is used to train a local threat detection model using a simplified convolutional neural network architecture, with cross-entropy loss function combined with L2 regularization. The structured pruning unit is used to calculate the importance score for each output channel of the convolutional layer, retain the channels with the top p% importance scores, prune the remaining channels, and fine-tune the pruned model. The knowledge distillation unit is used to train the model by using the unpruned full model as the teacher model and the pruned lightweight model as the student model, and to achieve model compression by using the distillation loss function. The gradient compression unit is used to retain the elements with the largest absolute gradient value using the Top-K sparsity strategy, store non-zero elements using a compressed storage format, and compensate for information loss through a gradient accumulation mechanism.

[0063] like Figure 5 As shown, the federated aggregation and optimization module further includes: The layered architecture unit is used to build a three-layer architecture of device layer, edge layer and cloud layer. The industrial control node of device layer uploads local gradients to edge gateway for regional aggregation, and edge gateway uploads the aggregation results to cloud server to generate global model update. An adaptive weighting unit is used to calculate the node aggregation weight by comprehensively considering data quality weight, model performance weight, and device reliability weight, and to perform global model updates based on the weights. Heterogeneous fusion unit is used to fuse heterogeneous models with different structures through parameter alignment or knowledge distillation fusion strategies; The Byzantine Fault Tolerance Unit (BFTU) is used to calculate the sum of the distances between each gradient and the nearest few gradients using the Krum algorithm. The gradient with the smallest score is selected as the aggregation benchmark, and outlier gradients are filtered out.

[0064] like Figure 6 As shown, the continuous learning and collaborative response module further includes: Differential coding and caching units are used to calculate the changes in global model parameters and perform sparsification processing. The model parameters of the most recent multiple versions are cached through the edge gateway to achieve incremental model updates. The incremental learning unit is used to monitor the model accuracy deviation through a sliding window. When the deviation exceeds a threshold, incremental learning is triggered. Combined with elastic weight consolidation terms, it can maintain the accuracy of old tasks while adapting to new threats. The intelligence sharing unit is used to generate a threat intelligence vector when a new threat signature is detected, and broadcasts and forwards it to neighboring nodes using the Gossip protocol. The collaborative response unit is used to jointly determine the threat level through weighted voting by multiple nodes and trigger a graded response strategy based on the threat score, including isolation of critical threats, high threat alerts, and logging of medium and low threats.

[0065] Example 2: This embodiment discloses the specific operation of the method applied to the monitoring system of turbine generator units 1-4 of a large hydropower plant in the Yangtze River Basin. The system has 32 industrial control nodes, including 16 PLC controllers, 8 RTU remote terminal units and 8 SCADA monitoring terminals, distributed in 4 production areas. Each area is configured with 1 edge gateway, and the whole system is globally coordinated by a cloud central server.

[0066] The system deploys the lightweight federated learning threat detection method for industrial control scenarios described in this invention. Each industrial control node locally collects multi-source heterogeneous data, including network traffic characteristics, unit operating status parameters, and electromagnetic signals. After lightweight feature extraction and differential privacy protection, a local threat detection model is trained. A three-layer federated learning architecture is used to achieve global model aggregation and optimization, and it has continuous learning and collaborative response capabilities.

[0067] Fifteen representative events were selected from 32 consecutive threat detection events, and the event type, prediction confidence, threat level, post-event judgment status, and residual mean square error (MSE) were recorded, as shown in Table 1 below.

[0068] Table 1: Examples of threat detection and evaluation results obtained by this method in online operation;

[0069] Under the same 15 threat detection events, traditional centralized machine learning methods, local single-node training methods, and standard federated learning methods without the optimization of this invention were used for monitoring, and the results were compared with the method of this invention. The comparison results are shown in Table 2 below.

[0070] Table 2: Comparison of detection effects of different methods;

[0071] The overall performance indicators of different methods are compared in Table 3 below.

[0072] Table 3: Comparison of comprehensive performance indicators of different methods;

[0073] As can be seen from the comparison results in Tables 2 and 3, the method of the present invention is significantly superior to the prior art in multiple dimensions.

[0074] In terms of detection performance, while centralized machine learning methods can detect some known threats, such as events 4 and 12, they completely miss covert attacks such as abnormal command event 6, data tampering event 9, and privilege escalation event 14, with an attack detection rate of only 40%. Local single-node methods, lacking a global perspective, miss all events 4, 6, 9, 12, and 14, resulting in a detection rate of 0%. Standard federated learning methods can detect some attacks, but they still cannot identify complex attacks such as data tampering, with a detection rate of only 60%. The method of this invention achieves a 100% attack detection rate through the comprehensive application of lightweight feature extraction, structured pruning and knowledge distillation, and adaptive weighted aggregation techniques.

[0075] In terms of communication efficiency, standard federated learning has a communication overhead of 104KB per round, while this invention reduces the communication overhead to 8.5KB through gradient sparsification, model differential coding and other techniques, which is only 8.2% of that of standard federated learning, effectively solving the problem of limited bandwidth in industrial control networks.

[0076] Regarding continuous learning capabilities, this invention can identify model degradation situations such as events 10 and 15 through concept drift detection and incremental learning mechanisms, and maintain the accuracy of old tasks while adapting to new threats through elastic weight consolidation, which is not the capability of existing methods.

[0077] In terms of security and robustness, this invention introduces differential privacy protection (…). The Byzantine fault tolerance mechanism can protect data privacy while tolerating attacks from up to five malicious nodes, while centralized ML and local single-node methods have no protective measures. Standard federated learning, although it has some privacy protection, lacks Byzantine fault tolerance.

[0078] Figure 7 The presentation uses radar charts to compare the proposed method with centralized machine learning, local single-node training, standard federated learning, and other methods across six dimensions: attack detection rate, communication overhead, training time, privacy protection strength, robustness against malicious nodes, and incremental learning capability. The proposed method achieves full marks or optimal values ​​in all dimensions, demonstrating significantly superior overall performance compared to existing methods.

[0079] Figure 8 The curves showing the accuracy changes of different methods over 50 rounds of communication are presented. The method described in this invention converges the fastest, reaching stability in approximately 12 rounds, with a final accuracy exceeding 98%. When five malicious nodes are introduced in the 30th round to perform a Byzantine attack, the method in this invention can quickly identify and filter abnormal gradients, and the accuracy recovers rapidly after a brief drop, verifying the effectiveness of the Byzantine fault tolerance mechanism. In contrast, standard federated learning converges more slowly, taking about 18 rounds, and the accuracy of the local single-node method remains consistently low at around 85%, while centralized ML cannot be continuously optimized after a single training iteration.

[0080] Figure 9 The paper presents a comparison of the average communication overhead of four methods. The method of this invention reduces the communication overhead to 8.5KB / round through techniques such as gradient sparsification and model differential encoding, which is only 8.2% of that of standard federated learning and significantly better than the 1560KB / round of centralized ML. It is particularly suitable for bandwidth-constrained industrial control network environments.

[0081] In summary, the method of the present invention has significant advantages in terms of detection performance, communication efficiency, continuous learning capability and security, and is particularly suitable for the industrial control environment of hydropower plants with limited resources, limited bandwidth and high security requirements.

[0082] Example 3: like Figure 10 As shown, embodiments of the present invention also provide a computer device. Figure 10 Taking a single processor 10 as an example, the computer device includes one or more processors 10, memory 20, and interfaces for connecting the components, including high-speed interfaces and low-speed interfaces. The components communicate with each other using different buses and can be mounted on a common motherboard or otherwise installed as needed. The processor can process instructions executed within the computer device, including instructions stored in or on memory to display graphical information of a GUI on external input / output devices, such as display devices coupled to the interface. In some alternative implementations, multiple processors and / or multiple buses can be used with multiple memories and multiple memory modules, if desired. Similarly, multiple computer devices can be connected, each providing some of the necessary operations, for example, as a server array, a group of blade servers, or a multiprocessor system.

[0083] Processor 10 may be a central processing unit, a network processor, or a combination thereof. Processor 10 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (PLD), or a combination thereof. The programmable logic device may be a complex programmable logic device (CAMP), a field-programmable gate array (FPGA), a general-purpose array logic (GDA), or any combination thereof.

[0084] The memory 20 stores instructions executable by at least one processor 10 to cause the at least one processor 10 to perform the method shown in the above embodiments.

[0085] The memory 20 may include a program storage area and a data storage area. The program storage area may store the operating system and applications required for at least one function; the data storage area may store data created based on the use of the computer device. Furthermore, the memory 20 may include high-speed random access memory and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid-state storage device. In some alternative embodiments, the memory 20 may optionally include memory remotely located relative to the processor 10, and these remote memories may be connected to the computer device via a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.

[0086] The memory 20 may include volatile memory, such as random access memory; the memory may also include non-volatile memory, such as flash memory, hard disk or solid-state drive; the memory 20 may also include a combination of the above types of memory.

[0087] The computer device also includes a communication interface 30 for communicating with other devices or communication networks.

[0088] This invention also provides a computer-readable storage medium. The methods described above according to embodiments of the invention can be implemented in hardware or firmware, or implemented as computer code that can be recorded on a storage medium, or implemented as computer code downloaded via a network and originally stored on a remote storage medium or a non-transitory machine-readable storage medium and then stored on a local storage medium. Thus, the methods described herein can be processed by software stored on a storage medium using a general-purpose computer, a dedicated processor, or programmable or dedicated hardware. The storage medium can be a magnetic disk, optical disk, read-only memory, random access memory, flash memory, hard disk, or solid-state drive, etc.; further, the storage medium can also include combinations of the above types of memory. It is understood that computers, processors, microprocessor controllers, or programmable hardware include storage components capable of storing or receiving software or computer code, which, when accessed and executed by the computer, processor, or hardware, implements the methods shown in the above embodiments.

Claims

1. A lightweight federated learning threat detection method for industrial control scenarios, characterized in that, Includes the following steps: S1. Each industrial control node locally collects multi-source heterogeneous data. After data preprocessing, a lightweight feature extraction and dimensionality compression method combining principal component analysis and time-domain statistical features is used. Laplace noise is introduced to achieve differential privacy protection and generate a localized threat feature dataset. S2, each industrial control node trains a lightweight threat detection model based on a localized threat feature dataset, uses a structured pruning method to remove low-importance channels, and combines a knowledge distillation method to compress the model; after local training is completed, a gradient sparsity strategy is used to retain only the elements with the largest absolute gradient value, and a gradient accumulation mechanism is combined to compensate for information loss and reduce communication overhead. S3 constructs a three-layer federated learning architecture including a device layer, an edge layer, and a cloud layer, and designs an adaptive weight calculation method to determine the node aggregation weight; For heterogeneous model structures, a parameter alignment and knowledge distillation fusion strategy is adopted to achieve flexible fusion; a Byzantine fault-tolerant algorithm is introduced to identify and filter outlier gradients by calculating gradient distance; S4 employs model differential encoding technology to distribute only parameter changes and performs sparsification processing, combined with a two-level caching architecture of edge gateway-device node to reduce model distribution overhead; it monitors concept drift through a sliding window, and triggers an incremental learning mechanism when the detected model accuracy deviation exceeds a threshold; it establishes a distributed threat intelligence sharing mechanism; and it jointly determines the threat level through multi-node weighted voting, triggering a graded response strategy based on the threat score.

2. The lightweight federated learning threat detection method in an industrial control scenario according to claim 1, characterized in that, In step S1, each industrial control node includes a PLC, an RTU, and a SCADA terminal. The multi-source heterogeneous data includes network traffic characteristics, equipment operating status parameters, and electromagnetic signals. The original multi-source heterogeneous data is organized in the form of a time series matrix, and the data dimensions include the number of nodes N, the time window length T, and the original feature dimension D. Data preprocessing includes time alignment, missing value imputation, and outlier filtering; time alignment unifies the sampling rate of all nodes to a fixed frequency; missing value imputation uses a forward imputation strategy, filling in missing values ​​with the nearest valid data point; outlier filtering is based on... Outliers were removed based on the criteria; the preprocessed data underwent standardization using the Z-score standardization method, calculated as follows: ; in, The original data, For standardized data, Let j be the mean of the feature in dimension j. The standard deviation is denoted as .

3. The lightweight federated learning threat detection method for industrial control scenarios according to claim 1, characterized in that, In step S1, the specific method for lightweight feature extraction and dimensionality compression using a combination of principal component analysis and temporal statistical features is as follows: Time-domain statistical feature extraction includes six statistical measures: mean, standard deviation, maximum, minimum, skewness, and kurtosis, used to characterize the time-domain properties of the signal. Principal component analysis is used to further reduce feature dimensionality. By calculating the eigenvalues ​​and eigenvectors of the covariance matrix, principal components whose cumulative variance contribution rate reaches a set threshold are selected as retained dimensions. The formula for determining it is: ; The formula for calculating the compression ratio is: ; in, For the first The eigenvalues ​​of each principal component, the dimension after eigenvalue compression It is much smaller than the original dimension D.

4. The lightweight federated learning threat detection method in an industrial control scenario according to claim 3, characterized in that, In step S1, the specific method for introducing Laplace noise to achieve differential privacy protection is as follows: The scaling parameter of Laplace noise is determined by feature sensitivity and privacy budget. They jointly decided that the privacy budget controls the balance between the strength of privacy protection and data availability, with a value ranging from 0.1 to 1.0; the formula for calculating features after differential privacy protection is as follows: ; in, These are the original statistical characteristics. Features after adding noise For feature sensitivity, Representing Laplace distributed noise; introducing a feature quality evaluation metric to assess the feature quality after privacy protection: ; When characteristic quality index When the set threshold is met, the feature quality satisfies the requirements for subsequent training. Features that meet the feature quality are retained to construct a localized threat feature dataset, which contains feature vectors and corresponding threat labels.

5. A lightweight federated learning threat detection method for industrial control scenarios according to claim 1, characterized in that, In step S2, the specific method for training the lightweight threat detection model is as follows: The lightweight threat detection model employs a simplified convolutional neural network architecture, comprising convolutional layers, pooling layers, and fully connected layers. Convolutional layers extract local feature patterns, with kernel weights stored as four-dimensional tensors, including the number of output channels, the number of input channels, and the kernel height and width. Pooling layers perform feature downsampling, reducing computation and enhancing feature robustness. Fully connected layers achieve the final threat classification, with weights stored as two-dimensional matrices, including the number of output neurons and the input feature dimension. Local model training utilizes a cross-entropy loss function combined with L2 regularization. The loss function formula is as follows: ; Where M is the number of local samples. For real labels, For the model's predicted output, The L2 regularization coefficient is... This is the set of model parameters.

6. The lightweight federated learning threat detection method in an industrial control scenario according to claim 5, characterized in that, In step S2, removing low-importance channels using structured pruning methods includes the following steps: Structured pruning is based on channel-level importance assessment. An importance score is calculated for each output channel of the convolutional layer. The importance score is defined as the sum of the absolute values ​​of all weight parameters of that channel. ; in, The importance score for the c-th output channel. Input the number of channels. k The kernel size is the convolution kernel size. The convolution kernel weights are used; after calculating the importance scores of all output channels, they are sorted from highest to lowest score, and the top p% of channels by importance score are retained, while the remaining channels are pruned; pruning rate. The calculation formula is: ; After pruning, the model is fine-tuned and trained to recover the accuracy loss caused by pruning.

7. A lightweight federated learning threat detection method for industrial control scenarios according to claim 6, characterized in that, In step S2, the specific method for model compression using knowledge distillation is as follows: The teacher model uses the unpruned full model and is trained to convergence on the local dataset; the student model uses a pruned lightweight model structure and is trained using a distillation loss function. The distillation loss function combines the cross-entropy loss of the true labels and the knowledge distillation loss of the teacher model's output, and is calculated using the following formula: ; in, For cross-entropy loss, For KL divergence loss, Output for the teacher model, For the student model output, T represents the temperature parameter. The balance coefficient; the temperature parameter T is used to soften the output probability distribution, the balance coefficient. Control the relative importance of authentic labels and teacher knowledge.

8. A lightweight federated learning threat detection method for industrial control scenarios according to claim 7, characterized in that, In step S2, the gradient sparsity strategy is used to retain only the elements with the largest absolute gradient values, and the gradient accumulation mechanism is combined to compensate for information loss and reduce communication overhead. The specific method is as follows: After local training is complete, the model gradient is calculated and a Top-K sparsity strategy is applied to reduce communication overhead. The Top-K strategy retains only the K elements with the largest absolute gradient values, and sets the remaining elements to zero. The sparsified gradient is represented as follows: ; in, The gradient is the complete gradient; the sparsified gradient uses a compressed storage format, storing only the values ​​and index positions of non-zero elements; to compensate for the information loss caused by sparsification, a gradient accumulation mechanism is used, accumulating discarded gradients into the next update; the reduction in communication overhead is calculated using the following formula: ; in, This represents the total number of model parameters.

9. A lightweight federated learning threat detection method for industrial control scenarios according to claim 1, characterized in that, In step S3, the specific method for constructing a three-layer federated learning architecture comprising a device layer, an edge layer, and a cloud layer is as follows: The device layer consists of multiple industrial control device nodes, which perform local data acquisition and model training; the edge layer consists of edge gateways, which are responsible for gradient aggregation and preliminary model updates of devices within the region; the cloud layer is the central server, which performs global model aggregation and parameter optimization; the device layer nodes first upload their local gradients to the nearest edge gateway, the edge gateway performs regional aggregation, and then uploads the aggregation results to the cloud server. The cloud server integrates the aggregation results of all edge gateways to generate a global model update; The formula for calculating the total time of hierarchical aggregation is: ; in, This represents the maximum training time at the device layer. The maximum aggregation time for the edge layer. This is a globally aggregated time in the cloud.

10. A lightweight federated learning threat detection method for industrial control scenarios according to claim 9, characterized in that, In step S3, the specific method for determining the node aggregation weight using the adaptive weight calculation method is as follows: The node weight consists of three parts: data quality weight, model performance weight, and device reliability weight. ; in, These are the weighting coefficients, set in the experiment. , , Data quality weights take into account both sample size and data quality score. ; in, For nodes i The number of samples, Data quality is scored; the data quality score is calculated based on feature variance and label balance. Feature variance reflects the information richness of the data, and label balance measures the balance of positive and negative sample distributions. Model performance weights are calculated based on the accuracy and F1 score of the node's local model. ; in, For nodes i Local model accuracy The F1 score is used; device credibility weights are derived by calculating the cosine similarity between the node's gradient and the median gradient; higher similarity indicates a more credible node; the global model update formula is: ; in, For global parameter models, The global learning rate, For nodes i Adaptive weights, For nodes i gradient, t For communication rounds, N This represents the total number of participating nodes.

11. A lightweight federated learning threat detection method for industrial control scenarios according to claim 10, characterized in that, In step S3, the specific method for achieving flexible fusion using parameter alignment and knowledge distillation fusion strategies for heterogeneous model structures is as follows: Parameter dimension alignment employs zero-padding or truncation methods. For model parameters with smaller dimensions, zero vectors are padded at the end to align with the maximum dimension; for model parameters with larger dimensions, they are truncated to the maximum dimension. After parameter alignment, all node model parameters have the same dimension, allowing for direct aggregation. For models with significant structural differences, a knowledge distillation fusion method is used. Each node model generates a predicted probability distribution as a soft label on the validation dataset, and the fusion model is trained by minimizing the KL divergence with each node's soft labels. ; in, To validate the dataset, For the model of node i, This is a fusion model.

12. A lightweight federated learning threat detection method for industrial control scenarios according to claim 11, characterized in that, In step S3, the Byzantine fault-tolerant algorithm is introduced. The specific method for identifying and filtering outlier gradients by calculating gradient distance is as follows: The Krum algorithm is employed to identify and filter outlier gradients to defend against malicious nodes uploading abnormal gradients that could attack the global model. The Krum algorithm calculates a score for each gradient by summing its distances to its nearest neighbors; a smaller score indicates that the gradient is closer to the mainstream distribution. For each gradient, the nearest neighbors are identified. Nf-2 There are n gradients, where N is the total number of nodes. f To determine the maximum number of malicious nodes tolerated, calculate the sum of squared Euclidean distances between this gradient and the nearest nearest gradients as the score: ; in, Distance Recent Nf-2 A set of gradients is used, and the gradient with the smallest score is selected as the aggregation benchmark, while outlier gradients with abnormally high scores are filtered out. The convergence of the global model is verified by calculating the L2 norm of two consecutive rounds of parameter updates. ; in, This is the convergence threshold.

13. A lightweight federated learning threat detection method for industrial control scenarios according to claim 1, characterized in that, In step S4, the specific method for reducing model distribution overhead by using model differential coding technology to only distribute parameter changes and perform sparsification processing, combined with a two-level caching architecture of edge gateway-device node, is as follows: Model difference calculation is obtained by subtracting the parameters from the previous round from the global model parameters in the current round: ; The difference parameters are further sparsified, retaining only parameter changes whose absolute values ​​are greater than a threshold, which is set to 1% of the standard deviation of the difference parameters; the node-local model updates adopt an incremental update method. ; in, To update the coefficients; The edge gateway caches the K most recent versions of model parameters. When a device node requests a model update, it first queries the edge gateway cache. If the cache hits, the model is retrieved directly from the edge gateway; otherwise, it is downloaded from the cloud server and the cache is updated. The cache hit rate is defined as: ; in, To cache the hit count, This represents the total number of requests.

14. A lightweight federated learning threat detection method for industrial control scenarios according to claim 13, characterized in that, In step S4, the incremental learning mechanism is triggered by monitoring concept drift through a sliding window and triggering the mechanism when the model accuracy deviation exceeds a threshold. Concept drift detection is achieved by calculating the average deviation between the model accuracy and the baseline accuracy within a sliding window: ; in, W To adjust the sliding window size, As the baseline accuracy; when When concept drift occurs, an incremental learning mechanism is initiated; the incremental learning loss function combines the loss from new samples with a resilience weight consolidation term. ; in, For the loss of new samples, This is the elastic weighting consolidation coefficient. For parameters i The diagonal elements of the Fisher information matrix The parameters are the optimal parameters for the old task. The diagonal elements of the Fisher information matrix are used to measure the importance of the parameters to the old task.

15. A lightweight federated learning threat detection method for industrial control scenarios according to claim 14, characterized in that, In step S4, the specific method for establishing a distributed threat intelligence sharing mechanism is as follows: When a node detects a new threat signature, it generates a threat intelligence vector and broadcasts it to other nodes in the network. The threat intelligence vector contains four fields: threat signature vector, threat type, confidence score, and timestamp. Threat intelligence propagation uses the Gossip protocol, where nodes forward intelligence to their neighbors with a certain probability. The propagation probability is calculated using the following formula: ; Where N is the total number of network nodes. For nodes i The degree.

16. A lightweight federated learning threat detection method for industrial control scenarios according to claim 15, characterized in that, In step S4, the threat level is jointly determined through multi-node weighted voting, and the specific method for triggering a tiered response strategy based on the threat score is as follows: Nodes participating in the voting cast their votes based on the detection results of their local models. The voting results are multiplied by the node's credibility weight and then summed to obtain a threat score. Threat scores are categorized into four threat levels: critical threat, high threat, medium threat, and low threat. Different threat levels trigger different response strategies: critical threats immediately isolate affected devices, high threats issue alerts and enhance monitoring, and medium and low threats only log information. The response time calculation formula is as follows: ; in, For the detection time, For voting communication time, The execution time is the time required for the action; the detection time is related to the length of the input sequence and the degree of parallelism, while the voting communication time is related to the number of participating nodes and the network bandwidth.

17. A lightweight federated learning threat detection system for industrial control scenarios, used to execute the lightweight federated learning threat detection method for industrial control scenarios as described in any one of claims 1-16, characterized in that, The system includes: The distributed lightweight feature extraction module is configured on each industrial control node to collect multi-source heterogeneous data locally. After data preprocessing, it uses a combination of principal component analysis and time-domain statistical features to perform lightweight feature extraction and dimensionality compression, and introduces Laplace noise to achieve differential privacy protection, generating a localized threat feature dataset. The lightweight model training and compression module is configured on each industrial control node to train a lightweight threat detection model based on a localized threat feature dataset. It uses a structured pruning method to remove low-importance channels and combines a knowledge distillation method to compress the model. After local training is completed, a gradient sparsity strategy is used to retain only the elements with the largest absolute gradient value, and a gradient accumulation mechanism is combined to compensate for information loss and reduce communication overhead. The federated aggregation and optimization module, configured on edge gateways and cloud servers, is used to build a three-layer federated learning architecture including device layer, edge layer and cloud layer. It designs an adaptive weight calculation method to determine the node aggregation weight; for heterogeneous model structures, it adopts parameter alignment and knowledge distillation fusion strategies to achieve flexible fusion; and it introduces the Byzantine fault tolerance algorithm to identify and filter outlier gradients by calculating gradient distance. The continuous learning and collaborative response module, configured on edge gateways and industrial control nodes, uses model differential encoding technology to distribute only parameter changes and performs sparsification processing. Combined with a two-level caching architecture of edge gateway-device nodes, it reduces model distribution overhead. It monitors concept drift through a sliding window and triggers an incremental learning mechanism when the detected model accuracy deviation exceeds a threshold. It establishes a distributed threat intelligence sharing mechanism and jointly determines the threat level through multi-node weighted voting, triggering a graded response strategy based on the threat score.

18. A computer device, characterized in that, It includes a memory and a processor, which are interconnected and communicate with each other. The memory stores computer instructions, and the processor executes the computer instructions to perform the lightweight federated learning threat detection method in the industrial control scenario as described in any one of claims 1 to 16.

19. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer instructions for causing the computer to execute the lightweight federated learning threat detection method in an industrial control scenario as described in any one of claims 1 to 16.