diff --git a/arxiv-style/main.tex b/arxiv-style/main.tex index a6709b2..66b9b65 100644 --- a/arxiv-style/main.tex +++ b/arxiv-style/main.tex @@ -1,4 +1,4 @@ -\documentclass{article} +\documentclass{article} \usepackage{arxiv} @@ -24,16 +24,16 @@ \usepackage{caption} % Better caption spacing \usepackage{float} % Precise figure placement -% 鏍囬 +% 閺嶅洭顣? \title{Mask-DDPM: Transformer-Conditioned Mixed-Type Diffusion for Semantically Valid ICS Telemetry Synthesis} -% 鑻ヤ笉闇€瑕佹棩鏈燂紝鍙栨秷涓嬮潰涓€琛岀殑娉ㄩ噴 +% 閼汇儰绗夐棁鈧憰浣规)閺堢噦绱濋崣鏍ㄧХ娑撳娼版稉鈧悰宀€娈戝▔銊╁櫞 \date{} \newif\ifuniqueAffiliation \uniqueAffiliationtrue -\ifuniqueAffiliation % 鏍囧噯浣滆€呭潡 +\ifuniqueAffiliation % 閺嶅洤鍣担婊嗏偓鍛健 \author{ Zhenglan Chen \\ Aberdeen Institute of Data Science and Artificial Intelligence\\ @@ -61,10 +61,10 @@ } \fi -% 椤电湁璁剧疆 +% 妞ょ數婀佺拋鍓х枂 \renewcommand{\shorttitle}{\textit{arXiv} Template} -%%% PDF 鍏冩暟鎹? +%%% PDF 閸忓啯鏆熼幑? \hypersetup{ pdftitle={Your Paper Title}, pdfsubject={cs.LG, cs.CR}, @@ -79,7 +79,7 @@ pdfkeywords={Keyword1, Keyword2, Keyword3}, Industrial control systems (ICS) security research is increasingly constrained by the scarcity and non-shareability of realistic traffic and telemetry, especially for attack scenarios. To mitigate this bottleneck, we study synthetic generation at the protocol feature/telemetry level, where samples must simultaneously preserve temporal coherence, match continuous marginal distributions, and keep discrete supervisory variables strictly within valid vocabularies. We propose Mask-DDPM, a hybrid framework tailored to mixed-type, multi-scale ICS sequences. Mask-DDPM factorizes generation into (i) a causal Transformer trend module that rolls out a stable long-horizon temporal scaffold for continuous channels, (ii) a trend-conditioned residual DDPM that refines local stochastic structure and heavy-tailed fluctuations without degrading global dynamics, (iii) a masked (absorbing) diffusion branch for discrete variables that guarantees categorical legality by construction, and (iv) a type-aware decomposition/routing layer that aligns modeling mechanisms with heterogeneous ICS variable origins and enforces deterministic reconstruction where appropriate. Evaluated on fixed-length windows ($L=96$) derived from the HAI Security Dataset, Mask-DDPM achieves stable fidelity across seeds with mean KS = 0.3311 $\pm$ 0.0079 (continuous), mean JSD = 0.0284 $\pm$ 0.0073 (discrete), and mean absolute lag-1 autocorrelation difference = 0.2684 $\pm$ 0.0027, indicating faithful marginals, preserved short-horizon dynamics, and valid discrete semantics. The resulting generator provides a reproducible basis for data augmentation, benchmarking, and downstream ICS protocol reconstruction workflows. \end{abstract} -% 鍏抽敭璇? +% 閸忔娊鏁拠? \keywords{Machine Learning \and Cyber Defense \and ICS} % 1. Introduction @@ -239,7 +239,7 @@ We use the following taxonomy: \begin{figure}[H] \centering - \includegraphics[width=0.98\textwidth]{typeclass-cropped.pdf} + \includegraphics[width=0.98\textwidth,trim=0 550 0 10,clip]{typeclass-cropped.pdf} \caption*{Type assignment and six-type taxonomy.} \end{figure} @@ -411,10 +411,12 @@ Our main contributions are: (i) a causal Transformer trend module that provides We evaluated the approach on windows derived from the HAI Security Dataset and reported mixed-type, protocol-relevant metrics rather than a single aggregate score. Across seeds, the model achieves stable fidelity with mean KS = 0.3311 $\pm$ 0.0079 on continuous features, mean JSD = 0.0284 $\pm$ 0.0073 on discrete features, and mean absolute lag-1 autocorrelation difference 0.2684 $\pm$ 0.0027, indicating that Mask-DDPM preserves both marginal distributions and short-horizon dynamics while maintaining discrete legality. Overall, Mask-DDPM provides a reproducible foundation for generating shareable, semantically valid ICS feature sequences suitable for data augmentation, benchmarking, and downstream packet/trace reconstruction workflows. Building on this capability, a natural next step is to move from purely legal synthesis toward controllable scenario construction, including structured attack/violation injection under engineering constraints to support adversarial evaluation and more comprehensive security benchmarks. -% 鍙傝€冩枃鐚? +% 閸欏倽鈧啯鏋冮悮? \bibliographystyle{unsrtnat} \bibliography{references} \end{document} + + diff --git a/arxiv-style/typeclass-cropped.pdf b/arxiv-style/typeclass-cropped.pdf index 80abdaf..f71c65f 100644 Binary files a/arxiv-style/typeclass-cropped.pdf and b/arxiv-style/typeclass-cropped.pdf differ