A Hybrid Intrusion Detection Framework for Imbalanced AMI Traffic Using GAN-Based Data Augmentation and Lightweight CNN

Abstract

With the widespread deployment of the Advanced Metering Infrastructure (AMI) in Power Industrial Control Systems (PICS), a significant and inherent property of network traffic data is its pronounced class imbalance. The continuous emergence of new types of cyberattacks significantly limits the detection accuracy of Intrusion Detection Systems (IDS). To overcome the limitations of traditional methods—particularly their poor adaptability in complex conditions and vulnerability to emerging threats—this paper introduces a novel hybrid intrusion detection framework. This framework synergistically combines data augmentation and a discriminative classification model for improved performance. Within this framework, a Multi-feature Constrained Conditional Generative Adversarial Network (MC-CGAN) is proposed. Its multi-feature constraint module (MC) preserves protocol-related invariant features, while the CGAN is responsible for conditionally generating the remaining continuous features based on class labels. By preserving the core semantic information of samples, this method reduces the risk of generating unrealistic data and decreases computational overhead. Furthermore, we develop ADS-Net, a lightweight Convolutional Neural Network that not only replaces traditional convolutions with depth-wise separable ones for efficiency, but also incorporates an attention mechanism to adaptively weight feature channels, thus improving discriminative focus. Extensive experiments demonstrate that, under conditions of extreme data imbalance, the proposed hybrid framework can generate industrially valid synthetic data while achieving accurate intrusion detection with an accuracy of 98.35%.

1. Introduction

Modern power systems are increasingly evolving towards open and interconnected architectures, wherein the widespread deployment of Advanced Metering Infrastructure (AMI) plays a crucial role. Although the prevalent adoption of protocols like MQTT and Modbus/TCP enhances operational efficiency in AMI, it has concurrently and significantly expanded the attack surface of power Industrial Control Systems (ICS). Consequently, these systems have become more susceptible to a variety of cybersecurity threats [1,2,3]. The architecture of the power ICS is illustrated in Figure 1. The arrows indicate the direction of data flow and communication between different components. According to the 2023 report by the North American Electric Reliability Corporation (NERC) [4], cyberattacks targeting AMI systems exhibit an annual growth rate of 67%, with SYN Flood attacks and False Data Injection (FDI) accounting for over 40%. These attacks pose a serious threat to real-time grid control and the integrity of measurement data.

Against this backdrop, Intrusion Detection Systems (IDS) are crucial for identifying anomalous attack behaviors. They provide security teams with first-hand data, enabling them to quickly pinpoint attack origins and behavioral patterns, thus facilitating rapid response. Consequently, there is an urgent need to address two major challenges:

• The Dual Challenge of Attack Complexity and Data Imbalance: Attack methods targeting power systems are becoming increasingly diverse and stealthy, often employing strategies like low-rate, distributed, or mixed-protocol tactics to evade detection. Concurrently, the inherently low frequency of these critical attack events leads to severely imbalanced training data [5].
• Difficulties in Feature Extraction: Power ICS traffic exhibits distinct characteristics, including strong temporal dependencies and structured protocol fields. General-purpose models are frequently limited in their ability to capture these crucial features [6].

To tackle the aforementioned issues, multiple technological solutions have been investigated. Concerning attack diversity and data sparsity, conventional methods are primarily based on continuously updated attack signature databases, which prove inadequate for detecting zero-day attacks and stealthy variants [7,8]. As for feature extraction, initial efforts were grounded in manual feature engineering. This approach is limited by its significant demand for time and expertise, and it carries the risk of missing vital information.

Despite recent advancements, a significant disparity persists between existing data-driven methods and the practical constraints of AMI security [9,10]. Standard generative models prioritize statistical similarity but frequently neglect the strict syntactic rules of network protocols, resulting in realistic yet functionally invalid samples that degrade training quality. Furthermore, while deep learning models offer superior feature extraction, they typically impose computational burdens unsuitable for edge devices and fail to account for the artificial spatial bias introduced when reshaping tabular data. Consequently, there is an urgent need for a unified framework capable of ensuring protocol validity during data synthesis while simultaneously achieving lightweight and robust classification.

In order to overcome these limitations, this paper puts forward a new deep learning-based intrusion detection framework that can identify complicated attack behaviors and improve detection performance, so as to enhance the security of the smart grid. The main contributions of this work are listed below:

(1)

We propose a specific data augmentation method, MC-CGAN, to ensure the validity of synthetic tabular data. Unlike standard GANs that often suffer from mode collapse or generate invalid protocol headers, we introduce a Multi-feature Constraint (MC) module. This module strictly enforces protocol-related invariants while allowing CGAN to learn the distribution of continuous features. This approach directly addresses the challenge of generating realistic and valid tabular traffic samples.

(2)

We develop a lightweight classification model, ADS-Net, to balance detection accuracy with computational efficiency. Addressing the concern that complex deep learning models are difficult to deploy in real-time AMI systems, ADS-Net utilizes Depth-wise Separable Convolutions to significantly reduce the parameter count and calculation scale.

(3)

We incorporate an adaptive attention mechanism into ADS-Net to enhance feature sensitivity. Instead of relying on artificial spatial structures, this mechanism dynamically assigns weights to critical features, enabling the model to capture fine-grained attack patterns from sparse data effectively without relying on heavy recurrent networks.

The rest of this paper is organized as follows. Section 2 reviews the related work. Section 3 details the proposed framework and models, presenting our intrusion-detection framework that integrates data augmentation with lightweight classification. Section 4 describes the experimental setup. Section 5 provides the experimental results and comparisons. Finally, Section 6 concludes the paper and outlines future research directions.

2. Related Work

As a cornerstone of modern cybersecurity, an Intrusion Detection System (IDS) is designed to continuously monitor and analyze network or system activities for malicious patterns, enabling the identification and response to potential security breaches [11]. The escalating complexity and diversity of network attacks have propelled research into enhancing IDS performance into the spotlight of both academic and industrial focus.

This section reviews related work in the field of IDS, with a primary focus on two critical aspects: (1) from a data perspective, strategies for addressing the pervasive class imbalance problem commonly found in intrusion detection datasets; and (2) from a model perspective, the utilization of deep learning algorithms to construct effective intrusion detection models. The class imbalance issue, characterized by a significant disparity where normal traffic samples vastly outnumber attack samples, represents a critical factor influencing IDS performance. Owing to their powerful representation learning abilities, deep learning models have revolutionized the intrusion detection domain, showing exceptional promise in detecting advanced and evasive threats. Accordingly, this section will delve into an in-depth discussion and analysis of existing research centered around these two core challenges.

2.1. Data-Level Approaches for Class Imbalance in IDS

Data-level mitigation methods typically operate by rebalancing the training data distribution, aiming to enhance the model’s attention to and learning from minority-class instances.

Oversampling techniques based on traditional sampling algorithms, particularly the Synthetic Minority Over-sampling Technique (SMOTE) and its variants, have been favored by researchers due to their ease of implementation and effectiveness. The STB algorithm proposed by Li-Hua Li [12] integrates SMOTE with XGBoost, effectively improving model accuracy in intrusion detection tasks. Mhamad Bakro [13] also combined SMOTE with Random Forest (RF) to detect various network attacks, achieving promising results. However, when generating synthetic samples, the SMOTE algorithm only considers local information among minority class samples while ignoring the distribution of the majority class. This can lead to the generation of samples within majority class regions, creating noisy samples or increasing class overlap, potentially degrading classification performance.

To tackle these challenges, researchers have introduced several improved methods, such as Borderline-SMOTE [14]. Chunhui Zhang [15] introduced the Borderline-SMOTE method to synthesize minority class attack samples. In addition, isolated forests and local outlier factors (LOF) are adopted for noise reduction within the dataset. Chao Chen [16] proposed an optimization strategy based on Borderline-SMOTE that reassigns threshold values for weighting coefficients, demonstrating improved effectiveness in handling imbalanced classification tasks. Arjun Puri [17] proposed a resampling technique model combining K-Means SMOTE with ENN, showing superior performance on binary imbalanced datasets, especially as the percentage of noise increases. Sedat Korkmaz [18] introduced a novel hybrid method based on Differential Evolution oversampling combined with ENN and evaluated its performance using 44 highly imbalanced datasets, demonstrating its ability to alleviate imbalance in most datasets. Subhajit Chatterjee [19] employed a hybrid resampling strategy that integrates Adaptive SMOTE for oversampling and Edited Nearest Neighbors (ENN) for undersampling, respectively.

Despite these improvements in specific scenarios, these methods essentially remain confined to the interpolation or replication of existing minority samples. Consequently, they are inherently limited in capturing the complex intrinsic patterns and full diversity of real-world attack data.

Generative Adversarial Networks (GANs) [20], have shown tremendous potential in addressing the class imbalance problem. Original GANs and their image-focused variants are not directly applicable to the tabular network traffic data commonly encountered in intrusion detection. To address this, researchers developed the Conditional Tabular Generative Adversarial Network (CTGAN), significantly expanding the application domain of GANs. Sudeshna Das [21] utilized CTGAN to generate synthetic network traffic data and constructed an IDS using lightweight feed-forward and convolutional neural networks. Omar Habibi [22] highlighted the limitations of existing GAN models in understanding complex datasets and modeling realistic tabular data, subsequently using CTGAN for tabular data modeling to synthesize IoT botnet data and address zero-day threats. Basim Ahmad Alabsi [23] introduced a CTGAN-based IDS aimed at detecting DDoS and DoS attacks in IoT networks. The approach leveraged synthetically generated tabular data from CTGAN to subsequently train a suite of both shallow and deep learning classifiers, leading to enhanced detection performance.

Although CTGAN demonstrates superiority over traditional GANs in generating tabular data, it still faces critical limitations when applied to industrial control protocols. First, its generation process does not inherently adhere to the rigid syntactic and structural constraints of network protocols, often resulting in realistic-looking but functionally invalid packets that would be rejected by real network stacks. Second, it lacks explicit mechanisms for optimizing class boundaries, meaning it might produce minority class samples that overlap with majority class samples, blurring the decision boundary and complicating subsequent classification tasks.

2.2. Model-Level Approaches for Intrusion Detection

At the model level, researchers in the field of network intrusion detection have continually explored various sophisticated deep learning architectures. The goal is to more effectively extract latent information from network traffic data, thereby enhancing classification performance. Deep learning models are highly favored due to their powerful capabilities in feature learning and pattern recognition. Convolutional Neural Networks (CNN), with their excellent mechanisms for local perception and weight sharing, exhibit significant advantages when processing data possessing spatial structures.

Shalini Subramani et al. [24] proposed a model combining CNN with fuzzy inference. A fuzzy CNN framework incorporating spatial and temporal constraints was employed for malicious node detection, enabling subsequent tracking of network and system activities. Ogobuchi Daniel Okey et al. [25] employed a transfer learning-based IDS built upon CNN architectures. They trained five pre-trained CNN models on a specified dataset. Their experiments indicated that an ensemble model, developed using model averaging with three selected models (InceptionV3, MobileNetV3Small, and EfficientNetV2B0), demonstrated the best performance in image classification tasks. Abdulrahman Mahmoud Eid et al. [26] first employed SMOTE to achieve data balance and subsequently optimized the hyperparameters of a CNN model for IDS classification, validating its generalization ability on the UNSW_NB15 dataset. Amani K. Samha et al. [27], addressing the challenge of identifying zero-day attacks in IDS, constructed a hybrid model combining a CNN and a Deep Watershed Autoencoder (CNN-DWA) for attack identification. Their experiments showed a 3.51% improvement in accuracy compared to traditional CNN.

On the other hand, Long Short-Term Memory (LSTM) networks, a crucial variant of Recurrent Neural Networks (RNNs), effectively address the vanishing and exploding gradient problems inherent in traditional RNNs through the introduction of gating mechanisms. Given the intrinsic temporal nature of network traffic data, LSTM is adept at capturing long-term dependencies within the data, enabling the identification of anomalous behavior patterns concealed within the time dimension. Such patterns might reflect attacker activities like penetration, reconnaissance, or data exfiltration over extended periods. Mohit Sewak et al. [28] conducted experiments with various hyperparameter configurations for LSTM. They observed that due to the increasing complexity of malware and network protocols, the performance of LSTM networks configured for IDS is highly sensitive to factors like the number of hidden layers, input sequence length, and specific architectural choices. Rubayyi Alghamdi et al. [29] proposed a deep ensemble-based IDS utilizing the Lambda architecture. This approach employed LSTM for binary classification to distinguish between malicious and benign traffic, and an integrated classifier combining LSTM, CNN, and Artificial Neural Networks (ANN) for multi-class classification to detect specific attack types. Pradeepkumar Bhale [30], tackling the issue of inconsistent accuracy in existing IDS when handling high-rate or low-rate DDoS attacks, proposed a distributed IDS solution named OPTIMIST. Its IDS module first synthesizes data using WGAN and then performs offline training based on LSTM. Jun Gao [31] combined LSTM with Feedforward Neural Networks (FNNs) for intrusion detection in SCADA networks, noting that the system could detect both temporally uncorrelated and correlated attacks.

To leverage the complementary strengths of CNN in spatial feature extraction and LSTM in modeling temporal dependencies, researchers have not only employed these models individually but have also actively explored hybrid models that integrate both. The aim is to simultaneously capture both spatial and temporal characteristics within network traffic data, thereby achieving more comprehensive and precise intrusion detection.

Azizjon Meliboev [32] compared the performance of models including CNN, LSTM, RNN, and GRU on specific datasets of malicious traffic records for classifying network activity as benign or malicious, finding that the CNN-LSTM combination yielded the best results over 100 epochs. Yung-Chung Wang [33] compared the effectiveness of a combined CNN-LSTM model against single models on the CSE-CIC-IDS2018 dataset, noting that while both achieved high accuracy, their inference times differed. Asaad Balla et al. [34] conducted comparative experiments using the Morris power and CICIDS2017 datasets, demonstrating that applying CNN-LSTM to balanced datasets resulted in improved model performance. P Rajesh Kanna [35] highlighted the potential of integrated CNN-LSTM models to enhance large-scale IDS and proposed a unified IDS model featuring an optimized CNN (OCNN) and a Hierarchical Multi-scale LSTM (HMLSTM). The proposed model achieved accuracy rates exceeding 90%.

Despite the advancements discussed above, significant challenges remain in the current landscape of intrusion detection for AMI. First, regarding data augmentation, traditional oversampling methods like SMOTE often introduce noise and class overlap, while standard GAN variants focus on statistical approximation but frequently ignore the rigid syntactic constraints of industrial protocols. This results in the generation of semantically invalid packets that degrade the training quality of downstream classifiers. Second, in terms of detection models, existing deep learning architectures such as ResNet or LSTM often prioritize detection accuracy at the expense of computational efficiency, making them unsuitable for deployment on resource-constrained edge devices. Furthermore, methods that reshape tabular data into image formats rarely address the artifactual spatial bias introduced by such transformations. Consequently, there is a clear need for a unified framework that simultaneously guarantees protocol-compliant data synthesis and achieves lightweight, robust anomaly detection. To address these specific limitations, this paper proposes the MC-CGAN to enforce protocol validity and the ADS-Net to ensure efficient, bias-free classification.

3. Model Design

3.1. Proposed Framework

This chapter presents our overall framework for tackling anomalous traffic detection under severe class imbalance. The framework consists of two core components: a Multi-feature Constrained Conditional GAN (MC-CGAN) that synthesizes high-quality, protocol-valid minority class samples to rebalance the dataset, and a Lightweight Attention-Enhanced Depth-wise Separable Network (ADS-Net) that performs fast yet accurate traffic classification. We describe the design motivation, architecture, and working principle of each model in turn.

Conventional anomaly detectors trained on highly imbalanced data are biased toward the majority class, yielding poor recall for minority attacks. To counter this, we propose a two-stage pipeline whose overall flow is shown in Figure 2. By actively intervening in the data distribution before training and coupling the augmentation with an adaptive lightweight classifier, the framework simultaneously boosts generalization and detection efficiency.

3.2. Multi-Constraint Conditional Generative Adversarial Network (MC-CGAN)

To address the class imbalance problem while ensuring the authenticity of generated data, we designed the Multi-Constraint Conditional Generative Adversarial Network (MC-CGAN). Standard GANs often suffer from mode collapse or generate invalid protocol headers. To solve this, MC-CGAN decouples the invariant protocol features from continuous statistical features.

The Conditional Generative Adversarial Network (CGAN) is a variant of the standard GAN [36,37]. It introduces an additional conditional vector c into both the generator and discriminator, thereby guiding the data generation process. The model learns the distribution of real data through a minimax game between the generator (G) and the discriminator (D). The generator G aims to capture the real data distribution and synthesize new data samples by minimizing its loss function, while the discriminator D strives to distinguish between real and synthetic tabular data.

However, in complex anomaly traffic generation tasks, traffic features exhibit significant heterogeneity. Undifferentiated generation might lead to the loss of critical protocol constraints. Building upon the classic CGAN architecture, our MC-CGAN introduces a Multi-feature Constraint (MC) module. This module strictly enforces protocol-related invariants, allowing for the synthesis of minority-class samples that are not only category-specific but also functionally valid in a network environment. The structure of MC-CGAN is illustrated in Figure 3.

To ensure the generated traffic adheres to strict network protocols, we employ a formal feature partitioning strategy within the model architecture. We define the input traffic vector $X$ as a concatenation of two distinct and disjoint subsets, denoted as $X_{\mathrm{inv}}$ and $X_{\mathrm{cont}}$.

The first subset is termed Protocol-Invariant Features. This category consists of discrete and state-dependent fields that constitute the structural backbone of a network packet. We explicitly designate categorical attributes such as the transport layer protocol type, network service indicators, and binary control flags like SYN or ACK as invariant features. These elements must adhere to rigid syntax rules where intermediate or floating-point values would render the packet invalid. The second subset is defined as Statistical-Continuous Features. This category encompasses quantitative flow metrics that exhibit wide dynamic ranges and statistical variability. Examples include the duration of the connection, the total number of bytes transmitted from source to destination, and the aggregate packet counts. Unlike the rigid protocol headers, these features represent the behavioral intensity of the traffic flow. The Conditional GAN generates these continuous values by conditioning them on the semantic context provided by the established invariant features, thereby ensuring that the synthesized traffic preserves the logical correlation between a specific protocol type and its associated data volume.

The optimization objective of MC-CGAN is achieved through a refined loss function. This function incorporates a multi-feature constraint loss in addition to the traditional CGAN adversarial loss. The objective function can be expressed as

$$\underset{G}{min}\underset{D}{max}V(D,G)=E_{x\sim pdata(x)}[logD(x\left|C\right.)]+E_{z\sim pz(z)}[log(1-D(G(z\left|C\right.)))]$$

(1)

In this function, the discriminator $D$ aims to maximize the objective, making $D(x\left|C\right.)$ approach 1, while the generator $G$ aims to minimize it, making $D(G(z\left|C\right.)$ approach 1. An equilibrium is eventually reached through alternating optimization.

To ensure that the generator preserves the invariant features of the input, we introduce a reconstruction loss. This loss calculates the Mean Squared Error between the invariant features of the generated sample and the input invariant features.

$$L_{MC} = E_{z\sim pz(z),ci\sim pdata(ci)}[\parallel c_i-\pi (G(z,c_i\mid y)){\parallel }_2^2]$$

(2)

The total loss for the generator is a weighted sum of the adversarial loss and the multi-feature constraint loss, defined as follows:

$$L_G=E_{z~pz(z)}[\log (1-D(G(z,c_i\left|y\right.)\left|y\right.))]+\lambda L_{MC}$$

(3)

where $\lambda$ is a hyperparameter that balances the contribution of the different loss terms. After training is completed, we can leverage the trained generator $G$ to produce a large number of high-quality and diverse anomalous traffic samples by inputting random noise $z$ and the feature constraint vector $c$. This enables the construction of a class-balanced dataset suitable for training downstream classification models.

3.3. Attention-Enhanced Depth-Wise Separable Network (ADS-Net)

To achieve an optimal balance between high detection accuracy and computational efficiency in network traffic anomaly detection, we propose a novel lightweight architecture named ADS-Net. A central design strategy of this framework involves transforming one-dimensional tabular traffic records into two-dimensional feature matrices. This transformation is driven by engineering efficiency rather than an assumption of inherent spatial topology. By adopting this matrix format, the model can effectively leverage Two-Dimensional Depth-wise Separable Convolutions. The selection of this specific convolutional variant is rigorously justified by its operational efficiency. Unlike standard convolutions that perform simultaneous spatial and channel filtering, the separable structure decouples the process into distinct depth-wise and pointwise phases. This mechanism drastically reduces the number of multiplication operations and learnable parameters, theoretically guaranteeing the lightweight nature of the model suitable for resource-constrained edge environments.

We acknowledge that unlike image data, tabular features lack a natural fixed spatial order, and an arbitrary arrangement could theoretically introduce structural bias. To mitigate this risk, we integrate a Hybrid Attention Mechanism that plays a compensatory role within the architecture. The channel attention component identifies global inter-feature dependencies regardless of their spatial positions, while the spatial attention mechanism focuses on salient feature clusters based on their semantic content. Consequently, these attention layers dynamically recalibrate the importance of features, effectively decoupling the model performance from the specific layout of the input and ensuring that classification relies on learned feature interactions rather than artifactual spatial patterns.

ADS-Net consists of three components: an Initial Feature Mapping Module, the ADS Module, and a Global Classification Module. The Initial Feature Mapping Module maps the raw feature vector into a high-dimensional feature matrix. The ADS Module progressively learns hierarchical features by stacking multiple ADS blocks. Downsampling layers with a stride of 2 are inserted to expand the receptive field. Finally, a Global Average Pooling (GAP) layer and a Fully Connected (FC) layer produce the classification result.

The ADS Module is composed of a Lightweight Feature Extraction Unit, a Hybrid Attention Module (HAM), and a Residual Connection. as illustrated in Figure 4.

(1)

Lightweight Feature Extraction

We employ Depth-wise Separable Convolution to replace standard convolution. This decomposes standard convolution into the following:

Depth-wise Convolution: Applies a single filter per input channel, capturing local feature correlations with minimal computation.

Pointwise Convolution: Uses a 1 × 1 kernel to linearly combine outputs, enabling cross-channel feature fusion [38,39].

(2)

Hybrid Attention Module (HAM)

HAM sequentially integrates channel attention and spatial attention mechanisms. The channel attention mechanism dynamically recalibrates the weight of each feature channel. For an input feature map $F\in R^{C\times H\times W}$, where C is the number of channels, and H and W are the height and width, respectively, a channel descriptor $Z\in R^c$ is first obtained by squeezing the spatial dimensions of F via global average pooling. The c-th element of $Z_c$ is calculated as

$$Z_c={\displaystyle \frac{1}{H\times W}}{\displaystyle \sum _{i=1}^H{\displaystyle \sum _{j=1}^W{F}_c\left(i,j\right)}}$$

(4)

This channel descriptor $Z$ is then passed through a multi-layer perceptron (MLP) with two fully connected layers to capture nonlinear interdependencies between channels. To reduce model complexity, the first FC layer reduces the dimension from $C$ to $C/r$, where $r$ is the reduction ratio. After a ReLU activation, the second FC layer restores the dimension to $C$. Finally, a Sigmoid activation function is applied to generate the channel attention weights $M_c\in R^C$:

$$M_c=\sigma (W_2\delta (W_{1}z))$$

(5)

Here, $\sigma$ and $\delta$ denote the Sigmoid and ReLU activation functions, respectively, and $W_1$, $W_2$ are the weights of the MLP. The recalibrated feature map is then obtained by performing an element-wise multiplication between the learned channel weights and the original input feature map $F’$:

$$F’=M_C\otimes F$$

(6)

Following channel attention, a spatial attention mechanism is introduced to further focus on salient regions within the spatial domain. This mechanism takes the channel-refined feature map $F’$ as input. First, global average pooling and max pooling operations are applied separately along the channel dimension, generating two aggregated feature maps ${\tilde{F}}_{\mathrm{avg}}^s\in {\mathbb{R}}^{1\times H\times W}$ and ${\tilde{F}}_{\max }^s\in {\mathbb{R}}^{1\times H\times W}$. These two descriptors, representing global statistics and prominent features, respectively, are concatenated. A standard convolution layer then fuses them into a single-channel spatial attention map. The final spatial attention weight matrix $M_s$ is generated by applying a Sigmoid function:

$$M_s=\sigma (f([AvgPool(F\prime );MaxPool(F\prime )]))$$

(7)

To facilitate the training of deeper networks and mitigate the vanishing gradient problem, we incorporate a residual connection within each ADS block. The input feature map is directly added element-wise to the output from the attention module, yielding the final output of the ADS block. This ensures that network performance does not degrade even as depth increases.

4. Experimental Design

4.1. Dataset

To comprehensively and effectively evaluate the hybrid intrusion-detection framework proposed in this paper, we selected the UNSW-NB15 dataset [40,41] as the primary benchmark. Furthermore, the CSE-CIC-IDS2018 and CIC-IoV2024 datasets were employed to assess the model’s generalization ability across different industrial network environments.

The UNSW-NB15 dataset serves as a benchmark resource for Network-based Intrusion Detection Systems (NIDS). Created by the University of New South Wales, Australia, it is specifically designed to facilitate the evaluation and comparison of detection algorithms. It contains data representing nine specific attack varieties: Fuzzers, Analysis, Backdoors, Denial of Service (DoS), Exploits, Generic, Reconnaissance, Shellcode, and Worms. The dataset encompasses a total of 49 features. These are categorized into packet-based features, sourced from packet headers/payloads, and flow-based features, calculated from source-to-destination packet sequences. Because it contains up-to-date attack vectors, offers significant data volume, provides a comprehensive feature set, and exhibits notable class imbalance, it is recognized as a crucial evaluation platform for current IDS studies.

CSE-CIC-IDS-2018, developed in collaboration by the Communications Security Establishment (CSE) and the Canadian Institute for Cybersecurity (CIC), is designed to reflect traffic patterns and intrusion activities. The dataset is generated using a ‘file configuration’ concept, which is applied to network protocols operating over diverse network topologies. This approach ensures its suitability for AMI application environments, making it appropriate for the experimental analysis conducted in this study.

The CIC-IoV2024 dataset, released in 2024, comprises data collected from the complete Electronic Control Unit (ECU) systems of real vehicles. It encompasses a variety of network attack traffic executed via the Controller Area Network (CAN) protocol, along with a substantial amount of normal traffic. Due to its authenticity, diversity, and authoritative nature, this dataset is utilized in our research. Detailed information and descriptions of the dataset are provided in Figure 5a–c, respectively.

To explicitly demonstrate the severity of the class imbalance,

Table 1. Detailed Class Distribution of Experimental Datasets.

Dataset	Label	Sample Count	Percentage (%)
UNSW-NB15	Normal	93,000	36%
	DoS	16,353	6.3%
	Analysis	2677	1.04%
	Backdoor	2329	0.9%
	Exploits	44,525	17.28%
	Fuzzers	24,246	9.41%
	Generic	58,871	22.85%
	Reconnaissance	13,987	5.43%
	Shellcode	1511	0.59%
	Worms	174	0.01%
CSE-CIC-IDS2018	Benign	13,484,708	83.17%
	DDoS	1,263,933	7.79%
	DoS	654,300	4.04%
	Brute Force	380,949	2.35%
	Bot	286,191	1.77%
	Infiltration	161,934	1%
	Web	928	0.01%
CIC-IoV2024	Benign	1,223,737	86.9%
	DoS	74,663	5.3%
	GAS	9991	0.51%
	Steering Wheel	19,977	1.42%
	Speed	24,951	1.78%
	RPM	54,900	3.9%

details the sample distribution and imbalance ratios for all three datasets used in this study. As shown, in UNSW-NB15, minority classes like Worms and Shellcode account for less than 1% of the total traffic, presenting a significant challenge for classification. Given the scarcity of public AMI datasets due to privacy regulations, we adopted a layered mapping strategy to simulate the dual-layer AMI architecture using high-fidelity proxies. The CSE-CIC-IDS2018 and UNSW-NB15 datasets were selected to represent the AMI Backhaul Network, capturing the complex TCP/IP traffic patterns typical of communications between Data Concentrator Units and management systems. Complementarily, the CIC-IoV2024 dataset serves as a proxy for the AMI Field Network; its CAN bus traffic shares critical characteristics—such as short frame lengths and strict real-time constraints—with industrial fieldbus protocols like Modbus or IEC 61850. This combination ensures the framework is rigorously evaluated against both the IT-dominant high-bandwidth layer and the OT-dominant constrained layer of the smart grid.

4.2. Data Preprocessing

The raw network traffic data undergoes a structured preprocessing pipeline to be formatted for compatibility with the proposed ADS-Net model.

• Data Cleaning and Encoding: Non-numerical features are converted into numerical forms using Label Encoding. Infinite or missing values are replaced with the mean value of the respective column.
• Data Partitioning and Isolation: The dataset is divided into training and testing subsets immediately after the initial cleaning. The data augmentation process is applied exclusively to the training subset. Consequently, the testing subset remains composed entirely of original real-world samples.
• Feature Correlation Analysis and Selection: To reduce feature redundancy and mitigate the impact of noise, Pearson correlation coefficients were calculated between each input feature and the target class label using only the training set.
• Normalization: To eliminate the impact of varying scales across different features, Min-Max Normalization is applied to scale all features to the range [0, 1].
• Feature Reshaping: To leverage the computational efficiency of Depth-wise Separable Convolutions, 1D feature vectors are reshaped into 2D matrices, using zero-padding where necessary to match dimensions. The selected 45 features are mapped into a fixed-size [7 × 7] matrix. Crucially, the Hybrid Attention Mechanism is employed to dynamically identify key features regardless of their spatial position in the reshaped matrix, thereby mitigating any potential bias introduced by this artificial transformation.

4.3. Evaluation Metrics

Given the inherent class imbalance prevalent in IDS datasets, relying solely on Accuracy can provide a misleading assessment of performance. Therefore, we adopted a comprehensive suite of evaluation metrics to offer a multi-faceted evaluation, particularly focusing on the model’s ability to detect minority attack classes. These metrics include Accuracy (ACC), Precision, Recall, and F1-Score. Comparative analyses based on these metrics were performed across various experiments to thoroughly assess the model’s effectiveness and practical utility, aiming to demonstrate the advantages of our proposed approach.

The metrics are defined as follows:

Accuracy (ACC): Represents the ratio of correctly classified instances (both positive and negative) to the total number of instances.

$$ACC={\displaystyle \frac{TP+TN}{TP+TN+FP+FN}}$$

(8)

Precision: Represents the ratio of correctly identified positive instances (attacks) to the total number of instances predicted as positive.

$$Pre={\displaystyle \frac{TP}{TP+FP}}$$

(9)

Recall (Sensitivity or True Positive Rate): Represents the proportion of actual positive instances (attacks) that were correctly identified by the model.

$$Recall={\displaystyle \frac{TP}{TP+FN}}$$

(10)

F1-Score: Is defined as the harmonic mean of precision and recall, offering a balanced metric that is particularly informative for evaluating per-class performance in imbalanced classification tasks.

$$F1\text{-}score={\displaystyle \frac{2\ast Precision\ast Recall}{Precison+Recall}}$$

(11)

In the preceding equations, the terms TP, TN, FP, and FN denote the counts of true positives, true negatives, false positives, and false negatives, respectively. Collectively, these metrics provide a multi-dimensional perspective on model performance, ensuring a comprehensive and reliable evaluation, particularly within the context of imbalanced data scenarios.

4.4. Experimental Environment and Parameter Settings

Experiments were conducted on a workstation equipped with an Intel Core i9-12900 K processor and 64 GB of RAM. An NVIDIA GeForce RTX 3090 GPU (24 GB GDDR6X) was utilized for accelerating deep learning computations. The software environment includes Windows 11, Python 3.9, and key libraries such as PyTorch 1.12.1, Pandas 1.4.4, and NumPy 1.23.5.

To ensure the reproducibility of the proposed framework, specific architectural parameters are detailed as follows. In the MC-CGAN model, both the generator and discriminator are constructed using multi-layer perceptrons (MLP) consisting of two hidden layers with 256 units each. The multi-feature constraint weight was set to λ = 10; this value was selected via preliminary grid search experiments. Regarding the ADS-Net, the Depthwise Separable Convolutions utilize a kernel size of 3 × 3 to capture spatial correlations effectively. Furthermore, within the Hybrid Attention Module, the channel reduction ratio was set to r = 16, allowing for efficient modeling of channel dependencies with minimal computational overhead.

Key parameters used during the model training phase are summarized in

Table 2. Model Hyperparameter Settings.

Parameter	Value
MC-CGAN
Epochs	100
Generator Structure	2 Hidden Layers (256 units), Residual
Learning rate	2 × 10−4
Constraint Weight	10
Batch Size	500
ADS-Net
Batch Sizes	128
Depth-wise Kernel Size	3 × 3
Pointwise Kernel Size	1 × 1
Reduction Ratio	16
Activation Function	Relu
Optimizer	Adam
Learning Rate	1 × 10−3
Loss Function	Binary Cross-Entropy/Categorical Cross-Entropy
Maximum epochs	50
Early Stopping	10

below:

5. Experimental Results and Discussion

5.1. Evaluation of Data Augmentation Strategy

To validate the effectiveness of the proposed MC-CGAN strategy in mitigating class imbalance and generating high-fidelity traffic samples, we conducted a comprehensive evaluation on the UNSW-NB15 dataset. This evaluation is twofold: first, we assess the quality and realism of the synthetic data through visualization and statistical analysis; second, we verify the utility of the augmented data by measuring its impact on downstream classification performance.

To validate the quality of the synthetic traffic, we implemented a comprehensive multi-dimensional evaluation framework that assesses realism at three distinct levels. First, we examine Distributional Realism using t-SNE visualization to ensure the synthetic manifold aligns with real data clusters. Second, we evaluate Relational Realism via feature correlation matrices to verify that complex inter-feature dependencies are preserved. Third, we assess Protocol Realism using the specific validity metrics of Discrete Integrity and Logical Consistency presented in

Table 3. Comparative Evaluation of Protocol Validity Metrics.

Model	Discrete Integrity	Range Compliance	Logical Consistency	Overall
CTGAN	78.5%	94.2%	88.1%	72.4%
MC-CGAN	95.2%	94.6%	92.6%	91.6%

.

To intuitively compare the quality of synthetic data, we employed t-SNE to map the high-dimensional traffic features into a 2D space. Figure 6 visualizes the distribution of original data versus the data augmented by MC-CGAN.

As shown in Figure 6, the synthetic samples closely overlap with the clusters of the real minority samples. Unlike standard GANs which often drift away from the real manifold, MC-CGAN maintains the topological structure of the original data, verifying that our Multi-feature Constraint (MC) module effectively guides the generation process.

Tabular network traffic data involves complex high-order dependencies between features. A valid generator must preserve these inter-feature correlations rather than treating features as independent variables. To verify this, we computed and visualized the Pearson Correlation Coefficient matrices for both the original dataset and the MC-CGAN augmented dataset, as shown in Figure 7.

Figure 7 compares the heatmaps of feature correlations. The bottom-right block of the heatmap, representing TCP window features (swin, stcpb, dtcpb, dwin), shows strong positive correlations in both matrices. This confirms that MC-CGAN strictly adheres to the protocol constraints, ensuring that related TCP flags and window sizes vary synchronously as they would in real sessions. The top-left cluster, involving packet and byte counts (spkts, dpkts, sbytes), maintains its distinct correlation pattern. This indicates that the generative model captures the logical relationship between traffic volume and packet size.

The high degree of alignment in these heatmaps demonstrates that the generative model effectively preserves the high-order feature dependencies of the original network traffic. The slight variance in color intensity in certain off-diagonal regions is desirable, reflecting the diversity of the generated samples rather than mere memorization of the training set.

To ensure the functional validity of the generated packets, the synthetic packets were subjected to rigorous checks: discrete variables must preserve their integer status following label encoding, and numerical statistics are restricted to valid physical ranges. To verify compliance, we synthesized 10,000 samples using both the Standard CTGAN and the proposed MC-CGAN. The comparative evaluation results are presented in Table 3.

To rigorously substantiate the claims regarding protocol adherence, we evaluated the model using the protocol-specific metrics presented in Table 3, specifically Discrete Integrity and Logical Consistency. As indicated by these results, the proposed constraint module effectively captures the majority of strict dependencies between coupled features. Although minor mismatches persist in complex edge cases, MC-CGAN achieved an Overall Validity rate of 91.6%, representing a substantial improvement over the baseline model’s 72.4%. These quantitative indicators demonstrate that the Multi-feature Constraint module successfully enforces the rigid syntactic specifications of industrial network protocols, thereby significantly increasing the practical utility of the synthetic data.

To further verify that the synthetic samples generated by MC-CGAN effectively contribute to the training of intrusion detection models, we conducted comparative experiments using a standard baseline classifier trained on datasets augmented by different strategies: Original (Imbalanced), SMOTE, Standard CTGAN, and our MC-CGAN.

5.1.1. Binary Classification Performance Evaluation

In the binary classification setting, all distinct attack types were consolidated into a single “Attack” class to evaluate the fundamental capability of separating anomalous traffic from normal traffic.

Table 4. Binary Classification Performance.

Data Augmentation Strategy	Accuracy (%)	[Normal] Precision (%)	[Normal] Recall (%)	[Normal] F1-Score(%)	[Attack] Precision (%)	[Attack] Recall (%)	[Attack] F1-Score (%)
Original	97.73%	98.22%	98.76%	98.49%	96.23%	94.62%	95.42%
SMOTE	98.18%	99.00%	97.35%	98.17%	97.40%	99.01%	98.20%
CTGAN	98.37%	98.17%	98.50%	98.33%	98.56%	98.24%	98.40%
MC-CGAN	98.74%	98.69%	98.80%	98.75%	98.80%	98.69%	98.75%

presents the performance metrics, and Figure 8 illustrates the training convergence.

Analyzing the results in Table 4 reveals that whereas the model trained on the raw data attained a baseline accuracy of 97.73%, it exhibited a clear bias toward the majority class, evident in the significantly lower recall (94.62%) for attack traffic. Although applying SMOTE boosted the detection rate of attacks, it inadvertently degraded the recall for normal traffic to 97.35%, suggesting that linear interpolation introduced synthetic noise that blurred the decision boundary between classes. In contrast, the proposed MC-CTGAN strategy outperformed both SMOTE and standard CTGAN, achieving the highest overall accuracy of 98.74% and increasing the F1-score for the ‘Attack’ class by 3.33 percentage points over the baseline. This indicates that by decoupling and constraining invariant features, MC-CGAN generates high-fidelity minority samples that effectively reinforce the classifier’s ability to distinguish malicious patterns without compromising the recognition of normal traffic, thereby demonstrating superior robustness.

5.1.2. Multi-Class Performance Evaluation

The multi-class task aims to distinguish normal traffic from multiple specific attack types. This scenario is more representative of real-world IDS applications and places higher demands on the data augmentation strategy’s ability to handle various rare attack classes.

Table 5. Multi-class Classification Performance.

Data Augmentation Strategy		Original	SMOTE	CTGAN	MC-CGAN
Accuracy		92.67%	89.48%	98.06%	98.35%
Normal	Precision	94.23%	99.18%	97.95%	98.53%
	Recall	96.19%	85.67%	97.77%	97.30%
	F1-score	95.20%	91.93%	97.86%	97.91%
Exploits	Precision	78.53%	77.09%	91.75%	94.21%
	Recall	96.32%	61.65%	96.96%	94.24%
	F1-score	86.52%	68.51%	94.28%	94.23%
DoS	Precision	46.72%	75.27%	99.76%	99.84%
	Recall	12.75%	71.97%	95.37%	96.05%
	F1-score	20.03%	73.58%	97.51%	97.91%

presents the overall accuracy and performance metrics for the Normal class and two representative attack classes (Exploits and DoS) under different strategies. These two attack types were selected due to their significant imbalance ratios relative to the Normal class (Normal: Exploits ≈ 2:1, Normal: DoS ≈ 6:1) and their high impact nature. Figure 9a,b illustrate the accuracy and loss changes during the training process.

In the more complex multi-class scenario, the limitations of traditional methods became more pronounced. The model trained on original data failed to detect extremely sparse attacks like DoS (F1-score of merely 20.03%), while the application of SMOTE led to a counter-productive 3.19% drop in overall accuracy and significant performance degradation for ‘Normal’ and ‘Exploits’ classes, highlighting the detrimental effect of simple interpolation in high-dimensional feature spaces. Conversely, GAN-based approaches demonstrated a decisive advantage, with standard CGAN dramatically recovering the system’s ability to detect rare attacks. Building on this, the proposed MC-CGAN achieved the state-of-the-art overall accuracy of 98.35% and superior precision across minority classes. This confirms that the Multi-feature Constraint module effectively refines the quality of generated data, allowing the classifier to learn precise decision boundaries even for the most severely imbalanced and distinct attack categories, effectively resolving the trade-off between minority class recall and overall precision.

5.2. Classification Performance Analysis

Having validated the quality of the augmented data, this section evaluates the performance of the proposed ADS-Net classifier trained on the MC-CGAN augmented dataset. We conducted a series of comparative experiments to assess the model’s detection accuracy, generalization capability across different environments, and computational efficiency for real-time deployment.

5.2.1. Comparative Evaluation of Detection Performance and Efficiency

The architectural choices for ADS-Net are fundamentally driven by the dual requirements of computational efficiency and feature robustness. The selection of Depth-wise Separable Convolutions is strictly justified by their operational mechanism: unlike standard convolutions that perform simultaneous spatial and channel filtering, the separable structure decouples the process into distinct depth-wise and pointwise phases. This mechanism drastically reduces the number of multiplication operations (FLOPs) and learnable parameters, theoretically guaranteeing the lightweight nature of the model without sacrificing representational power. Simultaneously, the Hybrid Attention Mechanism is integrated to neutralize the artificial spatial bias induced by the 2D feature reshaping, ensuring the model focuses on semantic feature relevance rather than artifactual positioning.

To demonstrate the superiority of ADS-Net, we compared our ADS-Net with several mainstream deep learning models, including 1D-CNN, LSTM, BiLSTM, and ResNet-50. We integrated detection metrics and efficiency metrics into a unified comparison.

Table 6. Performance and Efficiency Comparison.

Model	Accuracy (%)	F1-Score (%)	Parameters (M)	FLOPs (G)	Inference Time (ms)
1D-CNN	90.23%	89.50	1.10	0.06	1.80
LSTM	96.54%	96.20	12.50	0.25	6.20
BiLSTM	96.41%	96.10	15.20	0.50	8.45
ResNet-50	98.10%	98.06	25.56	3.80	12.50
The Proposed	98.35%	98.40	0.85	0.04	1.12

details these results. Figure 10a,b display the training convergence curves.

The results in Table 6 reveal a distinct advantage of the proposed ADS-Net in balancing accuracy and resource consumption. ADS-Net achieved the highest accuracy of 98.35%, outperforming temporal models like BiLSTM and deep models like ResNet-50. This validates that the Hybrid Attention Mechanism effectively captures critical attack features from the reshaped feature matrices, offering better discrimination than the sequential processing of RNNs or the bruteforce depth of ResNet. Crucially, ADS-Net demonstrates exceptional efficiency. By utilizing Depth-wise Separable Convolutions, the model reduces the parameter count to merely 0.85 M and achieves an average inference time of 1.12 ms per sample.

To provide a rigorous quantitative assessment of computational complexity, we estimated the theoretical Floating Point Operations based on standard architecture definitions. As detailed in the table, the heavy ResNet-50 model requires approximately 3.80 GFLOPs, whereas our ADS-Net operates at merely 0.04 GFLOPs. Notably, this efficiency extends beyond comparisons with deep models as ADS-Net also outperforms the lightweight 1D-CNN at 0.06 GFLOPs and the sequential BiLSTM at 0.50 GFLOPs. This indicates that the Depth-wise Separable architecture effectively eliminates the redundant calculations inherent in standard convolutions and recurrent gates. Such minimal computational demand not only explains the superior inference speed but also implies significantly lower energy consumption, a critical factor for thermal management in resource-constrained AMI devices.

To isolate the impact of distinct architectural modules on system behavior, we analyzed the structural differences between the models. The 1D-CNN serves as the ablated baseline configuration, representing the framework without the Depthwise Separable Convolutions and Hybrid Attention Mechanism. By contrasting the full ADS-Net with this baseline, we can attribute specific performance gains to individual components. The reduction in computational cost is driven by the decoupled convolution layers, whereas the 8.12% increase in detection accuracy is primarily a consequence of the Hybrid Attention Mechanism enabling focus on critical feature semantics. This comparison effectively isolates the functional contribution of each module to the overall system performance.

For a granular analysis of the multi-class classification performance,

Table 7. Per-Class Performance of the Proposed Model.

Label	Attack_Cat	Precision	Recall	f1-Score
0	Analysis	99.38%	99.86%	99.62%
1	Backdoor	99.97%	99.90%	99.93%
2	DoS	99.84%	96.05%	97.91%
3	Exploits	94.21%	94.24%	94.23%
4	Fuzzers	98.58%	98.40%	98.49%
5	Generic	99.83%	99.38%	99.60%
6	Normal	98.53%	97.30%	97.91%
7	Reconnaissance	96.79%	99.46%	98.11%
8	Worms	97.87%	100.00%	98.92%
Final loss		0.0546	Overall Accuracy	98.35%

and Figure 11 disaggregate the model’s precision, recall, and F1-score on a per-class basis.

As detailed in Table 7, the proposed method achieved excellent performance across various attack categories. The F1-scores for most classes exceeded 97%, showcasing the model’s capability to effectively distinguish diverse and complex attack patterns, even for those initially severely underrepresented. The ‘Exploits’ class exhibited slightly lower but still strong performance, with an F1-score of 94.23%, potentially reflecting the inherent complexity of this attack type or less distinct features compared to other classes. The ‘DoS’ class achieved very high precision (99.84%) but slightly lower recall (96.05%), suggesting that a small number of DoS instances might have been misclassified, although its overall F1-score remained high (97.91%). The low final training loss of 0.0546 confirms the model’s effective convergence. Overall, these classification results affirm the robustness and effectiveness of our proposed method, achieving a high overall accuracy of 98.35% and demonstrating strong performance across individual classes.

5.2.2. Generalization Capabilities on Diverse Industrial Datasets

To further address the concern regarding the generalizability of our framework to other industrial scenarios beyond UNSW-NB15, we extended the evaluation to two additional authoritative datasets: CSE-CIC-IDS2018 (simulating large scale SCADA traffic) and CIC-IoV2024 (simulating automotive CAN bus traffic). The confusion matrices for these datasets are visualized in Figure 12 and Figure 13. The model performance for these datasets are visualized in Figure 14 and Figure 15. Notably, these datasets represent fundamentally different industrial communication architectures, thereby providing an implicit evaluation of protocol adaptability. The CSE-CIC-IDS2018 dataset is dominated by complex TCP/IP stack protocols typical of the upper-layer communications in AMI backhaul networks. In contrast, the CIC-IoV2024 dataset consists entirely of Controller Area Network bus traffic. Unlike TCP/IP, CAN traffic is characterized by short data frames, a lack of complex handshakes, and strict real-time constraints, which closely resemble the low-level fieldbus protocols utilized in industrial device control. As illustrated in Figure 14 and Figure 15, the proposed framework achieves consistent high-performance metrics with accuracy surpassing 98% across both the IP-based and CAN-based environments. This consistency serves as compelling evidence of the model’s protocol-agnostic robustness, demonstrating that the MC-CGAN and ADS-Net successfully capture intrinsic anomaly patterns regardless of specific protocol syntax or packet structures.

The classification results on these diverse datasets corroborate the robustness of the proposed framework. Evaluation on the CSE-CIC-IDS2018 dataset demonstrated that the proposed model attained a remarkably high accuracy of over 99%, effectively distinguishing between benign traffic and complex attacks like DDoS-LOIC-HTTP and Botnet, demonstrating its applicability to large scale power grid control networks. On the CIC-IoV2024 dataset, which features strictly structured CAN bus messages, the model maintained a high detection rate for vehicle specific attacks such as RPM Spoofing. This consistent performance across varied network protocols and topologies confirms that ADS-Net does not overfit to the specific artifacts of a single dataset but learns generalized, robust feature representations applicable to a wide range of industrial control environments.

6. Conclusions

Ensuring the security of Advanced Metering Infrastructure (AMI) relies heavily on effective Intrusion Detection Systems (IDS), yet this task is complicated by severe class imbalance and the limited computational resources of edge devices. This study tackles these obstacles by introducing a framework that merges a Multi-feature Constrained Conditional GAN (MC-CGAN) with a lightweight classifier, ADS-Net.

Our findings indicate that the proposed framework offers a substantial improvement over existing methods in both data quality and detection efficiency. By incorporating a multi-feature constraint module, the developed MC-CGAN overcomes the tendency of standard GANs to generate invalid protocol headers. Through t-SNE visualizations and correlation analysis, we confirmed that this approach synthesizes data that is not only statistically balanced but also semantically valid, preserving the complex dependencies found in real network traffic. On the classification front, the proposed ADS-Net successfully mitigates the artificial bias of reshaping tabular data into 2D matrices by utilizing a hybrid attention mechanism. Performance evaluations on the UNSW-NB15 dataset reveal an accuracy of 98.35%, with the model requiring only 0.85 M parameters and 1.12 ms for inference per sample. This efficiency represents a significant advantage over heavier architectures like ResNet-50 or sequential models like BiLSTM, making the solution viable for resource constrained environments. Additionally, the robustness of the model was verified across the CSE-CIC-IDS2018 and CIC-IoV2024 datasets, confirming its adaptability to diverse industrial scenarios.

Despite the promising results, we acknowledge certain limitations in the current framework. First, the Multi-feature Constraint module relies on predefined domain knowledge to explicitly distinguish between protocol-invariant and continuous features. This dependency implies that adapting the framework to proprietary or non-standard industrial protocols requires manual rule configuration by security experts, limiting its fully automated transferability. Second, while the ADS-Net detector is optimized for lightweight inference on edge devices, the training process of the MC-CGAN remains computationally intensive. Consequently, the current framework is designed for offline training on centralized servers followed by edge deployment, rather than for performing incremental online learning directly on resource-constrained metering nodes.

Future efforts will shift towards practical implementation and expanded validation. Specifically, to bridge the gap between proxy datasets and real-world conditions, we plan to deploy the framework on a physical AMI testbed, utilizing actual smart meters to capture and analyze proprietary industrial traffic. Furthermore, to deepen the comparative analysis, we intend to benchmark ADS-Net against a broader range of specialized lightweight models, such as TabNet or MobileNet, to further isolate the architectural advantages in edge-oriented scenarios. We also aim to validate real-time responsiveness through comprehensive end-to-end latency tests on hardware platforms like FPGAs and explore the framework’s resilience against adversarial attacks.