Aiming at the problems of lack of Industrial Control System （ICS） data and poor detection of unknown attacks by industrial control intrusion detection systems， an unknown attack intrusion detection method for industrial control systems based on Generative Adversarial Transfer Learning network （GATL） was proposed. Firstly， causal inference and cross-domain feature mapping relations were introduced to reconstruct the data to improve its understandability and reliability. Secondly， due to the data imbalance between source domain and target domain， domain confusion-based conditional Generative Adversarial Network （GAN） was used to increase the size and diversity of the target domain dataset. Finally， the differences and commonalities of the data were fused through domain adversarial transfer learning to improve the detection and generalization capabilities of the industrial control intrusion detection model for unknown attacks in the target domain. The experimental results show that on the standard dataset of industrial control network， GATL has an average F1-score of 81.59% in detecting unknown attacks in the target domain while maintaining a high detection rate of known attacks， which is 63.21 and 64.04 percentage points higher than the average F1-score of Dynamic Adversarial Adaptation Network （DAAN） and Information-enhanced Adversarial Domain Adaptation （IADA） method， respectively.

After the introduction of federated learning technology in intrusion detection scenarios， there is a problem that the traffic data between nodes is non-independent and identically distributed （non-iid）， which makes it difficult for models to aggregate and obtain a high recognition rate. To solve this problem， an efficient federated learning algorithm named H?E?Fed was constructed， and a network intrusion detection model based on this algorithm was proposed. Firstly， a global model for traffic data was designed by the coordinator and was sent to the intrusion detection nodes for model training. Then， by the coordinator， the local models were collected and the skewness of the covariance matrix of the local models between nodes was evaluated， so as to measure the correlation of models between nodes， thereby reassigning model aggregation parameters and generating a new global model. Finally， multiple rounds of interactions between the coordinator and the nodes were carried out until the global model converged. Experimental results show that compared with the models based on FedAvg （Federated Averaging） algorithm and FedProx algorithm， under data non-iid phenomenon between nodes， the proposed model has the communication consumption relatively low. And on KDDCup99 dataset and CICIDS2017 dataset， compared with baseline models， the proposed model has the accuracy improved by 10.39%， 8.14% and 4.40%， 5.98% respectively.

In data poisoning attacks， backdoor attackers manipulate the distribution of training data by inserting the samples with hidden triggers into the training set to make the test samples misclassified so as to change model behavior and reduce model performance. However， the drawback of the existing triggers is the sample independence， that is， no matter what trigger mode is adopted， different poisoned samples contain the same triggers. Therefore， by combining image steganography and Deep Convolutional Generative Adversarial Network （DCGAN）， an attack method based on sample was put forward to generate image texture feature maps according to the gray level co-occurrence matrix， embed target label character into the texture feature maps as a trigger by using the image steganography technology， and combine texture feature maps with trigger and clean samples into poisoned samples. Then， a large number of fake pictures with trigger were generated through DCGAN. In the training set samples， the original poisoned samples and the fake pictures generated by DCGAN were mixed together to finally achieve the effect that after the poisoner injecting a small number of poisoned samples， the attack rate was high and the effectiveness， sustainability and concealment of the trigger were ensured. Experimental results show that this method avoids the disadvantages of sample independence and has the model accuracy reached 93.78%. When the proportion of poisoned samples is 30%， data preprocessing， pruning defense and AUROR defense have the least influence on the success rate of attack， and the success rate of attack can reach about 56%.

Aiming at the problem that the existing adversarial example generation methods require a lot of queries to the target model， which leads to poor attack effects， a Text Adversarial Examples Generation Method based on BERT （Bidirectional Encoder Representations from Transformers） model （TAEGM） was proposed. Firstly， the attention mechanism was adopted to locate the keywords that significantly influence the classification results without query of the target model. Secondly， word-level perturbation of keywords was performed by BERT model to generate candidate adversarial examples. Finally， the candidate examples were clustered， and the adversarial examples were selected from the clusters that have more influence on the classification results. Experimental results on Yelp Reviews， AG News， and IMDB Review datasets show that compared to the suboptimal adversarial example generation method CLARE （ContextuaLized AdversaRial Example generation model） on Success Rate （SR）， TAEGM can reduce the Query Counts （QC） to the target model by 62.3% and time consumption by 68.6% averagely while ensuring the SR of adversarial attacks. Based on the above， further experimental results verify that the adversarial examples generated by TAEGM not only have good transferability， but also improve the robustness of the model through adversarial training.

Aiming at the problem of model information leakage caused by interpretability in Deep Neural Network （DNN）， the feasibility of using the Gradient-weighted Class Activation Mapping （Grad-CAM） interpretation method to generate adversarial samples in a white-box environment was proved， moreover， an untargeted black-box attack algorithm named dynamic genetic algorithm was proposed. In the algorithm， first， the fitness function was improved according to the changing relationship between the interpretation area and the positions of the disturbed pixels. Then， through multiple rounds of genetic algorithm， the disturbance value was continuously reduced while increasing the number of the disturbed pixels， and the set of result coordinates of each round would be maintained and used in the next round of iteration until the perturbed pixel set caused the predicted label to be flipped without exceeding the perturbation boundary. In the experiment part， the average attack success rate under the AlexNet， VGG-19， ResNet-50 and SqueezeNet models of the proposed algorithm was 92.88%， which was increased by 16.53 percentage points compared with that of One pixel algorithm， although with the running time increased by 8% compared with that of One pixel algorithm. In addition， in a shorter running time， the proposed algorithm had the success rate higher than the Adaptive Fast Gradient Sign Method （Ada-FGSM） algorithm by 3.18 percentage points， higher than the Projection & Probability-driven Black-box Attack （PPBA） algorithm by 8.63 percentage points， and not much different from Boundary-attack algorithm. The results show that the dynamic genetic algorithm based on the interpretation method can effectively execute the adversarial attack.

Service description texts for Internet of Things （IoT） are short in length and sparse in text features， and direct modeling the IoT service by using traditional topic model has poor clustering effect， so that the best service cannot be discovered. To solve this problem， an IoT service discovery method based on Biterm Topic Model （BTM） was proposed. Firstly， BTM was employed to mine the latent topic of the existing IoT services， and the service document-topic probability distribution was calculated and deduced through global topic distribution and theme-word distribution. Then， K-means algorithm was used to cluster the services and return the best matching results of service requests. Experimental results show that the proposed method can improve the clustering effect of services for IoT and thus obtain the matched best service. Compared with the methods of HDP （Hierarchical Dirichlet Process） and LDA-K （Latent Dirichlet Allocation based on K-means）， the proposed method achieves better performance in terms of Precision and Normalized Discounted Cumulative Gain （NDCG） for best service discovery.