<p>The exponential increase in cyber-physical devices has shrunk the timeline of network threat detection to real-time, with particular urgency for covert attacks like Man-in-the-Middle (MITM) and ARP spoofing. This paper introduces a deep intrusion detector combining Singular Learning Theory (SLT) with sharpness-aware learning (SAM), AdamW optimization, and Bayesian hyperparameter optimization. Network flows are analyzed by a hybrid CNN–BiLSTM model that extracts spatial–temporal relationships. SLT measures-Real Log Canonical Threshold (RLCT) and Widely Applicable Information Criterion (WAIC) estimate model complexities and generalize abilities. CIC-IDS2017, UNSW-NB15, and Bot-IoT datasets prove that the proposed detector has 97.6% accuracy, 97.3% F1-score, and AUC-ROC of 0.988, with only 1.4% of false positives, beating state-of-the-art and deep baselines. Ablation analysis indicates repeated benefits of SAM (+ 1.8% F1-score), AdamW (+ 1.2%), and SLT-informed evaluation (+ 0.9%) to demonstrate that combining SLT-aware analysis by sharpness-aware optimization results in an interpretable and resilient intrusion detector to detect infrequent, high-risk cyber-attacks in real-world networks.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

SLT-driven deep networks for robust and generalizable cyber threat detection

  • Suneeta Satpathy,
  • Saswati Chatterjee,
  • Pratik Kumar Swain

摘要

The exponential increase in cyber-physical devices has shrunk the timeline of network threat detection to real-time, with particular urgency for covert attacks like Man-in-the-Middle (MITM) and ARP spoofing. This paper introduces a deep intrusion detector combining Singular Learning Theory (SLT) with sharpness-aware learning (SAM), AdamW optimization, and Bayesian hyperparameter optimization. Network flows are analyzed by a hybrid CNN–BiLSTM model that extracts spatial–temporal relationships. SLT measures-Real Log Canonical Threshold (RLCT) and Widely Applicable Information Criterion (WAIC) estimate model complexities and generalize abilities. CIC-IDS2017, UNSW-NB15, and Bot-IoT datasets prove that the proposed detector has 97.6% accuracy, 97.3% F1-score, and AUC-ROC of 0.988, with only 1.4% of false positives, beating state-of-the-art and deep baselines. Ablation analysis indicates repeated benefits of SAM (+ 1.8% F1-score), AdamW (+ 1.2%), and SLT-informed evaluation (+ 0.9%) to demonstrate that combining SLT-aware analysis by sharpness-aware optimization results in an interpretable and resilient intrusion detector to detect infrequent, high-risk cyber-attacks in real-world networks.