Search papers, labs, and topics across Lattice.
This paper introduces RPM-Net, a novel neural network architecture for detecting unknown network security threats in imbalanced, multi-class environments. RPM-Net learns "non-class" representations for known attack categories using a reciprocal point mechanism and incorporates adversarial margin constraints to improve the geometric interpretability of unknown threat detection. Experiments demonstrate that RPM-Net, especially with Fisher discriminant regularization (RPM-Net++), significantly outperforms existing methods in F1-score, AUROC, and AUPR-OUT, showcasing its practical utility.
Learn to detect unknown network attacks by explicitly modeling what they are *not*.
Effective detection of unknown network security threats in multi-class imbalanced environments is critical for maintaining cyberspace security. Current methods focus on learning class representations but face challenges with unknown threat detection, class imbalance, and lack of interpretability, limiting their practical use. To address this, we propose RPM-Net, a novel framework that introduces reciprocal point mechanism to learn "non-class" representations for each known attack category, coupled with adversarial margin constraints that provide geometric interpretability for unknown threat detection. RPM-Net++ further enhances performance through Fisher discriminant regularization. Experimental results show that RPM-Net achieves superior performance across multiple metrics including F1-score, AUROC, and AUPR-OUT, significantly outperforming existing methods and offering practical value for real-world network security applications. Our code is available at:https://github.com/chiachen-chang/RPM-Net
