SLT-driven deep networks for robust and generalizable cyber threat detection
摘要
The exponential increase in cyber-physical devices has shrunk the timeline of network threat detection to real-time, with particular urgency for covert attacks like Man-in-the-Middle (MITM) and ARP spoofing. This paper introduces a deep intrusion detector combining Singular Learning Theory (SLT) with sharpness-aware learning (SAM), AdamW optimization, and Bayesian hyperparameter optimization. Network flows are analyzed by a hybrid CNN–BiLSTM model that extracts spatial–temporal relationships. SLT measures-Real Log Canonical Threshold (RLCT) and Widely Applicable Information Criterion (WAIC) estimate model complexities and generalize abilities. CIC-IDS2017, UNSW-NB15, and Bot-IoT datasets prove that the proposed detector has 97.6% accuracy, 97.3% F1-score, and AUC-ROC of 0.988, with only 1.4% of false positives, beating state-of-the-art and deep baselines. Ablation analysis indicates repeated benefits of SAM (+ 1.8% F1-score), AdamW (+ 1.2%), and SLT-informed evaluation (+ 0.9%) to demonstrate that combining SLT-aware analysis by sharpness-aware optimization results in an interpretable and resilient intrusion detector to detect infrequent, high-risk cyber-attacks in real-world networks.