AEGIS: Adversarial Entropy-Guided Immune System -- Thermodynamic State Space Models for Zero-Day Network Evasion Detection
Vickson Ferrel
TL;DR
AEGIS introduces a physics-inspired, non-Euclidean approach for detecting zero-day network evasion tactics with high accuracy and low latency, surpassing traditional payload-based methods.
Contribution
The paper presents a novel thermodynamic state space model that discards payload bytes, using continuous-time flow physics in a non-Euclidean manifold for adversarial network detection.
Findings
Achieves an F1-score of 0.9952 on a large adversarial corpus.
Processes 64,000 packets at line-rate with 262 microseconds latency.
Outperforms existing methods in detecting zero-day network evasion.
Abstract
As TLS 1.3 encryption limits traditional Deep Packet Inspection (DPI), the security community has pivoted to Euclidean Transformer-based classifiers (e.g., ET-BERT) for encrypted traffic analysis. However, these models remain vulnerable to byte-level adversarial morphing -- recent pre-padding attacks reduced ET-BERT accuracy to 25.68%, while VLESS Reality bypasses certificate-based detection entirely. We introduce AEGIS: an Adversarial Entropy-Guided Immune System powered by a Thermodynamic Variance-Guided Hyperbolic Liquid State Space Model (TVD-HL-SSM). Rather than competing in the Euclidean payload-reading domain, AEGIS discards payload bytes in favor of 6-dimensional continuous-time flow physics projected into a non-Euclidean Poincare manifold. Liquid Time-Constants measure microsecond IAT decay, and a Thermodynamic Variance Detector computes sequence-wide Shannon Entropy to expose…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.