Zero-shot intrusion detection on the Grassmann manifold
Pioneered a geometry-aware zero-shot IDS that maps attack signatures to subspaces and infers unseen threats via geodesic distance.
Zero-shot accuracy
90.6%
AUC
86.1%
Datasets
KDD Cup 99, NSL-KDD
Overview
Emerging attack variants provided little to no labeled data for traditional classifiers.
Our researchers designed an inference pipeline that generalizes to new attack classes without retraining.
Challenges
- Zero-shot learning in cybersecurity required informative attribute spaces tied to attack semantics.
- Measuring similarity between class signatures demanded geometry-aware techniques.
- Evaluation setups needed to respect the seen vs. unseen class split inherent to ZSL.
Approach
Attribute extraction for known attacks
Learned rule-based attributes that encode semantic signatures for established attack classes.
Grassmannian representation
Mapped attribute signatures to subspaces via SVD and compared them using closed-form geodesic distances.
k-NN inference under manifold geometry
Applied nearest-neighbour classification with Grassmannian metrics to assign unseen attacks to the right families.
Impact delivered
- Improved zero-shot intrusion detection accuracy over Frobenius-distance baselines.
- Showed that geometry-aware similarity is critical for recognizing new or rare attack classes.
- Provided a deployable pipeline for extending IDS coverage without extensive relabeling.
Key lessons
- Zero-shot performance hinges on both semantic attributes and the geometry used to compare them.
- Closed-form geodesic metrics offer accuracy gains without runtime penalties.
- Security systems need strategies that anticipate unseen threats, not just known signatures.
Ready to transform your data infrastructure?
Let's discuss how we can help you achieve similar results with a tailored approach for your organization.
Get in touch