Go to AAMAS 2026 Workshop AI4CNI homepageINTACT: Intent-Aware Representation Learning for Cryptographic Traffic Violation Detection
Keywords: Intent-Aware Learning, Cryptographic Traffic Analysis, Policy-Conditioned Detection, Critical National Infrastructure, AI Safety, Multi-Intent Anomaly Detection, Distribution Shift Robustness
TL;DR: INTACT reformulates cryptographic violation detection by conditioning predictions on security intent, learning policy-parameterized decision boundaries instead of static anomaly thresholds.
Track: Research Paper
Abstract: Security monitoring in Critical National Infrastructure systems such as energy grids, telecommunications backbones, and public service networks requires reliable enforcement of explicit operational policies under evolving threat conditions. Conventional anomaly detection methods treat violations as statistical deviations from observed data distributions. In cryptographic traffic monitoring, however, violations are defined not by rarity but by formal policy constraints including key reuse prohibition, downgrade prevention, and bounded key lifetimes. This mismatch limits interpretability, policy alignment, and adaptability in safety critical environments.We introduce INTACT, an intent aware representation learning framework that reformulates violation detection as conditional constraint learning. Instead of learning a static anomaly boundary over behavioral features, INTACT models the probability of violation conditioned jointly on observed behavior and declared security intent. The architecture factorizes representation learning into behavioral and intent encoders whose fused embeddings yield a policy parameterized family of decision boundaries, enabling explicit alignment between detection logic and operational constraints. We evaluate INTACT on a large scale real world network flow dataset and a 210000 trace synthetic multi intent cryptographic corpus modeling controlled policy violations and distribution shift. INTACT matches or exceeds strong unsupervised and supervised baselines, achieving near perfect discrimination with AUROC up to 1.0000 in real traffic and consistently superior performance on relational and composite violations in synthetic settings. These results demonstrate that explicit intent conditioning improves discrimination, interpretability, and robustness, properties essential for trustworthy AI deployment in critical infrastructure environments.
Email Sharing: We authorize the sharing of all author emails with Program Chairs.
Data Release: We authorize the release of our submission and author names to the public in the event of acceptance.
Submission Number: 6
Loading