Go to ACM TheWebConf 2025 Conference homepageFacing Anomalies Head-On: Network Traffic Anomaly Detection via Uncertainty-Inspired Inter-Sample Differences
Track: Security and privacy
Keywords: Network Traffic Anomaly Detection, Uncertainty Quantification, Drifted Anomaly Detection, Zero-Positive Learning
TL;DR: We propose a novel uncertainty-based evidential detection framework for network traffic anomaly deetction from an inter-sample difference perspective.
Abstract: Network traffic anomaly detection is pivotal in cybersecurity, especially as data volume grows and security requirement intensifies. This study addresses critical limitations in existing reconstruction-based methods, which quantify anomalies relying on intra-sample differences and struggle to detect drifted anomalies. In response, we propose a novel approach, the Uncertainty-Inspired Inter-Sample Differences method (UnDiff), which leverages model uncertainty to enhance anomaly detection capabilities, particularly in scenarios involving anomaly drift. By employing evidential learning, the UnDiff model gathers evidence to minimize uncertainty in normal network traffic, enhancing its ability to differentiate between normal and anomalous traffic. To overcome the limitations of intra-sample difference quantification in reconstruction-based methods, we propose a novel anomaly score based on inter-sample uncertainty deviation that directly quantifies the anomaly degree. Benefiting from a concise model design and parameterized uncertainty quantification, UnDiff achieves high efficiency. Extensive experiments on three benchmarks demonstrate UnDiff's superior performance in detecting both undrifted and drifted anomalies with minimal computational overhead. This research contributes to the field of network security by introducing a new uncertainty-based modeling paradigm and a novel uncertainty-inspired anomaly score.
Submission Number: 1522
Loading