English

SAFE: Self-Supervised Anomaly Detection Framework for Intrusion Detection

Cryptography and Security 2025-02-12 v1 Machine Learning

Abstract

The proliferation of IoT devices has significantly increased network vulnerabilities, creating an urgent need for effective Intrusion Detection Systems (IDS). Machine Learning-based IDS (ML-IDS) offer advanced detection capabilities but rely on labeled attack data, which limits their ability to identify unknown threats. Self-Supervised Learning (SSL) presents a promising solution by using only normal data to detect patterns and anomalies. This paper introduces SAFE, a novel framework that transforms tabular network intrusion data into an image-like format, enabling Masked Autoencoders (MAEs) to learn robust representations of network behavior. The features extracted by the MAEs are then incorporated into a lightweight novelty detector, enhancing the effectiveness of anomaly detection. Experimental results demonstrate that SAFE outperforms the state-of-the-art anomaly detection method, Scale Learning-based Deep Anomaly Detection method (SLAD), by up to 26.2% and surpasses the state-of-the-art SSL-based network intrusion detection approach, Anomal-E, by up to 23.5% in F1-score.

Keywords

Cite

@article{arxiv.2502.07119,
  title  = {SAFE: Self-Supervised Anomaly Detection Framework for Intrusion Detection},
  author = {Elvin Li and Zhengli Shang and Onat Gungor and Tajana Rosing},
  journal= {arXiv preprint arXiv:2502.07119},
  year   = {2025}
}

Comments

Accepted by the AAAI-25 Workshop on Artificial Intelligence for Cyber Security (AICS)

R2 v1 2026-06-28T21:39:32.081Z