Papers
Topics
Authors
Recent
Search
2000 character limit reached

AEGIS: Adversarial Entropy-Guided Immune System -- Thermodynamic State Space Models for Zero-Day Network Evasion Detection

Published 2 Apr 2026 in cs.CR and cs.LG | (2604.02149v1)

Abstract: As TLS 1.3 encryption limits traditional Deep Packet Inspection (DPI), the security community has pivoted to Euclidean Transformer-based classifiers (e.g., ET-BERT) for encrypted traffic analysis. However, these models remain vulnerable to byte-level adversarial morphing -- recent pre-padding attacks reduced ET-BERT accuracy to 25.68%, while VLESS Reality bypasses certificate-based detection entirely. We introduce AEGIS: an Adversarial Entropy-Guided Immune System powered by a Thermodynamic Variance-Guided Hyperbolic Liquid State Space Model (TVD-HL-SSM). Rather than competing in the Euclidean payload-reading domain, AEGIS discards payload bytes in favor of 6-dimensional continuous-time flow physics projected into a non-Euclidean Poincare manifold. Liquid Time-Constants measure microsecond IAT decay, and a Thermodynamic Variance Detector computes sequence-wide Shannon Entropy to expose automated C2 tunnel anomalies. A pure C++ eBPF Harvester with zero-copy IPC bypasses the Python GIL, enabling a linear-time O(N) Mamba-3 core to process 64,000-packet swarms at line-rate. Evaluated on a 400GB, 4-tier adversarial corpus spanning backbone traffic, IoT botnets, zero-days, and proprietary VLESS Reality tunnels, AEGIS achieves an F1-score of 0.9952 and 99.50% True Positive Rate at 262 us inference latency on an RTX 4090, establishing a new state-of-the-art for physics-based adversarial network defense.

Authors (1)

Summary

  • The paper presents a novel thermodynamic state space model that captures 6-dimensional flow physics to achieve a 99.5% true positive rate in detecting zero-day evasion.
  • It replaces vulnerable payload-based inspection with hyperbolic embedding and Liquid Time-Constant networks, enabling precise microsecond-level anomaly detection.
  • The system integrates high-throughput eBPF/DPDK pipelines with Mamba-3 core processing to realize real-time defense at an inference latency of 1.6 ms under adversarial load.

Thermodynamic State Space Models for Zero-Day Network Evasion Detection: An Expert Analysis of AEGIS

Introduction and Motivation

AEGIS (Adversarial Entropy-Guided Immune System) (2604.02149) addresses pivotal weaknesses in current encrypted traffic analysis, namely the fragility of payload-based Deep Learning classifiers under advanced adversarial morphing and cryptographic mimicry. Modern encrypted network traffic (e.g., via TLS 1.3) erases the visibility required for traditional DPI, driving research toward Transformer-based models that tokenize byte sequences. However, byte-wise adversarial attacks such as pre-padding can severely degrade classification accuracy, and protocols capable of certificate spoofing (ex: VLESS Reality) evade certificate-based detection entirely.

AEGIS introduces a distinct paradigm, discarding payload inspection and instead extracting 6-dimensional continuous-time flow physics. The architecture embeds these in a hyperbolic manifold, leveraging continuous-time modeling with Liquid Time-Constant (LTC) networks and a Thermodynamic Variance Detector (TVD) to exploit the inherent rigidity of automated evasion tools. This is operationalized in a high-throughput system realized via a Mamba-3 core, underpinned by zero-copy C++/eBPF network ingress.

Architectural Insights

AEGIS’s TVD-HL-SSM (Thermodynamic Variance-Guided Hyperbolic Liquid State Space Model) is constructed from several interlocking innovations:

Flow Physics-Based Feature Extraction

Traditional packet inspection is replaced with a 6-dimensional vector: packet size, microsecond-level inter-arrival times (IAT), directionality, TCP window size, normalized TCP flags, and payload ratio. Payload bytes are entirely excluded, nullifying adversarial sequence-based attacks and focusing on the macro/meso-structure of flows.

Hyperbolic Embedding of Topologies

The system projects flow features into the Poincaré disk, inherently suited for representing exponential (botnet-like) topologies and mitigating issues of gradient instability or distortion present in high-branching hierarchies in Euclidean spaces. This results in geometric representations more faithful to actual network morphologies.

Liquid Time-Constant Networks

By incorporating LTCs, AEGIS explicitly models and maintains sensitivity to microsecond-level timing variances, structurally encoding natural stochasticity versus the rigidity or optimized mimicry imposed by automated tunneling tools. Decay rates, parameterized by flow-derived IATs, enable the network to track dynamics missed by discrete models.

Linear-Time Selective State Space Modeling (Mamba-3 Core)

Replacing Transformer self-attention with Mamba-based SSMs retains long-sequence dependencies at linear time and memory complexity, enabling efficient, high-throughput inference. This makes real-world deployment on massive per-packet contexts feasible, even under high network loads and adversarial stress.

Thermodynamic Variance Detection

The TVD computes Shannon entropy over the sequence of SSM hidden states. Automated evasion logic, while often successful at payload and timing mimicry, tends to generate structurally rigid or low-entropy flows, which are detected as anomalous by the TVD. This exploits a residual mathematical distinction even when temporal and volumetric features are adversarially manipulated.

Experimental Validation

AEGIS is evaluated on a 400GB, four-tier adversarial corpus encompassing real-world backbone traffic, IoT botnets, zero-day rootkits, and advanced cryptographic evasion (including VLESS Reality). The test partition is highly adversarial, with significant cryptographic and temporal morphing present.

The architecture achieves the following headline results:

  • F1-score: 0.9952
  • True Positive Rate (TPR): 99.50%
  • False Positive Rate (FPR): 0.2141%
  • Aggregate inference latency: 1.6 ms (Swarm Batch Size 64)

The AEGIS confusion matrix underscores high recall and precision, with negligible alert fatigue and minimal benign class collateral (Figure 1). Figure 1

Figure 1

Figure 1

Figure 1: Classification confusion matrix for AEGIS at optimal checkpoint, confirming high precision and minimal FPR under adversarial load.

Empirical ROC analysis demonstrates near-perfect discrimination (AUC = 0.9998) across test scenarios including those where payload and volumetric features are adversarially anchored.

Adversarial Robustness

Adversarial stress testing via Gaussian IAT noise demonstrates robust performance up to a 10% perturbation threshold. The model’s F1 remains >0.97 until synthetic IAT distortion exceeds 15%, at which point distinguishability degrades. Physical adversaries are unlikely to sustain such noise without breaking protocol integrity, defining a practical detection frontier.

Notably, the only evasion scenarios producing false negatives involve tunnels multiplexing authentic human entropy—i.e., genuine or near-perfectly-mimicked human interaction patterns over XTLS/Reality—implying a fundamental theoretical boundary for flow-only detection systems.

Engineering and Deployment

AEGIS’s implementation proves unique for real-time, high-throughput deployment. Kernel-level eBPF/DPDK harvesting into zero-copy shared memory (bypassing Python’s GIL and user-space I/O) feeds tens of thousands of parallel sequence windows into the Mamba-3 core without incurring traditional deep learning pipeline bottlenecks. On RTX 4090 hardware, inference scales theoretically to 40 Mpps, orders of magnitude above the capacity of Transformer-based systems.

This hardware/architecture co-design supports real-world perimeter defense, privacy-preserving network monitoring (no payload inspection), and deployment at enterprise line rates. Bottlenecks encountered are strictly architectural (e.g., PCIe bus saturation), not algorithmic, and are readily mitigated in production-quality, bare-metal systems leveraging GPUDirect RDMA or SmartNICs.

Critical Claims, Contradictions, and Theoretical Implications

  • AEGIS strongly claims immunity to adversarial morphing and certificate spoofing in automated, high-throughput C2 scenarios. While not immune to adversaries leveraging genuine human-in-the-loop entropy, this constraint sets a practical floor for the cost and friction of adversarial activity in operational networks.
  • The empirical results contradict the viability of payload-dependent models (e.g., ET-BERT) for robust defense, especially in adversarial settings, highlighting their susceptibility to byte-level perturbation.
  • A theoretical limit (“Human Entropy Horizon”) is identified: sufficiently sophisticated mimicry of natural human interaction cannot be detected at the flow physics level, defining a boundary for all physical-layer anomaly detection models.

Implications for Future AI-Driven Network Defense

This research establishes a rigorous framework for next-generation flow analysis, based on continuous-time thermodynamic and non-Euclidean geometric representations. Practical deployment suggests significant real-world utility: high-recall, low-FPR detection of automated and even cryptographically-evasive tunnels without reliance on privacy-invasive payload inspection.

Future research will likely extend this approach to integrate multi-modal context (e.g., application-layer metadata or side-channel analysis), explore fusion with memory-resident anomaly detection, and optimize for adversarial coevolution where stateful mimicry attempts to push past established entropy boundaries. Quantum- and large-scale probabilistic modeling might further pressure-test claimed detection frontiers.

Conclusion

AEGIS delivers a rigorously tested, mathematically-grounded architecture for zero-day network evasion detection that is robust to advanced adversarial manipulation, including cryptographic mimicry and payload morphing. The system abandons vulnerable Euclidean payload reading in favor of structurally resilient thermodynamic and hyperbolic state space analysis, achieving strong empirical performance and demonstrating theoretical advantages and limits.

Through highly efficient, privacy-preserving inference pipelines, AEGIS sets an operational baseline for future resilient network defense. It identifies fundamental constraints on automated evasion and provides clear direction for subsequent AI research, both in defensive strategy and adversarial countermeasures.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We found no open problems mentioned in this paper.

Collections

Sign up for free to add this paper to one or more collections.