10 KiB
JANUS
JANUS — flow-matching unsupervised network anomaly detection over packet sequences.
JANUS is a packet-causal Transformer with two output heads on a shared backbone:
- Continuous Flow Matching head over the (size, IAT, win) packet channels.
- Discrete Flow Matching head over the 6 binary protocol-flag / direction channels.
Trained jointly on benign traffic only (no attack labels at any stage). The deployable scalar score is a Mahalanobis-OAS distance over a 10-d per-flow score vector emitted by the trained model, with the aggregator fit on benign val only — entirely unsupervised end-to-end.
JANUS is the first NIDS method to use Flow Matching as the training paradigm in mixed continuous–discrete state spaces over packet sequences.
Headline results
3-seed mean ± std AUROC. Selection-bias-free Mahalanobis-OAS aggregator on the 10-d JANUS score vector, fit on benign val only.
Within-dataset comparison (AUROC %, mean ± std)
| Method | Venue | CIC-IDS2017 | CIC-DDoS2019 | CIC-IoT2023 | ISCXTor2016 |
|---|---|---|---|---|---|
| Isolation Forest | classical | 55.27 ± 0.4 | 62.18 ± 2.8 | 48.42 ± 4.1 | 51.86 ± 3.4 |
| OCSVM | classical | 59.59 ± 0.6 | 66.74 ± 2.4 | 51.83 ± 3.7 | 56.12 ± 3.1 |
| AnoFormer | ICLR'22 | 63.37 ± 0.7 | 69.85 ± 3.2 | 57.94 ± 4.1 | 61.46 ± 3.4 |
| GANomaly | BMVC'18 | 82.75 ± 5.6 | 86.13 ± 5.3 | 71.68 ± 6.4 | 76.52 ± 5.7 |
| RD4AD | CVPR'22 | 83.78 ± 0.8 | 87.62 ± 2.0 | 71.45 ± 4.2 | 77.31 ± 3.2 |
| TSLANet | ICML'24 | 84.45 ± 1.7 | 87.31 ± 2.5 | 71.92 ± 4.5 | 78.04 ± 3.6 |
| ARCADE | — | 84.85 ± 2.0 | 88.04 ± 3.1 | 72.65 ± 4.4 | 78.43 ± 3.7 |
| MFAD | — | 86.02 ± 0.8 | 89.16 ± 2.1 | 73.74 ± 3.5 | 79.48 ± 2.9 |
| STFPM | BMVC'21 | 86.29 ± 1.7 | 88.95 ± 2.9 | 73.42 ± 4.3 | 79.16 ± 3.5 |
| MMR | — | 89.26 ± 1.2 | 91.74 ± 2.1 | 77.83 ± 3.9 | 82.51 ± 3.0 |
| Shafir NF + Shapley | arXiv'26 | 93.03 ± 1.5 | 93.00 ± 1.5 | 72.24 ± 6.1 | 87.31 ± 1.5 |
| ConMD | TIFS'26 | 94.43 ± 0.1 | 96.04 ± 1.4 | 80.05 ± 3.2 | 87.83 ± 2.4 |
| JANUS (ours) | — | 98.26 ± 0.35 | 99.18 ± 0.05 | 95.90 ± 0.22 | 99.09 ± 0.13 |
Baseline methods (within-dataset table)
- Isolation Forest — random partitioning trees; anomalies isolate in shorter average path length.
- OCSVM — one-class SVM boundary around benign in feature space; signed distance to the boundary is the score.
- AnoFormer (ICLR'22) — Transformer reconstruction over time series; reconstruction error as score.
- GANomaly (BMVC'18) — encoder–decoder–encoder GAN; combined reconstruction error + latent-space distance.
- RD4AD (CVPR'22) — reverse distillation; student decodes a frozen teacher's multi-scale features, teacher/student feature mismatch is the score.
- TSLANet (ICML'24) — time-series net mixing conv, attention, and spectral filtering; reconstruction/prediction error as score.
- ARCADE — adversarially-regularized convolutional autoencoder for traffic anomaly detection; reconstruction error as score.
- MFAD — multi-feature fusion reconstruction; distance over the fused-view reconstruction as score.
- STFPM (BMVC'21) — student–teacher feature pyramid matching across scales; multi-scale feature mismatch as score.
- MMR — masked reconstruction; mask part of the input and score by reconstruction error at masked positions.
- Shafir NF + Shapley (arXiv'26) — Normalizing Flow on CICFlowMeter flow statistics with SHAP-selected top-5 features; negative log-likelihood as score.
- ConMD (TIFS'26) — contrastive/diffusion-based multimodal NIDS; strongest non-JANUS baseline in the table.
3×3 cross-dataset transfer matrix
Source (rows) trained on 10K benign of source dataset; target (columns) tested on full target benign + all target attacks. Aggregator fit on target benign val only — no attack labels at any stage. Diagonal italic = within-dataset.
| Source ↓ / Target → | CICIDS17 | CICDDoS19 | CICIoT23 |
|---|---|---|---|
| CICIDS17 | 0.9826 ± 0.0035 | 0.9690 ± 0.0047 | 0.8698 ± 0.0031 |
| CICDDoS19 | 0.9413 ± 0.0212 | 0.9918 ± 0.0005 | 0.8767 ± 0.0068 |
| CICIoT23 | 0.9394 ± 0.0063 | 0.9030 ± 0.0075 | 0.9590 ± 0.0022 |
Ablations (architecture & aggregator)
Two orthogonal ablation axes, each evaluated within-dataset (4 datasets × 3 seeds) and cross-dataset (3×3 transfer × 3 seeds):
- Group A — 7 alternative aggregators on the same JANUS-full sub-score vector (post-processing only; no retraining).
- Group B — 5 architecture variants, each retrained 4 datasets × 3 seeds = 60 runs + 90 cross-evals.
Every load-bearing JANUS design choice has the same shape of ablation curve: small in-distribution cost, large cross-dataset gain.
| Component (removed in ablation) | Variant | Within Δ | Cross-mean Δ | Cross-worst Δ |
|---|---|---|---|---|
| FLOW token (global context) | B1 | −0.94 | −6.70 | −19.97 |
| Packet sequence | B2 | +0.15 | −23.82 | −36.27 |
| Cont/disc head split (drop disc head) | B3 | +0.44 | −13.14 | −25.03 |
| CFM head (drop continuous side) | B4 | −2.37 | −2.03 | −2.86 |
| Joint training of two heads | B5 | +0.20 | −18.93 | −27.54 |
| OAS Mahalanobis aggregator | A1 vs A5 | +0.37 | −15.88 | −27.38 |
Three ablations (B3 / B5 / A-aggregator) marginally beat JANUS-full at within-dataset evaluation but collapse on at least one cross-dataset transfer direction. The disc head, joint training, and OAS aggregator are deliberate trades: their value is exclusively in cross-dataset robustness.
Full headline summary: artifacts/ablation/ABLATION_SUMMARY.md. Per-variant 3×3 cross matrices: artifacts/ablation/ABLATION_CROSS_B_full.md and artifacts/ablation/ABLATION_TABLE_CROSS_full.md.