In this paper, we present an adaptive framework designed for the continuous detection, identification and classification of emerging attacks in network traffic. The framework employs a transformer encoder architecture, which captures hidden patterns in a bidirectional manner to differentiate between malicious and legitimate traffic. Initially, the framework focuses on the accurate detection of malicious activities, achieving a perfect recall of 100\% in distinguishing between attack and benign traffic. Subsequently, the system incrementally identifies unknown attack types by leveraging a Gaussian Mixture Model (GMM) to cluster features derived from high-dimensional BERT embeddings. This approach allows the framework to dynamically adjust its identification capabilities as new attack clusters are discovered, maintaining high detection accuracy. Even after integrating additional unknown attack clusters, the framework continues to perform at a high level, achieving 95.6\% in both classification accuracy and recall.The results demonstrate the effectiveness of the proposed framework in adapting to evolving threats while maintaining high accuracy in both detection and identification tasks. Our ultimate goal is to develop a scalable, real-time intrusion detection system that can continuously evolve with the ever-changing network threat landscape.

翻译：本文提出了一种自适应框架，旨在对网络流量中新出现的攻击进行持续检测、识别与分类。该框架采用Transformer编码器架构，通过双向方式捕获隐藏模式以区分恶意流量与合法流量。首先，该框架专注于恶意活动的精确检测，在区分攻击流量与良性流量时实现了100%的完美召回率。随后，系统通过利用高斯混合模型对高维BERT嵌入特征进行聚类，逐步识别未知攻击类型。该方法使框架能够在发现新攻击集群时动态调整其识别能力，同时保持较高的检测准确率。即使在整合了额外的未知攻击集群后，该框架仍保持优异性能，分类准确率与召回率均达到95.6%。实验结果表明，所提框架在适应不断演变的威胁的同时，在检测与识别任务中均能保持高精度。我们的最终目标是开发一种可扩展的实时入侵检测系统，能够持续适应不断变化的网络威胁态势。