A critical vulnerability of supervised deep learning in high-dimensional tabular domains is "generalization collapse": models form precise decision boundaries around known training distributions but fail catastrophically when encountering Out-of-Distribution (OOD) data. To overcome this, we propose Latent Sculpting, a hierarchical, two-stage representation learning architecture designed to enforce explicit structural boundaries prior to density estimation. In the first stage, a Transformer-based tabular encoder is trained using our novel Binary Latent Sculpting loss. This objective explicitly condenses benign network traffic into a dense, low-entropy hypersphere while enforcing a strict geometric minimum-distance margin for anomalous patterns. In the second stage, a Masked Autoregressive Flow (MAF) maps this structurally optimized manifold to calculate exact, probabilistic anomaly thresholds. We evaluate this methodology on the CIC-IDS-2017 benchmark under a rigorous zero-shot protocol, deliberately withholding complex attack classes during training to test true OOD generalization. Averaged across three random initialization seeds to ensure statistical robustness, our framework maintains near-perfect classification on known signatures (F1 = 0.980 +/- 0.000) while achieving an overall zero-shot OOD F1-Score of 0.867 +/- 0.021 and an AUROC of 0.913 +/- 0.010 at an 85th-percentile threshold. Most notably, the model achieves an average recall of 78.7% (peaking at 97.2%) on stealthy "Infiltration" attacks and over 94% on low-volume DoS variations - complex distributional shifts where standard supervised and unsupervised baselines historically suffer near-total detection failure. These empirical results demonstrate that explicitly decoupling topological manifold structuring from probabilistic density estimation establishes a highly stable and scalable defense against zero-day cyber threats.

翻译：监督式深度学习在高维表格数据领域存在一个关键缺陷——“泛化崩溃”：模型能够在已知训练分布周围形成精确的决策边界，但在遭遇分布外数据时性能会灾难性下降。为克服此问题，我们提出潜在空间塑形——一种分层式两阶段表征学习架构，旨在进行密度估计前强制建立显式的结构边界。第一阶段，基于Transformer的表格编码器通过我们提出的二元潜在空间塑形损失函数进行训练。该目标函数将良性网络流量显式压缩至稠密的低熵超球体内，同时对异常模式施加严格的几何最小距离边界。第二阶段，掩码自回归流将经过结构优化的流形映射至概率空间，以计算精确的概率化异常阈值。我们在CIC-IDS-2017基准数据集上采用严格的零样本协议评估该方法，故意在训练阶段排除复杂攻击类别以测试真实的分布外泛化能力。通过三个随机初始化种子的平均结果确保统计稳健性，我们的框架在已知攻击特征上保持近乎完美的分类性能（F1 = 0.980 +/- 0.000），同时在85百分位阈值下实现了整体零样本分布外F1分数0.867 +/- 0.021与AUROC 0.913 +/- 0.010。最值得注意的是，该模型在隐蔽的“渗透”攻击上达到平均召回率78.7%（峰值97.2%），在低流量DoS变种攻击上超过94%——这些复杂分布偏移场景中，传统监督式与无监督基线方法历来存在近乎完全的检测失效问题。实证结果表明，将拓扑流形结构化与概率密度估计显式解耦，能为零日网络威胁建立高度稳定且可扩展的防御机制。