Self-Supervised Representation Learning for Zero-Day Attack Detection in Encrypted Network Traffic

The proliferation of encrypted network traffic, driven by privacy regulations and modern protocols like TLS 1.3, has rendered traditional signature-based intrusion detection systems (IDS) ineffective against zero-day attacks. This paper proposes a self-supervised learning (SSL) framework to learn discriminative representations from encrypted traffic for detecting unseen attack patterns. By leveraging pretext tasks such as flow reconstruction and contrastive learning, the model generates robust embeddings that capture latent anomalies without labelled training data. Experiments on the CIC-IDS2017 and UNSW-NB15 datasets demonstrate a 15% improvement in F1-score over unsupervised baselines, with a false positive rate (FPR) of 2.1% under adversarial conditions. The framework’s generalizability is validated through cross-dataset evaluations and robustness tests against TLS protocol variations.