ZERO-SHOT DEEP LEARNING FOR MALICIOUS EVENT DETECTION IN CYBERSECURITY: A NOVEL APPROACH

Abstract

Modern cloud-native systems generate heterogeneous telemetry across microservices, databases, logs, and containerized infrastructure, making traditional anomaly detection brittle and prone to high false-alarm rates. Prior studies show false-positive rates of 50–86% and miss rates of 5–20% in real-world deployments, underscoring the operational burden of noisy detection systems. This thesis presents a zero-shot anomaly detection framework that integrates system-wide telemetry and infers malicious behavior using semantic embeddings derived from domain-specific knowledge graphs. The model adapts its embedding space during inference via transductive learning and employs GAN augmentation with metric-learning enhancements to improve robustness. A Kafka-based pipeline supports real-time operation. Evaluated on real QA telemetry and synthetic attacks, the system achieves 96.4% accuracy, 95.5% macro-F1, and single-digit error rates (~4–5%), substantially outperforming typical enterprise benchmarks. These results demonstrate a scalable, adaptive approach for detecting emerging threats in distributed environments.