When Unknown Threat Meets Label Noise: A Self-Correcting Framework

Network intrusion detection systems (NIDS) are crucial for network management and security. However, in real-world scenarios, NIDS faces two core challenges: (i) label noise, where mislabeled samples in the training data distort the model's decision boundaries; (ii) unknown attack detection, where existing methods struggle to identify novel attack patterns in dynamic attack environments. More critically, these two challenges are interlinked, forming a vicious cycle that continuously degrades the overall reliability of NIDS. Existing research often addresses these issues in isolation, and no method has yet been proposed to coordinate their antagonistic effects systematically. To tackle this open problem, we propose AEGIS-Net for the first time—a dual anti-noise framework based on multi-prototype correction and model-agnostic detection. AEGIS-Net introduces a density-difference-driven multi-prototype competition mechanism, which achieves fine-grained noise label correction through feature space sub-cluster analysis. We also design a distribution-independent k-nearest neighbors detection paradigm, using the corrected compact feature space to determine unknown attacks in open environments. The two modules are collaboratively optimized through a shared encoder, forming a positive cycle of noise suppression and detection enhancement. Extensive experiments on real-world datasets validate the effectiveness of AEGIS-Net in addressing these dual challenges. Notably, under 50% asymmetric noise conditions, AEGIS-Net achieves classification accuracy of 89.02% for known attacks and 98.76% for unknown attack detection on the MAL_TLS2023 dataset. Theoretical proofs and visualization analysis reveal the anti-noise properties of AEGIS-Net under feature space stability constraints.