PARD-SSM: Probabilistic Cyber-Attack Regime Detection via Variational Switching State-Space Models

Computer Science > Cryptography and Security [Submitted on 2 Apr 2026] PARD-SSM: Probabilistic Cyber-Attack Regime Detection via Variational Switching State-Space Models Prakul Sunil Hiremath, PeerAhammad M Bagawan, Sahil Bhekane Modern adversarial campaigns unfold as sequences of behavioural phases - Reconnaissance, Lateral Movement, Intrusion, and Exfiltration - each often indistinguishable from legitimate traffic when viewed in isolation. Existing intrusion detection systems (IDS) fail to capture this structure: signature-based methods cannot detect zero-day attacks, deep-learning models provide opaque anomaly scores without stage attribution, and standard Kalman Filters cannot model non-stationary multi-modal dynamics. We present PARD-SSM, a probabilistic framework that models network telemetry as a Regime-Dependent Switching Linear Dynamical System with K = 4 hidden regimes. A structured variational approximation reduces inference complexity from exponential to O(TK^2), enabling real-time detection on standard CPU hardware. An online EM algorithm adapts model parameters, while KL-divergence gating suppresses false positives. Evaluated on CICIDS2017 and UNSW-NB15, PARD-SSM achieves F1 scores of 98.2% and 97.1%, with latency less than 1.2 ms per flow. The model also produces predictive alerts approximately 8 minutes before attack onset, a capability absent in prior systems. Comments: 18 pages, 3 figures, 3 tables, code available on GitHub Subjects: Cryptography and Security (cs.CR) ACM classes: C.2.0; C.2.3; I.2.6; G.3 Cite as: arXiv:2604.02299 [cs.CR]   (or arXiv:2604.02299v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2604.02299 Focus to learn more Submission history From: Prakul Hiremath [view email] [v1] Thu, 2 Apr 2026 17:38:52 UTC (111 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-04 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)