Abstract: Network intrusion detection systems are crucial for maintaining network security, and there is currently limited research on intrusion detection scenarios with only a few abnormal markers of network data. This paper designs a weakly-supervised learning intrusion detection model, called WIDS-APL, based on the anomaly retention of data. The detection model consists of four parts: data transformation layer, representation learning layer, transformation classification layer, and anomaly discrimination layer. By using a set of learnable encoders to map samples to different regions and compress them into a hypersphere, the label information of abnormal samples is used to learn the classification boundaries of normal and abnormal samples, and the abnormal score of the samples is obtained. Testing the WIDS-APL system on four datasets demonstrates the effectiveness and robustness of the system, with improvements in the AUC-ROC values of 4.80%, 5.96%, 1.58%, and 1.73% respectively compared to other mainstream methods. Furthermore, there are enhancements of 15.03%, 2.95%, 4.71%, and 9.23% in AUC-PR performance. 

Key words: network intrusion detection, weakly-supervised learning, deep learning