Traditional security scanners fail when facing new attack patterns they haven't seen before. They rely on fixed rules and predetermined signatures, making them blind to novel threats. We present a fundamentally different approach: instead of memorizing specific attack patterns, we learn what makes systems genuinely secure. Our key insight is simple yet powerful: context determines vulnerability. A SQL query that's safe in one environment becomes dangerous in another. By modeling this context-vulnerability relationship, we achieve something remarkable: our system detects attacks it has never seen before. We introduce context-aware verification that learns from genuine system behavior. Through reconstruction learning on secure systems, we capture their essential characteristics. When an unknown attack deviates from these patterns, our system recognizes it, even without prior knowledge of that specific attack type. We prove this capability theoretically, showing detection rates improve exponentially with context information I(W;C). Our framework combines three components: (1) reconstruction learning that models secure behavior, (2) multi-scale graph reasoning that aggregates contextual clues, and (3) attention mechanisms guided by reconstruction differences. Extensive experiments validate our approach: detection accuracy jumps from 58 percent to 82 percent with full context, unknown attack detection improves by 31 percent, and our system maintains above 90 percent accuracy even against completely novel attack vectors.

翻译：传统安全扫描器在面对未曾见过的新型攻击模式时往往失效。它们依赖固定规则与预定义签名，导致对新颖威胁视而不见。本文提出一种根本不同的方法：我们并非记忆特定攻击模式，而是学习使系统真正安全的内在机制。核心洞见简洁而有力：上下文决定漏洞。同一SQL查询在某个环境中安全，在另一环境中却可能危险。通过建模这种上下文-漏洞关系，我们实现了显著突破：系统能够检测从未见过的攻击。我们引入基于真实系统行为学习的上下文感知验证方法。通过对安全系统进行重构学习，捕获其本质特征。当未知攻击偏离这些模式时，系统即使不具备该攻击类型的先验知识也能识别。我们从理论上证明该能力，表明检测率随上下文信息I(W;C)呈指数级提升。本框架融合三个组件：(1) 建模安全行为的重构学习，(2) 聚合上下文线索的多尺度图推理，(3) 由重构差异引导的注意力机制。大量实验验证了方法的有效性：完整上下文下检测准确率从58%跃升至82%，未知攻击检测提升31%，即使面对完全新颖的攻击向量，系统仍保持90%以上的准确率。