Utilizing Deep Learning Techniques for Effective Zero-Day Attack Detection

Zero-day attacks take use of undiscovered flaws to evade detection by cybersecurity detection systems. According to the findings, zero-day attacks are prevalent and pose a serious risk to computer security. Zero-day attacks are difficult to detect using the conventional signature-based detection approach since their signatures are usually not accessible in advance. Because machine learning (ML)-based detection techniques can capture the statistical features of assaults, they hold promise for the detection of zero-day attacks. This survey study presents a thorough analysis of ML-based methods for detecting zero-day attacks, comparing their ML models, training and testing data sets, and assessment outcomes. Test data samples are assumed to be drawn from pre-observed classes that were utilized in the training phase using the usual ML assessment process. In applications like Network Intrusion Detection Systems (NIDSs), it might be difficult to gather data samples of every attack type that has to be monitored. Because they were non-existent at the time, zero-day attacks—a novel kind of attack traffic that ML-based NIDSs encounter—are not utilized in training. Consequently, this study suggests a new zero-shot learning approach to assess how well ML-based NIDSs identify zero-day attack scenarios. In order to differentiate between known assaults and benign behaviour, the learning models in the attribute learning step translate network data characteristics to semantic attributes. The models build connections between known and zero-day attacks during the inference step in order to identify them as malicious. Zero-day Detection Rate (Z-DR), a new assessment metric, is created to assess how well the learning model detects unknown assaults. Two important machine learning models and two contemporary NIDS data sets are used to assess the suggested framework. The findings show that ML-based NIDSs are not able to identify certain zero-day attack groups identified in this study as hostile. Subsequent investigation reveals that assaults with a low Z-DR have a greater Wasserstein Distance range and a substantially different feature distribution than the other attack classes.