English

Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection

Cryptography and Security 2020-11-17 v2

Abstract

Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack signatures. Therefore, the industrial pull for robust IDSs that are capable of flagging zero-day attacks is growing. Current outlier-based zero-day detection research suffers from high false-negative rates, thus limiting their practical use and performance. This paper proposes an autoencoder implementation for detecting zero-day attacks. The aim is to build an IDS model with high recall while keeping the miss rate (false-negatives) to an acceptable minimum. Two well-known IDS datasets are used for evaluation-CICIDS2017 and NSL-KDD. In order to demonstrate the efficacy of our model, we compare its results against a One-Class Support Vector Machine (SVM). The manuscript highlights the performance of a One-Class SVM when zero-day attacks are distinctive from normal behaviour. The proposed model benefits greatly from autoencoders encoding-decoding capabilities. The results show that autoencoders are well-suited at detecting complex zero-day attacks. The results demonstrate a zero-day detection accuracy of [89-99%] for the NSL-KDD dataset and [75-98%] for the CICIDS2017 dataset. Finally, the paper outlines the observed trade-off between recall and fallout.

Keywords

Cite

@article{arxiv.2006.15344,
  title  = {Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection},
  author = {Hanan Hindy and Robert Atkinson and Christos Tachtatzis and Jean-Noël Colin and Ethan Bayne and Xavier Bellekens},
  journal= {arXiv preprint arXiv:2006.15344},
  year   = {2020}
}

Comments

18 pages, 4 figures

R2 v1 2026-06-23T16:40:04.058Z