Citation :

Ad Nazeera, Khaing Khaing Wai, 2025. "Zero-Day Attack AI-based IDS" International Journal of Computer Science & Information Technology  Volume 1, Issue 2: 25-33.

Abstract :

Some of the most insidious cybersecurity threats are zero-day attacks, which take advantage of security holes before developers can patch or sign them. In-place Intrusion Detection Systems(IDS), specifically those based on signature-based detection, regularly lack the potential to recognize these emerging attacks because they depend on known threat patterns. One of the ripe area where cracking is a much more easier than 20 years ago is Intelligent Defence System (IDC) but with inception of Artificial Intelligence More specifically Machine Learning and recently deep learning are employed in IDS for adaptive and proactive threat detection.In this paper an approach to the usage of AI to improve IDS effectiveness against zero-day attacks is discussed. It starts with a review of the shortcomings of traditional IDS and how AI models can address these disadvantages by drawing insights from historical as well as real-time network data. In this study, we provide a review of different AI techniques-primary Random Forest, Support Vector Machines,Autoencoders and deep neural networks according to their level in the hierarchy (i.e., upper-level network is CNN whereas lower-level one belongs to LSTM) and estimate the effectiveness of these algorithmswith benchmark datasets consisting ofNSL-KDD, CICIDS2017 and UNSW-NB15.A hybrid AI-IDS model is suggested, which combine various models in order to increase precision of detection and reduce false positive. Evaluated on essential performance metrics — precision, recall, false alarm rate etc. These findings indicate that AI-enabled IDS indeed present an effective solution for real-time zero-day threat detection in dynamic network; with opportunities for understanding and strengthening the security of these lab environments.

References :

[1] Lippmann, R. P., et al. (2000). DARPA Off-line (1998) Evaluation for Intrusion Detection. DARPA Information Survivability Conference and Exposition.

[2] Tavallaee, M., et al. (2009). Detailed analysis of KDD CUP 99 data set. In 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[3] Moustafa, N., & Slay, J. (2015). UNSW-NB15: A comprehensive data set for network intrusion detection systems. Military Communications and Information Systems Conference (MilCIS).

[4] Ring, M., et al. (2019). Survey of network-based intrusion detection data sets. Computers & Security, 86, 147–167.

[5] Aminanto, M. E., & Kim, K. (2017). Detection of impersonation attack in Wi-Fi networks using deep learning. Information Sciences, 403, 64–75.

[6] Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153–1176.

[7] Javaid, A., et al. (2016). A new intrusion detection algorithm using deep learning for big data applications. Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies.

[8] Kim, G., Lee, S., & Kim, S. (2014). A novel hybrid intrusion detection method combining anomaly detection with misuse detection. Expert Systems with Applications, 41(4), 1690–1700.

[9] Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. IEEE Symposium on Security and Privacy.

[10] Shone, N., et al. (2018). A deep learning approach to network intrusion detection. IEEE Transactions on Emerging Topics in Computational Intelligence, 2(1), 41–50.

[11] Wang, W., et al. (2017). HAST-IDS: A deep-learning-based internal intrusion detection system with hierarchical spatial–temporal features. IEEE Access, 6, 1792–1806.

[12] Hodo, E., et al. (2016). Threat detection in VANETs using artificial neural networks. Procedia Computer Science, 95, 712–717.

[13] Panjei, D., & Dehghantanha, A. (2015). A survey of machine learning techniques for malware analysis. Journal of Computer Virology and Hacking Techniques, 11(4), 233–258.

[14] Ghosh, A. K., & Schwartzbard, A. (1999). Neural network method for detecting adversarial behaviors. USENIX Security Symposium.

[15] Chandola, V., Banerjee, A., & Kumar, V. (2009). Anomaly detection: A survey. ACM Computing Surveys, 41(3), 15.

[16] Vinayakumar, R., et al. (2019). Deep learning-based intelligent intrusion detection system. IEEE Access, 7, 41525–41550.

[17] Wang, Z., & Wang, C. (2020). Intrusion detection system using convolutional neural network and attention mechanism. IEEE Access, 8, 47450–47461.

[18] Shenfield, A., Day, C., & Ayesh, A. (2018). Intelligent intrusion detection using artificial neural networks. ICT Express, 4(2), 95–99.

[19] Sangkatsanee, P., Wattanapongsakorn, N., & Charnsripinyo, C. (2011). Real-time intrusion detection using machine learning. Computer Communications, 34(18), 2227–2235.

[20] Modi, C., et al. (2013). A review of intrusion detection systems in cloud computing. Journal of Network and Computer Applications, 36(1), 42–57.

[21] Dhanabal, L., & Shantharajah, S. (2015). Performance evaluation of classification algorithms in NSL-KDD dataset. International Journal of Advanced Research in Computer and Communication Engineering, 4(6), 446–452.

[22] Zhang, J., & Zulkernine, M. (2015). Anomaly-based network intrusion detection using unsupervised outlier detection. IEEE International Conference on Communications (ICC).

[23] Creech, G., & Hu, J. (2014). A semantic approach to host-based intrusion detection. IEEE Transactions on Computers, 63(4), 807–819.

[24] Lasko, T. A., et al. (2013). Anomaly detection with autoencoders based on nonlinear dimensionality reduction. ACM SIGKDD Conference on Knowledge Discovery and Data Mining.

[25] Hinton, G. E., & Salakhutdinov, R. R. (2006). Reducing the dimensionality of data with neural networks. Science, 313(5786), 504–507.

[26] LeCun, Y., Bengio, Y., & Hinton, G. (2015). Deep learning. Nature, 521(7553), 436–444.

[27] Goodfellow, I., et al. (2014). Generative adversarial nets. Advances in Neural Information Processing Systems (NeurIPS).

[28] Yin, C., et al. (2017). Deep learning for network intrusion detection: A survey. IEEE Access, 5, 21954–21961.

[29] Alrawashdeh, K., & Purdy, C. (2016). Online anomaly intrusion detection using deep learning. IEEE International Conference on Machine Learning and Applications.

[30] Luo, X., et al. (2018). Enhancing anomaly detection with generative adversarial networks. IEEE Access, 6, 39861–39871.

[31] Feng, Y., et al. (2021). Deep transfer learning for intelligent intrusion detection in IoT networks. Future Generation Computer Systems, 118, 179–190.

[32] Zhao, C., et al. (2020). Detecting cyber attacks in SCADA systems using convolutional neural networks. IEEE Transactions on Industrial Informatics, 16(2), 1248–1256.

[33] Khan, S., & Gumaei, A. (2019). A hybrid intrusion detection system for cloud security using deep learning. IEEE Access, 7, 35036–35044.

[34] Ahmed, M., Mahmood, A. N., & Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 60, 19–31.

[35] Feng, D., et al. (2020). A blockchain-based architecture for secure and trustworthy operations in smart factories. IEEE Transactions on Industrial Informatics, 16(6), 4117–4125.

[36] Sabih, A., et al. (2021). Light-weight hybrid deep learning intrusion detection model for edge computing. Computers & Security, 105, 102240.

[37] Rana, A., et al. (2021). Comparative analysis of intrusion detection systems: Classical vs. deep learning. Procedia Computer Science, 185, 313–320.

[38] Nguyen, H., et al. (2020). A survey on deep learning techniques for cyber security. Information Sciences, 504, 113–132.

[39] Diro, A. A., & Chilamkurti, N. (2018). Distributed attack detection using deep learning approach for IoT. Future Generation Computer Systems, 82, 761–768.

[40] Sultana, S., Chilamkurti, N., & Peng, W. (2019). Survey on SDN-based network intrusion detection system using machine learning approaches. PeerJ Computer Science, 5, e214.

[41] Zhao, L., et al. (2019). An improved intrusion detection algorithm based on deep belief networks. Journal of Information Security and Applications, 44, 76–84.

[42] Gu, Q., & Wang, T. (2020). AI-powered anomaly detection for 5G core network. IEEE Network, 34(6), 266–272.

[43] He, Y., et al. (2021). Edge intelligence-enabled intrusion detection system for IoT. IEEE Internet of Things Journal, 8(4), 2659–2670.

[44] Sarker, I. H., et al. (2020). Cybersecurity data science: An overview from machine learning perspective. Journal of Big Data, 7, 1–29.

[45] Usama, M., et al. (2019). Unsupervised machine learning for networking: Techniques, applications and research challenges. IEEE Access, 7, 65579–65615.

[46] Roy, A., & Cheung, W. (2020). Knowledge-based deep learning framework for intrusion detection. Expert Systems with Applications, 152, 113369.

[47] Huang, K., et al. (2021). Attention-based CNN-LSTM for network intrusion detection. Future Generation Computer Systems, 116, 40–51.

[48] Wu, J., et al. (2020). Improved IDS with generative adversarial networks. Computers, Materials & Continua, 63(3), 1509–1527.

[49] Sivanathan, A., et al. (2018). Characterizing and classifying IoT traffic in smart cities and campuses. IEEE Transactions on Mobile Computing, 18(7), 1745–1759.

[50] Han, Y., & Xue, C. (2021). A robust ensemble method for intrusion detection using deep learning. IEEE Access, 9, 16146–16158.

Keywords :

Intrusion Detection, Zero-Day Attacks, AI And ML In Security, Cybersecurity Machine Learning, Deep Learning, Anomaly Detection.