Towards an Effective Zero-Day Attack Detection Using Outlier-Based Deep Learning Techniques.

Machine Learning (ML) and Deep Learning (DL) have been broadly used for building Intrusion Detection Systems (IDS). The continuing increase in new unknown cyberattacks requires corresponding improvements to the performance of IDS solutions at identifying new zero-day attacks. Therefore, the need for robust IDS capable of flagging zero-day attacks is emerging. Current outlier-based zero-day detection research suffers from high false-negative rates, thus limiting their use and performance. In this paper, an autoencoder implementation to detect zero-day attacks is proposed. The aim is to build an IDS model with high detection rate while keeping false-negative rate at a minimal. Two mainstream IDS datasets are used for evaluation; CICIDS2017 and NSL-KDD. To demonstrate the efficiency of our model, we compare its results against a state of the art One-Class Support Vector Machine (SVM). The manuscript highlights the efficiency of One-Class SVM when zero-day attacks are distinctive from normal behaviour. However, the proposed model benefits greatly from the encoding-decoding capabilities of autoencoders. The results show that autoencoders are well-suited at detecting zero-day attacks, thus, mitigating their effect. The results reached a zero-day detection accuracy of [89% - 99%] for the NSL-KDD dataset and [75% - 98%] for the CICIDS2017 dataset. The results demonstrate that the autoencoder performs better when faced with complex zero-day attacks. Finally, the trade-off between false-positive rate and detection accuracy is also highlighted. The source code for building and evaluating the proposed models will be made available through an open-source GitHub repository.