Next Article in Journal
Lex-Pos Feature-Based Grammar Error Detection System for the English Language
Next Article in Special Issue
Systematic Review and Quantitative Comparison of Cyberattack Scenario Detection and Projection
Previous Article in Journal
Pulse Pattern Optimization Based on Brute Force Method for Medium-Voltage Three-Level NPC Converter with Active Front End
Previous Article in Special Issue
Combining K-Means and XGBoost Models for Anomaly Detection Using Log Datasets
Open AccessArticle

Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection

1
Division of Cybersecurity, Abertay University, Dundee DD1 1HG, UK
2
Electronic and Electrical Engineering Department, University of Strathclyde, Glasgow G1 1XQ, UK
3
InfoSec Research Team, University of Namur, 5000 Namur, Belgium
*
Author to whom correspondence should be addressed.
Electronics 2020, 9(10), 1684; https://doi.org/10.3390/electronics9101684
Received: 14 September 2020 / Revised: 30 September 2020 / Accepted: 3 October 2020 / Published: 14 October 2020
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack signatures. Therefore, the industrial pull for robust IDSs that are capable of flagging zero-day attacks is growing. Current outlier-based zero-day detection research suffers from high false-negative rates, thus limiting their practical use and performance. This paper proposes an autoencoder implementation for detecting zero-day attacks. The aim is to build an IDS model with high recall while keeping the miss rate (false-negatives) to an acceptable minimum. Two well-known IDS datasets are used for evaluation—CICIDS2017 and NSL-KDD. In order to demonstrate the efficacy of our model, we compare its results against a One-Class Support Vector Machine (SVM). The manuscript highlights the performance of a One-Class SVM when zero-day attacks are distinctive from normal behaviour. The proposed model benefits greatly from autoencoders encoding-decoding capabilities. The results show that autoencoders are well-suited at detecting complex zero-day attacks. The results demonstrate a zero-day detection accuracy of 89–99% for the NSL-KDD dataset and 75–98% for the CICIDS2017 dataset. Finally, the paper outlines the observed trade-off between recall and fallout. View Full-Text
Keywords: autoencoder; artificial neural network; one-class support vector machine; intrusion detection; zero-day attacks; CICIDS2017; NSL-KDD autoencoder; artificial neural network; one-class support vector machine; intrusion detection; zero-day attacks; CICIDS2017; NSL-KDD
Show Figures

Figure 1

MDPI and ACS Style

Hindy, H.; Atkinson, R.; Tachtatzis, C.; Colin, J.-N.; Bayne, E.; Bellekens, X. Utilising Deep Learning Techniques for Effective Zero-Day Attack Detection. Electronics 2020, 9, 1684.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop