Utilising deep learning techniques for effective zero-day attack detection

Hindy, Hanan and Atkinson, Robert and Tachtatzis, Christos and Colin, Jean-Noël and Bayne, Ethan and Bellekens, Xavier (2020) Utilising deep learning techniques for effective zero-day attack detection. Electronics, 9 (10). 1684. ISSN 2079-9292 (https://doi.org/10.3390/electronics9101684)

Preview

Text. Filename: Hindy_etal_Electronics_2020_Utilising_deep_learning_techniques_for_effective.pdf Final Published Version License: Download (481kB)| Preview

Abstract

Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack signatures. Therefore, the industrial pull for robust IDSs that are capable of flagging zero-day attacks is growing. Current outlier-based zero-day detection research suffers from high false-negative rates, thus limiting their practical use and performance. This paper proposes an autoencoder implementation for detecting zero-day attacks. The aim is to build an IDS model with high recall while keeping the miss rate (false-negatives) to an acceptable minimum. Two well-known IDS datasets are used for evaluation—CICIDS2017 and NSL-KDD. In order to demonstrate the efficacy of our model, we compare its results against a One-Class Support Vector Machine (SVM). The manuscript highlights the performance of a One-Class SVM when zero-day attacks are distinctive from normal behaviour. The proposed model benefits greatly from autoencoders encoding-decoding capabilities. The results show that autoencoders are well-suited at detecting complex zero-day attacks. The results demonstrate a zero-day detection accuracy of 89–99% for the NSL-KDD dataset and 75–98% for the CICIDS2017 dataset. Finally, the paper outlines the observed trade-off between recall and fallout.

ORCID iDs

Atkinson, Robert ORCID: https://orcid.org/0000-0002-6206-2229

Tachtatzis, Christos ORCID: https://orcid.org/0000-0001-9150-6805

Bellekens, Xavier ORCID: https://orcid.org/0000-0003-1849-5788

• Share and Export
  

  RDF+XMLBibTeXRIOXX2 XMLRDF+N-TriplesJSONDublin CoreAtomSimple MetadataReferMETSHTML CitationASCII CitationOpenURL ContextObjectEndNoteOpenURL ContextObject in SpanMODSMPEG-21 DIDLEP3 XMLData Cite XMLRIS (EndNote Online, Zotero, Ref manager, etc)RDF+N3Multiline CSV
• Item metadata

  Item type:	Article
  ID code:	74246
  Dates:	Date Event 14 October 2020 Published 3 October 2020 Accepted
  Subjects:	Technology > Electrical engineering. Electronics Nuclear engineering
  Department:	Faculty of Engineering > Electronic and Electrical Engineering Strategic Research Themes > Measurement Science and Enabling Technologies
  Depositing user:	Pure Administrator
  Date deposited:	14 Oct 2020 12:58
  Last modified:	22 Nov 2024 01:16
  URI:	https://strathprints.strath.ac.uk/id/eprint/74246