Zero-day attack detection framework for Network Intrusion Detection Systems

Abstract

This study addresses the critical challenge of detecting zero-day attacks in Network Intrusion Detection Systems (NIDS) using machine learning (ML). With the NIDS market projected to reach US$5.93 billion by the year 2028 and cyber threats costing US$4.35 million per breach, improved detection is vital. A robust ML framework was developed, utilizing extensive feature engineering to reduce feature sets by 50-70% without performance loss. Zero-day scenarios were simulated using systematic attack-type exclusion, with training, validation, and testing split 60-20-20. Random Forest and XGBoost achieved high F1-scores (> 0.98) and Zero-Day Detection Rates (Z-DR). On UNSW-NB15, Random Forest achieved 100% Z-DR for seven of nine attack types; XGBoost excelled on NF-UNSW-NB15-v2. CNN and Voting Classifiers underperformed on Z-DR despite high accuracy. Kolmogorov-Smirnov tests confirmed key features’ importance. This research advances NIDS by enhancing zero-day detection and improving network security.