Computational Intelligence Approaches for Analysis of the Detection of Zero-day Attacks
Keywords:
Zero-day Attacks, Artificial Intelligence, Machine learning, Deep learning, Cyber SecurityAbstract
As more and more people are adopting internet services; the measure of cybersecurity issues is also increasing exponentially. Zero-day attacks (unknown attacks) are affecting the organizations badly even the large-scale organizations had become the victim of zero-days. Although there are many intrusion detection systems (IDS) and intrusion prevention systems (IPS) that are being used but still most of the zero-days remain invisible from these IDS. It is because they use new vulnerabilities in the system and previously no signature is found for those specific vulnerabilities, causing them to be misclassified by the IDS. This paper aims to discuss the challenges that Machine Learning (ML) and Deep Learning (DL) algorithms faced in protecting cyberspace by presenting literature on the detection of zero-days. The latest and up-to-date literature was also presented which can help readers to get the latest insights into algorithms and models. Finally, we concluded the results in terms of the highest accuracy, precision, recall, and F1-Score of the comparative research articles against various datasets.
References
H. Yoon, Y. Jang, S. Kim, A. Speasmaker, and I. Nam, “Trends in internet use among older adults in the United States, 2011–2016,” Journal of Applied Gerontology, vol. 40, no. 5, pp. 466-470, 2021.
A. Darem, “Anti-Phishing Awareness Delivery Methods,” Engineering, Technology & Applied Science Research, vol. 11, no. 6, pp. 7944-7949, 2021.
R. Malik, Y. Singh, Z. A. Sheikh, P. Anand, P. K. Singh, and T. C. Workneh, “An Improved Deep Belief Network IDS on IoT-Based Network for Traffic Systems,” Journal of Advanced Transportation, vol. 2022, 2022.
A. Al-Marghilani, “Comprehensive Analysis of IoT Malware Evasion Techniques,” Engineering, Technology & Applied Science Research, vol. 11, no. 4, pp. 7495-7500, 2021.
D. K. Bhattacharyya, and J. K. Kalita, Network anomaly detection: A machine learning perspective: Chapman and Hall/CRC, 2019.
Y. Zeng, X. Hu, and K. G. Shin, "Detection of botnets using combined host-and network-level information." pp. 291-300.
I. Studnia, V. Nicomette, E. Alata, Y. Deswarte, M. Kaâniche, and Y. Laarouchi, "Survey on security threats and protection mechanisms in embedded automotive networks." pp. 1-12.
J. Meakins, “A zero-sum game: the zero-day market in 2018,” Journal of Cyber Policy, vol. 4, no. 1, pp. 60-71, 2019.
B. Fang, Q. Lu, K. Pattabiraman, M. Ripeanu, and S. Gurumurthi, "ePVF: An enhanced program vulnerability factor methodology for cross-layer resilience analysis." pp. 168-179.
V. Ambalavanan, "Cyber threats detection and mitigation using machine learning," Handbook of Research on Machine and Deep Learning Applications for Cyber Security, pp. 132-149: IGI Global, 2020.
D. Craigen, N. Diakun-Thibault, and R. Purse, “Defining cybersecurity,” Technology Innovation Management Review, vol. 4, no. 10, 2014.
S. He, J. Zhu, P. He, and M. R. Lyu, "Experience report: System log analysis for anomaly detection." pp. 207-218.
M. Al-Qatf, Y. Lasheng, M. Al-Habib, and K. Al-Sabahi, “Deep learning approach combining sparse autoencoder with SVM for network intrusion detection,” IEEE Access, vol. 6, pp. 52843-52856, 2018.
H. Hindy, D. Brosset, E. Bayne, A. K. Seeam, C. Tachtatzis, R. Atkinson, and X. Bellekens, “A taxonomy of network threats and the effect of current datasets on intrusion detection systems,” IEEE Access, vol. 8, pp. 104650-104675, 2020.
K. Pan, E. Rakhshani, and P. Palensky, “False Data Injection Attacks on Hybrid AC/HVDC Interconnected Systems With Virtual Inertia Vulnerability, Impact and Detection,” IEEE Access, vol. 8, pp. 141932-141945, 2020.
T. Zoppi, A. Ceccarelli, L. Salani, and A. Bondavalli, “On the educated selection of unsupervised algorithms via attacks and anomaly classes,” Journal of Information Security and Applications, vol. 52, pp. 102474, 2020.
M. Hanselmann, T. Strauss, K. Dormann, and H. Ulmer, “CANet: An unsupervised intrusion detection system for high dimensional CAN bus data,” IEEE Access, vol. 8, pp. 58194-58205, 2020.
Z. Shu, J. Wan, J. Lin, S. Wang, D. Li, S. Rho, and C. Yang, “Traffic engineering in software-defined networking: Measurement and management,” IEEE access, vol. 4, pp. 3246-3256, 2016.
A. Subasi, Practical Machine Learning for Data Analysis Using Python: Academic Press, 2020.
C. Chapman, "Chapter 1 - Introduction to practical security and performance testing," Network Performance and Security, Syngress, ISBN 9780128035849, pp. 1-14, 2016.
M. S. Alzahrani, and F. W. Alsaade, “Computational Intelligence Approaches in Developing Cyberattack Detection System,” Computational Intelligence and Neuroscience, vol. 2022, 2022.
A. P. Singh, “A study on zero day malware attack,” International Journal of Advanced Research in Computer and Communication Engineering, vol. 6, no. 1, pp. 391-392, 2017.
L. Bilge, and T. Dumitraş, "Before we knew it: an empirical study of zero-day attacks in the real world." pp. 833-844.
T. T. Nguyen, and V. J. Reddi, “Deep reinforcement learning for cyber security,” arXiv preprint arXiv:1906.05799, 2019.
K. Metrick, P. Najafi, and J. Semrau, Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill—Intelligence for Vulnerability Management, Technical Report, FireEye Technical Report., 2020.
N. Kaloudi, and J. Li, “The ai-based cyber threat landscape: A survey,” ACM Computing Surveys (CSUR), vol. 53, no. 1, pp. 1-34, 2020.
H. Hindy, E. Hodo, E. Bayne, A. Seeam, R. Atkinson, and X. Bellekens, "A taxonomy of malicious traffic for intrusion detection systems." pp. 1-4.
A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, “Survey of intrusion detection systems: techniques, datasets and challenges,” Cybersecurity, vol. 2, no. 1, pp. 1-22, 2019.
H. Hindy, D. Brosset, E. Bayne, A. Seeam, C. Tachtatzis, R. Atkinson, and X. Bellekens, “A taxonomy and survey of intrusion detection system design techniques, network threats and datasets,” 2018.
V. Vercruyssen, W. Meert, and J. Davis, "Transfer learning for time series anomaly detection." pp. 27-37.
N. Sameera, and M. Shashi, “Transfer Learning Based Prototype for Zero-Day Attack Detection,” International Journal of Engineering and Advanced Technology (IJEAT), vol. 8, no. 4, 2019.
J.-Y. Kim, S.-J. Bu, and S.-B. Cho, “Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders,” Information Sciences, vol. 460, pp. 83-102, 2018.
R. Kaur, and M. Singh, “A hybrid real-time zero-day attack detection and analysis system,” International Journal of Computer Network and Information Security, vol. 7, no. 9, pp. 19-31, 2015.
X. Sun, J. Dai, P. Liu, A. Singhal, and J. Yen, “Using Bayesian networks for probabilistic identification of zero-day attack paths,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 10, pp. 2506-2521, 2018.
B. Bayoğlu, and İ. Soğukpınar, “Graph based signature classes for detecting polymorphic worms via content analysis,” Computer Networks, vol. 56, no. 2, pp. 832-844, 2012.
Z. Yichao, Z. Tianyang, G. Xiaoyue, and W. Qingxian, “An improved attack path discovery algorithm through compact graph planning,” IEEE Access, vol. 7, pp. 59346-59356, 2019.
J. Grana, D. Wolpert, J. Neil, D. Xie, T. Bhattacharya, and R. Bent, “A likelihood ratio anomaly detector for identifying within-perimeter computer network attacks,” Journal of Network and Computer Applications, vol. 66, pp. 166-179, 2016.
B. Wang, Y. Zheng, W. Lou, and Y. T. Hou, “DDoS attack protection in the era of cloud computing and software-defined networking,” Computer Networks, vol. 81, pp. 308-319, 2015.
U. K. Singh, C. Joshi, and D. Kanellopoulos, “A framework for zero-day vulnerabilities detection and prioritization,” Journal of Information Security and Applications, vol. 46, pp. 164-172, 2019.
H. Tran, E. Campos-Nanez, P. Fomin, and J. Wasek, “Cyber resilience recovery model to combat zero-day malware attacks,” computers & security, vol. 61, pp. 19-31, 2016.
J. Sterman, "Business dynamics(p. c2000)," Irwin/McGraw-Hill, 2010.
A. Saied, R. E. Overill, and T. Radzik, “Detection of known and unknown DDoS attacks using Artificial Neural Networks,” Neurocomputing, vol. 172, pp. 385-393, 2016.
S. ur Rehman, M. Khaliq, S. I. Imtiaz, A. Rasool, M. Shafiq, A. R. Javed, Z. Jalil, and A. K. Bashir, “DIDDOS: An approach for detection and identification of Distributed Denial of Service (DDoS) cyberattacks using Gated Recurrent Units (GRU),” Future Generation Computer Systems, vol. 118, pp. 453-466, 2021.
A. Rehman, S. U. Rehman, M. Khan, M. Alazab, and T. Reddy, “CANintelliIDS: detecting in-vehicle intrusion attacks on a controller area network using CNN and attention-based GRU,” IEEE Transactions on Network Science and Engineering, 2021.
S. P. RM, P. K. R. Maddikunta, M. Parimala, S. Koppu, T. R. Gadekallu, C. L. Chowdhary, and M. Alazab, “An effective feature engineering for DNN using hybrid PCA-GWO for intrusion detection in IoMT architecture,” Computer Communications, vol. 160, pp. 139-149, 2020.
P. More, and P. Mishra, “Enhanced-PCA based Dimensionality Reduction and Feature Selection for Real-Time Network Threat Detection,” Engineering, Technology & Applied Science Research, vol. 10, no. 5, pp. 6270-6275, 2020.
A. R. Javed, M. Usman, S. U. Rehman, M. U. Khan, and M. S. Haghighi, “Anomaly detection in automated vehicles using multistage attention-based convolutional neural network,” IEEE Transactions on Intelligent Transportation Systems, 2020.
V. Balamurugan, and R. Saravanan, “Enhanced intrusion detection and prevention system on cloud environment using hybrid classification and OTS generation,” Cluster Computing, vol. 22, no. 6, pp. 13027-13039, 2019.
H. Hindy, R. Atkinson, C. Tachtatzis, J.-N. Colin, E. Bayne, and X. Bellekens, “Utilising deep learning techniques for effective zero-day attack detection,” Electronics, vol. 9, no. 10, pp. 1684, 2020.
I. Markoulidakis, I. Rallis, I. Georgoulas, G. Kopsiaftis, A. Doulamis, and N. Doulamis, “Multiclass Confusion Matrix Reduction Method and Its Application on Net Promoter Score Classification Problem,” Technologies, vol. 9, no. 4, pp. 81, 2021.
Adeem, G., ur Rehman, S. and Ahmad, S., 2022. Classification of Citrus Canker and Black Spot Diseases using a Deep Learning based Approach. [52] J. Davis, and M. Goadrich, "The relationship between Precision-Recall and ROC curves." pp. 233-240.
Arooj, S., Rehman, S.U., Imran, A., Almuhaimeed, A., Alzahrani, A.K. and Alzahrani, A., 2022. A Deep Convolutional Neural Network for the Early Detection of Heart Disease. Biomedicines, 10(11), p.2796.
Asad, R., Arooj, S. and Rehman, S.U., 2022. Study of Educational Data Mining Approaches for Student Performance Analysis. Technical Journal, 27(01), pp.68-81.
C. Feng, T. Li, and D. Chana, "Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks." pp. 261-272.
S. S. Jagtap, S. S. VS, and V. Subramaniyaswamy, “A hypergraph based Kohonen map for detecting intrusions over cyber–physical systems traffic,” Future Generation Computer Systems, vol. 119, pp. 84-109, 2021.
A. Mansouri, B. Majidi, and A. Shamisa, “Metaheuristic neural networks for anomaly recognition in industrial sensor networks with packet latency and jitter for smart infrastructures,” International Journal of Computers and Applications, vol. 43, no. 3, pp. 257-266, 2021.
D. Nedeljkovic, and Z. Jakovljevic, “CNN based Method for the Development of Cyber-Attacks Detection Algorithms in Industrial Control Systems,” Computers & Security, pp. 102585, 2021.
N. Sameera, and M. Shashi, “Deep transductive transfer learning framework for zero-day attack detection,” ICT Express, vol. 6, no. 4, pp. 361-367, 2020.
B. Böse, B. Avasarala, S. Tirthapura, Y.-Y. Chung, and D. Steiner, “Detecting insider threats using radish: A system for real-time anomaly detection in heterogeneous data streams,” IEEE Systems Journal, vol. 11, no. 2, pp. 471-482, 2017.
O. Lo, W. J. Buchanan, P. Griffiths, and R. Macfarlane, “Distance measurement methods for improved insider threat detection,” Security and Communication Networks, vol. 2018, 2018.
M. N. Al-Mhiqani, R. Ahmad, Z. Z. Abidin, K. H. Abdulkareem, M. A. Mohammed, D. Gupta, and K. Shankar, “A new intelligent multilayer framework for insider threat detection,” Computers & Electrical Engineering, pp. 107597, 2021.
T. Zoppi, and A. Ceccarelli, “Prepare for trouble and make it double! Supervised–Unsupervised stacking for anomaly-based intrusion detection,” Journal of Network and Computer Applications, vol. 189, pp. 103106, 2021.
F. Van Wyk, Y. Wang, A. Khojandi, and N. Masoud, “Real-time sensor anomaly detection and identification in automated vehicles,” IEEE Transactions on Intelligent Transportation Systems, vol. 21, no. 3, pp. 1264-1276, 2019.
M. Alauthman, N. Aslam, M. Al-Kasassbeh, S. Khan, A. Al-Qerem, and K.-K. R. Choo, “An efficient reinforcement learning-based Botnet detection approach,” Journal of Network and Computer Applications, vol. 150, pp. 102479, 2020.
Y. N. Kunang, S. Nurmaini, D. Stiawan, and A. Zarkasi, "Automatic features extraction using autoencoder in intrusion detection system." pp. 219-224.
M. Sarhan, S. Layeghy, M. Gallagher, and M. Portmann, “From Zero-Shot Machine Learning to Zero-Day Attack Detection,” arXiv preprint arXiv:2109.14868, 2021.
K. Shaukat, S. Luo, V. Varadharajan, I. A. Hameed, and M. Xu, “A survey on machine learning techniques for cyber security in the last decade,” IEEE Access, vol. 8, pp. 222310-222354, 2020.
