Breaking the unknown: deep learning strategies for zero-day attacks detection
Files
Zareie_76211600_2024.pdf
Open access - Adobe PDF
- 1.77 MB
Details
- Supervisors
- Faculty
- Degree label
- Abstract
- Nowadays, the escalation of sophisticated, stealthy, and devastating cyber-attacks poses significant concerns for computer networks. Network Intrusion Detection Systems (NIDS) are often the first line of defense against such cyber-threats. However, their efficiency is notably challenged by zero-day attacks, which exploit previously unknown vulnerabilities, leaving networks defenseless due to a lack of updated defenses or patches. Addressing the detection of zero-day attacks has become a crucial and extensively studied topic in network security. Therefore, significant efforts have been made to augment NIDS capabilities to combat these elusive threats. This thesis introduces a novel NIDS methodology that combines two distinct models. The first model is responsible for converting network flow into a specific representation known as an embedding, which effectively encapsulates the essence of the network flow. The second model classifies this embedding as either an attack or benign activity. Importantly, the first model is specially designed to efficiently create embeddings from attacks it has never encountered before, particularly zero-day attacks. This approach has shown considerable success in detecting zero-day attacks, achieving a balanced accuracy of nearly 70%, while excluding almost all known attacks from the training set of both models.