A performance comparison between machine learning models on zero-day attack detection

Abstract

Traditional IDS has been shielding against cyber threats for many years but it falls short on detecting zero-day attacks. These are the attacks that are unique with unknown attack patterns and mutating attack signatures making them difficult to detect. Machine learning approaches have been extensively used in Intrusion Detection Systems (IDS) to detect both known and unknown attacks. However, the widespread and rapid growth of zero-day attack forces researchers to continuously seek to increase the performances of models to better detect these attacks. In this paper, we used supervised machine learning approaches to detect zero-day attacks. The dataset used for demonstration and evaluation was the latest CSE-CIC-IDS2018 dataset with 80 features and 14 different types of attacks. All the attacks’ labels were represented as a single label called ‘Attack’. The main aim behind this proposal was to compare between the performances of the mainstream Machine Learning models in detecting Zero Day attacks. The proposed model of Artificial Neural Network (ANN), Random Forest (RF) and K-Nearest Neighbor (KNN) all achieved high accuracies with optimal parameter settings. With RF having an accuracy of 98.90 % , ANN with 98.3% and KNN with an accuracy of 98.53%.A better estimate of the performance of the models can be seen by the false-negative rates of each model.