Automated Detection Techniques Utilising a Trained Dataset for Zero-Day Attack Identification

Zero-day attacks pose substantial risks to cybersecurity by exploiting undetected flaws. Traditional signature-based methods are unable to detect them. The complexities of conventional methods for problem identification exacerbate the dilemma. This study examines diverse approaches for automated identification of computer network and operating system problems, including zero-day vulnerabilities. Techniques encompass Random Forest, One-Class SVM, Naive Bayes, LSTM, BiLSTM, and GRU. We employed a dataset of synthetic network traffic comprising 1,000,000 records and 11 unique attributes. The data include source and destination IP addresses, ports, protocol types, packet and byte transfer metrics, connection length, and attack classifications (IsAnomaly). Before utilising the dataset, it was subjected to multiple processes, including data purification, feature encoding, normalising by StandardAero, and partitioning into training (80%) and testing (20%) subsets. We evaluated the proposed methodology using standard metrics, including accuracy, precision, recall, F1-score, training time, and detection time. The results demonstrated that Random Forest achieved the best overall accuracy (92.4%) and proved to be cost-effective, making it suitable for real-time applications. In contrast, deep learning methodologies achieved a similar performance (about 91%), while necessitating significantly more processing resources. One-Class SVM exhibited its ability to detect anomalies that had not been previously found during attacks. The results demonstrate that systems identifying zero-day threats must strike a balance between speed and precision. This capability enables the creation of more resilient and scalable frameworks.