Early Detection and Classification of Zero-Day Attacks in Network Traffic Using Convolutional Neural Network

Abstract

In a Zero-Day cyberattack, attackers exploit a software vulnerability for which the software vendor is unaware or has not released a patch. This can make it difficult for organizations to protect their systems until a patch or mitigation is developed. To stay ahead of these evolving cyber threats, it’s critical to keep up to date with the latest threat information and to remain vigilant. Traditional methods for detecting and classifying zero-day attacks often require session-wide features, which can be challenging to implement. This paper presents a novel approach for detecting and classifying Zero-Day attacks in network traffic. Specifically, we present a framework composed of a 1D Convolutional Neural Network (1D-CNN), which involves minimal preprocessing and directly leverages raw network data as byte sequences to learn features, eliminating the need for complex feature extraction. To test the effectiveness of our proposed approach, publicly available network traffic datasets encompassing various malware families are used. Results show that the proposed approach is significantly effective in detecting and classifying Zero-Day attacks, empowering organizations to combat evolving cyber threats. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.