International Journal of Advanced Technology and Engineering Exploration ISSN (Print): 2394-5443    ISSN (Online): 2394-7454 Volume-12 Issue-124 March-2025
  1. 4774
    Citations
  2. 2.8
    CiteScore
ResNet50-based deep convolutional neural network for zero-day attack prediction and detection

Swathy Akshaya1 and Padmavathi. G2

Research Scholar, Department of Computer Science,Avinashilingam Institute for Home Science and Higher Education for Women, Coimbatore,Tamil Nadu,India1
Professor, Department of Computer Science,Avinashilingam Institute for Home Science and Higher Education for Women, Coimbatore,Tamil Nadu,India2
Corresponding Author : Swathy Akshaya

Recieved : 13-January-2024; Revised : 24-February-2025; Accepted : 09-March-2025

Abstract

A zero-day attack (ZDA) is a cyberattack that targets networks and systems by exploiting previously unknown security vulnerabilities. Software vendors have zero days to identify, address, and patch newly discovered threats, hence the term "zero-day." In cybersecurity, effectively detecting and mitigating malicious nodes is crucial, particularly against zero-day malware. Traditional antivirus systems, which rely on stored malware signatures, struggle to detect ZDAs, making them vulnerable to advanced malware specifically designed to evade detection. To address this challenge, a novel approach called deep convolutional n-zero-day adversarial safety network (DC-nZDASN) has been proposed. This method trains a model to distinguish between real and synthetic malware samples by generating artificial malware data. The synthetic data introduces new characteristics that contrast with the original dataset, enhancing the model’s detection capability. The proposed approach incorporates multiple malware features and utilizes real-world and network traffic datasets for model development. During preprocessing, the standard scaler is applied, and decision tree regression (DTR) is used, while feature selection is performed using random forest (RF) in combination with logistic regression (LR). The model is trained and tested using residual network (ResNet50), long short-term memory (LSTM), and convolutional neural network (CNN). For classification, various machine learning (ML) algorithms, such as decision tree (DT), LR, support vector machine (SVM), gaussian naïve bayes (GNB), and stacking ensemble classification (SEC), are employed. The proposed DC-nZDASN model achieves a classification accuracy of 95.09%, demonstrating a significant advancement in malware detection, particularly for zero-day threats. By leveraging generated synthetic malware samples, the model enhances its ability to detect novel threats, outperforming traditional methods. The integration of preprocessing techniques, feature selection, and a diverse set of ML algorithms further improves the model’s overall effectiveness.

Keywords

Zero-day attack, Deep convolutional neural network (DCNN), Resnet50, Malware detection, Transfer learning, Machine learning.

Cite this article

Akshaya S, G P. ResNet50-based deep convolutional neural network for zero-day attack prediction and detection. International Journal of Advanced Technology and Engineering Exploration. 2025;12(124):507-527. DOI : 10.19101/IJATEE.2024.111100055

References
[1]
Das N, Sarkar T. Survey on host and network based intrusion detection system. International Journal of Advanced Networking and Applications. 2014; 6(2):2266- 9.
[Google Scholar]
[2]
Ahmed M, Mahmood AN, Hu J. A survey of network anomaly detection techniques. Journal of Network and Computer Applications. 2016; 60:19-31.
[Crossref] [Google Scholar]
[3]
Ahmad R, Alsmadi I, Alhamdani W, Tawalbeh LA. Zero-day attack detection: a systematic literature review. Artificial Intelligence Review. 2023; 56(10):10733-811.
[Crossref] [Google Scholar]
[4]
Bou-harb E, Debbabi M, Assi C. Cyber scanning: a comprehensive survey. IEEE Communications Surveys & Tutorials. 2013; 16(3):1496-519.
[Crossref] [Google Scholar]
[5]
Soltani M, Ousat B, Siavoshani MJ, Jahangir AH. An adaptable deep learning-based intrusion detection system to zero-day attacks. Journal of Information Security and Applications. 2023; 76:103516.
[Crossref] [Google Scholar]
[6]
Khraisat A, Gondal I, Vamplew P, Kamruzzaman J. Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity. 2019; 2(1):1-22.
[Crossref] [Google Scholar]
[7]
Kumar GS, Kumar RK, Kumar KP, Sai NR, Brahmaiah M. Deep residual convolutional neural network: an efficient technique for intrusion detection system. Expert Systems with Applications. 2024; 238:121912.
[Crossref] [Google Scholar]
[8]
Hubballi N, Suryanarayanan V. False alarm minimization techniques in signature-based intrusion detection systems: a survey. Computer Communications. 2014; 49:1-7.
[Crossref] [Google Scholar]
[9]
Ibrahim HB, Aslan HK, Elsayed MS, Jurcut AD, Azer MA. Anomaly detection of zero-day attacks based on CNN and regularization techniques. Electronics. 2023; 12(3):1-18.
[Crossref] [Google Scholar]
[10]
Bhuyan MH, Bhattacharyya DK, Kalita JK. Network anomaly detection: methods, systems and tools. IEEE Communications Surveys & Tutorials. 2013; 16(1):303-36.
[Crossref] [Google Scholar]
[11]
Verma P, Bharot N, Breslin JG, O’shea D, Vidyarthi A, Gupta D. Zero-day guardian: a dual model enabled federated learning framework for handling zero-day attacks in 5G enabled IIoT. IEEE Transactions on Consumer Electronics. 2023; 70(21):3856-66.
[Crossref] [Google Scholar]
[12]
Peppes N, Alexakis T, Adamopoulou E, Demestichas K. The effectiveness of zero-day attacks data samples generated via GANs on deep learning classifiers. Sensors. 2023; 23(2):1-21.
[Crossref] [Google Scholar]
[13]
Creech G, Hu J. A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Transactions on Computers. 2013; 63(4):807-19.
[Crossref] [Google Scholar]
[14]
Mukkamala S, Janoski G, Sung A. Intrusion detection using neural networks and support vector machines. In proceedings of the international joint conference on neural networks 2002 (pp. 1702-7). IEEE.
[Crossref] [Google Scholar]
[15]
Bajaj K, Arora A. Dimension reduction in intrusion detection features using discriminative machine learning approach. International Journal of Computer Science Issues. 2013; 10(4):324-8.
[Google Scholar]
[16]
Lecun Y, Bengio Y, Hinton G. Deep learning. Nature. 2015; 521(7553):436-44.
[Crossref] [Google Scholar]
[17]
Farahnakian F, Heikkonen J. A deep auto-encoder based approach for intrusion detection system. In 20th international conference on advanced communication technology 2018 (pp. 178-83). IEEE.
[Crossref] [Google Scholar]
[18]
Hnamte V, Nhung-nguyen H, Hussain J, Hwa-kim Y. A novel two-stage deep learning model for network intrusion detection: LSTM-AE. IEEE Access. 2023; 11:37131-48.
[Crossref] [Google Scholar]
[19]
Nagasundari S, Honnavali PB. SQL injection attack detection using ResNet. In 10th international conference on computing, communication and networking technologies 2019 (pp. 1-7). IEEE.
[Crossref] [Google Scholar]
[20]
Shun J, Malki HA. Network intrusion detection system using neural networks. In fourth international conference on natural computation 2008 (pp. 242-6). IEEE.
[Crossref] [Google Scholar]
[21]
Alshehri A, Badr MM, Baza M, Alshahrani H. Deep anomaly detection framework utilizing federated learning for electricity theft zero-day cyberattacks. Sensors. 2024; 24(10):1-19.
[Crossref] [Google Scholar]
[22]
Sakthimurugan S, Kumaar S, Vignesh V, Santhi P. Assessment of zero-day vulnerability using machine learning approach. EAI Endorsed Transactions on Internet of Things. 2024; 10:1-6.
[Crossref] [Google Scholar]
[23]
Aburomman AA, Reaz MB. A novel SVM-kNN-PSO ensemble method for intrusion detection system. Applied Soft Computing. 2016; 38:360-72.
[Crossref] [Google Scholar]
[24]
Alazab A, Khresiat A. New strategy for mitigating of SQL injection attack. International Journal of Computer Applications. 2016; 154(11):1-10.
[Google Scholar]
[25]
Ji SY, Jeong BK, Choi S, Jeong DH. A multi-level intrusion detection method for abnormal network behaviors. Journal of Network and Computer Applications. 2016; 62:9-17.
[Crossref] [Google Scholar]
[26]
Butun I, Morgera SD, Sankar R. A survey of intrusion detection systems in wireless sensor networks. IEEE Communications Surveys & Tutorials. 2013; 16(1):266-82.
[Crossref] [Google Scholar]
[27]
Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security. 2012; 31(3):357-74.
[Crossref] [Google Scholar]
[28]
Skaruz J, Seredynski F. Recurrent neural networks towards detection of SQL attacks. In international parallel and distributed processing symposium 2007 (pp. 1-8). IEEE.
[Crossref] [Google Scholar]
[29]
Elsherif A. Automatic intrusion detection system using deep recurrent neural network paradigm. Journal of Information Security and Cybercrimes Research. 2018; 1(1):21-31.
[Google Scholar]
[30]
Osa E, Orukpe PE, Iruansi U. Design and implementation of a deep neural network approach for intrusion detection systems. e-Prime-Advances in Electrical Engineering, Electronics and Energy. 2024; 7:1-6.
[Crossref] [Google Scholar]
[31]
Idhammad M, Afdel K, Belouch M. Semi-supervised machine learning approach for DDoS detection. Applied Intelligence. 2018; 48:3193-208.
[Crossref] [Google Scholar]
[32]
Lin WC, Ke SW, Tsai CF. CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowledge-Based Systems. 2015; 78:13-21.
[Crossref] [Google Scholar]
[33]
Staudemeyer RC. Applying long short-term memory recurrent neural networks to intrusion detection. South African Computer Journal. 2015; 56(1):136-54.
[Google Scholar]
[34]
Sarhan M, Layeghy S, Gallagher M, Portmann M. From zero-shot machine learning to zero-day attack detection. International Journal of Information Security. 2023; 22(4):947-59.
[Crossref] [Google Scholar]
[35]
Jose J, Jose DV. AS-CL IDS: anomaly and signature-based CNN-LSTM intrusion detection system for internet of things. International Journal of Advanced Technology and Engineering Exploration. 2023; 10(109):1-18.
[Crossref] [Google Scholar]
[36]
Alazab A, Abawajy J, Hobbs M, Layton R, Khraisat A. Crime toolkits: the productisation of cybercrime. In 12th international conference on trust, security and privacy in computing and communications 2013 (pp. 1626-32). IEEE.
[Crossref] [Google Scholar]
[37]
Pascanu R, Stokes JW, Sanossian H, Marinescu M, Thomas A. Malware classification with recurrent networks. In international conference on acoustics, speech and signal processing 2015 (pp. 1916-20). IEEE.
[Crossref] [Google Scholar]
[38]
Arun A, Nair AS, Sreedevi AG. Zero day attack detection and simulation through deep learning techniques. In 4th international conference on cloud computing, data science & engineering (confluence) 2024 (pp. 852-7). IEEE
[Crossref] [Google Scholar]
[39]
Oluwadare S, Elsayed Z. A survey of unsupervised learning algorithms for zero-day attacks in intrusion detection systems. In the international FLAIRS conference proceedings 2023 (pp. 1-3). FLAIRS.
[Crossref] [Google Scholar]
[40]
Aljawarneh SA. Emerging challenges, security issues, and technologies in online banking systems. In online banking security measures and data protection 2017 (pp. 90-112). IGI Global.
[Crossref] [Google Scholar]
[41]
Demirel DY, Sandikkaya MT. Web based anomaly detection using zero-shot learning with CNN. IEEE Access. 2023; 11:91511-25.
[Crossref] [Google Scholar]
[42]
Bai S, Kolter JZ, Koltun V. Convolutional sequence modeling revisited. ICLR Workshop. 2018 (pp. 1-20).
[Google Scholar]
[43]
Roy SS, Mallik A, Gulati R, Obaidat MS, Krishna PV. A deep learning based artificial neural network approach for intrusion detection. In mathematics and computing: third international conference, ICMC 2017 (pp. 44-53). Springer Singapore.
[Crossref] [Google Scholar]
[44]
Habibi O, Chemmakha M, Lazaar M. Performance evaluation of CNN and pre-trained models for malware classification. Arabian Journal for Science and Engineering. 2023; 48(8):10355-69.
[Crossref] [Google Scholar]
[45]
Hindy H, Atkinson R, Tachtatzis C, Colin JN, Bayne E, Bellekens X. Utilising deep learning techniques for effective zero-day attack detection. Electronics. 2020; 9(10):1-16.
[Crossref] [Google Scholar]
[46]
Yin C, Zhu Y, Fei J, He X. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access. 2017; 5:21954-61.
[Crossref] [Google Scholar]
[47]
Swathy AM, Padmavathi G. Zero-day attack path identification using probabilistic and graph approach based back propagation neural network in cloud. Mathematical Statistician and Engineering Applications. 2022; 71(3s2):1091-106.
[Google Scholar]
[48]
Dhanya KA, Vajipayajula S, Srinivasan K, Tibrewal A, Kumar TS, Kumar TG. Detection of network attacks using machine learning and deep learning models. Procedia Computer Science. 2023; 218:57-66.
[Crossref] [Google Scholar]
[49]
Akshaya S, Padmavathi G. Enhancing zero-day attack prediction a hybrid game theory approach with neural networks. International Journal of Intelligent Systems and Applications in Engineering. 2024; 12:643-63.
[Google Scholar]
[50]
https://www.kaggle.com/datasets/kaggleprollc/nsl-kdd99-dataset/data. Accessed 20 February 2025.
[51]
https://www.kaggle.com/code/mkashifn/celosia-zero-day-attack-detection-demo/input. Accessed 20 February 2025.
[52]
Tavallaee M, Bagheri E, Lu W, Ghorbani AA. A detailed analysis of the KDD CUP 99 data set. In symposium on computational intelligence for security and défense applications 2009 (pp. 1-6). IEEE.
[Crossref] [Google Scholar]
[53]
Shaikh A, Gupta P. Real-time intrusion detection based on residual learning through ResNet algorithm. International Journal of System Assurance Engineering and Management. 2022:1-5.
[Crossref] [Google Scholar]
[54]
Haeser G, Ramos A. Constraint qualifications for Karush–Kuhn–Tucker conditions in multiobjective optimization. Journal of Optimization Theory and Applications. 2020; 187:469-87.
[Crossref] [Google Scholar]