ResNet50-based deep convolutional neural network for zero-day attack prediction and detection
Swathy Akshaya 1 and Padmavathi. G2
Professor, Department of Computer Science,Avinashilingam Institute for Home Science and Higher Education for Women, Coimbatore,Tamil Nadu,India2
Corresponding Author : Swathy Akshaya
Recieved : 13-Jan-2024; Revised : 24-Feb-2025; Accepted : 09-Mar-2025
Abstract
A zero-day attack (ZDA) is a cyberattack that targets networks and systems by exploiting previously unknown security vulnerabilities. Software vendors have zero days to identify, address, and patch newly discovered threats, hence the term "zero-day." In cybersecurity, effectively detecting and mitigating malicious nodes is crucial, particularly against zero-day malware. Traditional antivirus systems, which rely on stored malware signatures, struggle to detect ZDAs, making them vulnerable to advanced malware specifically designed to evade detection. To address this challenge, a novel approach called deep convolutional n-zero-day adversarial safety network (DC-nZDASN) has been proposed. This method trains a model to distinguish between real and synthetic malware samples by generating artificial malware data. The synthetic data introduces new characteristics that contrast with the original dataset, enhancing the model’s detection capability. The proposed approach incorporates multiple malware features and utilizes real-world and network traffic datasets for model development. During preprocessing, the standard scaler is applied, and decision tree regression (DTR) is used, while feature selection is performed using random forest (RF) in combination with logistic regression (LR). The model is trained and tested using residual network (ResNet50), long short-term memory (LSTM), and convolutional neural network (CNN). For classification, various machine learning (ML) algorithms, such as decision tree (DT), LR, support vector machine (SVM), gaussian naïve bayes (GNB), and stacking ensemble classification (SEC), are employed. The proposed DC-nZDASN model achieves a classification accuracy of 95.09%, demonstrating a significant advancement in malware detection, particularly for zero-day threats. By leveraging generated synthetic malware samples, the model enhances its ability to detect novel threats, outperforming traditional methods. The integration of preprocessing techniques, feature selection, and a diverse set of ML algorithms further improves the model’s overall effectiveness.
Keywords
Zero-day attack, Deep convolutional neural network (DCNN), Resnet50, Malware detection, Transfer learning, Machine learning.
References
[1] Das N, Sarkar T. Survey on host and network based intrusion detection system. International Journal of Advanced Networking and Applications. 2014; 6(2):2266- 9.
[2] Ahmed M, Mahmood AN, Hu J. A survey of network anomaly detection techniques. Journal of Network and Computer Applications. 2016; 60:19-31.
[3] Ahmad R, Alsmadi I, Alhamdani W, Tawalbeh LA. Zero-day attack detection: a systematic literature review. Artificial Intelligence Review. 2023; 56(10):10733-811.
[4] Bou-harb E, Debbabi M, Assi C. Cyber scanning: a comprehensive survey. IEEE Communications Surveys & Tutorials. 2013; 16(3):1496-519.
[5] Soltani M, Ousat B, Siavoshani MJ, Jahangir AH. An adaptable deep learning-based intrusion detection system to zero-day attacks. Journal of Information Security and Applications. 2023; 76:103516.
[6] Khraisat A, Gondal I, Vamplew P, Kamruzzaman J. Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity. 2019; 2(1):1-22.
[7] Kumar GS, Kumar RK, Kumar KP, Sai NR, Brahmaiah M. Deep residual convolutional neural network: an efficient technique for intrusion detection system. Expert Systems with Applications. 2024; 238:121912.
[8] Hubballi N, Suryanarayanan V. False alarm minimization techniques in signature-based intrusion detection systems: a survey. Computer Communications. 2014; 49:1-7.
[9] Ibrahim HB, Aslan HK, Elsayed MS, Jurcut AD, Azer MA. Anomaly detection of zero-day attacks based on CNN and regularization techniques. Electronics. 2023; 12(3):1-18.
[10] Bhuyan MH, Bhattacharyya DK, Kalita JK. Network anomaly detection: methods, systems and tools. IEEE Communications Surveys & Tutorials. 2013; 16(1):303-36.
[11] Verma P, Bharot N, Breslin JG, O’shea D, Vidyarthi A, Gupta D. Zero-day guardian: a dual model enabled federated learning framework for handling zero-day attacks in 5G enabled IIoT. IEEE Transactions on Consumer Electronics. 2023; 70(21):3856-66.
[12] Peppes N, Alexakis T, Adamopoulou E, Demestichas K. The effectiveness of zero-day attacks data samples generated via GANs on deep learning classifiers. Sensors. 2023; 23(2):1-21.
[13] Creech G, Hu J. A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Transactions on Computers. 2013; 63(4):807-19.
[14] Mukkamala S, Janoski G, Sung A. Intrusion detection using neural networks and support vector machines. In proceedings of the international joint conference on neural networks 2002 (pp. 1702-7). IEEE.
[15] Bajaj K, Arora A. Dimension reduction in intrusion detection features using discriminative machine learning approach. International Journal of Computer Science Issues. 2013; 10(4):324-8.
[16] Lecun Y, Bengio Y, Hinton G. Deep learning. Nature. 2015; 521(7553):436-44.
[17] Farahnakian F, Heikkonen J. A deep auto-encoder based approach for intrusion detection system. In 20th international conference on advanced communication technology 2018 (pp. 178-83). IEEE.
[18] Hnamte V, Nhung-nguyen H, Hussain J, Hwa-kim Y. A novel two-stage deep learning model for network intrusion detection: LSTM-AE. IEEE Access. 2023; 11:37131-48.
[19] Nagasundari S, Honnavali PB. SQL injection attack detection using ResNet. In 10th international conference on computing, communication and networking technologies 2019 (pp. 1-7). IEEE.
[20] Shun J, Malki HA. Network intrusion detection system using neural networks. In fourth international conference on natural computation 2008 (pp. 242-6). IEEE.
[21] Alshehri A, Badr MM, Baza M, Alshahrani H. Deep anomaly detection framework utilizing federated learning for electricity theft zero-day cyberattacks. Sensors. 2024; 24(10):1-19.
[22] Sakthimurugan S, Kumaar S, Vignesh V, Santhi P. Assessment of zero-day vulnerability using machine learning approach. EAI Endorsed Transactions on Internet of Things. 2024; 10:1-6.
[23] Aburomman AA, Reaz MB. A novel SVM-kNN-PSO ensemble method for intrusion detection system. Applied Soft Computing. 2016; 38:360-72.
[24] Alazab A, Khresiat A. New strategy for mitigating of SQL injection attack. International Journal of Computer Applications. 2016; 154(11):1-10.
[25] Ji SY, Jeong BK, Choi S, Jeong DH. A multi-level intrusion detection method for abnormal network behaviors. Journal of Network and Computer Applications. 2016; 62:9-17.
[26] Butun I, Morgera SD, Sankar R. A survey of intrusion detection systems in wireless sensor networks. IEEE Communications Surveys & Tutorials. 2013; 16(1):266-82.
[27] Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security. 2012; 31(3):357-74.
[28] Skaruz J, Seredynski F. Recurrent neural networks towards detection of SQL attacks. In international parallel and distributed processing symposium 2007 (pp. 1-8). IEEE.
[29] Elsherif A. Automatic intrusion detection system using deep recurrent neural network paradigm. Journal of Information Security and Cybercrimes Research. 2018; 1(1):21-31.
[30] Osa E, Orukpe PE, Iruansi U. Design and implementation of a deep neural network approach for intrusion detection systems. e-Prime-Advances in Electrical Engineering, Electronics and Energy. 2024; 7:1-6.
[31] Idhammad M, Afdel K, Belouch M. Semi-supervised machine learning approach for DDoS detection. Applied Intelligence. 2018; 48:3193-208.
[32] Lin WC, Ke SW, Tsai CF. CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowledge-Based Systems. 2015; 78:13-21.
[33] Staudemeyer RC. Applying long short-term memory recurrent neural networks to intrusion detection. South African Computer Journal. 2015; 56(1):136-54.
[34] Sarhan M, Layeghy S, Gallagher M, Portmann M. From zero-shot machine learning to zero-day attack detection. International Journal of Information Security. 2023; 22(4):947-59.
[35] Jose J, Jose DV. AS-CL IDS: anomaly and signature-based CNN-LSTM intrusion detection system for internet of things. International Journal of Advanced Technology and Engineering Exploration. 2023; 10(109):1-18.
[36] Alazab A, Abawajy J, Hobbs M, Layton R, Khraisat A. Crime toolkits: the productisation of cybercrime. In 12th international conference on trust, security and privacy in computing and communications 2013 (pp. 1626-32). IEEE.
[37] Pascanu R, Stokes JW, Sanossian H, Marinescu M, Thomas A. Malware classification with recurrent networks. In international conference on acoustics, speech and signal processing 2015 (pp. 1916-20). IEEE.
[38] Arun A, Nair AS, Sreedevi AG. Zero day attack detection and simulation through deep learning techniques. In 4th international conference on cloud computing, data science & engineering (confluence) 2024 (pp. 852-7). IEEE
[39] Oluwadare S, Elsayed Z. A survey of unsupervised learning algorithms for zero-day attacks in intrusion detection systems. In the international FLAIRS conference proceedings 2023 (pp. 1-3). FLAIRS.
[40] Aljawarneh SA. Emerging challenges, security issues, and technologies in online banking systems. In online banking security measures and data protection 2017 (pp. 90-112). IGI Global.
[41] Demirel DY, Sandikkaya MT. Web based anomaly detection using zero-shot learning with CNN. IEEE Access. 2023; 11:91511-25.
[42] Bai S, Kolter JZ, Koltun V. Convolutional sequence modeling revisited. ICLR Workshop. 2018 (pp. 1-20).
[43] Roy SS, Mallik A, Gulati R, Obaidat MS, Krishna PV. A deep learning based artificial neural network approach for intrusion detection. In mathematics and computing: third international conference, ICMC 2017 (pp. 44-53). Springer Singapore.
[44] Habibi O, Chemmakha M, Lazaar M. Performance evaluation of CNN and pre-trained models for malware classification. Arabian Journal for Science and Engineering. 2023; 48(8):10355-69.
[45] Hindy H, Atkinson R, Tachtatzis C, Colin JN, Bayne E, Bellekens X. Utilising deep learning techniques for effective zero-day attack detection. Electronics. 2020; 9(10):1-16.
[46] Yin C, Zhu Y, Fei J, He X. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access. 2017; 5:21954-61.
[47] Swathy AM, Padmavathi G. Zero-day attack path identification using probabilistic and graph approach based back propagation neural network in cloud. Mathematical Statistician and Engineering Applications. 2022; 71(3s2):1091-106.
[48] Dhanya KA, Vajipayajula S, Srinivasan K, Tibrewal A, Kumar TS, Kumar TG. Detection of network attacks using machine learning and deep learning models. Procedia Computer Science. 2023; 218:57-66.
[49] Akshaya S, Padmavathi G. Enhancing zero-day attack prediction a hybrid game theory approach with neural networks. International Journal of Intelligent Systems and Applications in Engineering. 2024; 12:643-63.
[50] https://www.kaggle.com/datasets/kaggleprollc/nsl-kdd99-dataset/data. Accessed 20 February 2025.
[51] https://www.kaggle.com/code/mkashifn/celosia-zero-day-attack-detection-demo/input. Accessed 20 February 2025.
[52] Tavallaee M, Bagheri E, Lu W, Ghorbani AA. A detailed analysis of the KDD CUP 99 data set. In symposium on computational intelligence for security and défense applications 2009 (pp. 1-6). IEEE.
[53] Shaikh A, Gupta P. Real-time intrusion detection based on residual learning through ResNet algorithm. International Journal of System Assurance Engineering and Management. 2022:1-5.
[54] Haeser G, Ramos A. Constraint qualifications for Karush–Kuhn–Tucker conditions in multiobjective optimization. Journal of Optimization Theory and Applications. 2020; 187:469-87.