A Survey of Unsupervised Learning Algorithms for Zero-Day Attacks in Intrusion Detection Systems.

Abstract

Intrusion detection systems (IDS) are systems that are used to monitor networks for malicious events, abnormal activities, and policy violations. They are systems that are capable of detecting and classifying network attacks based on behaviors or signatures of previously known attacks based on markers. However, since network attacks are constantly evolving and it is almost impossible to infuse all possible combinations and signatures of the attacks, the effectiveness of Machine Learning based IDS is often challenged and called into play as a result of novel attacks generated, known as Zero-day attacks. This has facilitated the need to have intelligent-based IDS that could detect anomalies without relying on a detailed signature repository. In this paper, we present a literature-based survey of popular deep learning algorithms and evaluated their capabilities, strengths, limitations, and resource requirements for detecting anomalies and Zero-Day attacks. Based on our evaluation, we propose Long Short-Term (LSTM) networks and Autoencoder networks as the best algorithms for further analysis in intrusion detection.