Enhancing anomaly-based zero-day attack detection framework using CNN-driven feature extraction and OC-SVM
摘要
Zero-day attacks exploit previously unknown vulnerabilities, posing a significant challenge for traditional Intrusion Detection Systems (IDS) that depend on known attack signatures. Detecting such threats requires models capable of identifying anomalous patterns in network traffic without prior knowledge. This study proposes a hybrid semi-supervised CNN + OC-SVM framework that integrates convolutional neural network (CNN)-based feature extraction with a One-Class Support Vector Machine (OC-SVM) for effective zero-day attack detection. A structured preprocessing pipeline, including feature selection, categorical encoding, and normalization, is employed to enhance data representation and discrimination capability. The proposed model is evaluated on two benchmark datasets, NSL-KDD and CIC-IDS2017, and compared with established unsupervised methods, including Isolation Forest, K-means, and DBSCAN, both with and without CNN-based feature extraction. Experimental results demonstrate that the CNN + OC-SVM model achieves an accuracy of 98.41% on NSL-KDD and 99.31% on CIC-IDS2017, outperforming baseline approaches. The model also attains precision, recall, and F1-score values exceeding 98%, indicating strong classification reliability across both attack and normal classes. These findings highlight the effectiveness of combining deep feature extraction with anomaly-based learning to improve detection accuracy and robustness against previously unseen cyber threats.