A review of Machine Learning-based zero-day attack detection: Challenges and future directions
Zero-day attacks exploit unknown vulnerabilities so as to avoid being detected by cybersecurity detection tools. The studies (Bilge and Dumitraş, 2012, Google, 0000, Ponemon Sullivan Privacy Report, 2020) show that zero-day attacks are wide spread and are one of the major threats to computer securit...
Saved in:
| Published in | Computer communications Vol. 198; pp. 175 - 185 |
|---|---|
| Main Author | |
| Format | Journal Article |
| Language | English |
| Published |
Elsevier B.V
15.01.2023
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 0140-3664 1873-703X |
| DOI | 10.1016/j.comcom.2022.11.001 |
Cover
| Abstract | Zero-day attacks exploit unknown vulnerabilities so as to avoid being detected by cybersecurity detection tools. The studies (Bilge and Dumitraş, 2012, Google, 0000, Ponemon Sullivan Privacy Report, 2020) show that zero-day attacks are wide spread and are one of the major threats to computer security. The traditional signature-based detection method is not effective in detecting zero-day attacks as the signatures of zero-day attacks are typically not available beforehand. Machine Learning (ML)-based detection method is capable of capturing attacks’ statistical characteristics and is, hence, promising for zero-day attack detection. In this survey paper, a comprehensive review of ML-based zero-day attack detection approaches is conducted, and their ML models, training and testing data sets used, and evaluation results are compared. While significant efforts have been put forth to develop accurate and robust zero-attack detection tools, the existing methods fall short in accuracy, recall, and uniformity against different types of zero-day attacks. Major challenges toward the ML-based methods are identified and future research directions are recommended at last. |
|---|---|
| AbstractList | Zero-day attacks exploit unknown vulnerabilities so as to avoid being detected by cybersecurity detection tools. The studies (Bilge and Dumitraş, 2012, Google, 0000, Ponemon Sullivan Privacy Report, 2020) show that zero-day attacks are wide spread and are one of the major threats to computer security. The traditional signature-based detection method is not effective in detecting zero-day attacks as the signatures of zero-day attacks are typically not available beforehand. Machine Learning (ML)-based detection method is capable of capturing attacks’ statistical characteristics and is, hence, promising for zero-day attack detection. In this survey paper, a comprehensive review of ML-based zero-day attack detection approaches is conducted, and their ML models, training and testing data sets used, and evaluation results are compared. While significant efforts have been put forth to develop accurate and robust zero-attack detection tools, the existing methods fall short in accuracy, recall, and uniformity against different types of zero-day attacks. Major challenges toward the ML-based methods are identified and future research directions are recommended at last. |
| Author | Guo, Yang |
| Author_xml | – sequence: 1 givenname: Yang orcidid: 0000-0002-3245-3069 surname: Guo fullname: Guo, Yang email: yang.guo@nist.gov organization: NIST, Gaithersburg, MD 20899, United States of America |
| BookMark | eNqFkE1LAzEQhoMo2Fb_gYf8gV3zsZu0PQil-AUVLwqeDLPJbJvaZiXZKvXXu2U9eVAYmMs8L_M-Q3IcmoCEXHCWc8bV5Tq3zbabXDAhcs5zxvgRGfCxlplm8uWYDBgvWCaVKk7JMKU1Y6zQWg7I64xG_PD4SZuaPoBd-YB0gRCDD8usgoSOfmFsMgd7Cm0L9o06bNG2vglTOl_BZoNhiYlCcLTetbuI1PnYH6QzclLDJuH5zx6R55vrp_ldtni8vZ_PFpmVpWgz4TgfqxokA-5KVSnUE1dplIVDZpUAV5aW1RO0pSjRqaKqbKGlFjCedAWFHJGiz7WxSSlibd6j30LcG87MwZFZm96ROTgynJvOUYdNf2HWt3D4vI3gN__BVz2MXbFOYTTJegwW-_rGNf7vgG-ocohF |
| CitedBy_id | crossref_primary_10_3390_fi17010025 crossref_primary_10_1016_j_cose_2025_104438 crossref_primary_10_1109_MCE_2023_3283730 crossref_primary_10_1007_s10586_024_04376_9 crossref_primary_10_1111_exsy_13693 crossref_primary_10_1145_3657647 crossref_primary_10_1007_s41870_024_02299_7 crossref_primary_10_1007_s10207_024_00964_3 crossref_primary_10_1109_ACCESS_2024_3437192 crossref_primary_10_1016_j_vehcom_2025_100887 crossref_primary_10_1049_ntw2_12134 crossref_primary_10_1016_j_engappai_2025_110143 crossref_primary_10_4108_eetsis_6111 crossref_primary_10_3390_info15120764 crossref_primary_10_1109_TIFS_2024_3402055 crossref_primary_10_1016_j_comnet_2024_110828 crossref_primary_10_1109_OJCOMS_2024_3481965 crossref_primary_10_1109_ACCESS_2024_3377658 crossref_primary_10_1016_j_cose_2024_103713 crossref_primary_10_1007_s10207_024_00934_9 crossref_primary_10_1007_s42979_024_02704_9 crossref_primary_10_1145_3654443 crossref_primary_10_1016_j_jisa_2024_103716 crossref_primary_10_1007_s13369_024_08742_y crossref_primary_10_1016_j_engappai_2025_110031 crossref_primary_10_36548_jitdw_2023_3_003 crossref_primary_10_1109_ACCESS_2024_3387728 crossref_primary_10_1016_j_eswa_2023_123027 crossref_primary_10_3390_atmos15101250 crossref_primary_10_1016_j_heliyon_2024_e37571 crossref_primary_10_3390_s23062974 crossref_primary_10_3390_fi16070256 crossref_primary_10_1109_TVT_2024_3385916 crossref_primary_10_1109_ACCESS_2024_3462295 crossref_primary_10_1038_s41598_025_87615_2 crossref_primary_10_1016_j_jpdc_2024_105010 crossref_primary_10_3390_fi17020093 crossref_primary_10_1007_s10489_024_05290_8 crossref_primary_10_1007_s40860_024_00238_8 crossref_primary_10_3390_s24113375 crossref_primary_10_1007_s10207_024_00851_x crossref_primary_10_1109_TAES_2024_3418757 crossref_primary_10_32604_cmc_2024_057877 crossref_primary_10_1016_j_cose_2024_103898 crossref_primary_10_1016_j_iswa_2024_200472 crossref_primary_10_1109_TVT_2024_3399219 crossref_primary_10_1145_3687482 crossref_primary_10_1016_j_procs_2024_09_635 crossref_primary_10_7717_peerj_cs_1319 crossref_primary_10_1016_j_cose_2025_104445 crossref_primary_10_1016_j_simpa_2024_100664 crossref_primary_10_56294_dm2024297 crossref_primary_10_1109_TII_2023_3342413 crossref_primary_10_1016_j_iswa_2025_200495 crossref_primary_10_1109_TCE_2023_3335385 crossref_primary_10_32604_cmc_2024_055463 |
| Cites_doi | 10.1002/asmb.537 10.1109/JPROC.2020.3004555 10.1109/COMST.2015.2494502 10.1007/s10489-007-0101-z 10.1016/j.patcog.2017.09.012 10.1016/j.ins.2016.09.041 10.3390/electronics9101684 10.1016/j.ins.2018.04.092 10.3390/app9204396 10.1109/ACCESS.2020.3006143 10.1016/j.icte.2020.03.003 10.1109/TKDE.2009.191 10.1145/3073559 |
| ContentType | Journal Article |
| Copyright | 2022 |
| Copyright_xml | – notice: 2022 |
| DBID | AAYXX CITATION |
| DOI | 10.1016/j.comcom.2022.11.001 |
| DatabaseName | CrossRef |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 1873-703X |
| EndPage | 185 |
| ExternalDocumentID | 10_1016_j_comcom_2022_11_001 S0140366422004248 |
| GroupedDBID | --K --M .DC .~1 0R~ 1B1 1~. 1~5 4.4 457 4G. 5GY 5VS 7-5 71M 77K 8P~ 9JN AABNK AACTN AAEDT AAEDW AAIAV AAIKJ AAKOC AALRI AAOAW AAQFI AAXUO AAYFN ABBOA ABFNM ABMAC ABYKQ ACDAQ ACGFS ACRLP ACZNC ADBBV ADEZE ADTZH AEBSH AECPX AEKER AENEX AFKWA AFTJW AGHFR AGUBO AGYEJ AHHHB AHJVU AHZHX AIALX AIEXJ AIKHN AITUG AJOXV ALMA_UNASSIGNED_HOLDINGS AMFUW AMRAJ AOUOD AXJTR BJAXD BKOJK BLXMC CS3 DU5 EBS EFJIC EFLBG EO8 EO9 EP2 EP3 FDB FIRID FNPLU FYGXN G-Q GBLVA GBOLZ IHE J1W JJJVA KOM LG9 M41 MO0 MS~ N9A O-L O9- OAUVE OZT P-8 P-9 P2P PC. Q38 ROL RPZ RXW SDF SDG SDP SES SPC SPCBC SST SSV SSZ T5K WH7 ZMT ~G- 07C 29F AAQXK AATTM AAXKI AAYWO AAYXX ABJNI ABWVN ABXDB ACNNM ACRPL ACVFH ADCNI ADJOM ADMUD ADNMO AEIPS AEUPX AFJKZ AFPUW AFXIZ AGCQF AGQPQ AGRNS AI. AIGII AIIUN AKBMS AKRWK AKYEP ANKPU APXCP ASPBG AVWKF AZFZN BNPGV CITATION EJD F0J FEDTE FGOYB HLZ HVGLF HZ~ R2- RIG SBC SEW SSH TAE UHS VH1 VOH WUQ XPP ZY4 |
| ID | FETCH-LOGICAL-c352t-2d1186fa30a1d56b6e79db7e34de0c62ad55c0f9ec525ed64bbc47372a8970323 |
| IEDL.DBID | AIKHN |
| ISSN | 0140-3664 |
| IngestDate | Tue Jul 01 02:43:08 EDT 2025 Thu Apr 24 23:09:05 EDT 2025 Fri Feb 23 02:39:57 EST 2024 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Keywords | Attack detection Machine Learning Zero-day attacks |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c352t-2d1186fa30a1d56b6e79db7e34de0c62ad55c0f9ec525ed64bbc47372a8970323 |
| ORCID | 0000-0002-3245-3069 |
| OpenAccessLink | https://www.ncbi.nlm.nih.gov/pmc/articles/9890381 |
| PageCount | 11 |
| ParticipantIDs | crossref_primary_10_1016_j_comcom_2022_11_001 crossref_citationtrail_10_1016_j_comcom_2022_11_001 elsevier_sciencedirect_doi_10_1016_j_comcom_2022_11_001 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2023-01-15 |
| PublicationDateYYYYMMDD | 2023-01-15 |
| PublicationDate_xml | – month: 01 year: 2023 text: 2023-01-15 day: 15 |
| PublicationDecade | 2020 |
| PublicationTitle | Computer communications |
| PublicationYear | 2023 |
| Publisher | Elsevier B.V |
| Publisher_xml | – name: Elsevier B.V |
| References | Zhao, Shetty, Pan (b11) 2017 Zhao, Shetty, Pan, Kamhoua, Kwiat (b12) 2019; 2019 Panigrahi, Borah (b27) 2018; 7 Buczak, Guven (b14) 2016; 18 Wang, Mahadevan (b39) 2011 Sameera, Shashi (b42) 2019 Hu, Chen, Zhu, Liu (b44) 2019 Huda, Miah, Mehedi Hassan, Islam, Yearwood, Alrubaian, Almogren (b9) 2017; 379 Liu, Xu, Xu, Zhang, Sun, Liu (b18) 2020; 8 Reynolds (b31) 2009 Parrend, Navarro, Guigou, Deruyver, Collet (b33) 2018; 2018, Number 1 Abri, Siami-Namini, Khanghah, Soltani, Namin (b32) 2019 Bergstra, Bengio (b28) 2012; 13 Kaggle: Microsoft malware classification challenge (BIG 2015), URL Hindy, Atkinson, Tachtatzis, Colin, Bayne, Bellekens (b5) 2020; 9 Schölkopf, Williamson, Smola, Shawe-Taylor, Platt (b19) 1999 Chen, Lin, Schölkopf (b29) 2005; 21 Hindy, Atkinson, Tachtatzis, Colin, Bayne, Bellekens (b22) 2020 Intrusion detection evaluation dataset (CIC-IDS2017), URL Mirsky, Doitshman, Elovici, Shabtai (b6) 2018 Bilge, Dumitraş (b1) 2012 Kim, Bu, Cho (b10) 2018; 460–461 Khraisat, Gondal, Vamplew, Kamruzzaman (b15) 2019; 2 NSL-KDD Dataset, URL Zhuang, Qi, Duan, Xi, Zhu, Zhu, Xiong, He (b38) 2021; 109 Taghiyarrenani, Fanian, Mahdavi, Mirzaei, Farsi (b40) 2018 Ponemon Sullivan Privacy Report (b3) 2020 Goodfellow, Bengio, Courville (b24) 2016 Wang, Liu, Zhu, Porikli, Yin (b20) 2018; 74 Musca, Mirica, Deaconescu (b43) 2013 Comar, Liu, Saha, Tan, Nucci (b8) 2013 Ye, Li, Adjeroh, Iyengar (b17) 2017; 50 Kumar, Lal, Sharma (b41) 2016 Zhou, Pezaros (b7) 2021 Liu, Lang (b16) 2019; 9 . Google, Project Zero, URL Pan, Yang (b37) 2010; 22 A realistic cyber defense dataset (CSE-CIC-IDS2018), URL Bridges, Oesch, Verma, Iannacone, Huffer, Jewell, Nichols, Weber, Beaver, Smith, Scofield, Miles, Plummer, Daniell, Tall (b4) 2021 Liu, Ting, Zhou (b30) 2008 Gharib, Mohammadi, Hejareh Dastgerdi, Sabokrou (b23) 2019 Hao, Chiang, Lin (b35) 2009; 30 Sameera, Shashi (b13) 2020; 6 Japkowicz, Myers, Gluck (b21) 1995 Huda (10.1016/j.comcom.2022.11.001_b9) 2017; 379 Gharib (10.1016/j.comcom.2022.11.001_b23) 2019 Bilge (10.1016/j.comcom.2022.11.001_b1) 2012 Buczak (10.1016/j.comcom.2022.11.001_b14) 2016; 18 Panigrahi (10.1016/j.comcom.2022.11.001_b27) 2018; 7 Zhao (10.1016/j.comcom.2022.11.001_b11) 2017 Khraisat (10.1016/j.comcom.2022.11.001_b15) 2019; 2 Abri (10.1016/j.comcom.2022.11.001_b32) 2019 Ye (10.1016/j.comcom.2022.11.001_b17) 2017; 50 Mirsky (10.1016/j.comcom.2022.11.001_b6) 2018 Reynolds (10.1016/j.comcom.2022.11.001_b31) 2009 Goodfellow (10.1016/j.comcom.2022.11.001_b24) 2016 Pan (10.1016/j.comcom.2022.11.001_b37) 2010; 22 Hu (10.1016/j.comcom.2022.11.001_b44) 2019 Hindy (10.1016/j.comcom.2022.11.001_b22) 2020 10.1016/j.comcom.2022.11.001_b34 10.1016/j.comcom.2022.11.001_b36 Kim (10.1016/j.comcom.2022.11.001_b10) 2018; 460–461 Chen (10.1016/j.comcom.2022.11.001_b29) 2005; 21 Taghiyarrenani (10.1016/j.comcom.2022.11.001_b40) 2018 Zhou (10.1016/j.comcom.2022.11.001_b7) 2021 Parrend (10.1016/j.comcom.2022.11.001_b33) 2018; 2018, Number 1 Hao (10.1016/j.comcom.2022.11.001_b35) 2009; 30 Kumar (10.1016/j.comcom.2022.11.001_b41) 2016 Ponemon Sullivan Privacy Report (10.1016/j.comcom.2022.11.001_b3) 2020 Liu (10.1016/j.comcom.2022.11.001_b16) 2019; 9 Zhuang (10.1016/j.comcom.2022.11.001_b38) 2021; 109 10.1016/j.comcom.2022.11.001_b2 Comar (10.1016/j.comcom.2022.11.001_b8) 2013 Sameera (10.1016/j.comcom.2022.11.001_b13) 2020; 6 Schölkopf (10.1016/j.comcom.2022.11.001_b19) 1999 Wang (10.1016/j.comcom.2022.11.001_b20) 2018; 74 Zhao (10.1016/j.comcom.2022.11.001_b12) 2019; 2019 Liu (10.1016/j.comcom.2022.11.001_b30) 2008 Bergstra (10.1016/j.comcom.2022.11.001_b28) 2012; 13 Sameera (10.1016/j.comcom.2022.11.001_b42) 2019 Bridges (10.1016/j.comcom.2022.11.001_b4) 2021 Musca (10.1016/j.comcom.2022.11.001_b43) 2013 Hindy (10.1016/j.comcom.2022.11.001_b5) 2020; 9 Liu (10.1016/j.comcom.2022.11.001_b18) 2020; 8 10.1016/j.comcom.2022.11.001_b25 Japkowicz (10.1016/j.comcom.2022.11.001_b21) 1995 10.1016/j.comcom.2022.11.001_b26 Wang (10.1016/j.comcom.2022.11.001_b39) 2011 |
| References_xml | – start-page: 582 year: 1999 end-page: 588 ident: b19 article-title: Support vector method for novelty detection publication-title: Proceedings of the 12th International Conference on Neural Information Processing Systems – volume: 13 year: 2012 ident: b28 article-title: Random search for hyper-parameter optimization publication-title: J. Mach. Learn. Res. – start-page: 17 year: 2017 end-page: 22 ident: b11 article-title: Feature-based transfer learning for network security publication-title: MILCOM 2017 - 2017 IEEE Military Communications Conference – volume: 30 start-page: 98 year: 2009 end-page: 111 ident: b35 article-title: A new maximal-margin spherical-structured multi-class support vector machine publication-title: Appl. Intell. – year: 1995 ident: b21 article-title: A novelty detection approach to classification publication-title: IJCAI – reference: Intrusion detection evaluation dataset (CIC-IDS2017), URL – year: 2021 ident: b7 article-title: Evaluation of machine learning classifiers for zero-day intrusion detection – an analysis on CIC-aws-2018 dataset – year: 2019 ident: b42 article-title: Transfer learning based prototype for zero-day attack detection publication-title: IJCAI – reference: NSL-KDD Dataset, URL – volume: 21 start-page: 111 year: 2005 end-page: 136 ident: b29 article-title: A tutorial on publication-title: Appl. Stoch. Models Bus. Ind. – volume: 9 year: 2020 ident: b5 article-title: Utilising deep learning techniques for effective zero-day attack detection publication-title: Electronics – volume: 8 start-page: 124579 year: 2020 end-page: 124607 ident: b18 article-title: A review of android malware detection approaches based on machine learning publication-title: IEEE Access – volume: 2 year: 2019 ident: b15 article-title: Survey of intrusion detection systems: techniques, datasets and challenges publication-title: Cybersecur – year: 2016 ident: b24 article-title: Deep Learning – year: 2020 ident: b3 article-title: The economic value of prevention in the cybersecurity lifecycle – reference: A realistic cyber defense dataset (CSE-CIC-IDS2018), URL – start-page: 92 year: 2018 end-page: 97 ident: b40 article-title: Transfer learning based intrusion detection publication-title: 2018 8th International Conference on Computer and Knowledge Engineering – start-page: 3252 year: 2019 end-page: 3259 ident: b32 article-title: Can machine/deep learning classifiers detect zero-day malware with high accuracy? publication-title: 2019 IEEE International Conference on Big Data (Big Data) – volume: 2018, Number 1 year: 2018 ident: b33 article-title: Foundations and applications of artificial intelligence for zero-day and multi-step attack detection publication-title: EURASIP J. Inf. Secur. – volume: 74 start-page: 198 year: 2018 end-page: 211 ident: b20 article-title: Hyperparameter selection of one-class support vector machine by self-adaptive data shifting publication-title: Pattern Recognit. – volume: 109 start-page: 43 year: 2021 end-page: 76 ident: b38 article-title: A comprehensive survey on transfer learning publication-title: Proc. IEEE – start-page: 1541 year: 2011 end-page: 1546 ident: b39 article-title: Heterogeneous domain adaptation using manifold alignment publication-title: Proceedings of the Twenty-Second International Joint Conference on Artificial Intelligence - Volume Volume Two – volume: 50 year: 2017 ident: b17 article-title: A survey on malware detection using data mining techniques publication-title: ACM Comput. Surv. – year: 2018 ident: b6 article-title: Kitsune: An ensemble of autoencoders for online network intrusion detection publication-title: NDSS – volume: 6 start-page: 361 year: 2020 end-page: 367 ident: b13 article-title: Deep transductive transfer learning framework for zero-day attack detection publication-title: ICT Express – reference: . – start-page: 2022 year: 2013 end-page: 2030 ident: b8 article-title: Combining supervised and unsupervised learning for zero-day malware detection publication-title: 2013 Proceedings IEEE INFOCOM – volume: 379 start-page: 211 year: 2017 end-page: 228 ident: b9 article-title: Defending unknown attacks on cyber-physical systems by semi-supervised approach and available unlabeled data publication-title: Inform. Sci. – year: 2020 ident: b22 article-title: Towards an effective zero-day attack detection using outlier-based deep learning techniques – start-page: 833 year: 2012 end-page: 844 ident: b1 article-title: Before we knew it: An empirical study of zero-day attacks in the real world publication-title: Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS ’12) – volume: 9 year: 2019 ident: b16 article-title: Machine learning and deep learning methods for intrusion detection systems: A survey publication-title: Appl. Sci. – year: 2021 ident: b4 article-title: Beyond the hype: A real-world evaluation of the impact and cost of machine learning-based malware detection – volume: 7 start-page: 479 year: 2018 end-page: 482 ident: b27 article-title: A detailed analysis of CICIDS2017 dataset for designing Intrusion Detection Systems publication-title: Int. J. Eng. Technol. – start-page: 54 year: 2019 end-page: 93 ident: b44 article-title: Reinforcement learning for adaptive cyber defense against zero-day attacks publication-title: Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Control- and Game-Theoretic Approaches To Cyber Security – volume: 460–461 start-page: 83 year: 2018 end-page: 102 ident: b10 article-title: Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders publication-title: Inform. Sci. – reference: Kaggle: Microsoft malware classification challenge (BIG 2015), URL – year: 2019 ident: b23 article-title: AutoIDS: Auto-encoder Based Method for Intrusion Detection System – reference: . Google, Project Zero, URL – volume: 22 start-page: 1345 year: 2010 end-page: 1359 ident: b37 article-title: A survey on transfer learning publication-title: IEEE Trans. Knowl. Data Eng. – start-page: 309 year: 2016 end-page: 316 ident: b41 article-title: Detecting denial of service attacks in the cloud publication-title: 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech) – start-page: 659 year: 2009 end-page: 663 ident: b31 article-title: Gaussian mixture models publication-title: Encyclopedia of Biometrics – volume: 2019 year: 2019 ident: b12 article-title: Transfer learning for detecting unknown network attacks publication-title: EURASIP J. Inf. Secur. – volume: 18 start-page: 1153 year: 2016 end-page: 1176 ident: b14 article-title: A survey of data mining and machine learning methods for cyber security intrusion detection publication-title: IEEE Commun. Surv. Tutor. – start-page: 413 year: 2008 end-page: 422 ident: b30 article-title: Isolation forest publication-title: 2008 Eighth IEEE International Conference on Data Mining – start-page: 543 year: 2013 end-page: 548 ident: b43 article-title: Detecting and analyzing zero-day attacks using honeypots publication-title: Proceedings of the 2013 19th International Conference on Control Systems and Computer Science – start-page: 309 year: 2016 ident: 10.1016/j.comcom.2022.11.001_b41 article-title: Detecting denial of service attacks in the cloud – year: 2021 ident: 10.1016/j.comcom.2022.11.001_b7 – year: 2021 ident: 10.1016/j.comcom.2022.11.001_b4 – volume: 21 start-page: 111 issue: 2 year: 2005 ident: 10.1016/j.comcom.2022.11.001_b29 article-title: A tutorial on ν-support vector machines publication-title: Appl. Stoch. Models Bus. Ind. doi: 10.1002/asmb.537 – volume: 109 start-page: 43 issue: 1 year: 2021 ident: 10.1016/j.comcom.2022.11.001_b38 article-title: A comprehensive survey on transfer learning publication-title: Proc. IEEE doi: 10.1109/JPROC.2020.3004555 – volume: 18 start-page: 1153 issue: 2 year: 2016 ident: 10.1016/j.comcom.2022.11.001_b14 article-title: A survey of data mining and machine learning methods for cyber security intrusion detection publication-title: IEEE Commun. Surv. Tutor. doi: 10.1109/COMST.2015.2494502 – start-page: 543 year: 2013 ident: 10.1016/j.comcom.2022.11.001_b43 article-title: Detecting and analyzing zero-day attacks using honeypots – year: 1995 ident: 10.1016/j.comcom.2022.11.001_b21 article-title: A novelty detection approach to classification – start-page: 582 year: 1999 ident: 10.1016/j.comcom.2022.11.001_b19 article-title: Support vector method for novelty detection – start-page: 3252 year: 2019 ident: 10.1016/j.comcom.2022.11.001_b32 article-title: Can machine/deep learning classifiers detect zero-day malware with high accuracy? – volume: 30 start-page: 98 year: 2009 ident: 10.1016/j.comcom.2022.11.001_b35 article-title: A new maximal-margin spherical-structured multi-class support vector machine publication-title: Appl. Intell. doi: 10.1007/s10489-007-0101-z – volume: 2019 year: 2019 ident: 10.1016/j.comcom.2022.11.001_b12 article-title: Transfer learning for detecting unknown network attacks publication-title: EURASIP J. Inf. Secur. – volume: 74 start-page: 198 year: 2018 ident: 10.1016/j.comcom.2022.11.001_b20 article-title: Hyperparameter selection of one-class support vector machine by self-adaptive data shifting publication-title: Pattern Recognit. doi: 10.1016/j.patcog.2017.09.012 – ident: 10.1016/j.comcom.2022.11.001_b26 – year: 2020 ident: 10.1016/j.comcom.2022.11.001_b22 – year: 2016 ident: 10.1016/j.comcom.2022.11.001_b24 – start-page: 54 year: 2019 ident: 10.1016/j.comcom.2022.11.001_b44 article-title: Reinforcement learning for adaptive cyber defense against zero-day attacks – ident: 10.1016/j.comcom.2022.11.001_b34 – volume: 7 start-page: 479 issue: 3.24 year: 2018 ident: 10.1016/j.comcom.2022.11.001_b27 article-title: A detailed analysis of CICIDS2017 dataset for designing Intrusion Detection Systems publication-title: Int. J. Eng. Technol. – year: 2019 ident: 10.1016/j.comcom.2022.11.001_b23 – start-page: 659 year: 2009 ident: 10.1016/j.comcom.2022.11.001_b31 article-title: Gaussian mixture models – ident: 10.1016/j.comcom.2022.11.001_b36 – start-page: 92 year: 2018 ident: 10.1016/j.comcom.2022.11.001_b40 article-title: Transfer learning based intrusion detection – volume: 379 start-page: 211 year: 2017 ident: 10.1016/j.comcom.2022.11.001_b9 article-title: Defending unknown attacks on cyber-physical systems by semi-supervised approach and available unlabeled data publication-title: Inform. Sci. doi: 10.1016/j.ins.2016.09.041 – year: 2020 ident: 10.1016/j.comcom.2022.11.001_b3 article-title: The economic value of prevention in the cybersecurity lifecycle – volume: 2 year: 2019 ident: 10.1016/j.comcom.2022.11.001_b15 article-title: Survey of intrusion detection systems: techniques, datasets and challenges – start-page: 1541 year: 2011 ident: 10.1016/j.comcom.2022.11.001_b39 article-title: Heterogeneous domain adaptation using manifold alignment – volume: 9 issue: 10 year: 2020 ident: 10.1016/j.comcom.2022.11.001_b5 article-title: Utilising deep learning techniques for effective zero-day attack detection publication-title: Electronics doi: 10.3390/electronics9101684 – start-page: 2022 year: 2013 ident: 10.1016/j.comcom.2022.11.001_b8 article-title: Combining supervised and unsupervised learning for zero-day malware detection – year: 2019 ident: 10.1016/j.comcom.2022.11.001_b42 article-title: Transfer learning based prototype for zero-day attack detection – volume: 460–461 start-page: 83 year: 2018 ident: 10.1016/j.comcom.2022.11.001_b10 article-title: Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders publication-title: Inform. Sci. doi: 10.1016/j.ins.2018.04.092 – volume: 9 issue: 20 year: 2019 ident: 10.1016/j.comcom.2022.11.001_b16 article-title: Machine learning and deep learning methods for intrusion detection systems: A survey publication-title: Appl. Sci. doi: 10.3390/app9204396 – start-page: 413 year: 2008 ident: 10.1016/j.comcom.2022.11.001_b30 article-title: Isolation forest – volume: 8 start-page: 124579 year: 2020 ident: 10.1016/j.comcom.2022.11.001_b18 article-title: A review of android malware detection approaches based on machine learning publication-title: IEEE Access doi: 10.1109/ACCESS.2020.3006143 – ident: 10.1016/j.comcom.2022.11.001_b2 – volume: 13 issue: 2 year: 2012 ident: 10.1016/j.comcom.2022.11.001_b28 article-title: Random search for hyper-parameter optimization publication-title: J. Mach. Learn. Res. – start-page: 17 year: 2017 ident: 10.1016/j.comcom.2022.11.001_b11 article-title: Feature-based transfer learning for network security – volume: 6 start-page: 361 issue: 4 year: 2020 ident: 10.1016/j.comcom.2022.11.001_b13 article-title: Deep transductive transfer learning framework for zero-day attack detection publication-title: ICT Express doi: 10.1016/j.icte.2020.03.003 – volume: 22 start-page: 1345 issue: 10 year: 2010 ident: 10.1016/j.comcom.2022.11.001_b37 article-title: A survey on transfer learning publication-title: IEEE Trans. Knowl. Data Eng. doi: 10.1109/TKDE.2009.191 – year: 2018 ident: 10.1016/j.comcom.2022.11.001_b6 article-title: Kitsune: An ensemble of autoencoders for online network intrusion detection publication-title: NDSS – volume: 2018, Number 1 year: 2018 ident: 10.1016/j.comcom.2022.11.001_b33 article-title: Foundations and applications of artificial intelligence for zero-day and multi-step attack detection publication-title: EURASIP J. Inf. Secur. – ident: 10.1016/j.comcom.2022.11.001_b25 – start-page: 833 year: 2012 ident: 10.1016/j.comcom.2022.11.001_b1 article-title: Before we knew it: An empirical study of zero-day attacks in the real world – volume: 50 issue: 3 year: 2017 ident: 10.1016/j.comcom.2022.11.001_b17 article-title: A survey on malware detection using data mining techniques publication-title: ACM Comput. Surv. doi: 10.1145/3073559 |
| SSID | ssj0004773 |
| Score | 2.63582 |
| SecondaryResourceType | review_article |
| Snippet | Zero-day attacks exploit unknown vulnerabilities so as to avoid being detected by cybersecurity detection tools. The studies (Bilge and Dumitraş, 2012, Google,... |
| SourceID | crossref elsevier |
| SourceType | Enrichment Source Index Database Publisher |
| StartPage | 175 |
| SubjectTerms | Attack detection Machine Learning Zero-day attacks |
| Title | A review of Machine Learning-based zero-day attack detection: Challenges and future directions |
| URI | https://dx.doi.org/10.1016/j.comcom.2022.11.001 |
| Volume | 198 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV07T8MwED71scCAeIryqDywuk2c2EnYqgpUQO1EpU5EfgUVUFqVMMDAb8dOHChCAok1ykXR5fzdOf7uO4AzkkWZpIJjFiccW8AzS4oEmGoeaU9Jobk90R1P2GgaXs_orAHDuhfG0iod9leYXqK1u9J33uwv5_N-SUsKmKmfSXl-FzehTUy2j1vQHlzdjCZf7ZFRddBsmYzWoO6gK2le5vGWNkJMLutZOU83HeZHhlrLOpfbsOXKRTSo3mgHGjrfhc01EcE9uBugqv8ELTI0LrmRGjnZ1Htss5RCb3q1wIq_Il4UXD4ipYuSgpWfo2E9TeUZ8VyhSmMEVV6xIbkP08uL2-EIu6kJWJpiqsBEmT0Dy3jgcV9RJpiOEquhHIRKe5IRriiVXpZoSQnVioVCyNAOq-FxYpY_CQ6glS9yfQjI5ySiipuiSJMwEEIkkU_jWIvMAIH0WAeC2lOpdJLidrLFU1pzxx7Syr-p9a_ZbVgKXQfwp9WyktT44_6o_gjpt9BIDer_ann0b8tj2LBz5e2_Fp-eQKtYvehTU30UogvN3rvfdTH2AXK32g0 |
| linkProvider | Elsevier |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV07T8MwED5BGYAB8RRvPLCapk7sJGxVRVWg7VQkJiK_gngoRRAG-PX4EgeKkEBijXJRdDnfnePvvg_gmOVxrrmSVCSppJjw3JJiIeVWxjYwWlmJJ7qjsRhcRRfX_HoOes0sDMIqfe6vc3qVrf2Vtvdm--nurl3BkkLh-mdWnd8l87AQoah1Cxa655eD8dd4ZFwfNCOSEQ2aCboK5uUej7AR5mrZCdJ5enWYHxVqpur0V2HFt4ukW7_RGszZYh2WZ0gEN-CmS-r5EzLNyajCRlriaVNvKVYpQ97t85Qa-UZkWUr9QIwtKwhWcUp6jZrKC5GFITXHCKm9giG5CVf9s0lvQL1qAtWumSopM27PIHIZBrJjuFDCxilyKIeRsYEWTBrOdZCnVnPGrRGRUjpCsRqZpG75s3ALWsW0sNtAOpLF3EjXFFkWhUqpNO7wJLEqd4lAB2IHwsZTmfaU4qhs8Zg12LH7rPZvhv51uw2E0O0A_bR6qik1_rg_bj5C9i00Mpf1f7Xc_bflESwOJqNhNjwfX-7BEmrM43-XDt-HVvn8ag9cJ1KqQx9pH5mM2_M |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+review+of+Machine+Learning-based+zero-day+attack+detection%3A+Challenges+and+future+directions&rft.jtitle=Computer+communications&rft.au=Guo%2C+Yang&rft.date=2023-01-15&rft.pub=Elsevier+B.V&rft.issn=0140-3664&rft.eissn=1873-703X&rft.volume=198&rft.spage=175&rft.epage=185&rft_id=info:doi/10.1016%2Fj.comcom.2022.11.001&rft.externalDocID=S0140366422004248 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0140-3664&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0140-3664&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0140-3664&client=summon |