Zero-Day Threats Detection for Critical Infrastructures

TL;DR

This paper presents a fuzzy logic-based computational framework utilizing ensemble machine learning models, especially RF and XGB, to improve zero-day attack detection in critical infrastructures, outperforming previous IDS methods.

Contribution

It introduces a novel feature selection method with fuzzification and demonstrates the effectiveness of ensemble ML models for zero-day threat detection in critical systems.

Findings

Fuzzy logic enhances feature selection for intrusion detection.

Ensemble models like RF and XGB outperform other algorithms.

The proposed framework surpasses existing IDS methods in accuracy.

Abstract

Technological advancements in various industries, such as network intelligence, vehicle networks, e-commerce, the Internet of Things (IoT), ubiquitous computing, and cloud-based applications, have led to an exponential increase in the volume of information flowing through critical systems. As a result, protecting critical infrastructures from intrusions and security threats have become a paramount concern in the field of intrusion detection systems (IDS). To address this concern, this research paper focuses on the importance of defending critical infrastructures against intrusions and security threats. It proposes a computational framework that incorporates feature selection through fuzzification. The effectiveness and performance of the proposed framework is evaluated using the NSL-KDD and UGRansome datasets in combination with selected machine learning (ML) models. The findings of the study highlight the effectiveness of fuzzy logic and the use of ensemble learning to enhance the performance of ML models. The research identifies Random Forest (RF) and Extreme Gradient Boosting (XGB) as the top performing algorithms to detect zero-day attacks. The results obtained from the implemented computational framework outperform previous methods documented in the IDS literature, reaffirming the significance of safeguarding critical infrastructures from intrusions and security threats.