# IM-ZDD: A Feature-Enhanced Inverse Mapping Framework for Zero-Day Attack Detection in Internet of Vehicles

**Authors:** Tao Chen, Gongyu Zhang, Bingfeng Xu

PMC · DOI: 10.3390/s25196197 · 2025-10-06

## TL;DR

This paper introduces IM-ZDD, a new framework for detecting zero-day attacks in the Internet of Vehicles by using synthetic data and inverse mapping to improve accuracy and reduce false alarms.

## Contribution

The novel two-stage framework IM-ZDD uses a feature-enhanced inverse mapping approach with a CGAN and adversarial training to detect zero-day attacks in data-scarce environments.

## Key findings

- IM-ZDD achieves an average AUC of 98.25% and F1-Score of 96.41% on the F2MD platform.
- The framework outperforms existing methods by up to 4.4 and 10.8 percentage points in accuracy.
- IM-ZDD has a median detection latency of 3 ms, meeting real-time requirements for IoV.

## Abstract

In the Internet of Vehicles (IoV), zero-day attacks pose a significant security threat. These attacks are characterized by unknown patterns and limited sample availability. Traditional anomaly detection methods often fail because they rely on oversimplified assumptions, hindering their ability to model complex normal IoV behavior. This limitation results in low detection accuracy and high false alarm rates. To overcome these challenges, we propose a novel zero-day attack detection framework based on Feature-Enhanced Inverse Mapping (IM-ZDD). The framework introduces a two-stage process. In the first stage, a feature enhancement module mitigates data scarcity by employing an innovative multi-generator, multi-discriminator Conditional GAN (CGAN) with dynamic focusing loss to generate a large-scale, high-quality synthetic normal dataset characterized by sharply defined feature boundaries. In the second stage, a learning-based inverse mapping module is trained exclusively on this synthetic data. Through adversarial training, the module learns a precise inverse mapping function, thereby establishing a compact and expressive representation of normal behavior. During detection, samples that cannot be effectively mapped are identified as attacks. Experimental results on the F2MD platform show IM-ZDD achieves superior accuracy and a low false alarm rate, yielding an average AUC of 98.25% and F1-Score of 96.41%, surpassing state-of-the-art methods by up to 4.4 and 10.8 percentage points. Moreover, with a median detection latency of only 3 ms, the framework meets real-time requirements, providing a robust solution for zero-day attack detection in data-scarce IoV environments.

## Full-text entities

- **Diseases:** Thyroid Disease (MESH:D013959), LIMD (MESH:D007859), paralysis (MESH:D010243), injury to (MESH:D014947), anomaly (MESH:D000013)
- **Chemicals:** IM-ZDD (-)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Figures

6 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12526520/full.md

---
Source: https://tomesphere.com/paper/PMC12526520