Security Life Cycle framework for Exploring & Prevention of Zero day attacks in Cyberterrorism

The rise of cyber terrorism poses a significant threat to governments, businesses, and individuals worldwide. Cyber terrorists use information technology to carry out attacks that range from simple hacking attempts to more sophisticated attacks involving malware, ransomware, and zero-day exploits. This paper aims to provide an in-depth understanding of cyber terrorism, with a special focus on zero-day attacks. As the world becomes more digitized and automated, it brings convenience to everyone\u27s lives. However, it also leads to growing concerns about security threats, including data leakage, website hacking, attacks, phishing, and zero-day attacks. These concerns are not only for organizations, businesses, and society, but also for governments worldwide. This paper aims to provide an introductory literature review on the basics of cyber-terrorism, focusing on zero-day attacks. The paper explores the economic and financial destruction caused by zero-day attacks and examines various types of zero-day attacks. It also looks at the steps taken by international organizations to address these issues and the recommendations they have made. Additionally, the paper examines the impact of these externalities on policymaking and society. As cyber-security becomes increasingly important for businesses and policymakers, the paper aims to delve deeper into this aspect, which has the potential to threaten national security, public life, and the economic and financial stability of developed, developing, and underdeveloped economies

A framework for mitigating zero-day attacks in IoT

Internet of Things (IoT) aims at providing connectivity between every computing entity. However, this facilitation is also leading to more cyber threats which may exploit the presence of a vulnerability of a period of time. One such vulnerability is the zero-day threat that may lead to zero-day attacks which are detrimental to an enterprise as well as the network security. In this article, a study is presented on the zero-day threats for IoT networks and a context graph-based framework is presented to provide a strategy for mitigating these attacks. The proposed approach uses a distributed diagnosis system for classifying the context at the central service provider as well as at the local user site. Once a potential zero-day attack is identified, a critical data sharing protocol is used to transmit alert messages and reestablish the trust between the network entities and the IoT devices. The results show that the distributed approach is capable of mitigating the zero-day threats efficiently with 33% and 21% improvements in terms of cost of operation and communication overheads, respectively, in comparison with the centralized diagnosis system.Comment: 6 Pages, 6 Figures, Conference on Information Security and Cryptography (CISC-S'17

Utilising Deep Learning techniques for effective zero-day attack detection

Machine Learning (ML) and Deep Learning (DL) have been used for building Intrusion Detection Systems (IDS). The increase in both the number and sheer variety of new cyber-attacks poses a tremendous challenge for IDS solutions that rely on a database of historical attack signatures. Therefore, the industrial pull for robust IDS capable of flagging zero-day attacks is growing. Current outlier-based zero-day detection research suffers from high false-negative rates, thus limiting their practical use and performance. This paper proposes an autoencoder implementation to detect zero-day attacks. The aim is to build an IDS model with high recall while keeping the miss rate (false-negatives) to an acceptable minimum. Two well-known IDS datasets are used for evaluation—CICIDS2017 and NSL-KDD. To demonstrate the efficacy of our model, we compare its results against a One-Class Support Vector Machine (SVM). The manuscript highlights the performance of a One-Class SVM when zero-day attacks are distinctive from normal behaviour. The proposed model benefits greatly from autoencoders encoding-decoding capabilities. The results show that autoencoders are well-suited at detecting complex zero-day attacks. The results demonstrate a zero-day detection accuracy of [89% - 99%] for the NSL-KDD dataset and [75% - 98%] for the CICIDS2017 dataset. Finally, the paper outlines the observed trade-off between recall and fallout

Transfer-learning-based intrusion detection framework in IoT networks

Cyberattacks in the Internet of Things (IoT) are growing exponentially, especially zero-day attacks mostly driven by security weaknesses on IoT networks. Traditional intrusion detection systems (IDSs) adopted machine learning (ML), especially deep Learning (DL), to improve the detection of cyberattacks. DL-based IDSs require balanced datasets with large amounts of labeled data; however, there is a lack of such large collections in IoT networks. This paper proposes an efficient intrusion detection framework based on transfer learning (TL), knowledge transfer, and model refinement, for the effective detection of zero-day attacks. The framework is tailored to 5G IoT scenarios with unbalanced and scarce labeled datasets. The TL model is based on convolutional neural networks (CNNs). The framework was evaluated to detect a wide range of zero-day attacks. To this end, three specialized datasets were created. Experimental results show that the proposed TL-based framework achieves high accuracy and low false prediction rate (FPR). The proposed solution has better detection rates for the different families of known and zero-day attacks than any previous DL-based IDS. These results demonstrate that TL is effective in the detection of cyberattacks in IoT environments.This work was supported partially by the Generalitat de Catalunya under Grant 2017SGR962, and partially by the DRAC Project under Grant 001-P-001723.Peer ReviewedPostprint (published version

Clustering based Intrusion Detection System for effective Detection of known and Zero-day Attacks

Developing effective security measures is the most challenging task now a days and hence calls for the development of intelligent intrusion detection systems. Most of the existing intrusion detection systems perform best at detecting known attacks but fail to detect zero-day attacks due to the lack of labeled examples. Authors in this paper, comes with a clustering-based IDS framework that can effectively detect both known and zero-day attacks by following unsupervised machine learning techniques. This research uses NSL-KDD dataset for the motive of experimentation and the experimental results exhibit best performance with an accuracy of 78%

Unsupervised Algorithms to Detect Zero-Day Attacks: Strategy and Application

In the last decade, researchers, practitioners and companies struggled for devising mechanisms to detect cyber-security threats. Among others, those efforts originated rule-based, signature-based or supervised Machine Learning (ML) algorithms that were proven effective for detecting those intrusions that have already been encountered and characterized. Instead, new unknown threats, often referred to as zero-day attacks or zero-days, likely go undetected as they are often misclassified by those techniques. In recent years, unsupervised anomaly detection algorithms showed potential to detect zero-days. However, dedicated support for quantitative analyses of unsupervised anomaly detection algorithms is still scarce and often does not promote meta-learning, which has potential to improve classification performance. To such extent, this paper introduces the problem of zero-days and reviews unsupervised algorithms for their detection. Then, the paper applies a question-answer approach to identify typical issues in conducting quantitative analyses for zero-days detection, and shows how to setup and exercise unsupervised algorithms with appropriate tooling. Using a very recent attack dataset, we debate on i) the impact of features on the detection performance of unsupervised algorithms, ii) the relevant metrics to evaluate intrusion detectors, iii) means to compare multiple unsupervised algorithms, iv) the application of meta-learning to reduce misclassifications. Ultimately, v) we measure detection performance of unsupervised anomaly detection algorithms with respect to zero-days. Overall, the paper exemplifies how to practically orchestrate and apply an appropriate methodology, process and tool, providing even non-experts with means to select appropriate strategies to deal with zero-days

Role of AI in Threat Detection and Zero-day Attacks

Cybercrime and attack methods have been steadily increasing since the 2019 pandemic. In the years following 2019, the number of victims and attacks per hour rapidly increased as businesses and organizations transitioned to digital environments for business continuity amidst lockdowns. In most scenarios cybercriminals continued to use conventional attack methods and known vulnerabilities that would cause minimal damage to an organization with a robust cyber security posture. However, zero-day exploits have skyrocketed across all industries with an increasingly growing technological landscape encompassing internet of things (IoT), cloud hosting, and more advanced mobile technologies. Reports by Mandiant Threat Intelligence (2022) concluded that 2021 had the largest increase in zero-days accounting for at least 80% that had been exploited. State-sponsored actors led by Chinese groups were the primary attackers. Traditional methods of defense, which include antivirus software, patching, firewalls, and other cybersecurity controls are less effective against zero-days, which are unknown to vendors and organizations. Zero-days bypass the traditional signature and anomaly-based detections and antivirus software, which contain signatures information for known attacks. To deal with a changing and advanced threat landscape, techniques incorporating artificial intelligence such as machine learning and deep learning along with IDS have been implicated in detecting and preventing zero-day attacks

An Autonomous Intrusion Detection System Using an Ensemble of Advanced Learners

An intrusion detection system (IDS) is a vital security component of modern computer networks. With the increasing amount of sensitive services that use computer network-based infrastructures, IDSs need to be more intelligent and autonomous. Aside from autonomy, another important feature for an IDS is its ability to detect zero-day attacks. To address these issues, in this paper, we propose an IDS which reduces the amount of manual interaction and needed expert knowledge and is able to yield acceptable performance under zero-day attacks. Our approach is to use three learning techniques in parallel: gated recurrent unit (GRU), convolutional neural network as deep techniques and random forest as an ensemble technique. These systems are trained in parallel and the results are combined under two logics: majority vote and "OR" logic. We use the NSL-KDD dataset to verify the proficiency of our proposed system. Simulation results show that the system has the potential to operate with a very low technician interaction under the zero-day attacks. We achieved 87:28% accuracy on the NSL-KDD's "KDDTest+" dataset and 76:61% accuracy on the challenging "KDDTest-21" with lower training time and lower needed computational resources.Comment: 5 page

Review of k-Zero Day Safety Network Security Metrics to Measure the Risk on Different Vulnerabilities

Today's computer networks face intelligent attackers who combine multiple vulnerabilities to penetrate networks with destructive impact. The overall network security cannot be determined by simply counting the number of vulnerabilities. Due to the less predictable nature of software flaws we can’t measure the security risk of unknown vulnerabilities. This affects to security metrics, because a safer configuration would be of little value if it were equally vulnerable to zero-day attacks. In this paper, instead of just measuring how much such vulnerability would be required for compromising network assets we can also attempting to rank unknown vulnerabilities. By using collaborative filtering technique to different (types of) zero-day vulnerabilities and novel security metrics for uncertain and dynamic data we propose a Flexible and Robust k-Zero Day Safety security model to rank the zero-day attacks. DOI: 10.17762/ijritcc2321-8169.16044