Zero-day Intrusion Detection System based on Dual Neural Network and Aggregation Mechanism

Despite signature-based intrusion detection system(IDS) has played an important role in the field of cyber security, there remains a crucial challenge that the zero-day attack is hard to be solved. This drawback may bring a large amount of loss to an enterprise or an individual. In order to address above issue, we aim to propose a novel IDS framework which is able to conquer zero-day attacks. The framework consists of an AutoEncoder and a deep neural network(DNN), where AutoEncoder is applied to detect zero-day intrusion, and DNN is employed for classifying known attack, respectively. In particular, we have introduced aggregation mechanism based on DBSCAN algorithm and voting system for sorting the zero-day samples and retraining the IDS. The experimental results have demonstrated that the new method can solidly work in a zero-day attack detection and known attack classification.