An efficient detection model of zero-day web application attacks based on convolution neural networks and deep auto encoders

Abstract

The need for secure and trustworthy information systems has taken center stage and proven critical in supporting teleworking, online teaching, and research services. Artificial Intelligence (AI) is the primary driver of the 6th generation of computing, and innovations with applications of AI in computer vision, gaming, robotics, and security. Zero-day web application attacks take advantage of web application software weakness for as long as the developer is unaware and has not developed a mechanism to eliminate the weakness. Zero-day attacks leave vulnerable users grappling with data loss and have the propensity to push an organization out of business. Current zero-day attack detection methods built on signature-based or anomaly-based methods are inefficient in combating these attacks since they rely on previously detected weaknesses for signatures and a deviation from normal behavior for anomaly detection. These methods result in detection rates below 80%, meaning the propensity of Zero-day attacks going undetected is 20% or lower. The application of machine learning techniques has proven to be efficient because these techniques can continuously learn from the code as well as its execution to detect security breaches and trigger an alarm. With the need to improve these techniques, a novel classification model needs to be developed to increase the detection rate further and reduce the false alarm rate. This study applied a hybrid of two machine learning methods, Convolution Neural Networks and deep autoencoders, to develop a classification model that significantly increases the detection rate of zero-day attacks. The KDD'99 Dataset is a comprehensive repository of fully labeled intrusion detection records that was used to develop, test and validate the model. This dataset simulated real-world scenarios and assessed the model's performance under different intrusion scenarios. The Average Detection Rate, Accuracy and F1 score metrics were used to evaluate the model. The hybrid CNN-Deep Autoencoder model had a detection rate of 0.895 against 0.887 of the Fully Connected Network (FCN) with sampling and 0.885 of the pure CNN model. The accuracy and F1-score of the hybrid CNN-Deep Autoencoder were 0.973 and 0.971 respectively. The Hybrid Model of CNN and Deep Autoencoder is efficient in detecting Zero-Day Attacks making it possible for Software Developers to patch their systems sooner resulting in minimal dwell time.