Comparative analysis of soft computing approaches
of zero-day-attack detection
Misbah Anwer Ghufran Ahmed Adnan Akhunzada
dept. of computer dept. of computer science Faculty of Computing and
science FAST-NUCES
2022 International Conference on Emerging Trends in Smart Technologies (ICETST) | 978-1-6654-5935-8/22/$31.00 ©2022 IEEE | DOI: 10.1109/ICETST55735.2022.9922937
FAST-NUCES Karachi, Pakistan University Malaysia Sabah
Karachi, Pakistan ghufran.ahmed@nu.edu.pk Kota Kinabalu, Malaysia
k200992@nu.edu.pk akhunzadaadnan@gmail.com
Abstract—The Internet of Things (IoT) is growing in
fashion with the concept of connecting everything and
connecting everything leads to the security issues and affect
the performance. An intrusion detection system (IDS) is a
system that scans the network traffic and gives notifications in
case of any doubtful activity. To circumvent the challenges in
the detection of zero-day-multi- class cyber-attack considering
the resource constraint nature of IoT devices, a robust
intelligent technique is required to identify zero- day
vulnerabilities to create early detection and create patches. A
novel framework is proposed that will give flexible, adaptive,
cost-effective, scalable, and promising solutions. In this Paper
comparative study of proposed solutions were discussed and
evaluation of existing system specify that federated learning
increases the performance in identification of zero-day-attack.
Keywords—Zero-day, attack detection, soft computing, IoT
I. INTRODUCTION
The Internet of Things (IoT) is growing in fashion
with the concept of connecting everything [1].This brings the
idea of smart systems in education, health, and industry.
These systems are creating huge amounts of data from
different devices and thus required IoT security for known
and unknown attacks. The aim of IoT is to improve people’s
day-to-day life by giving smart devices and applications and
to improve the industry. There approx. 50 billion IoT devices
connect to the internet and this will exponentially increase in
the near future. There is a challenge to detect zero-day-multi-
class cyber-attack in IoT networks to optimize the
identification of zero day. These devices are connected to the
universal internet with an unripe transmission medium that
shows the potential threat [2]. A novel framework is
proposed to overcome the challenges in the detection of zero-
day-cyber-attack. Existing work cannot optimize the zero-
day attack efficiently. To cope with this issue hybrid or
ensemble collaborative learning is required. The IoT devices
are connected to billions of devices and data shared among
the devices leads to compromising and sacrificing security.
There is a need for a mechanism to protect the system and
improve security.
II. SECURITY IN IOT
IoT leads to crucial security challenges as more security
is required for smart devices [1]. IoT devices have gained
popularity over the past few years. Due to their vulnerable
nature, these devices are at high risk and preventive
measures of security are required to protect and prevent
them from attackers. In [14], the authors presented a survey
978-1-6654-5935-8/22/$31.00 ©2022 IEEE
Authorized licensed use limited to: DELHI TECHNICAL UNIV. Downloaded on January 20,2024 at 15:01:14 UTC from IEEE Xplore. Restrictions apply.
Shahid Hussain Mubashir khan
dept. of computer dept. of computer science
Informatics science NEDUET
Penn state Karachi, Pakistan
university mmkhan@cloud.neduet.edu.pk
Pennsylvania, USA
shussain@psu.edu
and focused on the need to rigorously examine the defense
of IoT systems. An intruder's intention is to harm the system
by launching some attacks to find loopholes in a network
and get benefits from sensitive information. Industrial IoT
(IIoT) came out when IoT devices gained approval by
interconnecting machines, sensors, and actuators in an
industry setting.
A. IIoT Security
Rapid technological advancement has made the internet
simply accessible and it has been vigorously used. Many
sensitive activities like communication, information
exchange, and business dealings have been carried out
through the internet which helps faster connection and
communication. However, integrity and privacy can be
violated and compromised by hackers who seek to damage
and disrupt network connectionsand security. The number of
attacks targeting networks has been growing over time. This
leadsto a need to examine the attacks and develop morerobust
security protection tools. Every association, industry, and
government needs network security solutions to keep
systems away from the ever-growing danger of cyber-
attacks. The need for an effective and stable networksecurity
system to save business and end users’ data has been rising
as the protection from network attacks is very limited.. IoT
and IIoT(industrial IoT) is a system of interconnected digital
machines or devices, objects, animals, or people. Anything
(smartphone, laptop, wearable gadgets, etc.) that has the
capability to connect and share data over the network. These
devices are used in healthcare monitoring, smart vehicles,
surveillance, and robots. In this era, almost all things get
digitized and the use of the internet is at its peak. There is no
concept of life without the internet, and everything gets
connected which in turn causes security breaches on
networks [9].The modern era uses smart devices and
believes in autonomous systems [4]. These systems generate
trillions of data and information. Hackers are using such
data for cyber-attacks. Currently, researchers have been
trying to propose solutions to secure the IIoT systems in
which large amounts of data from different sensors and
actuators are propagating. It faces different cyberattacks
from the outside world resulting in a lack of performance and
trust. These systems basically contain sensitive information
causing the theft of delicate information. The link between
information technology and organizational technology opens
a way to attack,hence, systems get vulnerable.
B. Cyber-attacks on IoT and IIoT devices
Security of IoT devices is of great concern and there is a
need to prevent these devices from cyber threats in
education, business, health, and other areas [6]. To
sufficiently organize such threats, a pertinent hierarchy is
required to be aware and protect people. Since the initiation
of computers, cybersecurity has been a serious objective to
handle. The exponential increasing trend of connected
devices ensures the threat of devices being compromised. .
III. LITERATURE REVIEW
In this section, State-of-the-art studies are discussed related
to the zero-day attack in IoT and IIoT, its increasing trend,
techniques to detect the zero-day attack, and a comparison
of related work.
A. Zero-day cyber-Attack
A zero-day attack (ZA) is a cyber-attack exploiting
vulnerability that has not been disclosed publicly. The zero-
day attack exploits a previously unknown vulnerability in
computer applications. The zero-day attacks are undetected
by vendors and developers. Many efforts have been made in
the literature to detect known vulnerabilities using machine
learning and deep learning techniques 15]. An Intrusion
Detection System (IDS) does not prove to detect the zero-
day unknown attack. Zero-day attacks have been drastically
increasing. These susceptibilities are known to the attacker
and the vendor is unknown of this vulnerability. The
attacker exploits it and takes advantage of it. Once a
developer gets to know about this issue, he creates a patch to
avoid further attacks due to such a glitch. In [10], the
authors proposed a robust intelligent zero-day-cyber-attack
detection technique by merging heavy-hitters and graph
techniques. In COVID19 there is a rapid increase in cyber-
attacks. To circumvent this situation, the authors proposed
novel techniques to protect the network from zero-day-
cyber-attacks by detecting unknown high-volume attacks
like denial of services and distributed denial of services as
well as low-volume attacks like data theft and scanning.
B. Federated deep learning
For zero-day attack detection, the Federated Learning
method was used [12] in IoT edge devices without breaching
the security. Deep neural networks classify the network
traffic while (Federated Average) FedAvg algorithm updates
the aggregation of the local DNN model. This method is
simulated with the Bot- IoT and N-BaIoT datasets to find the
accuracy, precision, recall, and F1 score. It is also compared
with State-of-the-art deep learning models i.e., centralized
deep learning, localized deep learning, and distributed deep
learning. The limitation of this work is to enhance the
classification performance of intrusion detection systems.
A list of Federated learning vulnerabilities mentioned
in[5] are poisoning, evasion and backdoor attacks, non-
robust aggregation, compromised distributed aggregation,
inference attack, and malicious server.

TABLE I. SHOWS THE COMPARISON OF RELATED WORK

Paper Published Dataset IoT Zero-day Main contribution Limitations/ Learning
scenario
Traffic Future work

IoT attack detection using FDL to speed upthe Transfer

IEEE Access, IoT devices yes No DTL with auto encoders process Learning
[16]

FL method forzero-day Performance of Federated

IEEE IoT Bot- botnet attack detection. FL Learning
[12] journals Yes Yes
IoT,N-

BaIoT

NN requires higher traffic Performance of Hybrid

Complex and for correct prediction. multi-class
[10] intelligent sys, classification
CICIDS 18 No Yes Novel zero- day-cyber-
Springer
attack techniques using HH The exact category of
andGraph. LVAvariants is not
detected
Detect Zero- day(unknown) Validation of Unsupervis
IEEE SDN20 No Yes attacks with unsupervised techniques on a ed
[15] anomaly detection algorithms public dataset
Access with the adoption of meta-
learning.

Authorized licensed use limited to: DELHI TECHNICAL UNIV. Downloaded on January 20,2024 at 15:01:14 UTC from IEEE Xplore. Restrictions apply.
 Reinforce
Journal Of Info NSL-KDD No Yes Ids using RL Does not consider ment
[13] SecApp2021(Wcat) computational and Learning
network cost

Table 1 specify the comparison of zero day scenarios used in previous work with and without different IoT based datasets
also showing the limitations and future direction. Transfer and federated learning was used to evaluate the traffic and Table 2
provide the performance measures of ARP_MITM (6 GB ) dataset on different layers with different batch sizes.

TABLE II. SHOWS THE ACCURACY AND LOSS OF TEST AND TRAIN

Data Epoch Batch Layers Loss Train Test Time (Minutes)

Size Accuracy Accuracy

2500k 1 32 3 0.0153 0.9946 99.461 % 22

2500k 1 64 4 0.0091 0.9956 99.46 % 40

2500k 10 500 1 0.02502 0.9969 99.62 % 22

2500k 30 1000 2 0.0221 0.9971 99.69 % 45

2500k 50 1000 3 0.0183 0.9979 99.80 % 71

IV. PPROPOSED METHODOLOGY
In this section, various ideas to solve the main problems
associated with zero-day cyber-attackswill be discussed.
A. Initial Implementation
The initial step was taken for intrusion detection using the
state-of-the-art kitsune [3] dataset “Arp- Mitm” containing
approx.250 lac records and 115 features. A hybrid
deeplearning supervised technique was implemented on a
6Gb dataset with 70 and 30 train and test ratios
respectively. long short-term memory (LSTM) and CuDNN
LSTM were implemented. Table 2 shows the result of train
and test accuracy.
B. Evaluatiom Metrics
To evaluate the existing algorithm and to compare the
proposed approach with state-of-the- art techniques
accuracy, precision, recall, and F1 score will be measured
and compared with other techniques. Fig 3 shows the
comparison of KDD and Arp-Mitm datasets. To show the
performance of the classification model at all thresholds
uses ROC, as mentioned in Fig.4, Receiver Operating Curve
Graph. True positive and true negative are the two
parameters of this curve. Fig. 4. shows the ROC curve and
ROC rates of true positives and true negatives. The same
measures will be evaluated for future tasks.
V. PPROPOSED FRAMEWORK
The framework consists of collaborative learning and mixed
supervised and unsupervised learning using edge or fog
servers. Data collected from IIoT sensors and proceed to
learn algorithms to process the network traffic to gateways
(edge or fog). In the control plane, centralized servers will
be used that endure the burden on servers and not on
sensors. Decentralized on the data plane and there will be no
such burden on sensors. unsupervised learning is
computationally un intensive. This novel approach will
exhaust the burden on underlying devices.
A. Optimized detection of Zero-day-cyber attacks using
Reinforcement learning
This solution is motivated by [7,13]. In this solution IoT
devices will be considered for optimized zero-day attack
(ZA) unknown attack while considering computational and

Authorized licensed use limited to: DELHI TECHNICAL UNIV. Downloaded on January 20,2024 at 15:01:14 UTC from IEEE Xplore. Restrictions apply.
network costs including delays in IoT and IIoT devices. The
first step of the system will check all the routers and
gateways are not compromised and without relying on the
assumption of an ideal situation. Then apply Deep
reinforcement learning for attention-based techniques on
IoT devices. To improve the efficiency of detecting ZA with
high performance on IDS IoT-based dataset was used.
Applying deep reinforcement learning techniques on
industrial IoTs to detect unknown cyber-attacks and
improve the positive rewards and reduce the false alarm rate
by initially evaluating the existing work and then comparing
the result with state-of-the-art datasets and techniques.
Fig.1,2 and 3 shows the comparison of two datasets, model
accuracy and loss, and AUC(ROC) curve respectively.
Fig. 1.shows model accuracy and loss [3].
B. Using federated learning for ZA detectionwhile fixing
the vulnerabilities of FL.
In [16] detect the ZA by introducing deep transfer learning
for IoT network attack detection but this technique is taking
much time to train the model consequently slowing down
the process. In this solution, federated learning techniques
will be used to enhance the process. then combine the deep
Authorized licensed use limited to: DELHI TECHNICAL UNIV. Downloaded on January 20,2024 at 15:01:14 UTC from IEEE Xplore. Restrictions apply.
learning and federated learning with a new hybrid algorithm
using the FL framework to fully address the issues of ZA
detection for the IIoT network. Federated learning is
decentralized learning in which all the nodes learn locally
and then share the information and do not preserve data on
the edge devices [5,8] mention the problems and
vulnerabilities of federated learning with zero knowledge
proof suggested by [5] for higher performance and fully
address the ZA detection issues.
Fig. 2.mentioning comparison of two datasets[3].
Fig. 3. Shows area under the curve[3].
CONCLUSION
The iot is growing in fashion with the concept of connecting
everything. the iot is an interdependent device that can send
and receive information on a network of physical and
embedded devices through the internet. iot leads to crucial
security challenges as more security is required for smart
devices. the industrial iot (iiot) evolves modern research
pace to secure the iiot systems due to propagating large
amounts of data from different sensors and actuators and it conference on pervasive computing and communication workshops
(PerCom) (pp. 1-6).
is facing different cyberattacks from the outside world
[12] Popoola, S. I., Ande, R., Adebisi, B., Gui, G., Hammoudeh, M., &
resulting in a lack of performance and trust zero-day attack Jogunola, O. (2021).” Federated deep learning for zero-day botnet
is a cyber-attack exploiting a vulnerability that has not been attack detection in IoT edge devices.” IEEE Internet of Things
disclosed publicly. the zero-day attack exploits a previously Journal.
unknown vulnerability in computer applications. zero-day- [13] Sethi, K., Madhav, Y. V., Kumar, R., & Bera, P. (2021). “Attention-
cyber-attack is a critical and crucial issue in iot and iiot based multi-agent intrusion detection using reinforcement learning.
“Journalof Information Security and Applications, 61, 102923.
when all the devices are connected with each other through
[14] Shah, Y., & Sengupta, S. (2020, October).” A survey on
the internet and it is generating a massive volume of data, Classification of Cyber-attacks on IoTand IIoT devices.” In 2020 11th
there are potential security threats. Detection and IEEE Annual Ubiquitous Computing, Electronics & Mobile
identification of zero-day in the industrial internet of things Communication Conference (UEMCON) (pp. 0406-0413). IEEE
is still a challenge, many efforts made previously but the [15] Zoppi, T., Ceccarelli, A., & Bondavalli, A. (2021). “Unsupervised
results are not up to the mark and device vulnerabilities are algorithms to detect zero-day attacks: Strategy and application.” IEEE
Access, 9, 90603-90615.
increasing exponentially. Identifying zero-day vulnerability
[16] Vu, L., Nguyen, Q. U., Nguyen, D. N., Hoang,D. T., &
in IoT is a challenge, to cope with these unavoidable Dutkiewicz, E. (2020). “Deep transfer learning for IoT
challenge problems and issues of federated learning will be attack detection”. IEEE Access, 8,107335-107344.
circumvented initially. then implement federated learning on
IoT-based intrusion detection system dataset to evaluate the
performance. IDS IoT datasets were evaluated and
examined by deep reinforcement learning techniques to
improve the detection of ZA and reduce the false alarm rate.
Then a hybrid ensemble federated learning framework will
be used considering the new vulnerabilities and problems in
this new paradigm FL to handle the challenges of FL.
Comparison with state-of-the- art techniques will be
evaluated. The proposed hybrid approaches are expected to
improve the generalization performance of zero-day-cyber-
attack for IoT networks.
REFERENCES

[1] Ali, M., Siddique, A., Hussain, A., Hassan, F., Ijaz, A., & Mehmood,
A. A Sustainable Framework for Preventing IoT Systems from Zero
Day DDoS Attacks by Machine Learning.
[2] Alsoufi, M. A., Razak, S., Siraj, M. M., Nafea, I., Ghaleb, F. A.,
Saeed, F., & Nasser, M. (2021). Anomaly-based intrusion detection
systems in IoT using deep learning: A systematic literature review.
Applied Sciences, 11(18), 8383
[3] Anwer, M., Ahmed, G., Akhunzada, A., & Siddiqui, S. (2021,
October). Intrusion Detection Using Deep Learning. In 2021
International Conference on Electrical, Computer, Communication
and Mechatronics Engineering (ICECCME) (pp. 1-6). IEEE.
[4] Awotunde, J. B., Chakraborty, C., & Adeniyi, A. E. (2021).”
Intrusion detection in industrial internet of things network-based on
deep learning models with rule-based feature selection.” Wireless
communication and mobile computing, 2021.
[5] Bouacida, N., & Mohapatra, P. (2021). Vulnerabilities in Federated
Learning. IEEE Access,9, 63229-63249
[6] Gajek, S., Lees, M., & Jansen, C. (2020). IIoT and cyber-resilience.
[7] Gülmez, H. G., & Angin, P. (2021).” A Study on the Efficacy of
Deep Reinforcement Learning for Intrusion Detection. “Sakarya
University Journal of Computer and Information Sciences, 4(1), 11-
25.AI & SOCIETY, 1-11.
[8] Kairouz, P., McMahan, H. B., Avent, B., Bellet, A., Bennis, M.,
Bhagoji, A. N., ... & Zhao, S. (2019). Advances and open problems in
federated learning. arXiv preprint arXiv:1912.04977.
[9] Khraisat, A., & Alazab, A. (2021). A critical review of intrusion
detection systems in the internet of things: techniques, deployment
strategy, validation strategy, attacks, public dataset and challenges.
Cybersecurity, 4(1), 1-27.
[10] Kumar, V., & Sinha, D. (2021). “A robust intelligent zero-day cyber-
attack detection technique.” Complex & Intelligent Systems, 1-24.
ersecurity, 4(1), 1-27.
[11] Palani, K., Holt, E., & Smith, S. (2016, March). Invisible and
forgotten: Zero-day blooms in the IoT. In 2016 IEEE international

Authorized licensed use limited to: DELHI TECHNICAL UNIV. Downloaded on January 20,2024 at 15:01:14 UTC from IEEE Xplore. Restrictions apply.