O.I. Sheluhin1, S.Yu. Rybakov2, S.S. Zvezhinsky3

1-3 FSBEI HE “Moscow Technical University of Communications and Informatics (MTUCI)” (Moscow, Russia)

1 sheluhin@mail.ru; 2 svolkov97@gmail.com; 3 s.s.zvezhinskii@mtuci.ru

A zero-day attack is a type of emerging cyberattack that exploits unknown vulnerabilities to evade detection by existing cybersecurity tools. Zero-day network attacks pose a significant challenge, as traditional machine learning methods - which detect attacks by analyzing network behavior patterns and training classification models - often prove ineffective. Typically, such models require large labeled datasets, but the rapid pace and unpredictability of cyberattacks make real-time labeling impractical for zero-day attacks and malware, which provide no practical way to "prepare" for them due to their unforeseen nature. Addressing the detection of novel, previously unknown attacks may be achievable through deep machine learning and transfer learning techniques, leveraging knowledge from known attacks.

To conduct an analytical review of existing machine learning-based methods and models for detecting zero-day cyberattacks and malware, enabling a comparative analysis of their strengths and weaknesses, as well as identifying key challenges in the development and evaluation of such methods.

In addressing zero-day attack detection, classifiers based on artificial neural networks (ANNs), such as autoencoders, demonstrate satisfactory accuracy. The use of generative adversarial networks (GANs) is particularly effective. Additionally, transfer learning technologies - which utilize knowledge acquired from solving similar tasks in related domains with sufficiently large labeled datasets - represent a promising direction for developing models and algorithms to detect zero-day cyberattacks and malware.

The research findings can be applied to the development of models and algorithms for detecting zero-day cyberattacks and malware.

Sheluhin O.I., Rybakov S.Yu., Zvezhinsky S.S. Detection of zero-day cyber attacks and zero-day malware using machine learning methods. Radiotekhnika. 2025. V. 89. № 9. P. 184−198. DOI: https://doi.org/10.18127/j00338486-202508-21 (In Russian)

1. Кaloudi N., Li J. The AI-Based Cyber Threat Landscape: A Survey. ACM Comput. Surv. 2020. Р. 53.
2. Hindy H., et al. Taxonomy of Malicious Traffic for Intrusion Detection Systems. Proceedings of the 2018 International Conference On Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA). Glasgow. UK. 11–12 June 2018. Р. 1–4.
3. Khraisat A., Gondal I., Vamplew P., Kamruzzaman J. Survey of Intrusion Detection Systems: Techniques, Datasets and Challenges. Cybersecurity. 2019, № 2. Р. 20.
4. Hindy H., et al. Taxonomy and Survey of Intrusion Detection System Design Techniques, Network Threats and Datasets. arXiv 2018, arXiv:1806.03517.
5. Chapman C. Chapter 1. Introduction to Practical Security and Performance Testing. Network Performance and Security. Chapman C. (Ed.). Syngress: Boston. MA. USA. 2016. Р. 1–14.
6. Bilge L., Dumitras T. Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World. Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS’12). Raleigh. NC. USA. 16–18 October 2012. Р. 833–844.
7. Nguyen T.T., Reddi V.J. Deep Reinforcement Learning for Cyber Security. arXiv 2019, arXiv:1906.05799.
8. Ponemon Sullivan Privacy Report. The economic value of prevention in the Cybersecurity lifecycle. 2020.
9. Bridges R.A., et al. Beyond the hype: A real-world evaluation of the impact and cost of machine learning-based malware detection. arXiv:2012.09214. 2021.
10. Sheluhin O.I. Setevye anomalii. Obnaruzhenie, lokalizacija, prognozirovanie. M.: Gorjachaja linija –Telekom. 2019. 448 s. (in Russian).
11. Cisco. Cisco 2017 Annual Cyber Security Report. 2017. Available online: (accessed on 20 July 2020).
12. Ficke E., et al. Analyzing Root Causes of Intrusion Detection False-Negatives: Methodology and Case Study. Proceedings of the 2019 IEEE Military Communications Conference (MILCOM). Norfolk. VA. USA. 12–14 November 2019. Р. 1–6.
13. Hindy H., et al. Utilising deep learning techniques for effective zero-day attack detection. Electronics. 2020. № 9(10). http://dx.doi.org/10.3390/electronics9101684, URL https://www.mdpi.com/2079-9292/9/10/1684.
14. Mirsky Y., et al. Kitsune: An ensemble of autoencoders for online network intrusion detection. NDSS. 2018.
15. Zhou Q., Pezaros D. Evaluation of machine learning classifiers for zero-day intrusion detection – an analysis on CIC-aws-2018 dataset. arXiv, 2021, arXiv:1905. 03685.
16. Comar P.M., et al. Combining supervised and unsupervised learning for zero-day malware detection. 2013 Proceedings IEEE INFOCOM. 2013. Р. 2022–2030. http://dx.doi.org/10.1109/INFCOM. 2013.6567003.
17. Huda S., et al. Defending unknown attacks on cyber-physical systems by semi-supervised approach and available unlabeled data. Inform. Sci. 2017. № 379. Р. 211–228. http://dx.doi.org/10.1016/j.ins.2016.09.041, URL https://www.sciencedirect.com/science/ar-ticle/pii/S0020025516309380.
18. Kim J.-Y., Bu S.-J., Cho S.-B. Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders. Inform. Sci. 2018. 460–461; 83–102. http://dx.doi.org/10.1016/j.ins.2018.04.092. URL https://www.science-direct.com/science/ article/pii/S0020025518303475.
19. Zhao J., Shetty S., Pan J.W. Feature-based transfer learning for network security. MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM). 2017. Р. 17–22. http://dx.doi.org/10.1109/MILCOM.2017.8170749.
20. Zhao J., et al. Transfer learning for detecting unknown network attacks. EURASIP J. Inf. Secur. 2019. http: dx.doi.org/10.1186/s13635-019-0084-4.
21. Sameera N., Shashi M. Deep transductive transfer learning framework for zeroday attack detection. ICT Express. 2020. № 6(4). Р. 361–367. http://dx.doi.org/10.1016/j.icte.2020.03.003. URL https://www.sciencedirect.com/science/article/pii/S2405959519303625.
22. Stewart M. Comprehensive Introduction to Autoencoders. 2019. Available online: https://towardsdatascience.com/generating-images-with-autoencoders-77fd3a8dd368 accessed on 21 July 2020).
23. Goodfellow I., Bengio Y., Courville A. Deep Learning. MIT Press: Cambridge. MA. USA. 2016.
24. Bergstra J., Bengio Y. Random Search for Hyper-parameter. Optimization. J. Mach. Learn. Res. 2012. № 13. Р. 281–305.
25. Goldfeld Z., et al. Estimating information flow in deep neural networks. Proceedings of Machine Learning Research. 2019. V. 97. Р. 2299-2308.
26. Butakov A., Malanchuk B., Neoprjatnaja V. i dr. Ocenka jentropii nabora dannyh bol'shoj razmernosti s pomoshh'ju szhatija s poterjami. Informacionnye processy. 2020. T. 20. № 4. S. 397–404 (in Russian).
27. Abri F., Siami-Namini S., Khanghah M.A., Soltani F.M., Namin A.S. Can machine/deep learning classifiers detect zero-day malware with high accuracy? 2019 IEEE International Conference on Big Data (Big Data). 2019. Р. 3252–3259. http://dx.doi.org/10.1109/Big-Data47090.2019.9006514.
28. Parrend P., Navarro J., Guigou F., Deruyver A., Collet P. Foundations and applications of artificial intelligence for zero-day and multi-step attack detection. EURASIP J. Inf. Secur. 2018. № 1.
29. Hao P.-Y., Chiang J.-H., Lin Y.-H. A new maximal-margin spherical-structured multi-class support vector machine. Appl. Intell. 2009. № 30. Р. 98–111.
30. Radford A., Metz L., Chintala S. Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks. CoRR, vol. abs/1511.06434. 2015.
31. Chandola V., Banerjee A., Vipin K. Anomaly detection: A survey. ACM Comput. Surv. 2009. V. 41. № 3. Р. 15:1-15:58.
32. Schlegl T., Seeböck P., Waldstein S., Lang G., Schmidt-Erfurth U. f‐AnoGAN: Fast unsupervised anomaly detection with generative adversarial networks. Medical Image Analysis. 2019. V. 54. Р. 30-44.
33. Houssam Zenati C.-S., Lecouat Foo B., Manek G., Chandrasekhar V.R. Efficient GAN-Based Anomaly Detection. ArXiv. 2018. V. аbs/1802.06222.
34. Akçay D., Akçay B.D. Effect of media content and media use habits on aggressive behaviors in the adolescents. The European Research Journal. 2019. V. 5. № 3. DOI: 10.18621/eurj.395892.
35. Luo X., Jiang Y., Wang E., Men X. Anomaly detection by using a сombination of generative adversarial networks and convolutional autoencoders. EURASIP Journal on Advances in Signal Processing. 2022. V. 2022. Р. 1-13.
36. Xia X., Pan X., Li N., He X., Ma L., Zhang X., Ding N. GAN-based anomaly detection: A review. Neurocomputing. 2022. V. 493. DOI: 10.1016/j.neucom.2021.12.093.
37. Goetz C., Humm B. Decentralized Real-Time Anomaly Detection in Cyber-Physical Production Systems under Industry Constraints. Artificial Intelligence Enhanced Health Monitoring and Diagnostics. 2023. V. 23. № 9. Р. 4207. DOI: 10.3390/s23094207.
38. Lim W., et al. Future of generative adversarial networks (GAN) for anomaly detection in network security: A review. Computers & Security. 2024.
39. Weiss Karl, Taghi M, et al. A survey of transfer learning. Journal of Big Data 3.1. 2016. Р. 9.
40. Umme Zahoora, Muttukrishnan Rajarajan, Zahoqing Pan, Asifullah Khan. Zero‑day Ransomware Attack Detection using Deep Contractive Autoencoder and Voting based Ensemble Classifer Applied Intelligence Accepted: 13 January 2022.https://doi.org/10.1007/s10489-022-03244-6.
41. Rifai S., Vincent P., Muller X., et al Contractive auto-encoders: Explicit invariance during feature extraction. Proceedings of the 28th International Conference on Machine Learning. ICML. 2011.