Published April 18, 2023 | Version v1
Conference paper Restricted

An NIDS for Known and Zero-Day Anomalies


Rapid development in the network infrastructure has resulted in sophisticated attacks which are hard to detect using typical network intrusion detection systems (NIDS). There is a strong need for efficient NIDS to detect these known attacks along with ever-emerging zero-day exploits. Existing NIDS are more focused on detecting known attacks using supervised machine learning approaches, achieving better performance for known attacks but poor detection of unknown attacks. Many NIDS have utilized the unsupervised approach, which results in better detection of unknown anomalies. In this paper, we proposed a Hybrid NIDS based on Semisupervised One-Class Support Vector Machine (OC-SVM) and Supervised Random Forest (RF) algorithms. This detection system has several stages. The First stage is based on OC-SVM, which filters benign and malicious traffic. The next stages use many parallel supervised models and an additional OC-SVM model to separate known and unknown attacks from malicious traffic. The previous process is done so that known attacks are classified by their type, and unknown attacks are detected. The proposed NIDS is tested on the standard public dataset CSE-CIC-IDS-2018. The evaluation results show that the system achieves a high accuracy, 99.45%, for detecting known attacks. Our proposed NIDS achieves an accuracy of 93.99% for unknown or zero-day attacks. The overall accuracy of the proposed NIDS is 95.95%. The system significantly improves the detection of known and unknown anomalies using a hybrid approach.



The record is publicly accessible, but files are restricted to users with access.

Request access

If you would like to request access to these files, please fill out the form below.

You need to satisfy these conditions in order for this request to be accepted:

IEEE access

You are currently not logged in. Do you have an account? Log in here

Additional details


FISHY – A coordinated framework for cyber resilient supply chain systems over complex ICT infrastructures 952644
European Commission