From zero-shot machine learning to zero-day attack detection

The standard ML methodology assumes that the test samples are derived from a set of pre-observed classes used in training phase. Where model extracts and learns useful patterns to detect new data belonging same classes. However, certain applications such as Network Intrusion Detection Systems, it is challenging obtain for all attack will most likely observe production. ML-based NIDSs face traffic known zero-day attacks, not learning models due their non-existence at time. In this paper, zero-shot has been proposed evaluate performance detection scenarios. attribute stage, map network features distinguish semantic attributes (seen) inference evaluated (unseen) by constructing relationships between attacks attacks. A metric defined Zero-day Rate, which measures effectiveness stage. results demonstrate while majority do represent significant risks organisations adopting an NIDS scenario. groups identified systems effective applying learnt behaviour them malicious. Further Analysis was conducted using Wasserstein Distance technique measure how different other types model. sophisticated with low rate have significantly distinct feature distribution compared