Discovery of DoS attacks by the ZED-IDS anomaly detector

Intrusion detection is one of the major challenges in today's security industry. Currently attack surfaces are more extensive than in the past, and the use of anomaly detection tools, able to detect intrusions and malicious activities, is essential to avoid infrastructure damages. Furthermore, attackers are able to exploit techniques that bypass security countermeasures and avoid straight detection. Machine learning techniques are widely used to perform effective intrusion detection. In this context, deep learning networks may play an important role, by analyzing network flows and classifying them as 'normal' or 'intrusion'. This paper presents a deep learning architecture for DoS attacks detection, which is the first result of an on-going project aiming at the design and implementation of tools for the detection of 0-day threats (ZED-IDS, Zero Day Intrusion Detection System). The problem is tackled as a semi-supervised task, and the anomaly detector is based on a deep autoencoder. The model is described, and the detection performance results obtained on the CICIDS2017 dataset are presented and commented. The performance comparison with the most common supervised classifiers shows the potential of the proposal for 0-day attack detection.