Detection of Zero-day Attacks on IoT

Zero-day attacks are cybersecurity attacks that seek to exploit an unknown vulnerability in Internet of Things (IoT). This makes zero-day attacks inherently difficult to detect and costly to network administrators. Current methods of detection utilize machine learning methodologies for intrusion detection. However, these methods suffer from low performance in specific zero-day attacks. This study proposes novel features built upon network flow and raw packet data aiming to detect zero-day attacks. Our testing approach utilizes fix traditional machine learning algorithms (Decision Tree (DT), Support Vector Machine (SVM), K-Nearest Neighbor (KNN), Logistic Regression (LR), Gaussian Naive Bayes (NB), and Random Forest (RF)) with split-at-scenario cross-validation. We find that our engineered features achieve consistent high detection rates with three models (DT, SVM, and RF), whereas these models fail to detect at least one of the attacks when using raw features. Our results display potential for utilizing the proposed flow-based complex features to detect unknown network attacks with Internet of Battle Things (IoBT) applications.