An Intrusion Detection System for Zero-Day Attacks to Reduce False Positive Rates

The Intrusion Detection System (IDS) - is one that monitors network traffic to issue alerts about any suspicious activity on the network. Conventionally, there are two types of IDSs - Signature-Based, which efficiently detect already known attacks, and Anomaly-Based, where models are trained to detect unknown attacks. The latter type of IDS plays a crucial role in detecting zero-day attacks- a type of attack where the vulnerability of the software is exploited before a developer can take action on it. However, it comes with a few problems, like its high false-positive rates that cause the network to slow down and require constant human intervention and its inability to detect attacks in real-time. This paper analyzes state-of-the-art models that deal with this problem, analyzing their benefits and shortcomings. Further, we propose a framework for addressing these zero-day attacks and reducing their false positive rate of detection using a combination of feature selection methods and fine-tuning of the dataset specifically for false-positive detection. These methods will be tried with various optimizers and models several times, and their results will be compared. We attach results from preliminary testing on the novel idea of a subset of the dataset, with promising results to be applied to find the model that works better than most existing.