Abstract:
In the current technological landscape, a lot of risks are present due to the availability of existing and novel kinds of attacks. For these attacks to be countered, systems that identify all the variants without any false positives and false negatives are in high demand. The existence of traditional attack detection methods, such as the signature-based algorithms, have proven that they cannot spot new attack. This is because they work based on a database that has signatures of attacks. This research improved the low accuracy of systems that use singular or hybrid machine learning algorithms or signature-based detection algorithms that are used to identify zero-day attacks. This study analyzed existing algorithms used for detecting zero-day attacks, designed a hybrid model to address the identified gaps, implemented the hybrid model and finally validated its performance to ensure its effectiveness. The other methods of detecting attacks that have been explored in this study are the hybrid and machine learning methods for detecting the zero-day attacks. In this research, the main aim was to come up with a hybrid set of machine learning model that identify novel and existing attacks in real time from an existing dataset. All of these concepts were mainly based on the Confidentiality, Integrity and Availability (CIA) triad. The study had a firm foundation based on theorems such as Bayes and the fundamental principles of computational learning theory. The methodology used the machine learning pipeline which was composed of stages such as the identification, cleaning, analysis and feature engineering of the data. The dataset had a total of 3.67 million rows and five columns. From there, the hybrid models were implemented, their accuracy measured and then tuned to improve its efficiency. Majorly, the model achieved an accuracy of about 97% through the accuracy metrics used. The metrics used include F1-score, precision and recall. The study found that the hybrid algorithm outperformed individual classifiers and traditional methods by achieving higher accuracy and better generalization to unseen attacks. Its contributions include informing policy on the use of intelligent threat-detection systems, offering a practical and robust real-time detection approach, and advancing academic knowledge on machine learning hybrids for zero-day attack detection.