Zero-day and ransomware attacks continue to challenge traditional Network Intrusion Detection Systems (NIDS), revealing their limitations in timely threat classification. Despite efforts to reduce false positives and negatives, significant attacks persist, highlighting the need for advanced solutions. Machine Learning (ML) models show promise in enhancing NIDS. This study uses the UGRansome dataset to train various ML models for zero-day and ransomware attacks detection. The finding demonstrates that Random Forest Classifier (RFC), XGBoost, and Ensemble Methods achieved perfect scores in accuracy, precision, recall, and F1-score. In contrast, Support Vector Machine (SVM) and Naive Bayes (NB) models performed poorly. Comparison with other studies shows Decision Trees and Ensemble Methods improvements, with accuracy around 99.4% and 97.7%, respectively. Future research should explore Synthetic Minority Over-sampling Techniques (SMOTEs) and diverse or versatile datasets to improve real-time recognition of zero-day and ransomware attacks.
翻译:零日攻击与勒索软件持续挑战传统网络入侵检测系统(NIDS),暴露出其在威胁及时分类方面的局限性。尽管已努力降低误报率和漏报率,重大攻击事件依然频发,凸显了对先进解决方案的需求。机器学习(ML)模型在增强NIDS方面展现出潜力。本研究使用UGRansome数据集训练多种ML模型,用于检测零日攻击与勒索软件。结果表明,随机森林分类器(RFC)、XGBoost和集成方法在准确率、精确率、召回率和F1分数上均获得满分。相比之下,支持向量机(SVM)和朴素贝叶斯(NB)模型表现不佳。与其他研究的对比显示,决策树和集成方法有所改进,准确率分别达到约99.4%和97.7%。未来研究应探索合成少数类过采样技术(SMOTEs)以及多样化或多用途数据集,以提升零日攻击与勒索软件的实时识别能力。