An unsupervised approach for the detection of zero‐day distributed denial of service attacks in Internet of Things networks

The authors introduce an unsupervised Intrusion Detection System designed to detect zero-day distributed denial of service (DDoS) attacks in Internet of Things (IoT) networks. This system can identify anomalies without needing prior knowledge or training on attack information. Zero-day attacks exploit previously unknown vulnerabilities, making them hard to detect with traditional deep learning and machine learning systems that require pre-labelled data. Labelling data is also a time-consuming task for security experts. Therefore, unsupervised methods are necessary to detect these new threats. The authors focus on DDoS attacks, which have recently caused significant financial and service disruptions for many organisations. As IoT networks grow, these attacks become more sophisticated and harmful. The proposed approach detects zero-day DDoS attacks by using random projection to reduce data dimensionality and an ensemble model combining K-means, Gaussian mixture model, and one-class SVM with a hard voting technique for classification. The method was evaluated using the CIC-DDoS2019 dataset and achieved an accuracy of 94.55%, outperforming other state-of-the-art unsupervised learning methods.