Zero-day attack and ransomware detection

Zero-day and ransomware attacks continue to challenge traditional Network Intrusion Detection Systems (NIDS), revealing their limitations in timely threat classification. Despite efforts to reduce false positives and negatives, significant attacks persist, highlighting the need for advanced solutions. Machine Learning (ML) models show promise in enhancing NIDS. This study uses the UGRansome dataset to train various ML models for zero-day and ransomware attacks detection. The finding demonstrates that Random Forest Classifier (RFC), XGBoost, and Ensemble Methods achieved perfect scores in accuracy, precision, recall, and F1-score. In contrast, Support Vector Machine (SVM) and Naive Bayes (NB) models performed poorly. Comparison with other studies shows Decision Trees and Ensemble Methods improvements, with accuracy around 99.4% and 97.7%, respectively. Future research should explore Synthetic Minority Over-sampling Techniques (SMOTEs) and diverse or versatile datasets to improve real-time recognition of zero-day and ransomware attacks.