Detection of zero‐day attacks in computer networks using combined classification

Abstract

SummaryIn today's world, many public and private services are provided virtually on the Internet. Due to the increasing dynamism and development of computer networks, intrusion detection systems, as one of the hottest topics in network security, has become an attractive area of research for researchers. The intrusion detection system tries to categorize the activity of the connections into two categories, normal and abnormal. In intrusion detection system, each connection is described based on a set of features, and decisions about whether that connection is normal or abnormal are made using those features. The act of determining the norm or abnormality of a connection is called classification. In this article, a method based on combined classification is proposed to detect zero‐day attacks. One of the most important innovations in this method is using a new version of the GRASP feature selection algorithm, which is used to diversify the base classifiers. In this method, an attempt is made to produce a subset of different features that have high accuracy; and variety to be used in the assembly stage. Experimental results showed that the method used to create feature subsets has high quality.