A Hybrid of Deep Learning-Based Zero-Day Attack Detection and Classification Method using a Two-Tier Metaheuristic Optimization Algorithm

J. Vanitha; P. Anandababu

doi:https://doi.org/10.14445/22315381/IJETT-V74I4P104

Research Article | Open Access | Download PDF

Volume 74 | Issue 4 | Year 2026 | Article Id. IJETT-V74I4P104 | DOI : https://doi.org/10.14445/22315381/IJETT-V74I4P104

A Hybrid of Deep Learning-Based Zero-Day Attack Detection and Classification Method using a Two-Tier Metaheuristic Optimization Algorithm

J. Vanitha, P. Anandababu

Received	Revised	Accepted	Published
11 Jun 2025	07 Feb 2026	12 Feb 2026	29 Apr 2026

Citation :

J. Vanitha, P. Anandababu, "A Hybrid of Deep Learning-Based Zero-Day Attack Detection and Classification Method using a Two-Tier Metaheuristic Optimization Algorithm," International Journal of Engineering Trends and Technology (IJETT), vol. 74, no. 4, pp. 37-51, 2026. Crossref, https://doi.org/10.14445/22315381/IJETT-V74I4P104

Abstract

A zero-day attack is an important cyberattack for the cybersecurity community and the public. It utilizes exposures that have not been revealed openly or new attacking strategies to evade being perceived by present recognition tools. Practitioners, researchers, and businesses have struggled to invent devices to detect cybersecurity attacks for the past few years. Notably, those efforts initiated rule-based, signature- or supervised-based Machine Learning (ML) techniques that are verified efficient for perceiving previously faced and considered interruptions. This manuscript proposes a Hybrid of Deep Learning-Based Zero-Day Attack Detection Utilizing a Two-Tier Metaheuristic Optimization Algorithm (HDLZAD-TTMOA) model. The HDLZAD-TTMOA model intends to project an advanced zero-day attack classification mechanism using optimized techniques. In the initial state, the min-max standardization is used for transforming input data into a compatible structure. Meanwhile, the whale optimization algorithm is utilized for attribute subset selection. Moreover, a hybridization of the Convolution Neural Network, Temporal Convolutional Network, and Long Short-Term Memory (CNN-TCN-LSTM) method was implemented for recognition. Finally, the Enhanced Crayfish Optimization Algorithm (ECOA)-based tuning has been utilized for boosting the recognition results of the CNN-TCN-LSTM algorithm. The efficiency of the HDLZAD-TTMOA system can be inspected against the ToN-IoT and CIC-IDS-2017 database. The comparative analysis of the HDLZAD-TTMOA methodology illustrated that greater detection efficiency is related to recent methodologies.

Keywords

Enhanced Crayfish Optimization Algorithm, Feature Selection, Min-Max Normalization, Zero-Day Attack Detection and Classification.

References

[1] Benedetto Marco Serinelli, Anastasija Collen, and Niels Alexander Nijdam, “On the Analysis of Open Source Datasets: Validating IDS Implementation for Well-Known and Zero Day Attack Detection,” Procedia Computer Science, vol. 191, pp.192-199, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[2] Rotem Bar, and Chen Hajaj, “Simcse for Encrypted Traffic Detection and Zero-Day Attack Detection,” IEEE Access, vol. 10, pp. 56952-56960, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[3] Xiaoyan Sun et al., “Using Bayesian Networks for Probabilistic Identification of Zero-Day Attack Paths,” IEEE Transactions on Information Forensics and Security, vol. 13, no. 10, pp. 2506-2521, 2018.
[CrossRef] [Google Scholar] [Publisher Link]

[4] Mahmut Tokmak, “Deep Forest Approach for Zero-Day Attacks Detection,” Innovations and Technologies in Engineering, pp. 45-56, 2022.
[Google Scholar]

[5] Antonio Gonzalez Pastana Lobato et al., “An Adaptive Real-Time Architecture for Zero-Day Threat Detection,” 2018 IEEE International Conference on Communications (ICC), Kansas City, MO, USA, pp. 1-6, 2018.
[CrossRef] [Google Scholar] [Publisher Link]

[6] Nerella Sameera, and Mogalla Shashi, “Deep Transductive Transfer Learning Framework for Zero-Day Attack Detection,” ICT Express, vol. 6, no. 4, pp. 361-367, 2020.
[CrossRef] [Google Scholar] [Publisher Link]

[7] Agathe Blaise et al., “Detection of Zero-Day Attacks: An Unsupervised Port-based Approach,” Computer Networks, vol. 180, pp. 1-19, 2020.
[CrossRef] [Google Scholar] [Publisher Link]

[8] Segun I. Popoola et al., “Federated Deep Learning for Zero-Day Botnet Attack Detection in IoT-Edge Devices,” IEEE Internet of Things Journal, vol. 9, no. 5, pp. 3930-3944, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[9] Umme Zahoora et al., “Zero-Day Ransomware Attack Detection using Deep Contractive Autoencoder and Voting based Ensemble Classifier,” Applied Intelligence, vol. 52, no. 12, pp.13941-13960, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[10] Ahmed Sleem, “Intelligent and Secure Detection of Cyber-Attacks in Industrial Internet of Things: A Federated Learning Framework,” Full Length Article, vol. 7, no. 1, pp. 51-61, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[11] Mohanad Sarhan et al., “From Zero-Shot Machine Learning to Zero-Day Attack Detection,” International Journal of Information Security, vol. 22, no. 4, pp. 947-959, 2023.
[CrossRef] [Google Scholar] [Publisher Link]

[12] Mahdi Soltani et al., “An Adaptable Deep Learning-based Intrusion Detection System to Zero-Day Attacks,” Journal of Information Security and Applications, vol. 76, pp. 1-10, 2023.
[CrossRef] [Google Scholar] [Publisher Link]

[13] Yali Wu et al., “An Active Learning Framework using Deep Q-Network for Zero-Day Attack Detection,” Computers and Security, vol. 139, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[14] Mahmoud M. Badr et al., “Comparative Analysis Between Supervised and Anomaly Detectors Against Electricity Theft Zero-Day Attacks,” 2024 International Telecommunications Conference (ITC-Egypt), Cairo, Egypt, pp. 706-711, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[15] Belal Ibrahim Hairab et al., “Anomaly Detection based on CNN and Regularization Techniques against Zero-Day Attacks in IoT Networks,” IEEE Access, vol. 10, pp. 98427-98440, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[16] Alok Kumar Shukla, “An Efficient Hybrid Evolutionary Approach for Identification of Zero-Day Attacks on Wired/Wireless Network System,” Wireless Personal Communications, vol. 123, no. 1, pp.1-29, 2020.
[CrossRef] [Google Scholar] [Publisher Link]

[17] Christopher Redino et al., “Zero Day Threat Detection using Graph and Flow based Security Telemetry,” 2022 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS), Greater Noida, India, pp. 655-662, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[18] Abubakar Wakili, and Sara Bakkali, “ZeroDefense: An Adaptive Hybrid Fusion-based Intrusion Detection System for Zero-Day Threat Detection in IoT Networks,” Journal of Electronic Science and Technology, vol. 24, no. 1, pp. 1-14, 2026.
[CrossRef] [Google Scholar] [Publisher Link]

[19] Mona Almofarreh et al., “Boosting Cybersecurity: A Zero-Day Attack Detection Approach using Equilibrium Optimiser with Deep Learning Model,” CMES Computer Modeling in Engineering and Sciences, vol. 145, no. 2, pp. 2631-2656, 2025.
[CrossRef] [Google Scholar] [Publisher Link]

[20] Ahmed Hasan Dakheel, Ali Hasan Dakheel, and Anas Qays Flayyi, “A Bayesian-Optimized Random Forest Framework for Zero-Day Threat Detection in IoT Environments,” International Journal of Intelligent Engineering and Systems, vol. 19, no. 1, pp. 803-822, 2026.
[CrossRef] [Google Scholar] [Publisher Link]

[21] Ahmed A. Mohamed et al., “Zero-Day Exploits Detection with Adaptive WavePCA-Autoencoder (AWPA) Adaptive Hybrid Exploit Detection Network (AHEDNet),” Scientific Reports, vol. 15, no. 1, pp. 1-27, 2025.
[CrossRef] [Google Scholar] [Publisher Link]

[22] Aamir S. Ahanger et al., “A Deep Learning Approach for the Detection of Zero‐day Attacks,” Deep Learning for Intrusion Detection: Techniques and Applications, pp. 267-283, 2026.
[CrossRef] [Google Scholar] [Publisher Link]

[23] Nahla J. Abid, Nawaf Alhebaishi, and Turki Althaqafi, “Robust Zero-Day Attack Detection with Optimal Deep Learning for Securing Internet of Things Environment,” Journal of Intelligent Systems and Internet of Things, vol. 16, no. 1, pp. 118-131, 2025.
[CrossRef] [Google Scholar] [Publisher Link]

[24] Rahila Rahim, and Mohammad Ahsan Chishti, “Deep Learning‐based Intrusion Detection in Wireless Networks,” Deep Learning for Intrusion Detection: Techniques and Applications, pp. 209-232, 2026.
[CrossRef] [Google Scholar] [Publisher Link]

[25] Amal Mirza et al., “ZDBERTa: Advancing Zero-Day Cyberattack Detection in Internet of Vehicle with Zero-Shot Learning,” Computers, vol. 14, no. 10, pp. 1-24, 2025.
[CrossRef] [Google Scholar] [Publisher Link]

[26] Md. Johirul Islam et al., “Application of Min-Max Normalization on Subject-Invariant EMG Pattern Recognition,” IEEE Transactions on Instrumentation and Measurement, vol. 71, pp. 1-12, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[27] Abdul Wadood et al., “Design of a Novel Fractional Whale Optimization-Enhanced Support Vector Regression (FWOA-SVR) Model for Accurate Solar Energy Forecasting,” Fractal and Fractional, vol. 9, no. 1, pp. 1-24, 2025.
[CrossRef] [Google Scholar] [Publisher Link]

[28] Farhad Hosseinali et al., “Evaluation of A Hybrid CNN-TCN-LSTM Model for Traffic Flow Prediction,” Earth Observation and Geomatics Engineering, vol. 7, no. 2, 2023.
[Google Scholar]

[29] Wenping Xiang et al., “Research on End-Effector Position Error Compensation of Industrial Robotic Arm based on ECOA-BP,” Sensors, vol. 25, no. 2, pp. 1-25, 2025.
[CrossRef] [Google Scholar] [Publisher Link]

[30] CIC-ToN-IoT: UNSW-ToN-IoT, with CICFlowmeter Features, by the University of Queensland, Kaggle, 2024. [Online]. Available: https://www.kaggle.com/datasets/doogla/cictoniot

[31] Network Intrusion Dataset (CIC-IDS-2017): Anomaly Detection in Network Dataset, Kaggle, 2017. [Online]. Available: https://www.kaggle.com/datasets/chethuhn/network-intrusion-dataset

[32] Belal Ibrahim Hairab et al., “Anomaly Detection of Zero-Day Attacks based on CNN and Regularization Techniques,” Electronics, vol. 12, no. 3, pp. 1-18, 2023.
[CrossRef] [Google Scholar] [Publisher Link]

[33] Mingcan Cen et al., “Zero-Ran Sniff: A Zero-Day Ransomware Early Detection Method based on Zero-Shot Learning,” Computers and Security, vol. 142, pp. 1-14, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[34] Jack Wilkie et al., “A Novel Contrastive Loss for Zero-Day Network Intrusion Detection,” IEEE Transactions on Network and Service Management, vol. 23, pp. 2064-2076, 2026.
[CrossRef] [Google Scholar] [Publisher Link]