One of the biggest risks to cybersecurity nowadays is zero-day attacks, which take advantage of flaws that security vendors are unaware of, an‎d that signature-based intrusion detection systems (IDS) cannot detect. Usually, these attacks happen when signature-based intrusion detection systems are placed in situations that they are intended to han‎dle. Therefore, the effectiveness of intrusion detection systems (IDS) has been overestimated by years of machine learning (ML) an‎d deep learning (DL) research, because although they can learn to characterize traffic features an‎d patterns, However, it still struggles to perform the task “well enough” against unknown attacks (generalization), adapt to concept drift in server functions, an‎d balance trade-offs between accuracy, cost, false positives, an‎d performance. Recent literature suggests that Reinforcement Learning (RL) has the potential to model intrusion detection as a sequential decision-making process, but most of the current work is still in the proof￾of-concept stage for eva‎luation on small datasets with limited usability. This seminar aims to address these identified gaps by introducing an adaptive intrusion detection framework based on Deep Reinforcement Learning (DRL). The proposed framework will learn from network traffic, evolve with attack patterns, an‎d make more accurate detection decisions through a cost-aware reward that takes into account detection accuracy, false positives, latency, an‎d resource efficiency. The outcome of the framework will be eva‎luated through analysis to benchmark datasets such as CICIDS2017, an‎d UNSW-NB15 with zero-day simulation scenarios specifically set up by holding out families of attacks for training. The expected contributions include: (1) a new DRL framework for adaptive zero-day attack detection, (2) better generalization to unseen attacks than static ML/DL models, (3) a cost-aware optimization mechanism for real-world cyber-incident detection deployment, an‎d (4) a benchmark methodology for eva‎luating zero-day detection. This study will connect theoretical developments with practical considerations an‎d may lead to scalable, interpretable, an‎d resilient approaches to advance cybersecurity defence against emerging zero-day threats.

10/29/2025 12:00:00 AM

88071

1404/08/10

ZERO-DAY ATTACK DETECTION WITH DEEP REINFORCEMENT LEARNING

: Zero-day attacks , Intrusion Detection Systems (IDS) , Machine Learning , Deep Learning , Deep Reinforcement Learning (DRL) , Adaptive Cybersecurity