Abstract
Detecting Zero-Day intrusions has been the goal of Cybersecurity, especiallyintrusion detection for a long time. Machine learning is believed to be thepromising methodology to solve that problem, numerous models have been proposedbut a practical solution is still yet to come, mainly due to the limitationcaused by the out-of-date open datasets available. In this paper, we take adeep inspection of the flow-based statistical data generated by CICFlowMeter,with six most popular machine learning classification models for Zero-Dayattacks detection. The training dataset CIC-AWS-2018 Dataset contains fourteentypes of intrusions, while the testing datasets contains eight different typesof attacks. The six classification models are evaluated and cross validated onCIC-AWS-2018 Dataset for their accuracy in terms of false-positive rate,true-positive rate, and time overhead. Testing dataset, including eight novel(or Zero-Day) real-life attacks and benign traffic flows collected in realresearch production network are used to test the performance of the chosendecision tree classifier. Promising results are received with the accuracy ashigh as 100% and reasonable time overhead. We argue that with the statisticaldata collected from CICFlowMeter, simple machine learning models such as thedecision tree classification could be able to take charge in detecting Zero-Dayattacks.