Autoencoders and Support Vector Machine for Zero-Day Threat Detection in Web Applications
Keywords:
Autoencoder, Hybrid model, Intrusion detection, Support vector machine, Web application security, Zero-Day threatsAbstract
Zero-day attacks represent one of the most critical and complex threats to modern web-based systems, as they exploit previously unknown vulnerabilities before security patches or signatures become available. Traditional signature-based intrusion detection systems often fail to identify such attacks due to their reliance on known patterns. To address this limitation, this research proposes a hybrid intelligent detection framework that combines Autoencoders and Support Vector Machines (SVMs) for effective zero-day attack detection in web environments. The Autoencoder component operates as an unsupervised anomaly detection mechanism, learning latent representations of normal network traffic and identifying deviations that may indicate suspicious behavior. These detected anomalies are then processed by an SVM classifier, which performs supervised learning to distinguish between benign and malicious activities. The proposed framework is evaluated using widely recognized benchmark datasets, including CICIDS2017 and NSL-KDD, ensuring robustness and comparability with existing approaches. Comprehensive preprocessing techniques such as feature normalization, dimensionality reduction, and class balancing are applied to enhance model performance. Experimental results demonstrate that the hybrid Autoencoder–SVM model achieves higher detection accuracy, improved generalization, and significantly reduced false-positive rates compared to standalone machine learning and deep learning models. The findings highlight the effectiveness of integrating unsupervised and supervised learning techniques to detect evolving and previously unseen attack patterns. Overall, this study presents a scalable and resilient solution for zero-day threat detection, contributing to enhanced security of web applications and network infrastructures.
References
A. L. Buczak and E. Guven, “A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection,” IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153–1176, 2016.
A. Patcha and J.M. Park, “An overview of anomaly detection techniques: Existing solutions and latest technological trends,” Computer Networks, vol. 51, no. 12, pp. 3448–3470, Aug. 2007.
N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A Deep Learning Approach to Network Intrusion Detection,” IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 2, no. 1, pp. 41–50, Feb. 2018.
Y. Li, Q. Han, and J. Liu, “Community Detection based on Autoencoder Reconstruction Similarity Matrix,” Journal of Physics: Conference Series, vol. 1345, no. 3, p. 032055, Nov. 2019.
C. V. S. babu, V. Surendar, E. Sriram, and S. Subhash, “Web-Based Deep Learning Model for Zero Day Vulnerability Detection using FastAPI,” In 2024 International Conference on Advances in Data Engineering and Intelligent Computing Systems, pp. 1–6, Apr. 2024.
M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Network Anomaly Detection: Methods, Systems and Tools,” IEEE Communications Surveys Tutorials, vol. 16, no. 1, pp. 303–336, 2014.
M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” 2009 IEEE Symposium on Computational Intelligence for Security and Defence Applications, Jul. 2009.
N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” IEEE Xplore, Nov. 01, 2015.
T. Auld, A. W. Moore, and S. F. Gull, “Bayesian Neural Networks for Internet Traffic Classification,” IEEE Transactions on Neural Networks, vol. 18, no. 1, pp. 223–239, Jan. 2007.
A. Singh, Z. Mushtaq, H. Ali Abosaq, Salim, M. Irfan, and G. Nowakowski, “Enhancing Ransomware Attack Detection Using Transfer Learning and Deep Learning Ensemble Models on Cloud-Encrypted Data,” Electronics, vol. 12, no. 18, pp. 3899–3899, Sep. 2023
C. Kolias, G. Kambourakis, A. Stavrou, and S. Gritzalis, “Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats and a Public Dataset,” IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 184–208, 2016.
M. Abdullah Alohali, M. Elsadig, F. N. Al-Wesabi, M. Al Duhayyim, A. Mustafa Hilal, and A. Motwakel, “Optimal Deep Learning Based Ransomware Detection and Classification in the Internet of Things Environment,” Computer Systems Science and Engineering, vol. 46, no. 3, pp. 3087–3102, 2023.
C.F. Tsai, Y.F. Hsu, C.Y. Lin, and W.Y. Lin, “Intrusion detection by machine learning: A review,” Expert Systems with Applications, vol. 36, no. 10, pp. 11994–12000, Dec. 2009.
U. Fiore, F. Palmieri, A. Castiglione, and A. De Santis, “Network anomaly detection with the restricted Boltzmann machine,” Neurocomputing, vol. 122, pp. 13–23, Dec. 2013.
A. Javaid, Q. Niyaz, W. Sun, and M. Alam, “A Deep Learning Approach for Network Intrusion Detection System,” Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), 2016.
J. Kim, N. Shin, S. Y. Jo, and S. H. Kim, “Method of intrusion detection using deep neural network,” 2017 IEEE International Conference on Big Data and Smart Computing (BigComp), Feb. 2017.
N. Tamuka and K. Sibanda, “A Novel Real-Time Web Based Intrusion Detection System (IDS),” In2024 4th International Multidisciplinary Information Technology and Engineering Conference (IMITEC), pp. 343–350, Nov. 2024.
N. Sharma, M. Swarnkar, and B. Mondal, “WebWall: Zero-Day Attack Detection in Web Traffic Using Spatial Graph Neural Network,” 2024 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), pp. 1–6, Dec. 2024.
A. A. Zakharov and K. I. Gladkikh, “Characteristics and Trends of Zero-Day Vulnerabilities in Open-Source Code,” 2022 International Russian Automation Conference (RusAutoCon), pp. 498–502, Sep. 2024.
A. B. V, A. D. Shetty, A. Bhat, and C. Kanmani A, “Dynamic Threat Detection and Mitigation Using AI-Infused Firewalls,” 2025 13th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–5, Apr. 2025.
D. Nevare and S. B. Mane, “Improving Security Detection with Machine Learning: A Scalable Solution for Real-Time Vulnerability Analysis,” In2025 International Conference on Emerging Smart Computing and Informatics (ESCI), pp. 1–5, Mar. 2025.
M. S. C. Roque, J. P. G. Chancahuana, and R. M. Flores, “Implementation of Security Controls for the Treatment of Malware Using Breach and Attack Simulation,” 2024 IEEE XXXI International Conference on Electronics, Electrical Engineering and Computing (INTERCON), pp. 1–7, Nov. 2024.
K. Ahi and S. Valizadeh, “Large Language Models (LLMs) and Generative AI in Cybersecurity and Privacy: A Survey of Dual-Use Risks, AI-Generated Malware, Explainability, and Defensive Strategies,” In 2025 Silicon Valley Cybersecurity Conference (SVCC), pp. 1–8, Jun. 2025.
V. Babaey and H. R. Faragardi, “Detecting Zero-Day Web Attacks with an Ensemble of LSTM, GRU, and Stacked Autoencoders,” Computers, vol. 14, no. 6, p. 205, May 2025.
T. Yang and J. Sun, “A hybrid ensemble deep learning framework with novel metaheuristic optimization for scalable malicious website detection,” Scientific Reports, vol. 15, no. 1, Dec. 2025.
H. Ishfaq, J. H. Shah, R. Saleem, and M. Afzal, “A distributed framework for zero-day malware detection using federated ensemble models,” PLOS One, vol. 21, no. 1, p. e0339907, Jan. 2026.
S. Akshaya and P. Vathi, “Enhancing Cyber Defence Against Zero-Day Attacks Using Ensemble Neural Networks,” International Journal of Computer Networks & Communications, vol. 17, no. 4, pp. 131–151, Jul. 2025.
