Analysis of zero-day attacks and ransomware

Cybersecurity faces challenges in identifying and mitigating undefined network vulnerabilities, critical for preventing zero-day attacks. The absence of datasets for distinguishing normal versus abnormal network behavior hinders the development of proactive detection strategies. An obstacle in proactive prevention methods is the absence of comprehensive datasets for contrasting normal versus abnormal network behaviours. Such dataset enabling such contrasts would significantly expedite threat anomaly mitigation. The thesis "Ensemble learning and genetic algorithm for the detection of novel network threat anomaly using the UGRansome Dataset"; introduces UGRansome, a dataset for anomaly detection in network traffic. This dataset comprises a comprehensive set of malware features designed for detecting and quantifying zero-day attacks. It was created by integrating similar attributes from both the UGR'16 and ransomware datasets, following a process of development and validation. Malicious behavior is categorized into normal and abnormal patterns, further characterized through supervised learning techniques, which include anomaly, signature, and synthetic signature stratifications. Despite significant advancements in intrusion detection and prevention systems, the need for detecting and quantifying zero-day attacks, including ransomware, persists. Therefore, the development of a specialized analytical approach tailored for quantifying zero-day attacks within cybersecurity datasets is crucial to effectively address the evolving threat landscape posed by advanced persistent threats.