Zero-Day Intrusion Detection via Byte-Level Packet Modeling Using PacketBER
Abstract
As cyber threats get smarter and more difficult to detect, prompting zero-day attacks, the need for quick and sharp intrusion detection systems is increasing. Traditional IDS systems work best with known attacks, as they use simple signatures and protocol features. In this study, we propose PacketBERT which uses transformers to treat network packets as byte series and understand what they mean without the need for human-designed features. With progress in natural language processing, PacketBERT regards network data as language and studies the relationships between bytes in different packets. Tested with a synthetic attack dataset, the model results in 73.5% correct predictions, macro-average F1-score of 0.595 and ROC-AUC 0.545. Although modest by classical standards, these results show that transformers can help detect threats we have not seen yet. The technology paves the way for future detection systems that can identify attacks before they are seen by designers.