A Comprehensive Review of Machine Learning and Deep Learning Approaches for Zero-Day Attack Detection in Cybersecurity Systems
DOI:
https://doi.org/10.25195/ijci.v52i1.807Keywords:
Machine Learning, Zero-Day Attack, Internet of Things, Deep Neural Network, vulnerabilitiesAbstract
Over the past decade, the rapid digital transformation of infrastructures to digital forms, such as cloud computing, Internet of Things (IoT), and large-scale interconnected network systems, has made the threat of cybercrime much more pronounced. Of those, Zero-Day attacks are regarded as the most serious since they are previously unseen and so the traditional signature-based intrusion detection systems are useless. This paper presents an in-depth overview of machine learning (ML) and deep learning (DL) methods of detecting Zero-Day attacks. The methodology is based on reviewing, analyzing, and synthesizing recent literature, which is applied to ML, DL, and hybrid methods, threat intelligence integration, and real-time intrusion detection systems. The findings suggest that both ML and DL methods have high detection accuracy but have a number of weaknesses including high computational complexity, data imbalance, scarce availability of labeled data, and susceptibility to adversarial attacks. Moreover, this review shows some of the main gaps in research, especially in coping with the unknown attack patterns, the development of lightweight and real-time detection models, and the enhancement of the generalization abilities. Finally, the research paper shows that it is crucial to establish adaptive, scalable, and hybrid intelligent systems to improve the detection of Zero-Day attacks. To enhance actual cybersecurity applications in the future, future studies should focus on efficient learning mechanisms, strong adversarial defenses, and data-efficient models.
Downloads
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Iraqi Journal for Computers and Informatics
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
IJCI applies the Creative Commons Attribution (CC BY) license to articles. The author of the submitted paper for publication by IJCI has the CC BY license. Under this Open Access license, the author gives an agreement to any author to reuse the article in whole or part for any purpose, even for commercial purposes. Anyone may copy, distribute, or reuse the content as long as the author and source are properly cited. This facility helps in re-use and ensures that journal content is available for the needs of research.
If the manuscript contains photos, images, figures, tables, audio files, videos, etc., that the author or the co-authors do not own, IJCI will require the author to provide the journal with proof that the owner of that content has given the author written permission to use it, and the owner has approved that the CC BY license being applied to content. IJCI provides a form that the author can use to ask for permission from the owner. If the author does not have owner permission, IJCI will ask the author to remove that content and/or replace it with other content that the author owns or has such permission to use.
Many authors assume that if they previously published a paper through another publisher, they have the right to reuse that content in their PLOS paper, but that is not necessarily the case – it depends on the license that covers the other paper. The author must ascertain the rights he/she has of a specific license (a license that enables the author to use the content). The author must obtain written permission from the publisher to use the content in the IJCI paper. The author should not include any content in her/his IJCI paper without having the right to use it, and always give proper attribution.
The accompanying submitted data should be stated with licensing policies, the policies should not be more restrictive than CC BY.
IJCI has the right to remove photos, captures, images, figures, tables, illustrations, audio, and video files, from a paper before or after publication, if these contents were included in the author's paper without permission from the owner of the content.
