Z-IDS: Zero-Day Intrusion Detection in IoV Using Generative Adversarial Networks

With the rapid growth of Internet of Vehicles (IoV) technology, the attack surface has expanded significantly in recent years. Traditional intrusion detection systems, such as signature-based and rule-based approaches, are inadequate for IoV environments due to their limitations in detecting zero-day attacks. To address this challenge, machine learning techniques have been widely explored in the literature for zero-day attack detection. However, the highly imbalanced nature of IoV datasets often leads to biased performance, favoring majority attack classes and reducing detection accuracy for minority classes. This paper proposes a Zero-Day Intrusion Detection System (Z-IDS) built on a hybrid LSTM–BiLSTM architecture. To mitigate class imbalance, a Generative Adversarial Network (GAN) is employed to generate synthetic samples. The proposed Z-IDS is evaluated using a cleaned version of the CICIoV2024 dataset under four experimental setups: 1) baseline testing; 2) training with GAN-augmented data; 3) leave-one-class-out testing for unseen attack detection (i.e., zero-day attacks); and 4) cross-dataset validation using the Car-Hacking dataset. The model achieves an accuracy of 99.72% with GAN-augmented data and 99.99% in zero-day attack scenarios. These results demonstrate the effectiveness of the proposed LSTM–BiLSTM-based Z-IDS framework in detecting both known and previously unseen attacks within IoV environments.