Zero-day exploits circumvent the traditional Signature-based Intrusion Detection Systems (SIDS) due to the unpatched vulnerability, so holistic anomaly-based IDS (AIDS) architecture is introduced, which is benchmarked against the CICIDS2017 repository to detect novel intrusion vectors. Acute class disparities were handled in a two-step oversampling scheme; after combining Synthetic Minority Oversampling Technique (SMOTE) with Conditional Tabular Generative Adversarial Networks (CTGAN), high-fidelity and diverse attack examples were generated. The dimensionality reduction is done through the Least Absolute Shrinkage and Selection Operator (LASSO). This refined feature space is used to train three unsupervised models of anomaly detection: One-Class Support Vector machine (OC-SVM), K-Nearest neighbors (KNN), and Isolation Forest (IF). Performance evaluation on a reserved set of zero-day tests showed that OC-SVM achieved the highest effectiveness, with a 0.8253 Zero-Day Detection Rate (ZDR) and a 0.9094 F1-score. These results validate the proposed framework for detecting new attacks, indicating their potential as a generalized solution for active intrusion detection.