Abstract
This study reviews and analyses the research landscape for intrusion detection systems (IDSs) based on deep learning (DL) techniques into a coherent taxonomy and identifies the gap in this pivotal research area. The focus is on articles related to the keywords ‘deep learning’, ‘intrusion’ and ‘attack’ and their variations in four major databases, namely Web of Science, ScienceDirect, Scopus and the Institute of Electrical and Electronics Engineers’ Xplore. These databases are sufficiently broad to cover the technical literature. The dataset comprises 68 articles. The largest proportion (72.06%; 49/68) relates to articles that develop an approach for evaluating or identifying intrusion detection techniques using the DL approach. The second largest proportion (22.06%; 15/68) relates to studying/applying articles to the DL area, IDSs or other related issues. The third largest proportion (5.88%; 4/68) discusses frameworks/models for running or adopting IDSs. The basic characteristics of this emerging field are identified from the aspects of motivations, open challenges that impede the technology’s utility, authors’ recommendations and substantial analysis. Then, a result analysis mapping for new directions is discussed. Three phases are designed to meet the demands of detecting distributed denial-of-service attacks with a high accuracy rate. This study provides an extensive resource background for researchers who are interested in IDSs based on DL.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Nielsen MA (2015) Neural networks and deep learning, vol 25. Determination Press USA, San Francisco
Yu Y, Long J, Liu F, Cai Z (2016) Machine learning combining with visualization for intrusion detection: a survey. In: International conference on modeling decisions for artificial intelligence. Springer, Cham, pp 239–249
Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy (SP). IEEE
Hecht-Nielsen R (1995) Replicator neural networks for universal optimal source coding. Science 269(5232):1860–1863
Cordero CG et al (2016) Analyzing flow-based anomaly intrusion detection using replicator neural networks. In: 2016 14th annual conference on privacy, security and trust (PST). IEEE
Thilina A et al (2016) Intruder detection using deep learning and association rule mining. In: 2016 IEEE international conference on computer and information technology (CIT). IEEE
Yin C et al (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961
Kim J, Kim H (2015) Applying recurrent neural network to intrusion detection with hessian free optimization. In International workshop on information security applications. Springer
Yuan X, Li C, Li X (2017) DeepDefense: identifying DDoS attack via deep learning. In: 2017 IEEE international conference on smart computing (SMARTCOMP). IEEE
Ishitaki T et al (2017) Application of deep recurrent neural networks for prediction of user behavior in tor networks. In: 2017 31st international conference on advanced information networking and applications workshops (WAINA). IEEE
Pascanu R et al (2015) Malware classification with recurrent networks. In: 2015 IEEE international conference on acoustics, speech and signal processing (ICASSP). IEEE
David OE, Netanyahu NS (2015) Deepsign: deep learning for automatic malware signature generation and classification. In: 2015 international joint conference on neural networks (IJCNN). IEEE
Wang Z et al (2016) droiddeeplearner: identifying android malware using deep learning. In: 2016 IEEE 37th Sarnoff symposium. IEEE
Yuan Z, Lu Y, Xue Y (2016) Droiddetector: android malware characterization and detection using deep learning. Tsinghua Sci Technol 21(1):114–123
Hou S et al (2016) Droiddelver: an android malware detection system using deep belief network based on API call blocks. In: International conference on web-age information management. Springer
Wu Y et al (2016) an attack-resilient middleware architecture for grid integration of distributed energy resources. In: 2016 IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE Cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData). IEEE
Kang M-J, Kang J-W (2016) Intrusion detection system using deep neural network for in-vehicle network security. PLoS ONE 11(6):e0155781
Jing L, Bin W (2016) Network intrusion detection method based on relevance deep learning. In: 2016 international conference on intelligent transportation, big data & smart city (ICITBS). IEEE
Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Future Gen Comput Syst 82:761–768
Potluri S, Diedrich C (2016) Accelerated deep neural networks for enhanced intrusion detection system. In: 2016 IEEE 21st international conference on emerging technologies and factory automation (ETFA). IEEE
Liu, Y. et al (2017) Fault injection attack on deep neural network. In: Proceedings of the 36th international conference on computer-aided design. IEEE Press
McElwee S et al (2017) Deep learning for prioritizing and responding to intrusion detection alerts. In: MILCOM 2017-2017 IEEE on military communications conference (MILCOM). IEEE
Wang Q et al (2017) Adversary resistant deep neural networks with an application to malware detection. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining. ACM
Saxe J, Berlin K (2015) Deep neural network based malware detection using two dimensional binary program features. In: 2015 10th international conference on malicious and unwanted software (MALWARE). IEEE
Wu T et al (2017) Twitter spam detection based on deep learning. In: Proceedings of the Australasian computer science week multiconference. ACM
Aminanto ME et al (2018) Deep abstraction and weighted feature selection for Wi-Fi impersonation detection. IEEE Trans Inf Forensics Secur 13(3):621–636
Yadav S, Subramanian S (2016) Detection of application layer DDoS attack by feature learning using stacked AutoEncoder. In: 2016 international conference on computational techniques in information and communication technologies (ICCTICT). IEEE
Zolotukhin M et al (2016) Increasing web service availability by detecting application-layer DDoS attacks in encrypted traffic. In: 2016 23rd international conference on telecommunications (ICT). IEEE
Thing VL (2017) IEEE 802.11 network anomaly detection and attack classification: A deep learning approach. In: 2017 IEEE on wireless communications and networking conference (WCNC). IEEE
Aminanto ME, Kim K (2016) Detecting impersonation attack in WiFi networks using deep learning approach. In: International workshop on information security applications. Springer
Hou S et al (2016) Deep4maldroid: a deep learning framework for android malware detection based on linux kernel system call graphs. In: 2016 IEEE/WIC/ACM international conference on web intelligence workshops (WIW). IEEE
Vincent P et al (2010) Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion. J Machine Learn Res 11:3371–3408
Yu Y, Long J, Cai Z (2017) Session-based network intrusion detection using a deep learning architecture. In: International conference on modeling decisions for artificial intelligence. Springer, Cham, pp 144–155
Wei J, Mendis GJ (2016) A deep learning-based cyber-physical strategy to mitigate false data injection attack in smart grids. In: Joint workshop on cyber-physical security and resilience in smart grids (CPSR-SG). IEEE
Li Z et al (2017) Intrusion detection using convolutional neural networks for representation learning. In: International conference on neural information processing. Springer
O’Shea K, Nash R (2015) An introduction to convolutional neural networks. arXiv preprint, arXiv:1511.08458
Mathew A et al (2017) An improved transfer learning approach for intrusion detection. Procedia Comput Sci 115:251–257
Muñoz-González L et al (2017) Towards poisoning of deep learning algorithms with back-gradient optimization. In: Proceedings of the 10th ACM workshop on artificial intelligence and security. ACM
Nix R, Zhang J (2017) Classification of Android apps and malware using deep neural networks. In: 2017 international joint conference on neural networks (IJCNN). IEEE
Shibahara T et al (2016) Efficient dynamic malware analysis based on network behavior using deep learning. In: 2016 IEEE on global communications conference (GLOBECOM). IEEE
Mohammadi S, Namadchian A (2017) A new deep learning approach for anomaly base IDS using memetic classifier. Int J Comput Commun Control 12(5):677–688
Taormina R, Galelli S (2017) Real-time detection of cyber-physical attacks on water distribution systems using deep learning. In: World environmental and water resources congress 2017
Alom MZ, Taha TM (2017) Network intrusion detection for cyber security on neuromorphic computing system. In: 2017 international joint conference on neural networks (IJCNN). IEEE
Javaid A et al (2016) A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI international conference on bio-inspired information and communications technologies (formerly BIONETICS). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering)
Vinayakumar R, Soman K, Poornachandran P (2017) Evaluating effectiveness of shallow and deep networks to intrusion detection system. In: 2017 international conference on advances in computing, communications and informatics (ICACCI). IEEE
Martinelli F, Marulli F, Mercaldo F (2017) Evaluating convolutional neural network for effective mobile malware detection. Procedia Comput Sci 112:2372–2381
Fiore U et al (2019) Using generative adversarial networks for improving classification effectiveness in credit card fraud detection. Inf Sci 479:448–455
Liu W et al (2017) A survey of deep neural network architectures and their applications. Neurocomputing 234:11–26
Dong B, Wang X (2016) Comparison deep learning method to traditional methods using for network intrusion detection. In: Proceedings on IEEE ICCSN
Harel Y, Gal IB, Elovici Y (2017) Cyber security and the role of intelligent systems in addressing its challenges. ACM Trans Intell Syst Technol (TIST) 8(4):49
Zhao G, Zhang C, Zheng L (2017) Intrusion detection using deep belief network and probabilistic neural network. In: 2017 IEEE international conference on computational science and engineering (CSE) and embedded and ubiquitous computing (EUC). IEEE
Bu S-J, Cho S-B (2017) A hybrid system of deep learning and learning classifier system for database intrusion detection. In: International conference on hybrid artificial intelligence systems. Springer
Kim J, Kim H (2017) An effective intrusion detection classifier using long short-term memory with gradient descent optimization. In: 2017 international conference on platform technology and service (PlatCon). IEEE
Kim J et al (2016) Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 international conference on platform technology and service (PlatCon). IEEE
Shi Y, Sagduyu Y, Grushin A (2017) How to steal a machine learning classifier with deep learning. In: 2017 IEEE international symposium on technologies for homeland security (HST). IEEE
Yuan G et al (2017) A deep learning enabled subspace spectral ensemble clustering approach for web anomaly detection. In: 2017 international joint conference on neural networks (IJCNN). IEEE
Ntalampiras S (2016) Automatic identification of integrity attacks in cyber-physical systems. Expert Syst Appl 58:164–173
Dinh PV et al (2017) Deep learning combined with de-noising data for network intrusion detection. In: 2017 21st Asia Pacific symposium on intelligent and evolutionary systems (IES). IEEE
Liu Y, Zhang X (2016) Intrusion detection based on IDBM. In: 2016 IEEE 14th international conference on dependable, autonomic and secure computing, 14th international conference on pervasive intelligence and computing, 2nd international conference on big data intelligence and computing and cyber science and technology congress (DASC/PiCom/DataCom/CyberSciTech). IEEE
Ma T et al (2016) A hybrid methodologies for intrusion detection based deep neural network with support vector machine and clustering technique. In: International conference on frontier computing. Springer
Maghrebi H, Portigliatti T, Prouff E (2016) Breaking cryptographic implementations using deep learning techniques. In: International conference on security, privacy, and applied cryptography engineering. Springer
Lodhi FK et al (2017) Power profiling of microcontroller’s instruction set for runtime hardware Trojans detection without golden circuit models. In: Proceedings of the conference on design, automation & test in Europe. European Design and Automation Association
Yan R et al (2018) New deep learning method to detect code injection attacks on hybrid applications. J Syst Softw 137:67–77
Van NT, Thinh TN, Sach LT (2017) An anomaly-based network intrusion detection system using deep learning. In: 2017 international conference on system science and engineering (ICSSE). IEEE
Deng L, Yu D (2014) Deep learning: methods and applications. Found Trends Signal Process 7(3–4):197–387
Roy SS et al (2017) A deep learning based artificial neural network approach for intrusion detection. In: International conference on mathematics and computing. Springer
Zhang X, Chen J (2017) Deep learning based intelligent intrusion detection. In: 2017 IEEE 9th international conference on communication software and networks (ICCSN). IEEE
Kim J et al (2017) Method of intrusion detection using deep neural network. In: 2017 IEEE international conference on big data and smart computing (BigComp). IEEE
Aggarwal P, Sharma SK (2015) Analysis of KDD dataset attributes-class wise for intrusion detection. Procedia Comput Sci 57:842–851
Tang TA et al (2016) Deep learning approach for network intrusion detection in software defined networking. In: 2016 international conference on wireless networks and mobile communications (WINCOM). IEEE
Rahul R et al (2017) Deep learning for network flow analysis and malware classification. In: International symposium on security in computing and communication. Springer
Rosenberg I, Sicard G, David EO (2017) DeepAPT: nation-state APT attribution using end-to-end deep neural networks. In: International conference on artificial neural networks. Springer
Vanderbruggen T, Cavazos J (2017) Large-scale exploration of feature sets and deep learning models to classify malicious applications. In: Resilience week (RWS), 2017. IEEE
Jones A, Straub J (2017) Using deep learning to detect network intrusions and malware in autonomous robots. In: International society for optics and photonics cyber sensing 2017
He Y, Mendis GJ, Wei J (2017) Real-time detection of false data injection attacks in smart grid: a deep learning-based intelligent mechanism. IEEE Trans Smart Grid 8(5):2505–2516
Yu Y, Long J, Cai Z (2017) Network intrusion detection through stacking dilated convolutional autoencoders. Secur Commun Netw 2017:4184196. https://doi.org/10.1155/2017/4184196
Lamping U, Sharpe R, Warnicke E (2014) Wireshark User’s Guide: for Wireshark
McKinney W (2010) Data structures for statistical computing in python. In: Proceedings of the 9th python in science conference. Austin, TX
Van Der Walt S et al (2011) The NumPy array: a structure for efficient numerical computation. Comput Sci Eng 13(2):22
Rais HB, Mehmood T (2016) Feature selection in intrusion detection, state of the art: a review. J Theor Appl Inf Technol 94(1):30–43
Pramokchon P, Piamsa-nga P (2014) A feature score for classifying class-imbalanced data. In: 2014 international computer science and engineering conference (ICSEC). IEEE
García S, Luengo J, Herrera F (2015) Data preprocessing in data mining. Springer, Berlin
Düntsch I, Gediga G (2000) Rough set data analysis—a road to non-invasive knowledge discovery. Springer, Berlin
Wang S et al (2015) Subspace learning for unsupervised feature selection via matrix factorization. Pattern Recognit 48(1):10–19
Zhang F et al (2015) Adversarial feature selection against evasion attacks. IEEE Trans Cybern 46(3):766–777
Pitt E, Nayak R (2007) The use of various data mining and feature selection methods in the analysis of a population survey dataset. In: Proceedings of the 2nd international workshop on integrating artificial intelligence and data mining, vol 84. Australian Computer Society, Inc
Wang A et al (2015) Accelerating wrapper-based feature selection with K-nearest-neighbor. Knowl Based Syst 83:81–91
Hinton GE, Salakhutdinov RR (2006) Reducing the dimensionality of data with neural networks. Science 313(5786):504–507
Wang ZJBU (2015) The applications of deep learning on traffic identification, vol 24. BlackHat USA, Washington
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Aleesa, A.M., Zaidan, B.B., Zaidan, A.A. et al. Review of intrusion detection systems based on deep learning techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions. Neural Comput & Applic 32, 9827–9858 (2020). https://doi.org/10.1007/s00521-019-04557-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-019-04557-3