Review of intrusion detection systems based on deep learning techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions

Abstract

This study reviews and analyses the research landscape for intrusion detection systems (IDSs) based on deep learning (DL) techniques into a coherent taxonomy and identifies the gap in this pivotal research area. The focus is on articles related to the keywords ‘deep learning’, ‘intrusion’ and ‘attack’ and their variations in four major databases, namely Web of Science, ScienceDirect, Scopus and the Institute of Electrical and Electronics Engineers’ Xplore. These databases are sufficiently broad to cover the technical literature. The dataset comprises 68 articles. The largest proportion (72.06%; 49/68) relates to articles that develop an approach for evaluating or identifying intrusion detection techniques using the DL approach. The second largest proportion (22.06%; 15/68) relates to studying/applying articles to the DL area, IDSs or other related issues. The third largest proportion (5.88%; 4/68) discusses frameworks/models for running or adopting IDSs. The basic characteristics of this emerging field are identified from the aspects of motivations, open challenges that impede the technology’s utility, authors’ recommendations and substantial analysis. Then, a result analysis mapping for new directions is discussed. Three phases are designed to meet the demands of detecting distributed denial-of-service attacks with a high accuracy rate. This study provides an extensive resource background for researchers who are interested in IDSs based on DL.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20

References

  1. 1.

    Nielsen MA (2015) Neural networks and deep learning, vol 25. Determination Press USA, San Francisco

    Google Scholar 

  2. 2.

    Yu Y, Long J, Liu F, Cai Z (2016) Machine learning combining with visualization for intrusion detection: a survey. In: International conference on modeling decisions for artificial intelligence. Springer, Cham, pp 239–249

  3. 3.

    Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy (SP). IEEE

  4. 4.

    Hecht-Nielsen R (1995) Replicator neural networks for universal optimal source coding. Science 269(5232):1860–1863

    Article  Google Scholar 

  5. 5.

    Cordero CG et al (2016) Analyzing flow-based anomaly intrusion detection using replicator neural networks. In: 2016 14th annual conference on privacy, security and trust (PST). IEEE

  6. 6.

    Thilina A et al (2016) Intruder detection using deep learning and association rule mining. In: 2016 IEEE international conference on computer and information technology (CIT). IEEE

  7. 7.

    Yin C et al (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961

    Article  Google Scholar 

  8. 8.

    Kim J, Kim H (2015) Applying recurrent neural network to intrusion detection with hessian free optimization. In International workshop on information security applications. Springer

  9. 9.

    Yuan X, Li C, Li X (2017) DeepDefense: identifying DDoS attack via deep learning. In: 2017 IEEE international conference on smart computing (SMARTCOMP). IEEE

  10. 10.

    Ishitaki T et al (2017) Application of deep recurrent neural networks for prediction of user behavior in tor networks. In: 2017 31st international conference on advanced information networking and applications workshops (WAINA). IEEE

  11. 11.

    Pascanu R et al (2015) Malware classification with recurrent networks. In: 2015 IEEE international conference on acoustics, speech and signal processing (ICASSP). IEEE

  12. 12.

    David OE, Netanyahu NS (2015) Deepsign: deep learning for automatic malware signature generation and classification. In: 2015 international joint conference on neural networks (IJCNN). IEEE

  13. 13.

    Wang Z et al (2016) droiddeeplearner: identifying android malware using deep learning. In: 2016 IEEE 37th Sarnoff symposium. IEEE

  14. 14.

    Yuan Z, Lu Y, Xue Y (2016) Droiddetector: android malware characterization and detection using deep learning. Tsinghua Sci Technol 21(1):114–123

    Article  Google Scholar 

  15. 15.

    Hou S et al (2016) Droiddelver: an android malware detection system using deep belief network based on API call blocks. In: International conference on web-age information management. Springer

  16. 16.

    Wu Y et al (2016) an attack-resilient middleware architecture for grid integration of distributed energy resources. In: 2016 IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE Cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData). IEEE

  17. 17.

    Kang M-J, Kang J-W (2016) Intrusion detection system using deep neural network for in-vehicle network security. PLoS ONE 11(6):e0155781

    Article  Google Scholar 

  18. 18.

    Jing L, Bin W (2016) Network intrusion detection method based on relevance deep learning. In: 2016 international conference on intelligent transportation, big data & smart city (ICITBS). IEEE

  19. 19.

    Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Future Gen Comput Syst 82:761–768

    Article  Google Scholar 

  20. 20.

    Potluri S, Diedrich C (2016) Accelerated deep neural networks for enhanced intrusion detection system. In: 2016 IEEE 21st international conference on emerging technologies and factory automation (ETFA). IEEE

  21. 21.

    Liu, Y. et al (2017) Fault injection attack on deep neural network. In: Proceedings of the 36th international conference on computer-aided design. IEEE Press

  22. 22.

    McElwee S et al (2017) Deep learning for prioritizing and responding to intrusion detection alerts. In: MILCOM 2017-2017 IEEE on military communications conference (MILCOM). IEEE

  23. 23.

    Wang Q et al (2017) Adversary resistant deep neural networks with an application to malware detection. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining. ACM

  24. 24.

    Saxe J, Berlin K (2015) Deep neural network based malware detection using two dimensional binary program features. In: 2015 10th international conference on malicious and unwanted software (MALWARE). IEEE

  25. 25.

    Wu T et al (2017) Twitter spam detection based on deep learning. In: Proceedings of the Australasian computer science week multiconference. ACM

  26. 26.

    Aminanto ME et al (2018) Deep abstraction and weighted feature selection for Wi-Fi impersonation detection. IEEE Trans Inf Forensics Secur 13(3):621–636

    Article  Google Scholar 

  27. 27.

    Yadav S, Subramanian S (2016) Detection of application layer DDoS attack by feature learning using stacked AutoEncoder. In: 2016 international conference on computational techniques in information and communication technologies (ICCTICT). IEEE

  28. 28.

    Zolotukhin M et al (2016) Increasing web service availability by detecting application-layer DDoS attacks in encrypted traffic. In: 2016 23rd international conference on telecommunications (ICT). IEEE

  29. 29.

    Thing VL (2017) IEEE 802.11 network anomaly detection and attack classification: A deep learning approach. In: 2017 IEEE on wireless communications and networking conference (WCNC). IEEE

  30. 30.

    Aminanto ME, Kim K (2016) Detecting impersonation attack in WiFi networks using deep learning approach. In: International workshop on information security applications. Springer

  31. 31.

    Hou S et al (2016) Deep4maldroid: a deep learning framework for android malware detection based on linux kernel system call graphs. In: 2016 IEEE/WIC/ACM international conference on web intelligence workshops (WIW). IEEE

  32. 32.

    Vincent P et al (2010) Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion. J Machine Learn Res 11:3371–3408

    MathSciNet  MATH  Google Scholar 

  33. 33.

    Yu Y, Long J, Cai Z (2017) Session-based network intrusion detection using a deep learning architecture. In: International conference on modeling decisions for artificial intelligence. Springer, Cham, pp 144–155

  34. 34.

    Wei J, Mendis GJ (2016) A deep learning-based cyber-physical strategy to mitigate false data injection attack in smart grids. In: Joint workshop on cyber-physical security and resilience in smart grids (CPSR-SG). IEEE

  35. 35.

    Li Z et al (2017) Intrusion detection using convolutional neural networks for representation learning. In: International conference on neural information processing. Springer

  36. 36.

    O’Shea K, Nash R (2015) An introduction to convolutional neural networks. arXiv preprint, arXiv:1511.08458

  37. 37.

    Mathew A et al (2017) An improved transfer learning approach for intrusion detection. Procedia Comput Sci 115:251–257

    Article  Google Scholar 

  38. 38.

    Muñoz-González L et al (2017) Towards poisoning of deep learning algorithms with back-gradient optimization. In: Proceedings of the 10th ACM workshop on artificial intelligence and security. ACM

  39. 39.

    Nix R, Zhang J (2017) Classification of Android apps and malware using deep neural networks. In: 2017 international joint conference on neural networks (IJCNN). IEEE

  40. 40.

    Shibahara T et al (2016) Efficient dynamic malware analysis based on network behavior using deep learning. In: 2016 IEEE on global communications conference (GLOBECOM). IEEE

  41. 41.

    Mohammadi S, Namadchian A (2017) A new deep learning approach for anomaly base IDS using memetic classifier. Int J Comput Commun Control 12(5):677–688

    Article  Google Scholar 

  42. 42.

    Taormina R, Galelli S (2017) Real-time detection of cyber-physical attacks on water distribution systems using deep learning. In: World environmental and water resources congress 2017

  43. 43.

    Alom MZ, Taha TM (2017) Network intrusion detection for cyber security on neuromorphic computing system. In: 2017 international joint conference on neural networks (IJCNN). IEEE

  44. 44.

    Javaid A et al (2016) A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI international conference on bio-inspired information and communications technologies (formerly BIONETICS). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering)

  45. 45.

    Vinayakumar R, Soman K, Poornachandran P (2017) Evaluating effectiveness of shallow and deep networks to intrusion detection system. In: 2017 international conference on advances in computing, communications and informatics (ICACCI). IEEE

  46. 46.

    Martinelli F, Marulli F, Mercaldo F (2017) Evaluating convolutional neural network for effective mobile malware detection. Procedia Comput Sci 112:2372–2381

    Article  Google Scholar 

  47. 47.

    Fiore U et al (2019) Using generative adversarial networks for improving classification effectiveness in credit card fraud detection. Inf Sci 479:448–455

    Article  Google Scholar 

  48. 48.

    Liu W et al (2017) A survey of deep neural network architectures and their applications. Neurocomputing 234:11–26

    Article  Google Scholar 

  49. 49.

    Dong B, Wang X (2016) Comparison deep learning method to traditional methods using for network intrusion detection. In: Proceedings on IEEE ICCSN

  50. 50.

    Harel Y, Gal IB, Elovici Y (2017) Cyber security and the role of intelligent systems in addressing its challenges. ACM Trans Intell Syst Technol (TIST) 8(4):49

    Google Scholar 

  51. 51.

    Zhao G, Zhang C, Zheng L (2017) Intrusion detection using deep belief network and probabilistic neural network. In: 2017 IEEE international conference on computational science and engineering (CSE) and embedded and ubiquitous computing (EUC). IEEE

  52. 52.

    Bu S-J, Cho S-B (2017) A hybrid system of deep learning and learning classifier system for database intrusion detection. In: International conference on hybrid artificial intelligence systems. Springer

  53. 53.

    Kim J, Kim H (2017) An effective intrusion detection classifier using long short-term memory with gradient descent optimization. In: 2017 international conference on platform technology and service (PlatCon). IEEE

  54. 54.

    Kim J et al (2016) Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 international conference on platform technology and service (PlatCon). IEEE

  55. 55.

    Shi Y, Sagduyu Y, Grushin A (2017) How to steal a machine learning classifier with deep learning. In: 2017 IEEE international symposium on technologies for homeland security (HST). IEEE

  56. 56.

    Yuan G et al (2017) A deep learning enabled subspace spectral ensemble clustering approach for web anomaly detection. In: 2017 international joint conference on neural networks (IJCNN). IEEE

  57. 57.

    Ntalampiras S (2016) Automatic identification of integrity attacks in cyber-physical systems. Expert Syst Appl 58:164–173

    Article  Google Scholar 

  58. 58.

    Dinh PV et al (2017) Deep learning combined with de-noising data for network intrusion detection. In: 2017 21st Asia Pacific symposium on intelligent and evolutionary systems (IES). IEEE

  59. 59.

    Liu Y, Zhang X (2016) Intrusion detection based on IDBM. In: 2016 IEEE 14th international conference on dependable, autonomic and secure computing, 14th international conference on pervasive intelligence and computing, 2nd international conference on big data intelligence and computing and cyber science and technology congress (DASC/PiCom/DataCom/CyberSciTech). IEEE

  60. 60.

    Ma T et al (2016) A hybrid methodologies for intrusion detection based deep neural network with support vector machine and clustering technique. In: International conference on frontier computing. Springer

  61. 61.

    Maghrebi H, Portigliatti T, Prouff E (2016) Breaking cryptographic implementations using deep learning techniques. In: International conference on security, privacy, and applied cryptography engineering. Springer

  62. 62.

    Lodhi FK et al (2017) Power profiling of microcontroller’s instruction set for runtime hardware Trojans detection without golden circuit models. In: Proceedings of the conference on design, automation & test in Europe. European Design and Automation Association

  63. 63.

    Yan R et al (2018) New deep learning method to detect code injection attacks on hybrid applications. J Syst Softw 137:67–77

    Article  Google Scholar 

  64. 64.

    Van NT, Thinh TN, Sach LT (2017) An anomaly-based network intrusion detection system using deep learning. In: 2017 international conference on system science and engineering (ICSSE). IEEE

  65. 65.

    Deng L, Yu D (2014) Deep learning: methods and applications. Found Trends Signal Process 7(3–4):197–387

    MathSciNet  Article  Google Scholar 

  66. 66.

    Roy SS et al (2017) A deep learning based artificial neural network approach for intrusion detection. In: International conference on mathematics and computing. Springer

  67. 67.

    Zhang X, Chen J (2017) Deep learning based intelligent intrusion detection. In: 2017 IEEE 9th international conference on communication software and networks (ICCSN). IEEE

  68. 68.

    Kim J et al (2017) Method of intrusion detection using deep neural network. In: 2017 IEEE international conference on big data and smart computing (BigComp). IEEE

  69. 69.

    Aggarwal P, Sharma SK (2015) Analysis of KDD dataset attributes-class wise for intrusion detection. Procedia Comput Sci 57:842–851

    Article  Google Scholar 

  70. 70.

    Tang TA et al (2016) Deep learning approach for network intrusion detection in software defined networking. In: 2016 international conference on wireless networks and mobile communications (WINCOM). IEEE

  71. 71.

    Rahul R et al (2017) Deep learning for network flow analysis and malware classification. In: International symposium on security in computing and communication. Springer

  72. 72.

    Rosenberg I, Sicard G, David EO (2017) DeepAPT: nation-state APT attribution using end-to-end deep neural networks. In: International conference on artificial neural networks. Springer

  73. 73.

    Vanderbruggen T, Cavazos J (2017) Large-scale exploration of feature sets and deep learning models to classify malicious applications. In: Resilience week (RWS), 2017. IEEE

  74. 74.

    Jones A, Straub J (2017) Using deep learning to detect network intrusions and malware in autonomous robots. In: International society for optics and photonics cyber sensing 2017

  75. 75.

    He Y, Mendis GJ, Wei J (2017) Real-time detection of false data injection attacks in smart grid: a deep learning-based intelligent mechanism. IEEE Trans Smart Grid 8(5):2505–2516

    Article  Google Scholar 

  76. 76.

    Yu Y, Long J, Cai Z (2017) Network intrusion detection through stacking dilated convolutional autoencoders. Secur Commun Netw 2017:4184196. https://doi.org/10.1155/2017/4184196

    Article  Google Scholar 

  77. 77.

    Lamping U, Sharpe R, Warnicke E (2014) Wireshark User’s Guide: for Wireshark

  78. 78.

    McKinney W (2010) Data structures for statistical computing in python. In: Proceedings of the 9th python in science conference. Austin, TX

  79. 79.

    Van Der Walt S et al (2011) The NumPy array: a structure for efficient numerical computation. Comput Sci Eng 13(2):22

    Article  Google Scholar 

  80. 80.

    Rais HB, Mehmood T (2016) Feature selection in intrusion detection, state of the art: a review. J Theor Appl Inf Technol 94(1):30–43

    Google Scholar 

  81. 81.

    Pramokchon P, Piamsa-nga P (2014) A feature score for classifying class-imbalanced data. In: 2014 international computer science and engineering conference (ICSEC). IEEE

  82. 82.

    García S, Luengo J, Herrera F (2015) Data preprocessing in data mining. Springer, Berlin

    Google Scholar 

  83. 83.

    Düntsch I, Gediga G (2000) Rough set data analysis—a road to non-invasive knowledge discovery. Springer, Berlin

    Google Scholar 

  84. 84.

    Wang S et al (2015) Subspace learning for unsupervised feature selection via matrix factorization. Pattern Recognit 48(1):10–19

    Article  Google Scholar 

  85. 85.

    Zhang F et al (2015) Adversarial feature selection against evasion attacks. IEEE Trans Cybern 46(3):766–777

    Article  Google Scholar 

  86. 86.

    Pitt E, Nayak R (2007) The use of various data mining and feature selection methods in the analysis of a population survey dataset. In: Proceedings of the 2nd international workshop on integrating artificial intelligence and data mining, vol 84. Australian Computer Society, Inc

  87. 87.

    Wang A et al (2015) Accelerating wrapper-based feature selection with K-nearest-neighbor. Knowl Based Syst 83:81–91

    Article  Google Scholar 

  88. 88.

    Hinton GE, Salakhutdinov RR (2006) Reducing the dimensionality of data with neural networks. Science 313(5786):504–507

    MathSciNet  Article  Google Scholar 

  89. 89.

    Wang ZJBU (2015) The applications of deep learning on traffic identification, vol 24. BlackHat USA, Washington

    Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to A. A. Zaidan.

Ethics declarations

Conflict of interest

The authors declare no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Aleesa, A.M., Zaidan, B.B., Zaidan, A.A. et al. Review of intrusion detection systems based on deep learning techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions. Neural Comput & Applic 32, 9827–9858 (2020). https://doi.org/10.1007/s00521-019-04557-3

Download citation

Keywords

  • Neural network
  • Intrusion detection system
  • Deep learning
  • Attack