An Analytical Review of Deep Learning Models and Datasets for Anomaly-Based Intrusion Detection Systems

Authors

  • Gurbakhsis Singh Research Scholar (Ph.D.), Punjabi University, Patiala, Punjab, India. Author
  • Meenakshi Bansal Assistant Professor, CSE, Yadavindra Department of Engineering, Talwandi Sabo, India. Author

DOI:

https://doi.org/10.48047/qdgj7n28

Keywords:

Network Security, Intrusion Detection, Cyber security, Benchmark Datasets, NSL-KDD, CICIDS2017, Feature Engineering, Threat Detection.

Abstract

 In the era of increasing cyber threats, anomaly-based intrusion detection systems (IDS) have gained prominence due to their ability to detect previously unknown or evolving attacks. Deep learning has significantly enhanced the accuracy and adaptability of these systems by enabling automatic feature extraction and complex pattern recognition. This review paper has two primary objectives: (1) to study and analyze the existing anomaly-based network intrusion detection systems, and (2) to survey various publicly available datasets and assess their significant features in identifying versatile attack types. For this purpose, a total of 150 research papers were reviewed, out of which 50 were selected based on their relevance, technical novelty, experimental rigor, and alignment with the research objectives. These selected studies encompass state-of-the-art deep learning techniques—including Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs), Long Short-Term Memory (LSTM), Generative Adversarial Networks (GANs), and hybrid models—employed in IDS development. The review also evaluates key benchmark datasets such as NSL-KDD, CICIDS2017, TON_IoT, and CICIDS2017, focusing on their features, applicability, and limitations. Performance metrics, real-time deployment challenges, interpretability, and computational efficiency are discussed in depth. By synthesizing current advancements, gaps, and future research directions, this study provides a comprehensive foundation for designing scalable and intelligent anomaly-based IDS solutions.

Downloads

Download data is not yet available.

References

Chen, Y., Lin, Q., Wei, W., Ji, J., Wong, K. C., & Coello, C. A. C. (2022). Intrusion detection using multi-objective evolutionary convolutional neural network for Internet of Things in Fog computing. Knowledge-based systems, 244, 108505.

Xu, H., Sun, Z., Cao, Y., & Bilal, H. (2023). A data-driven approach for intrusion and anomaly detection using automated machine learning for the Internet of Things. Soft Computing, 27(19), 14469-14481.

Ponniah, K. K., & Retnaswamy, B. (2023). A novel deep learning based intrusion detection system for the IoT-Cloud platform with blockchain and data encryption mechanisms. Journal of Intelligent & Fuzzy Systems, 45(6), 11707-11724.

Huang, S., & Lei, K. (2020). IGAN-IDS: An imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks. Ad Hoc Networks, 105, 102177.

Kanimozhi, V., & Jacob, T. P. (2019, September). Artificial intelligence-based network intrusion detection with hyper-parameter optimization tuning on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing. ICT Express, 5(3), 211–214.

Karatas Baydogmus, G., Demir, Y., & Sahingoz, O. (2020, February). Increasing the performance of machine learning-based IDSs on an imbalanced and up-to-date dataset. IEEE Access.

Khan, M. A. (2021). HCRNNIDS: Hybrid convolutional recurrent neural network-based network intrusion detection system. Processes, 9(5), 834.

Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019, December). Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity, 2(1), 20.

Lan, Y., Truong-Huu, T., Wu, J., & Teo, S. G. (2022). Cascaded multi-class network intrusion detection with decision tree and self-attentive model. In 2022 IEEE International Conference on Data Mining Workshops (ICDMW) (pp. 1–7). IEEE.

Layeghy, S., Baktashmotlagh, M., & Portmann, M. (2023, August). DI-NIDS: Domain invariant network intrusion detection system. Knowledge-Based Systems, 273, 110626.

Lin, P., Ye, K., & Xu, C.-Z. (2019, June). Dynamic network anomaly detection system by using deep learning techniques. In Smart Computing and Communication (pp. 161–176).

Liu, L., Wang, P., Lin, J., & Liu, L. (2020). Intrusion detection of imbalanced network traffic based on machine learning and deep learning. IEEE Access, 9, 7550–7563.

Khan, N., C, N., Negi, A., & Thaseen, S. (2020). Analysis on improving the performance of machine learning models using feature selection technique. In Proceedings (pp. 69–77).

Kumar, V., Sinha, D., Das, A. K., Pandey, S. C., & Goswami, R. T. (2020). An integrated rule based intrusion detection system: Analysis on UNSW-NB15 data set and the real time online dataset. Cluster Computing, 23(2), 1397–1418.

Kwon, D., Kim, H., Kim, J., Suh, S. C., Kim, I., & Kim, K. J. (2019). A survey of deep learning-based network anomaly detection. Cluster Computing, 22, 949–961.

Basnet, R. B., Shash, R., Johnson, C., Walgren, L., & Doleck, T. (2019, November). Towards detecting and classifying network intrusion traffic using deep learning frameworks. Journal of Internet Services and Information Security, 9(4), 1–17.

Begum, A., Dhilip Kumar, V., Asghar, J., Hemalatha, D., & Arulkumaran, G. (2022, September). A combined deep CNN–LSTM with a random forest approach for breast cancer diagnosis. Complexity, 2022, 1–9.

Chawla, A., Lee, B., Fallon, S., & Jacob, P. (2019). Host-based intrusion detection system with combined CNN/RNN model. In C. Alzate et al. (Eds.), ECML PKDD 2018 Workshops (Vol. 11329, pp. 149–158). Springer.

Farhan, B. I., & Jasim, A. D. (2023). Improving detection for intrusion using deep LSTM with hybrid feature selection method. Iraqi Journal of Information and Communication Technology, 6(1), 40–50.

Ferrag, M. A., Maglaras, L., Moschoyiannis, S., & Janicke, H. (2020). Deep learning for cybersecurity intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications, 50, 102419.

Fitni, Q. R. S., & Ramli, K. (2020, July). Implementation of ensemble learning and feature selection for performance improvements in anomaly-based intrusion detection systems. In 2020 IEEE International Conference on Industry 4.0, Artificial Intelligence, and Communications Technology (IAICT) (pp. 118–124). IEEE.

Gamage, S., & Samarabandu, J. (2020, November). Deep learning methods in network intrusion detection: A survey and an objective comparison. Journal of Network and Computer Applications, 169, 102767.

Gumusbas, D., Yildirim, T., Genovese, A., & Scotti, F. (2021, June). A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems. IEEE Systems Journal, 15(2), 1717–1731.

Hagar, A. A., & Gawali, B. W. (2022). Implementation of machine and deep learning algorithms for intrusion detection system. In Intelligent Communication Technologies and Virtual Mobile Networks: Proceedings of ICICV 2022 (pp. 1–20). Springer.

Hua, Y. (2020). An efficient traffic classification scheme using embedded feature selection and LightGBM. In 2020 Information Communication Technologies Conference (ICTC) (pp. 125–130). IEEE.

Huang, S., & Lei, K. (2020). IGAN-IDS: An imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks. Ad Hoc Networks, 105, 102177.

Latah, M., & Toker, L. (2018). Towards an efficient anomaly-based intrusion detection for software-defined networks. IET Networks, 7(6), 453–459.

Naseer, S., Saleem, Y., Khalid, S., Bashir, M. K., Han, J., Iqbal, M. M., & Han, K. (2018). Enhanced network anomaly detection based on deep neural networks. IEEE Access, 6(8), 48231–48246.

Rathore, S., & Park, J. H. (2018). Semi-supervised learning based distributed attack detection framework for IoT. Applied Soft Computing Journal, 72, 79–89.

Roshan, S., Miche, Y., Akusok, A., & Lendasse, A. (2018). Adaptive and online network intrusion detection system using clustering and extreme learning machines. Journal of the Franklin Institute, 355(4), 1752–1779.

Saad Alqahtani, A. (2021). FSO-LSTM IDS: Hybrid optimized and ensembled deep-learning network-based intrusion detection system for smart networks. The Journal of Supercomputing, 78, 9438–9455.

Sharafaldin, I., Gharib, A., Lashkari, A. H., & Ghorbani, A. A. (2017). Towards a reliable intrusion detection benchmark dataset. Software Networking, 2017(1), 177–200.

Tama, B. A., Comuzzi, M., & Rhee, K. H. (2019). TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access, 7, 94497–94507.

Teng, S., Wu, N., Zhu, H., Teng, L., & Zhang, W. (2018). SVM-DT-based adaptive and collaborative intrusion detection. IEEE/CAA Journal of Automatica Sinica, 5(1), 108–118.

Wang, Y., Meng, W., Li, W., Li, J., Liu, W. X., & Xiang, Y. (2018). A fog-based privacy-preserving approach for distributed signature-based intrusion detection. Journal of Parallel and Distributed Computing, 122, 26–35.

Wu, Y., Wei, D., & Feng, J. (2020). Network attacks detection methods based on deep learning techniques: A survey. Security and Communication Networks, 2020, Article ID 8872923.

Yao, H., Fu, D., Zhang, P., Li, M., & Liu, Y. (2019). MSML: A novel multilevel semi-supervised machine learning framework for intrusion detection system. IEEE Internet of Things Journal, 6(2), 1949–1959.

Almaraz-Rivera, J. G., Cantoral-Ceballos, J. A., & Botero, J. F. (2023). Enhancing iot network security: Unveiling the power of self-supervised learning against ddos attacks. Sensors, 23(21), 8701.

Ponniah, K. K., & Retnaswamy, B. (2023). A novel deep learning based intrusion detection system for the IoT-Cloud platform with blockchain and data encryption mechanisms. Journal of Intelligent & Fuzzy Systems, 45(6), 11707-11724.

Idrissi, M. J., Alami, H., El Mahdaouy, A., El Mekki, A., Oualil, S., Yartaoui, Z., & Berrada, I. (2023). Fed-anids: Federated learning for anomaly-based network intrusion detection systems. Expert Systems with Applications, 234, 121000.

Hernandez-Ramos, J., Karopoulos, G., Chatzoglou, E., Kouliaridis, V., Marmol, E., Gonzalez-Vidal, A., & Kambourakis, G. (2023). Intrusion Detection based on Federated Learning: a systematic review. ACM Computing Surveys.

Soliman, S., Oudah, W., & Aljuhani, A. (2023). Deep learning-based intrusion detection approach for securing industrial Internet of Things. Alexandria Engineering Journal, 81, 371-383.

Parhizkari, S. (2023). Anomaly detection in intrusion detection systems. In Anomaly Detection-Recent Advances, AI and ML Perspectives and Applications. IntechOpen.

Idrissi, M. J., Alami, H., El Mahdaouy, A., El Mekki, A., Oualil, S., Yartaoui, Z., & Berrada, I. (2023). Fed-anids: Federated learning for anomaly-based network intrusion detection systems. Expert Systems with Applications, 234, 121000.

Zoppi, T., Gazzini, S., & Ceccarelli, A. (2024). Anomaly-based error and intrusion detection in tabular data: No DNN outperforms tree-based classifiers. Future Generation Computer Systems, 160, 951-965.

Rele, M., & Patil, D. (2023, August). Intrusive detection techniques utilizing machine learning, deep learning, and anomaly-based approaches. In 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity (ICoCICs) (pp. 88-93). IEEE.

Bhavsar, M., Roy, K., Kelly, J., & Olusola, O. (2023). Anomaly-based intrusion detection system for IoT application. Discover Internet of things, 3(1), 5.

Shanthi, K., & Maruthi, R. (2023, August). Machine Learning Approach for Anomaly-Based Intrusion Detection Systems Using Isolation Forest Model and Support Vector Machine. In 2023 5th International Conference on Inventive Research in Computing Applications (ICIRCA) (pp. 136-139). IEEE.

Sharma, B., Sharma, L., Lal, C., & Roy, S. (2023). Anomaly based network intrusion detection for IoT attacks using deep learning technique. Computers and Electrical Engineering, 107, 108626.

Chimphlee, S., & Chimphlee, W. (2023). Machine learning to improve the performance of anomaly-based network intrusion detection in big data. Indones. J. Electr. Eng. Comput. Sci, 30(2), 1106-1119.

Downloads

Published

2023-06-02

How to Cite

An Analytical Review of Deep Learning Models and Datasets for Anomaly-Based Intrusion Detection Systems (G. Singh & M. Bansal , Trans.). (2023). Cuestiones De Fisioterapia, 52(3), 321-336. https://doi.org/10.48047/qdgj7n28