An Analytical Review of Deep Learning Models and Datasets for Anomaly-Based Intrusion Detection Systems
DOI:
https://doi.org/10.48047/qdgj7n28Keywords:
Network Security, Intrusion Detection, Cyber security, Benchmark Datasets, NSL-KDD, CICIDS2017, Feature Engineering, Threat Detection.Abstract
In the era of increasing cyber threats, anomaly-based intrusion detection systems (IDS) have gained prominence due to their ability to detect previously unknown or evolving attacks. Deep learning has significantly enhanced the accuracy and adaptability of these systems by enabling automatic feature extraction and complex pattern recognition. This review paper has two primary objectives: (1) to study and analyze the existing anomaly-based network intrusion detection systems, and (2) to survey various publicly available datasets and assess their significant features in identifying versatile attack types. For this purpose, a total of 150 research papers were reviewed, out of which 50 were selected based on their relevance, technical novelty, experimental rigor, and alignment with the research objectives. These selected studies encompass state-of-the-art deep learning techniques—including Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs), Long Short-Term Memory (LSTM), Generative Adversarial Networks (GANs), and hybrid models—employed in IDS development. The review also evaluates key benchmark datasets such as NSL-KDD, CICIDS2017, TON_IoT, and CICIDS2017, focusing on their features, applicability, and limitations. Performance metrics, real-time deployment challenges, interpretability, and computational efficiency are discussed in depth. By synthesizing current advancements, gaps, and future research directions, this study provides a comprehensive foundation for designing scalable and intelligent anomaly-based IDS solutions.
Downloads
References
Chen, Y., Lin, Q., Wei, W., Ji, J., Wong, K. C., & Coello, C. A. C. (2022). Intrusion detection using multi-objective evolutionary convolutional neural network for Internet of Things in Fog computing. Knowledge-based systems, 244, 108505.
Xu, H., Sun, Z., Cao, Y., & Bilal, H. (2023). A data-driven approach for intrusion and anomaly detection using automated machine learning for the Internet of Things. Soft Computing, 27(19), 14469-14481.
Ponniah, K. K., & Retnaswamy, B. (2023). A novel deep learning based intrusion detection system for the IoT-Cloud platform with blockchain and data encryption mechanisms. Journal of Intelligent & Fuzzy Systems, 45(6), 11707-11724.
Huang, S., & Lei, K. (2020). IGAN-IDS: An imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks. Ad Hoc Networks, 105, 102177.
Kanimozhi, V., & Jacob, T. P. (2019, September). Artificial intelligence-based network intrusion detection with hyper-parameter optimization tuning on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing. ICT Express, 5(3), 211–214.
Karatas Baydogmus, G., Demir, Y., & Sahingoz, O. (2020, February). Increasing the performance of machine learning-based IDSs on an imbalanced and up-to-date dataset. IEEE Access.
Khan, M. A. (2021). HCRNNIDS: Hybrid convolutional recurrent neural network-based network intrusion detection system. Processes, 9(5), 834.
Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019, December). Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity, 2(1), 20.
Lan, Y., Truong-Huu, T., Wu, J., & Teo, S. G. (2022). Cascaded multi-class network intrusion detection with decision tree and self-attentive model. In 2022 IEEE International Conference on Data Mining Workshops (ICDMW) (pp. 1–7). IEEE.
Layeghy, S., Baktashmotlagh, M., & Portmann, M. (2023, August). DI-NIDS: Domain invariant network intrusion detection system. Knowledge-Based Systems, 273, 110626.
Lin, P., Ye, K., & Xu, C.-Z. (2019, June). Dynamic network anomaly detection system by using deep learning techniques. In Smart Computing and Communication (pp. 161–176).
Liu, L., Wang, P., Lin, J., & Liu, L. (2020). Intrusion detection of imbalanced network traffic based on machine learning and deep learning. IEEE Access, 9, 7550–7563.
Khan, N., C, N., Negi, A., & Thaseen, S. (2020). Analysis on improving the performance of machine learning models using feature selection technique. In Proceedings (pp. 69–77).
Kumar, V., Sinha, D., Das, A. K., Pandey, S. C., & Goswami, R. T. (2020). An integrated rule based intrusion detection system: Analysis on UNSW-NB15 data set and the real time online dataset. Cluster Computing, 23(2), 1397–1418.
Kwon, D., Kim, H., Kim, J., Suh, S. C., Kim, I., & Kim, K. J. (2019). A survey of deep learning-based network anomaly detection. Cluster Computing, 22, 949–961.
Basnet, R. B., Shash, R., Johnson, C., Walgren, L., & Doleck, T. (2019, November). Towards detecting and classifying network intrusion traffic using deep learning frameworks. Journal of Internet Services and Information Security, 9(4), 1–17.
Begum, A., Dhilip Kumar, V., Asghar, J., Hemalatha, D., & Arulkumaran, G. (2022, September). A combined deep CNN–LSTM with a random forest approach for breast cancer diagnosis. Complexity, 2022, 1–9.
Chawla, A., Lee, B., Fallon, S., & Jacob, P. (2019). Host-based intrusion detection system with combined CNN/RNN model. In C. Alzate et al. (Eds.), ECML PKDD 2018 Workshops (Vol. 11329, pp. 149–158). Springer.
Farhan, B. I., & Jasim, A. D. (2023). Improving detection for intrusion using deep LSTM with hybrid feature selection method. Iraqi Journal of Information and Communication Technology, 6(1), 40–50.
Ferrag, M. A., Maglaras, L., Moschoyiannis, S., & Janicke, H. (2020). Deep learning for cybersecurity intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications, 50, 102419.
Fitni, Q. R. S., & Ramli, K. (2020, July). Implementation of ensemble learning and feature selection for performance improvements in anomaly-based intrusion detection systems. In 2020 IEEE International Conference on Industry 4.0, Artificial Intelligence, and Communications Technology (IAICT) (pp. 118–124). IEEE.
Gamage, S., & Samarabandu, J. (2020, November). Deep learning methods in network intrusion detection: A survey and an objective comparison. Journal of Network and Computer Applications, 169, 102767.
Gumusbas, D., Yildirim, T., Genovese, A., & Scotti, F. (2021, June). A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems. IEEE Systems Journal, 15(2), 1717–1731.
Hagar, A. A., & Gawali, B. W. (2022). Implementation of machine and deep learning algorithms for intrusion detection system. In Intelligent Communication Technologies and Virtual Mobile Networks: Proceedings of ICICV 2022 (pp. 1–20). Springer.
Hua, Y. (2020). An efficient traffic classification scheme using embedded feature selection and LightGBM. In 2020 Information Communication Technologies Conference (ICTC) (pp. 125–130). IEEE.
Huang, S., & Lei, K. (2020). IGAN-IDS: An imbalanced generative adversarial network towards intrusion detection system in ad-hoc networks. Ad Hoc Networks, 105, 102177.
Latah, M., & Toker, L. (2018). Towards an efficient anomaly-based intrusion detection for software-defined networks. IET Networks, 7(6), 453–459.
Naseer, S., Saleem, Y., Khalid, S., Bashir, M. K., Han, J., Iqbal, M. M., & Han, K. (2018). Enhanced network anomaly detection based on deep neural networks. IEEE Access, 6(8), 48231–48246.
Rathore, S., & Park, J. H. (2018). Semi-supervised learning based distributed attack detection framework for IoT. Applied Soft Computing Journal, 72, 79–89.
Roshan, S., Miche, Y., Akusok, A., & Lendasse, A. (2018). Adaptive and online network intrusion detection system using clustering and extreme learning machines. Journal of the Franklin Institute, 355(4), 1752–1779.
Saad Alqahtani, A. (2021). FSO-LSTM IDS: Hybrid optimized and ensembled deep-learning network-based intrusion detection system for smart networks. The Journal of Supercomputing, 78, 9438–9455.
Sharafaldin, I., Gharib, A., Lashkari, A. H., & Ghorbani, A. A. (2017). Towards a reliable intrusion detection benchmark dataset. Software Networking, 2017(1), 177–200.
Tama, B. A., Comuzzi, M., & Rhee, K. H. (2019). TSE-IDS: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system. IEEE Access, 7, 94497–94507.
Teng, S., Wu, N., Zhu, H., Teng, L., & Zhang, W. (2018). SVM-DT-based adaptive and collaborative intrusion detection. IEEE/CAA Journal of Automatica Sinica, 5(1), 108–118.
Wang, Y., Meng, W., Li, W., Li, J., Liu, W. X., & Xiang, Y. (2018). A fog-based privacy-preserving approach for distributed signature-based intrusion detection. Journal of Parallel and Distributed Computing, 122, 26–35.
Wu, Y., Wei, D., & Feng, J. (2020). Network attacks detection methods based on deep learning techniques: A survey. Security and Communication Networks, 2020, Article ID 8872923.
Yao, H., Fu, D., Zhang, P., Li, M., & Liu, Y. (2019). MSML: A novel multilevel semi-supervised machine learning framework for intrusion detection system. IEEE Internet of Things Journal, 6(2), 1949–1959.
Almaraz-Rivera, J. G., Cantoral-Ceballos, J. A., & Botero, J. F. (2023). Enhancing iot network security: Unveiling the power of self-supervised learning against ddos attacks. Sensors, 23(21), 8701.
Ponniah, K. K., & Retnaswamy, B. (2023). A novel deep learning based intrusion detection system for the IoT-Cloud platform with blockchain and data encryption mechanisms. Journal of Intelligent & Fuzzy Systems, 45(6), 11707-11724.
Idrissi, M. J., Alami, H., El Mahdaouy, A., El Mekki, A., Oualil, S., Yartaoui, Z., & Berrada, I. (2023). Fed-anids: Federated learning for anomaly-based network intrusion detection systems. Expert Systems with Applications, 234, 121000.
Hernandez-Ramos, J., Karopoulos, G., Chatzoglou, E., Kouliaridis, V., Marmol, E., Gonzalez-Vidal, A., & Kambourakis, G. (2023). Intrusion Detection based on Federated Learning: a systematic review. ACM Computing Surveys.
Soliman, S., Oudah, W., & Aljuhani, A. (2023). Deep learning-based intrusion detection approach for securing industrial Internet of Things. Alexandria Engineering Journal, 81, 371-383.
Parhizkari, S. (2023). Anomaly detection in intrusion detection systems. In Anomaly Detection-Recent Advances, AI and ML Perspectives and Applications. IntechOpen.
Idrissi, M. J., Alami, H., El Mahdaouy, A., El Mekki, A., Oualil, S., Yartaoui, Z., & Berrada, I. (2023). Fed-anids: Federated learning for anomaly-based network intrusion detection systems. Expert Systems with Applications, 234, 121000.
Zoppi, T., Gazzini, S., & Ceccarelli, A. (2024). Anomaly-based error and intrusion detection in tabular data: No DNN outperforms tree-based classifiers. Future Generation Computer Systems, 160, 951-965.
Rele, M., & Patil, D. (2023, August). Intrusive detection techniques utilizing machine learning, deep learning, and anomaly-based approaches. In 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity (ICoCICs) (pp. 88-93). IEEE.
Bhavsar, M., Roy, K., Kelly, J., & Olusola, O. (2023). Anomaly-based intrusion detection system for IoT application. Discover Internet of things, 3(1), 5.
Shanthi, K., & Maruthi, R. (2023, August). Machine Learning Approach for Anomaly-Based Intrusion Detection Systems Using Isolation Forest Model and Support Vector Machine. In 2023 5th International Conference on Inventive Research in Computing Applications (ICIRCA) (pp. 136-139). IEEE.
Sharma, B., Sharma, L., Lal, C., & Roy, S. (2023). Anomaly based network intrusion detection for IoT attacks using deep learning technique. Computers and Electrical Engineering, 107, 108626.
Chimphlee, S., & Chimphlee, W. (2023). Machine learning to improve the performance of anomaly-based network intrusion detection in big data. Indones. J. Electr. Eng. Comput. Sci, 30(2), 1106-1119.
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
- Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.
