Survey on Deep Learning Based Intrusion Detection System

Omar Muhammad Altoumi Alsyaibani, Ema Utami, Anggit Dwi Hartanto


Development of computer network has changed human lives in many ways. Currently, everyone is connected to each other from everywhere. Information can be accessed easily. This massive development has to be followed by good security system. Intrusion Detection System is important device in network security which capable of monitoring hardware and software in computer network. Many researchers have developed Intrusion Detection System continuously and have faced many challenges, for instance: low detection of accuracy, emergence of new types malicious traffic and error detection rate. Researchers have tried to overcome these problems in many ways, one of them is using Deep Learning which is a branch of Machine Learning for developing Intrusion Detection System and it will be discussed in this paper. Machine Learning itself is a branch of Artificial Intelligence which is growing rapidly in the moment. Several researches have showed that Machine Learning and Deep Learning provide very promising results for developing Intrusion Detection System. This paper will present an overview about Intrusion Detection System in general, Deep Learning model which is often used by researchers, available datasets and challenges which will be faced ahead by researchers


Deep Learning; IDS Research; IDS Review; Deep Learning Model; IDS Dataset

Full Text:

PDF (Indonesian)


Abadi, M., Barham, P., Chen, J., Chen, Z., Davis, A., Dean, J., Devin, M., Ghemawat, S., Irving, G., Isard, M., Kudlur, M., Levenberg, J., Monga, R., Moore, S., Murray, D. G., Steiner, B., Tucker, P., Vasudevan, V., Warden, P., … Zheng, X. (2016). TensorFlow: A system for large-scale machine learning. Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016.

Aghdam, M. H., & Kabiri, P. (2016). Feature selection for intrusion detection system using ant colony optimization. International Journal of Network Security.

Al-Qatf, M., Lasheng, Y., Al-Habib, M., & Al-Sabahi, K. (2018). Deep Learning Approach Combining Sparse Autoencoder with SVM for Network Intrusion Detection. IEEE Access.

Aldweesh, A., Derhab, A., & Emam, A. Z. (2020). Deep learning approaches for anomaly-based intrusion detection systems: A survey, taxonomy, and open issues. Knowledge-Based Systems, 189.

Alkasassbeh, M., Al-Naymat, G., B.A, A., & Almseidin, M. (2016). Detecting Distributed Denial of Service Attacks Using Data Mining Techniques. International Journal of Advanced Computer Science and Applications.

Alom, M. Z., & Taha, T. M. (2017). Network intrusion detection for cyber security using unsupervised deep learning approaches. Proceedings of the IEEE National Aerospace Electronics Conference, NAECON.

Alrawashdeh, K., & Purdy, C. (2017). Toward an online anomaly intrusion detection system based on deep learning. Proceedings - 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA 2016.

Anderson, J. P. (1980). Computer security threat monitoring and surveillance. Technical Report James P Anderson Co Fort Washington Pa.

Bace, R., & Mell, P. (2001). NIST special publication on intrusion detection

systems. In Nist Special Publication.

Beer, F., Hofer, T., Karimi, D., & Bühler, U. (2017). A new attack composition for network security. Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft Fur Informatik (GI).

Beigi, E. B., Jazi, H. H., Stakhanova, N., & Ghorbani, A. A. (2014). Towards effective feature selection in machine learning-based botnet detection approaches. 2014 IEEE Conference on Communications and Network Security, CNS 2014.

Berman, D. S., Buczak, A. L., Chavis, J. S., & Corbett, C. L. (2019). A survey of deep learning methods for cyber security. In Information (Switzerland) (Vol. 10, Issue 4).

Bhattacharya, S., & Selvakumar, S. (2015). SSENet-2014 Dataset: A Dataset for Detection of Multiconnection Attacks. Proceedings - 2014 3rd International Conference on Eco-Friendly Computing and Communication Systems, ICECCS 2014.

Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2015). Towards generating real-life datasets for network intrusion detection. International Journal of Network Security.

Chung, J., Gülçehre, Ç., Cho, K., & Bengio, Y. (2014). Empirical Evaluation of Gated Recurrent Neural Networks on Sequence Modeling. CoRR, abs/1412.3.

CyberEdge Group. (2020). 2020 Cyberthreat Defense Report.

Deng, J., Zhang, Z., Marchi, E., & Schuller, B. (2013). Sparse autoencoder-based feature transfer learning for speech emotion recognition. Proceedings - 2013 Humaine Association Conference on Affective Computing and Intelligent Interaction, ACII 2013.

Ding, S., & Wang, G. (2018). Research on intrusion detection technology based on deep learning. 2017 3rd IEEE International Conference on Computer and Communications, ICCC 2017.

Drewek-Ossowicka, A., Pietrołaj, M., & Rumiński, J. (2021). A survey of neural networks usage for intrusion detection systems. Journal of Ambient Intelligence and Humanized Computing, 12(1).

Erickson, B. J., Korfiatis, P., Akkus, Z., Kline, T., & Philbrick, K. (2017). Toolkits and Libraries for Deep Learning. In Journal of Digital Imaging.

Farahnakian, F., & Heikkonen, J. (2018). A deep auto-encoder based approach for intrusion detection system. International Conference on Advanced Communication Technology, ICACT.

Fulkerson, B., Michie, D., Spiegelhalter, D. J., & Taylor, C. C. (1995). Machine Learning, Neural and Statistical Classification. Technometrics.

Gamage, S., & Samarabandu, J. (2020). Deep learning methods in network intrusion detection: A survey and an objective comparison. Journal of Network and Computer Applications, 169.

García, S., Grill, M., Stiborek, J., & Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers and Security.

Goodfellow, I. J., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A., & Bengio, Y. (2014). Generative adversarial nets. Advances in Neural Information Processing Systems.

Graves, A., & Jaitly, N. (2014). Towards end-to-end speech recognition with recurrent neural networks. 31st International Conference on Machine Learning, ICML 2014.

Graves, A., Mohamed, A. R., & Hinton, G. (2013). Speech recognition with deep recurrent neural networks. ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings.

Gringoli, F., Salgarelli, L., Dusi, M., Cascarano, N., Risso, F., & Claffy, K. C. (2009). GT: Picking up the truth from the ground for internet traffic. Computer Communication Review.

Gurung, S., Kanti Ghose, M., & Subedi, A. (2019). Deep Learning Approach on Network Intrusion Detection System using NSL-KDD Dataset. International Journal of Computer Network and Information Security.

Haider, W., Hu, J., Slay, J., Turnbull, B. P., & Xie, Y. (2017). Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling. Journal of Network and Computer Applications.

Hassan, M. M., Gumaei, A., Alsanad, A., Alrubaian, M., & Fortino, G. (2020). A hybrid deep learning model for efficient intrusion detection in big data environment. Information Sciences.

Heberlein, L. T., Dias, G. V, Levitt, K. N., Mukherjee, B., Wood, J., & Wolber, D. (1989). A network security monitor.

Hindy, H., Brosset, D., Bayne, E., Seeam, A. K., Tachtatzis, C., Atkinson, R., & Bellekens, X. (2020). A Taxonomy of Network Threats and the Effect of Current Datasets on Intrusion Detection Systems. IEEE Access, 8.

Hochreiter, S., & Urgen Schmidhuber, J. J. (1997). Long short term memory. Neural computation. MEMORY Neural Computation.

Hofstede, R., Hendriks, L., Sperotto, A., & Pras, A. (2014). SSH compromise detection using NetFlow/IPFIX. Computer Communication Review.

Ieracitano, C., Adeel, A., Gogate, M., Dashtipour, K., Morabito, F. C., Larijani, H., Raza, A., & Hussain, A. (2018). Statistical Analysis Driven Optimized Deep Learning System for Intrusion Detection. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics).

Jazi, H. H., Gonzalez, H., Stakhanova, N., & Ghorbani, A. A. (2017). Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Computer Networks.

Kent, A. D. (2016). Cyber security data sources for dynamic network research. In Dynamic Networks and Cyber-Security.

Khan, F. A., Gumaei, A., Derhab, A., & Hussain, A. (2019). TSDL: A Two-Stage Deep Learning Model for Efficient Network Intrusion Detection. IEEE Access.

Kim, J., Kim, J., Thu, H. L. T., & Kim, H. (2016). Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection. 2016 International Conference on Platform Technology and Service, PlatCon 2016 - Proceedings.

Kolias, C., Kambourakis, G., Stavrou, A., & Gritzalis, S. (2016). Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset. IEEE Communications Surveys and Tutorials.

Krizhevsky, A., Sutskever, I., & Hinton, G. E. (2012). ImageNet classification with deep convolutional neural networks. Advances in Neural Information Processing Systems.

Lawrence, S., Giles, C. L., Tsoi, A. C., & Back, A. D. (1997). Face recognition: A convolutional neural-network approach. IEEE Transactions on Neural Networks.

Lee, H., Battle, A., Raina, R., & Ng, A. Y. (2007). Efficient sparse coding algorithms. Advances in Neural Information Processing Systems.

Lee, S. M., Yoon, S. M., & Cho, H. (2017). Human activity recognition from accelerometer data using Convolutional Neural Network. 2017 IEEE International Conference on Big Data and Smart Computing, BigComp 2017.

Li, Z., Qin, Z., Huang, K., Yang, X., & Ye, S. (2017). Intrusion detection using convolutional neural networks for representation learning. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics).

Lippmann, R. P., Fried, D. J., Graf, I., Haines, J. W., Kendall, K. R., McClung, D., Weber, D., Webster, S. E., Wyschogrod, D., Cunningham, R. K., &

Zissman, M. A. (2000). Evaluating intrusion detection systems: The 1998 DARPA off-line intrusion detection evaluation. Proceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2000.

Maciá-Fernández, G., Camacho, J., Magán-Carrión, R., García-Teodoro, P., & Therón, R. (2018). UGR‘16: A new dataset for the evaluation of cyclostationarity-based network IDSs. Computers and Security.

Mighan, S. N., & Kahani, M. (2020). A novel scalable intrusion detection system based on deep learning. International Journal of Information Security.

Moustafa, N., & Slay, J. (2015). UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). 2015 Military Communications and Information Systems Conference, MilCIS 2015 - Proceedings.

Nadeem, M., Marshall, O., Singh, S., Fang, X., & Yuan, X. (2016). Semi-Supervised Deep Neural Network for Network Intrusion Detection. Research and Practice.

Naseer, S., Saleem, Y., Khalid, S., Bashir, M. K., Han, J., Iqbal, M. M., & Han, K. (2018). Enhanced network anomaly detection based on deep neural networks. IEEE Access.

Niyaz, Q., Sun, W., Javaid, A. Y., & Alam, M. (2015). A deep learning approach for network intrusion detection system. EAI International Conference on Bio-Inspired Information and Communications Technologies (BICT).

Nweke, H. F., Teh, Y. W., Al-garadi, M. A., & Alo, U. R. (2018). Deep learning algorithms for human activity recognition using mobile and wearable sensor networks: State of the art and research challenges. In Expert Systems with Applications.

Otoum, S., Kantarci, B., & Mouftah, H. T. (2019). On the Feasibility of Deep Learning in Sensor Network Intrusion Detection. IEEE Networking Letters.

Pang, R., Allman, M., Bennett, M., Lee, J., Paxson, V., & Tierney, B. (2005). A first look at modern enterprise traffic. Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC.

Papamartzivanos, D., Gomez Marmol, F., & Kambourakis, G. (2019). Introducing Deep Learning Self-Adaptive Misuse Network Intrusion Detection Systems. IEEE Access.

Parvat, A., Chavan, J., Kadam, S., Dev, S., & Pathak, V. (2017). A survey of deep-learning frameworks. Proceedings of the International Conference on Inventive Systems and Control, ICISC 2017.

Ranzato, M., Boureau, Y. L., & Le Cun, Y. (2009). Sparse feature learning for deep belief networks. Advances in Neural Information Processing Systems 20 - Proceedings of the 2007 Conference.

Razavian, A. S., Azizpour, H., Sullivan, J., & Carlsson, S. (2014). CNN features off-the-shelf: An astounding baseline for recognition. IEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops.

Ring, M., Landes, D., & Hotho, A. (2018). Detection of slow port scans in flow-based network traffic. PLoS ONE.

Ring, M., Wunderlich, S., Scheuring, D., Landes, D., & Hotho, A. (2019). A survey of network-based intrusion detection data sets. In Computers and Security.

Roy, S. S., Mallik, A., Gulati, R., Obaidat, M. S., & Krishna, P. V. (2017). A deep learning based artificial neural network approach for intrusion detection. Communications in Computer and Information Science.

Saad, S., Traore, I., Ghorbani, A., Sayed, B., Zhao, D., Lu, W., Felix, J., & Hakimian, P. (2011). Detecting P2P botnets through network behavior analysis and machine learning. 2011 9th Annual International Conference on Privacy, Security and Trust, PST 2011.

Sangster, B., O’Connor, T. J., Cook, T., Fanelli, R., Dean, E., Adams, W. J., Morrell, C., & Conti, G. (2009). Toward instrumenting network warfare competitions to generate labeled datasets. 2nd Workshop on Cyber Security Experimentation and Test, CSET 2009.

Santanna, J. J., Van Rijswijk-Deij, R., Hofstede, R., Sperotto, A., Wierbosch, M., Granville, L. Z., & Pras, A. (2015). Booters - An analysis of DDoS-as-a-service attacks. Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management, IM 2015.

Schuster, M., & Paliwal, K. K. (1997). Bidirectional recurrent neural networks. IEEE Transactions on Signal Processing.

Sharafaldin, I., Gharib, A., Lashkari, A. H., & Ghorbani, A. A. (2017). Towards a Reliable Intrusion Detection Benchmark Dataset. Software Networking.

Sharma, R., Singla, R. K., & Guleria, A. (2018). A New Labeled Flow-based DNS Dataset for Anomaly Detection: PUF Dataset. Procedia Computer Science.

Shiravi, A., Shiravi, H., Tavallaee, M., & Ghorbani, A. A. (2012). Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers and Security.

Shone, N., Ngoc, T. N., Phai, V. D., & Shi, Q. (2018). A Deep Learning Approach to Network Intrusion Detection. IEEE Transactions on Emerging Topics in Computational Intelligence.

Singh, R., Kumar, H., & Singla, R. K. (2015). A reference dataset for network traffic activity based intrusion detection system. International Journal of Computers, Communications and Control.

Singla, A., Bertino, E., & Verma, D. (2020). Preparing Network Intrusion Detection Deep Learning Models with Minimal Data Using Adversarial Domain Adaptation. Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020.

Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., & Nakao, K. (2011). Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011.

Sperotto, A., Sadre, R., Van Vliet, F., & Pras, A. (2009). A labeled data set for flow-based intrusion detection. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics).

Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. IEEE Symposium on Computational Intelligence for Security and Defense Applications, CISDA 2009.

Turcotte, M. J. M., Kent, A. D., & Hash, C. (2017). Unified host and network data set. In arXiv.

UCI Machine Learning Repository. (2015). KDD Cup 1999 Data. In 1999]. Http://Kdd. Ics. Uci. Edu/Databases/Kddcup99/Kddcup99. Html.

Ustebay, S., Turgut, Z., & Aydin, M. A. (2019). Intrusion Detection System with Recursive Feature Elimination by Using Random Forest and Deep Learning Classifier. International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism, IBIGDELFT 2018 - Proceedings.

Van, N. T., Thinh, T. N., & Sach, L. T. (2017). An anomaly-based network intrusion detection system using Deep learning. Proceedings - 2017 International Conference on System Science and Engineering, ICSSE 2017.

Vasudevan, A. R., Harshini, E., & Selvakumar, S. (2011). SSENet-2011: A Network Intrusion Detection System dataset and its comparison with KDD CUP 99 dataset. Asian Himalayas International Conference on Internet.

Viegas, E. K., Santin, A. O., & Oliveira, L. S. (2017). Toward a reliable anomaly-based intrusion detection in real-world environments. Computer Networks.

Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., Al-Nemrat, A., & Venkatraman, S. (2019). Deep Learning Approach for Intelligent Intrusion Detection System. IEEE Access.

Vinayakumar, R., Soman, K. P., & Poornachandrany, P. (2017). Applying convolutional neural network for network intrusion detection. 2017 International Conference on Advances in Computing, Communications and Informatics, ICACCI 2017.

Vincent, P., Larochelle, H., Bengio, Y., & Manzagol, P. A. (2008). Extracting and composing robust features with denoising autoencoders. Proceedings of the 25th International Conference on Machine Learning.

Vincent, P., Larochelle, H., Lajoie, I., Bengio, Y., & Manzagol, P. A. (2010). Stacked denoising autoencoders: Learning Useful Representations in a Deep Network with a Local Denoising Criterion. Journal of Machine Learning Research.

Wang, H., & Yu, C. N. (2019). A Direct Approach to Robust Deep Learning Using Adversarial Networks. In arXiv.

Wang, Z. (2018). Deep Learning-Based Intrusion Detection with Adversaries. IEEE Access.

Wheelus, C., Khoshgoftaar, T. M., Zuech, R., & Najafabadi, M. M. (2014). A session based approach for aggregating network traffic data - The SANTA dataset. Proceedings - IEEE 14th International Conference on Bioinformatics and Bioengineering, BIBE 2014.

Xin, Y., Kong, L., Liu, Z., Chen, Y., Li, Y., Zhu, H., Gao, M., Hou, H., & Wang, C. (2018). Machine Learning and Deep Learning Methods for Cybersecurity. IEEE Access.

Yang, K., Liu, J., Zhang, C., & Fang, Y. (2019). Adversarial Examples Against the Deep Learning Based Network Intrusion Detection Systems. Proceedings - IEEE Military Communications Conference MILCOM.

Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks. IEEE Access.

Yu, Y., Long, J., & Cai, Z. (2017). Session-based network intrusion detection using a deep learning architecture. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics).

Zavrak, S., & Iskefiyeli, M. (2020). Anomaly-Based Intrusion Detection from Network Flow Features Using Variational Autoencoder. IEEE Access.

Zeng, Y., Gu, H., Wei, W., & Guo, Y. (2019). Deep-Full-Range: A Deep Learning Based Network Encrypted Traffic Classification and Intrusion Detection Framework. IEEE Access.

Zhang, H., Wu, C. Q., Gao, S., Wang, Z., Xu, Y., & Liu, Y. (2018). An Effective Deep Learning Based Scheme for Network Intrusion Detection. Proceedings - International Conference on Pattern Recognition.

Zhao, G., Zhang, C., & Zheng, L. (2017). Intrusion detection using deep belief network and probabilistic neural network. Proceedings - 2017 IEEE International Conference on Computational Science and Engineering and IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, CSE and EUC 2017.

Zuech, R., Khoshgoftaar, T. M., Seliya, N., Najafabadi, M. M., & Kemp, C. (2015). A new intrusion detection benchmarking system. Proceedings of the 28th International Florida Artificial Intelligence Research Society Conference, FLAIRS 2015.



Indexed by:       


ISSN 2442-4528 (online) | ISSN 1979-925X (print)
Published by : Universitas Amikom Purwokerto
Jl. Let. Jend. POL SUMARTO Watumas, Purwonegoro - Purwokerto Telp (0281) 623321 Fax (0281) 621662


Creative Commons License
This work is licensed under a  Creative Commons Attribution 4.0 International License.