Survey on intrusion detection systems based on deep learning

Ali Azawii Abdul lateef, Sufyan T. Faraj Al-Janabi, Belal Al-Khateeb


Intrusion Detection Systems (IDSs) have a significant role in all networks and information systems in the world to earn the required security guarantee. IDS is one of the solutions used to reduce malicious attacks. As attackers always changing their techniques of attack and find alternative attack methods, IDS must also evolve in response by adopting more sophisticated methods of detection.
The huge growth in the data and the significant advances in computer hardware technologies resulted in the new studies existence in the deep learning field, including intrusion detection. Deep learning is sub-field of Machine Learning (ML) methods that are based on learning data representations. In this paper, a detailed survey of various deep learning methods applied in IDSs is given first. Then, a deep learning classification scheme is presented and the main works that have been reported in the deep learning works is summarized. Utilizing this approach, we have provided a taxonomy survey on the available deep architectures and algorithms in these works and classify those algorithms to three classes, which are: discriminative, hybrid and generative. After that, chosen deep learning applications are reviewed in a wide range of fields of intrusion detection. Finally, popular types of datasets and frameworks are discussed.


Intrusion Detection Systems, Recurrent Neural Network, Deep Learning, Deep Neural Network.

Full Text:



R. Bace and P. Mell, “NIST special publication on intrusion detection systems,” BOOZ-ALLEN AND HAMILTON INC MCLEAN VA, 2001.

A. Lazarevic, V. Kumar, and J. Srivastava, “Intrusion detection: A survey,” in Managing Cyber Threats, Springer, 2005, pp. 19–78.

S. K. Wagh, V. K. Pachghare, and S. R. Kolhe, “Survey on intrusion detection system using machine learning techniques,” Int. J. Comput. Appl., vol. 78, no. 16, 2013.

W. Stallings, “Cryptography and network security: principles and practice,” Pract. (6th Ed., vol. 9, p. 9685, 1998.

M. H. Aghdam and P. Kabiri, “Feature Selection for Intrusion Detection System Using Ant Colony Optimization.,” IJ Netw. Secur., vol. 18, no. 3, pp. 420–432, 2016.

C.-F. Tsai, Y.-F. Hsu, C.-Y. Lin, and W.-Y. Lin, “Intrusion detection by machine learning: A review,” Expert Syst. Appl., vol. 36, no. 10, pp. 11994–12000, 2009.

B. Durakovic, “Design of experiments application, concepts, examples: State of the art,” Period. Eng. Nat. Sci., vol. 5, no. 3, 2017.

S. Pouyanfar et al., “A Survey on Deep Learning: Algorithms, Techniques, and Applications,” ACM Comput. Surv., vol. 51, no. 5, p. 92, 2018.

Y. LeCun, Y. Bengio, and G. Hinton, “Deep learning. nature 521 (7553): 436,” Google Sch., 2015.

L. Deng and X. Li, “Machine learning paradigms for speech recognition: An overview,” IEEE Trans. Audio. Speech. Lang. Processing, vol. 21, no. 5, pp. 1060–1089, 2013.

L. Deng and D. Yu, “Deep learning: methods and applications,” Found. Trends® Signal Process., vol. 7, no. 3–4, pp. 197–387, 2014.

Y. Bengio, N. Boulanger-Lewandowski, and R. Pascanu, “Advances in optimizing recurrent networks,” in 2013 IEEE International Conference on Acoustics, Speech and Signal Processing, 2013, pp. 8624–8628.

E. Aminanto and K. Kim, “Deep learning in intrusion detection system: An overview,” in 2016 International Research Conference on Engineering and Technology (2016 IRCET), 2016.

N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A deep learning approach to network intrusion detection,” IEEE Trans. Emerg. Top. Comput. Intell., vol. 2, no. 1, pp. 41–50, 2018.

I. Goodfellow, Y. Bengio, A. Courville, and Y. Bengio, Deep learning, vol. 1. MIT press Cambridge, 2016.

M. E. Aminanto and K. Kim, “Deep learning-based feature selection for intrusion detection system in transport layer.” 2016.

A. Javaid, Q. Niyaz, W. Sun, and M. Alam, “A deep learning approach for network intrusion detection system,” in Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), 2016, pp. 21–26.

R. Raina, A. Battle, H. Lee, B. Packer, and A. Y. Ng, “Self-taught learning: transfer learning from unlabeled data,” in Proceedings of the 24th international conference on Machine learning, 2007, pp. 759–766.

Y. Mirsky, T. Doitshman, Y. Elovici, and A. Shabtai, “Kitsune: an ensemble of autoencoders for online network intrusion detection,” arXiv Prepr. arXiv1802.09089, 2018.

G. E. Hinton, S. Osindero, and Y.-W. Teh, “A fast learning algorithm for deep belief nets,” Neural Comput., vol. 18, no. 7, pp. 1527–1554, 2006.

F. Farahnakian and J. Heikkonen, “A deep auto-encoder based approach for intrusion detection system,” in Advanced Communication Technology (ICACT), 2018 20th International Conference on, 2018, pp. 178–183.

H. Zhang, C. Q. Wu, S. Gao, Z. Wang, Y. Xu, and Y. Liu, “An Effective Deep Learning Based Scheme for Network Intrusion Detection,” in 2018 24th International Conference on Pattern Recognition (ICPR), 2018, pp. 682–687.

L. Deng, G. Hinton, and B. Kingsbury, “New types of deep neural network learning for speech recognition and related applications: An overview,” in Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on, 2013, pp. 8599–8603.

X. Zhang and J. Chen, “Deep learning based intelligent intrusion detection,” in Communication Software and Networks (ICCSN), 2017 IEEE 9th International Conference on, 2017, pp. 1133–1137.

R. Salakhutdinov, A. Mnih, and G. Hinton, “Restricted Boltzmann machines for collaborative filtering,” in Proceedings of the 24th international conference on Machine learning, 2007, pp. 791–798.

I. Bozcan, Y. Oymak, I. Z. Alemdar, and S. Kalkan, “What is (missing or wrong) in the scene? A Hybrid Deep Boltzmann Machine For Contextualized Scene Modeling,” in 2018 IEEE International Conference on Robotics and Automation (ICRA), 2018, pp. 1–6.

N. Gao, L. Gao, Q. Gao, and H. Wang, “An intrusion detection model based on deep belief networks,” in Advanced Cloud and Big Data (CBD), 2014 Second International Conference on, 2014, pp. 247–252.

S. Seo, S. Park, and J. Kim, “Improvement of Network Intrusion Detection Accuracy by Using Restricted Boltzmann Machine,” in Computational Intelligence and Communication Networks (CICN), 2016 8th International Conference on, 2016, pp. 413–417.

M. A. Salama, H. F. Eid, R. A. Ramadan, A. Darwish, and A. E. Hassanien, “Hybrid intelligent intrusion detection scheme,” in Soft computing in industrial applications, Springer, 2011, pp. 293–303.

Y. Li, R. Ma, and R. Jiao, “A hybrid malicious code detection method based on deep learning,” methods, vol. 9, no. 5, 2015.

K. Alrawashdeh and C. Purdy, “Toward an online anomaly intrusion detection system based on deep learning,” in Machine Learning and Applications (ICMLA), 2016 15th IEEE International Conference on, 2016, pp. 195–200.

A. Khan and F. Zhang, “Using recurrent neural networks (RNNs) as planners for bio-inspired robotic motion,” in Control Technology and Applications (CCTA), 2017 IEEE Conference on, 2017, pp. 1025–1030.

J. Kim and H. Kim, “Applying recurrent neural network to intrusion detection with hessian free optimization,” in International Workshop on Information Security Applications, 2015, pp. 357–369.

J. Kim, J. Kim, H. L. T. Thu, and H. Kim, “Long short term memory recurrent neural network classifier for intrusion detection,” in Platform Technology and Service (PlatCon), 2016 International Conference on, 2016, pp. 1–5.

C. Yin, Y. Zhu, J. Fei, and X. He, “A deep learning approach for intrusion detection using recurrent neural networks,” IEEE Access, vol. 5, pp. 21954–21961, 2017.

S. Althubiti, W. Nick, J. Mason, X. Yuan, and A. Esterline, “Applying Long Short-Term Memory Recurrent Neural Network for Intrusion Detection,” in SoutheastCon 2018, 2018, pp. 1–5.

T. A. Tang, S. Ali, R. Zaidi, D. Mclernon, L. Mhamdi, and M. Ghogho, “Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks,” in 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), 2018, pp. 25–29.

B. Durakovic and H. Basic, “Continuous Quality Improvement in Textile Processing by Statistical Process Control Tools: A Case Study of Medium-Sized Company,” Period. Eng. Nat. Sci., vol. 1, no. 1, 2013.

B. Durakovic and M. Torlak, “Simulation and experimental validation of phase change material and water used as heat storage medium in window applications,” J. Mater. Environ. Sci, vol. 8, no. 5, pp. 1746–1837, 2017.

H. Poon and P. Domingos, “Sum-product networks: A new deep architecture,” in Computer Vision Workshops (ICCV Workshops), 2011 IEEE International Conference on, 2011, pp. 689–690.

Y. Imamverdiyev and F. Abdullayeva, “Deep Learning Method for Denial of Service Attack Detection Based on Restricted Boltzmann Machine,” Big Data, vol. 6, no. 2, pp. 159–169, 2018.

Y. LeCun, L. Bottou, Y. Bengio, and P. Haffner, “Gradient-based learning applied to document recognition,” Proc. IEEE, vol. 86, no. 11, pp. 2278–2324, 1998.

D. Silver et al., “Mastering the game of Go with deep neural networks and tree search,” Nature, vol. 529, no. 7587, p. 484, 2016.

A. Hidaka and T. Kurita, “Consecutive dimensionality reduction by canonical correlation analysis for visualization of convolutional neural networks,” in Proceedings of the ISCIE International Symposium on Stochastic Systems Theory and its Applications, 2017, vol. 2017, pp. 160–167.

Y. Yao, Y. Wei, F. Gao, and G. Yu, “Anomaly intrusion detection approach using hybrid MLP/CNN neural network,” in Intelligent Systems Design and Applications, 2006. ISDA’06. Sixth International Conference on, 2006, vol. 2, pp. 1095–1102.

K. Wu, Z. Chen, and W. Li, “A Novel Intrusion Detection Model for a Massive Network Using Convolutional Neural Networks,” IEEE Access, vol. 6, pp. 50850–50859, 2018.

D. Petković, H. Bašić, B. Duraković, and S. Prodanović, “Science-Technology Park Ilidža as a Generator of Innovation Potential and SME’s Development in Bosnia and Herzegovina,” Period. Eng. Nat. Sci., vol. 1, no. 2, 2013.

J. Thanaki, Python Natural Language Processing. Packt Publishing Ltd, 2017.

J. Kim, N. Shin, S. Y. Jo, and S. H. Kim, “Method of intrusion detection using deep neural network,” in Big Data and Smart Computing (BigComp), 2017 IEEE International Conference on, 2017, pp. 313–316.

T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi, and M. Ghogho, “Deep learning approach for network intrusion detection in software defined networking,” in Wireless Networks and Mobile Communications (WINCOM), 2016 International Conference on, 2016, pp. 258–263.

S. Potluri and C. Diedrich, “Accelerated deep neural networks for enhanced Intrusion Detection System,” in Emerging Technologies and Factory Automation (ETFA), 2016 IEEE 21st International Conference on, 2016, pp. 1–8.

K. K. R. Kendall, “A database of computer attacks for the evaluation of intrusion detection systems.” Massachusetts Institute of Technology, 1999.

S. J. Stolfo, W. Fan, W. Lee, A. Prodromidis, and P. K. Chan, “Cost-based modeling for fraud and intrusion detection: Results from the JAM project,” COLUMBIA UNIV NEW YORK DEPT OF COMPUTER SCIENCE, 2000.

M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on, 2009, pp. 1–6.

L. Dhanabal and S. P. Shantharajah, “A study on NSL-KDD dataset for intrusion detection system based on classification algorithms,” Int. J. Adv. Res. Comput. Commun. Eng., vol. 4, no. 6, pp. 446–452, 2015.

J. McHugh, “Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory,” ACM Trans. Inf. Syst. Secur., vol. 3, no. 4, pp. 262–294, 2000.

A. Özgür and H. Erdem, “A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015,” PeerJ Prepr., vol. 4, p. e1954v1, 2016.

B. Gallagher and T. Eliassi-Rad, “Classification of http attacks: a study on the ECML/PKDD 2007 discovery challenge,” Lawrence Livermore National Lab.(LLNL), Livermore, CA (United States), 2009.

K. Kato and V. Klyuev, “An intelligent DDoS attack detection system using packet analysis and Support Vector Machine,” Int. J. Intell. Comput. Res. IJICR, vol. 14, no. 5, p. 3, 2014.

C. Torrano-Gimenez, A. Pérez-Villegas, G. Álvarez, E. Fernández-Medina, M. Malek, and J. Hernando, “An Anomaly-based Web Application Firewall.,” in SECRYPT, 2009, pp. 23–28.

M. Xie, J. Hu, and J. Slay, “Evaluating host-based anomaly detection systems: Application of the one-class svm algorithm to adfa-ld,” in Fuzzy Systems and Knowledge Discovery (FSKD), 2014 11th International Conference on, 2014, pp. 978–982.

J. Moustafa, Nour Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in Military Communications and Information Systems Conference (MilCIS), 2015, 2015, pp. 1–6.

N. Moustafa and J. Slay, “The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems,” in Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2015 4th International Workshop on, 2015, pp. 25–31.

O. Yavanoglu and M. Aydos, “A review on cyber security datasets for machine learning algorithms,” in Big Data (Big Data), 2017 IEEE International Conference on, 2017, pp. 2186–2193.

A. Shiravi, H. Shiravi, M. Tavallaee, and A. A. Ghorbani, “Toward developing a systematic approach to generate benchmark datasets for intrusion detection,” Comput. Secur., vol. 31, no. 3, pp. 357–374, 2012.

H. F. Nweke, Y. W. Teh, M. A. Al-Garadi, and U. R. Alo, “Deep learning algorithms for human activity recognition using mobile and wearable sensor networks: State of the art and research challenges,” Expert Syst. Appl., 2018.

M. Abadi et al., “Tensorflow: a system for large-scale machine learning.,” in OSDI, 2016, vol. 16, pp. 265–283.

J. Bergstra et al., “Theano: A CPU and GPU math compiler in Python,” in Proc. 9th Python in Science Conf, 2010, vol. 1.

Y. Jia et al., “Caffe: Convolutional architecture for fast feature embedding,” in Proceedings of the 22nd ACM international conference on Multimedia, 2014, pp. 675–678.

A. Parvat, J. Chavan, S. Kadam, S. Dev, and V. Pathak, “A survey of deep-learning frameworks,” in Inventive Systems and Control (ICISC), 2017 International Conference on, 2017, pp. 1–7.

S.-M. Lee, S. M. Yoon, and H. Cho, “Human activity recognition from accelerometer data using Convolutional Neural Network,” in Big Data and Smart Computing (BigComp), 2017 IEEE International Conference on, 2017, pp. 131–134.

B. J. Erickson, P. Korfiatis, Z. Akkus, T. Kline, and K. Philbrick, “Toolkits and libraries for deep learning,” J. Digit. Imaging, vol. 30, no. 4, pp. 400–405, 2017.



  • There are currently no refbacks.

Copyright (c) 2019 Ali Azawii Abdul lateef

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

ISSN: 2303-4521

Digital Object Identifier DOI: 10.21533/pen

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License