Deep learning-based intrusion detection systems: A comprehensive survey of four main fields of cyber security

Document Type : Research Paper

Authors

Department of Computer Science, Shahid Bahonar University of Kerman, Kerman, Iran

Abstract

The security flaws in cyber security have always put the users and organizations at risk, which as a result created catastrophic conditions in the network that could be either irreversible or sometimes too costly to recover. In order to detect these attacks, Intrusion Detection Systems (IDSs) were born to alert the network in case of any intrusions. Machine Learning (ML) and more prominently deep learning methods can be able to improve the performance of IDSs. This article focuses on IDS approaches whose functionalities rely on deep learning models to deal with the security issue in Internet of Things (IoT), wireless networks, Software Defined Networks (SDNs), and Industrial Control Systems (ICSs). To this, we examine each approach and provide a comprehensive comparison and discuss the main features and evaluation methods as well as IDS techniques that are applied along with deep learning models. Finally, we will provide a conclusion of what future studies are possibly going to focus on in regards to IDS, particularly when using deep learning models.

Keywords

References

[1] J. Jang-Jaccard, S. Nepal, A Survey of Emerging Threats in Cybersecurity, Journal of Computer and System Sciences, 80, 5, (2014), 973-993.
[2] K. S. Vanitha, S. V. UMA, S. K. Mahidhar, Distributed Denial of Service: Attack Techniques and Mitigation, 2017 International Conference on Circuits, Controls, and Communications (CCUBE), (2017), 226-231.
[3] P. G. Govind, M. Kulariya, A Framework for Fast and Ecient Cyber Security Network Intrusion Detection Using Apache Spark, Procedia Computer Science, 93, (2016), 824-831.
[4] S. Jin, J. -G. Chung, Y. Xu, Signature-Based Intrusion Detection System (IDS) for In-Vehicle CAN Bus Network, 2021 IEEE International Symposium on Circuits and Systems (ISCAS), 2021, 1-5.
[5] N. T. Van, T. N. Thinh, L. T. Sach, An Anomaly-Based Network Intrusion Detection System Using Deep learning, 2017 International Conference on System Science and Engineering (ICSSE), (2017), 210-214.
[6] M. Hoque, M. Mukit, A. Bikas, An Implementation of Intrusion Detection System Using Genetic Algorithm, International Journal of Network Security & Its Applications, 4, 2, (2012), 109-120.
[7] S. Mohammadi, H. Mirvaziri, M. G. Ahsaee, H. Karimipour, Cyber Intrusion Detection by Combined Feature Selection Algorithm, Journal of Information Security and Applications, 44, (2019), 80-88.
[8] M. Usama et al., Unsupervised Machine Learning for Networking: Techniques, Applications and Research Challenges, IEEE Access, 7, (2019), 65579-65615.
[9] H. Liao, C. Lin, Y. Lin, K. Tung, Intrusion Detection System: A Comprehensive Review, Journal of Network and Computer Applications, 36, 1 (2013), 16-24.
[10] A. Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman, Survey of Intrusion Detection Systems: Techniques, Datasets and Challenges, Cybersecure 2, 20 (2019).
[11] M. A. Ferrag, L. Maglaras, S. Moschoyiannis, H. Janicke, Deep Learning for Cyber Security Intrusion Detection: Approaches, Datasets, and Comparative Study, Journal of Information Security and Applications, 50, (2020), 102419.
[12] A. Aldweesh, A. Derhab, A. Z. Emam, Deep Learning Approaches for Anomaly-Based Intrusion Detection Systems: A Survey, Taxonomy, and Open Issues, Knowledge-Based Systems, 189, (2020), 105124.
[13] A. M. Aleesa, B. B. Zaidan, A. A. Zaidan, N. M. Sahar, Review of Intrusion Detection Systems Based on Deep Learning Techniques: Coherent Taxonomy, Challenges, Motivations, Recommendations, Substantial Analysis and Future Directions. Neural Comput & Applic 32, (2020), 9827{9858.
[14] G.E. Hinton, Deep Belief Networks, Scholarpedia, 4, (2009), 5947.
[15] N. M. Rezk, M. Purnaprajna, T. Nordstrom, Z. Ul-Abdin, Recurrent Neural Networks: An Embedded Computing Perspective, IEEE Access, 8, (2020), 57967-57996.
[16] L. Gonog and Y. Zhou, A Review: Generative Adversarial Networks, 2019 14th IEEE Conference on Industrial Electronics and Applications (ICIEA), (2019), 505-510.
[17] R. Vinayakumar, K. P. Soman, P. Poornachandran, Applying Convolutional Neural Network for Network Intrusion Detection, 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), (2017), 1222-1228.
[18] S. Hochreiter, J. Schmidhuber, Long Short-Term Memory, Neural Computation, 9, 8, (1997), 1735-1780.
[19] H. Ma, Pattern Recognition Using Boltzmann Machine, Proceedings IEEE Southeastcon '95. Visualize the Future, (1995), 23-29.
[20] O. Kaynar, A. G. Yuksek, Y. Gormez and Y. E. Isik, Intrusion Detection with Autoencoder Based Deep Learning Machine, 2017 25th Signal Processing and Communications Applications Conference (SIU), (2017), 1-4.
[21] https://www.unb.ca/cic/datasets/nsl.html
[22] https://kdd.ics.uci.edu/databases/kddcup99/task.html
[23] https://www.unb.ca/cic/datasets/ddos-2019.html#: :text=2.,%2Dworld%20data%20(PCAPs).
[24] N. Moustafa, J. Slay, UNSW-NB15: A Comprehensive Data Set for Network Intrusion Detection Systems (UNSW-NB15 network data set), 2015 Military Communications and Information Systems Conference (MilCIS), (2015), 1-6.
[25] https://www.unb.ca/cic/datasets/ids-2017.html
[26] https://www.stratosphereips.org/datasets-iot23#:text=IoT%2D23%20is%20a%20new,of%20Things%20(IoT)%20devices.&text=Its%20goal%20is%20to%20o er,funded%20by%20Avast%20Software%2C%20Prague.
[27] https://archive.ics.uci.edu/ml/datasets/detection of IoT botnet attacks N Bait
[28] https://ieee-dataport.org/documents/bot-iot-dataset
[29] https://ieeexplore.ieee.org/document/9187858
[30] https://www.unb.ca/cic/datasets/ddos-2019.html#: :text=2.,%2Dworld%20data%20(PCAPs)
[31] https://www.semanticscholar.org/paper/Industrial-Control-System-Simulation-and-Data-for-Morris-Thornton/bb9714e0c661576f5df19fb54e0e26567ca37372
[32] S. M. Kasongo, Y. Sun, A Deep Gated Recurrent Unit Based Model for Wireless Intrusion Detection System, ICT Express, 7, 1, (2021), 81-87.
[33] B. Riyaz, S. Ganapathy, A Deep Learning Approach for E ective Intrusion Detection in Wireless Networks Using CNN. Soft Comput, 24, (2020), 17265{17278.
[34] S. M. Kasongo, Y. Sun, A Deep Long Short-Term Memory Based Classi er for Wireless Intrusion Detection System, ICT Express, 6, 2, (2020), 98-103.
[35] V. Gowdhaman, R. Dhanapal, An Intrusion Detection System for Wireless Sensor Networks Using Deep Neural Network, Soft Comput (2021).
[36] Q. Duan, X. Wei, J. Fan, L. Yu, Y. Hu, CNN-based Intrusion Classi cation for IEEE 802.11 Wireless Networks, 2020 IEEE 6th International Conference on Computer and Communications (ICCC), (2020), 830-833.
[37] O. Sbai, M. El-boukhari, Data Flooding Intrusion Detection System for MANETs Using Deep Learning Approach, Proceedings of the 13th International Conference on Intelligent Systems: Theories and Applications (SITA'20), 46, (2020), 1{5.
[38] S. Dilipkumar, M. Durairaj, Epilson Swarm Optimized Cluster Gradient and Deep Belief Classi er for Multi-Attack Intrusion Detection in MANET, J Ambient Intell Human Comput, (2021).
[39] S. Huang, K. Lei, IGAN-IDS: An Imbalanced Generative Adversarial Network Towards Intrusion Detection System in Ad-Hoc Networks, Ad Hoc Networks, 105, (2020), 102177.
[40] M. D. Hossain, H. Inoue, H. Ochiai, D. Fall, Y. Kadobayashi, LSTM-Based Intrusion Detection System for In-Vehicle Can Bus Communications, in IEEE Access, 8, (2020), 185489-185502.
[41] H. Yang, F. Wang, Wireless Network Intrusion Detection Based on Improved Convolutional Neural Network, IEEE Access, 7, (2019), 64366-64374.
[42] D. Neema, G. Raina, K. P. Jagannathan, A Framework for End-to-End Deep Learning-Based Anomaly Detection in Transportation Networks, Transportation Research Interdisciplinary Perspectives, 5, (2020), 100112.
[43] S. M. Kasongo, Y. Sun, A Deep Learning Method with Wrapper Based Feature Extraction for Wireless Intrusion Detection System, Computers & Security, 92, (2020), 101752.
[44] J. Zhang, F. Li, H. Zhang, R. Li, Y. Li, Intrusion Detection System Using Deep Learning for In-Vehicle Security, Ad Hoc Networks, 95, (2019), 101974.
[45] M. Aloqaily, S. Otoum, I. A. Ridhawi, Y. Jararweh, An Intrusion Detection System for Connected Vehicles in Smart Cities, Ad Hoc Networks, 90, (2019), 101842.
[46] M. P. Novaes, L. F. Carvalho, J. Lloret, M. L. Proenca, Adversarial Deep Learning Approach Detection and Defense Against DDoS Attacks in SDN Environments, Future Generation Computer Systems, 125, (2021), 156-167.
[47] M. Abdallah, N. A. L. Khac, H. Jahromi, A. D. Jurcut, A Hybrid CNN-LSTM Based Approach for Anomaly Detection Systems in SDNs, The 16th International Conference on Availability, Reliability and Security (ARES 2021), 34, (2021), 1-7.
[48] M. S. ElSayed, N. Le-Khac, M. A. Albahar, A. Jurcut, A Novel Hybrid Model for Intrusion Detection Systems in SDNs Based on CNN and a New Regularization Technique, Journal of Network and Computer Applications, 191, (2021), 103160.
[49] T. A. Tang. L. Mhamdi, D. McLernon, S. A. R. Zaidi, M. Ghogho, F. El Moussa, DeepIDS: Deep Learning Approach for Intrusion Detection in Software De ned Net-working. Electronics, 9, (2020), 1533.
[50] T. -H. Lee, L. -H. Chang, C. -W. Syu, Deep Learning Enabled Intrusion Detection and Prevention System over SDN Networks, 2020 IEEE International Conference on Communications Workshops (ICC Workshops), (2020), 1-6.
[51] A. Makuvaza, D. S. Jat, A. M. Gamundani, Deep Neural Network (DNN) Solution for Real-time Detection of Distributed Denial of Service (DDoS) Attacks in Software De ned Networks (SDNs). SN COMPUT. SCI. 2, (2021), 107.
[52] T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi and M. Ghogho, Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks,(2018) 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), (2018).
[53] C. Li, Y. Wu, X. Yuan, et al., Detection and defense of DDoS attack{based on deep learning in OpenFlow-based SDN. Int J Commun Syst. (2018).
[54] J. Malik, A. Akhunzada, I. Bibi, M. Imran, A. Musaddiq, S. W. Kim, Hybrid Deep Learning: An Ecient Reconnaissance and Surveillance Detection Mechanism in SDN, IEEE Access, (2020), 8, 134695-134706.
[55] B. Susilo and R. F. Sari, Intrusion Detection in Software De ned Network Using Deep Learning Approach, 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC), (2021), 0807-0812.
[56] S. BOUKRIA and M. GUERROUMI, Intrusion detection system for SDN network using deep learning approach, 2019 International Conference on Theoretical and Applicative Aspects of Computer Science (ICTAACS), (2019).
[57] L. H. Albahar, M. Al, Recurrent Neural Network Model Based on a New Regularization Technique for Real-Time Intrusion Detection in SDN Environments, Security and Communication Network, (2019).
[58] P. Choobdar, M. Naderan, M. Naderan, Detection and Multi-Class Classi cation of Intrusion in Software De ned Networks Using Stacked Auto-Encoders and CICIDS2017 Dataset. Wireless Pers Commun 123, (2022), 437{471.
[59] B. Roy, H. Cheung, A Deep Learning Approach for Intrusion Detection in Internet of Things using Bi-Directional Long Short-Term Memory Recurrent Neural Network, 2018 28th International Telecommunication Networks and Applications Conference (ITNAC), 2018.
[60] V. Dutta, M. Choras, M. Pawlicki, R. Kozik, A Deep Learning Ensemble for Network Anomaly and Cyber-Attack Detection, Sensors, (2020), 20, 16.
[61] X. Kan, Y. Fan, Z. Fang, L. Cao, N. N. Xiong, D. Yang, X. Li, A novel IoT network intrusion detection approach based on Adaptive Particle Swarm Optimization Convolutional Neural Network, Information Sciences, (2021), 568.
[62] A. Telikani, A. H. Gandomi, Cost-sensitive stacked auto-encoders for intrusion detection in the Internet of Things, Internet of Things, (2021), 14.
[63] M. Almiani, A. AbuGhazleh, A. A.-Rahayfeh, S. Atiewi, A. Razaque, Deep recurrent neural network for IoT intrusion detection system, Simulation Modelling Practice and Theory, (2020). 101.
[64] A. Nagisetty , G. P. Gupta, Framework for Detection of Malicious Activities in IoT Networks using Keras Deep Learning Library, 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC), (2019).
[65] A. Ferdowsi and W. Saad, Generative Adversarial Networks for Distributed Intrusion Detection in the Internet of Things, 2019 IEEE Global Communications Conference (GLOBECOM), (2019).
[66] Y. Zhang, P. Li and X. Wang, Intrusion Detection for IoT Based on Improved Genetic Algorithm and Deep Belief Network, in IEEE Access, (2019), 7, 31711-31722.
[67] A. Elsaeidy, K. S. Munasinghe, D. Sharma, A. Jamalipour, Intrusion detection in smart cities using Restricted Boltzmann Machines, Journal of Network and Computer Applications, (2019), 135.
[68] X.Wang, A. Derhab, A, E. Aldweesh, A. Z. Khan, F. Aslam, Intrusion Detection System for Internet of Things Based on Temporal Convolution Neural Network and Ecient Feature Engineering, (2020).
[69] R. Gassais, N. E.-Jivan, J.M. Fernandez, et al., Multi-level host-based intrusion detection system for Internet of things. J Cloud Comp 9, (2020), 62.
[70] Y. Meidan et al., N-BaIoT|Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders, in IEEE Pervasive Computing, 17, 3, (2018), 12-22.
[71] Y. Li, Y. Xu, Z. Liu, H. Hou, Y. Zheng, Y. Xin, Y. Zhao, L. Cui, Robust detection for network intrusion of industrial IoT based on multi-CNN fusion, Measurement, (2020), 154.
[72] W. Wang, J. Guo, Z. Wang, H. Wang, J. Cheng, C. Wang, M. Yuan, J. Kurths, X. Luo, Y. Gao, Abnormal Flow Detection in Industrial Control Network Based on Deep Reinforcement Learning, Applied Mathematics and Computation, (2021), 409.
[73] S. Huda, S. Miah, J. Yearwood, S. Alyahya, H. Al-Dossari, R. Doss, A Malicious Threat Detection Model for Cloud Assisted Internet of Things (CoT) Based Industrial Control System (ICS) Networks Using Deep Belief Network, Journal of Parallel and Distributed Computing, (2018), 120.
[74] M. Lan, J. Luo, S. Chai, R. Chai, C. Zhang, B. Zhang, A Novel Industrial Intrusion Detection Method based on Threshold-optimized CNN-BiLSTM-Attention using ROC Curve, 2020 39th Chinese Control Conference (CCC), (2020).
[75] J. Liu, L. Yin, Y. Hu, S. Lv, L. Sun, A Novel Intrusion Detection Algorithm for Industrial Control Systems Based on CNN and Process State Transition, 2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC), (2018).
[76] S. K. Alabugin, A. N. Sokolov, Applying of Generative Adversarial Networks for Anomaly Detection in Industrial Control Systems, 2020 Global Smart Industry Conference (GloSIC), (2020), 199-203
[77] W. Wang, F. Harrou, B. Bouyeddou et al. A Stacked Deep Learning Approach to Cyber-Attacks Detection in Industrial Systems: Application to Power System and Gas Pipeline Systems, Cluster Comput 25, (2022), 561{578.
[78] S. Han, M. Xie, H. -H. Chen, Y. Ling, Intrusion Detection in Cyber-Physical Systems: Techniques and Challenges, IEEE Systems Journal, 8, 4, (2014), 1052-1062.
[79] B. Li, Y. Wu, J. Song, R. Lu, T. Li, L. Zhao, DeepFed: Federated Deep Learning for Intrusion Detection in Industrial Cyber{Physical Systems, IEEE Transactions on Industrial Informatics, 17, 8, (2021), 5615-5624.
[80] H. Yang, L. Cheng, M. C. Chuah, Deep-Learning-Based Network Intrusion Detection for SCADA Systems, 2019 IEEE Conference on Communications and Network Security (CNS), (2019).
[81] A.A. Suzen, Developing a Multi-level Intrusion Detection System Using Hybrid-DBN. J Ambient Intell Human Comput 12, (2021), 1913{1923.
[82] C. Galdi, A. Chu, Y. Lai, J. Liu, Industrial Control Intrusion Detection Approach Based on Multiclassi cation GoogLeNet-LSTM Model, (2019).
[83] F. Xingjie, W. Guogenp, Z. ShiBIN, ChenHAO, Industrial Control System Intrusion Detection Model based on LSTM & Attack Tree, 2020 17th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP), (2020).
[84] Y. Li, Y. Li, S. Zhang. Intrusion Detection Algorithm Based on Deep Learning for Industrial Control Networks. In Proceedings of the 2019 The 2nd International Conference on Robotics, Control and Automation Engineering (RCAE 2019). (2019), 40{44.
[85] G. B. Huang, Q. Y. Zhu, C. K. Siew, Extreme Learning Machine: Theory and Applications, Neu-rocomputing, 70(1-3), (2006), 489-501.
[86] C.-H. Chen, C. Wang, B. Wang, Y. Sun, Y. Wei, K. Z. Wang, L. H. Hui, Intrusion Detection for Industrial Control Systems Based on Open Set Arti cial Neural Network, (2021).
[87] A. N. Sokolov, S. K. Alabugin, I. A. Pyatnitsky, Trac Modeling by Recurrent Neural Networks for Intrusion Detection in Industrial Control Systems, 2019 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM), (2019).
[88] J. Shu, L. Zhou, W. Zhang, X. Du, M. Guizani, Collaborative Intrusion Detection for VANETs: A Deep Learning-Based Distributed SDN Approach, in IEEE Transactions on Intelligent Transportation Systems, 22, 7, (2021), 4519-4530.
[89] D. Li, L. Deng, M. Lee, H. Wang, IoT Data Feature Extraction and Intrusion Detection System for Smart Cities Based on Deep Migration Learning, International Journal of Information Management, (2019), 49
[90] H. Polat, M. Turkoglu, O. Polat, Deep Network Approach with Stacked Sparse Autoen-coders in Detection of DDoS Attacks on SDN-based VANET, IET Communications, 14, (2020), 4089-4100.
[91] D. Javeed, T. Gao, M. T. Khan, SDN-Enabled Hybrid DL-Driven Framework for the Detection of Emerging Cyber Threats in IoT, 10, 8, (2021), 918.
[92] M. Arif, I. Ullah, B. A. Raza, A. Sikandar, A. Irshad, S. Baseer, A. Irshad, Software De ned Network Enabled Fog-to-Things Hybrid Deep Learning Driven Cyber Threat Detection System, (2021), 6136670.
[93] M. Al-Hawawreh, E. Sitnikova, F. Hartog, An Ecient Intrusion Detection Model for Edge System in Brown eld Industrial Internet of Things, Proceedings of the 3rd International Conference on Big Data and Internet of Things (BDIOT 2019). (2019).
[94] L. Nie, Z. Ning, X. Wang, X. Hu, J. Cheng, Y. Li, Data-Driven Intrusion Detection for Intelligent Internet of Vehicles: A Deep Convolutional Neural Network-Based Method, IEEE Transactions on Network Science and Engineering, 7, 4, (2020), 2219-2230.
[95] S. Latif, Z. Idrees, Z. Zou, J. Ahmad, DRaNN: A Deep Random Neural Network Model for Intrusion Detection in Industrial IoT, 2020 International Conference on UK-China Emerging Technologies (UCET), (2020).
[96] M. Al-Hawawreh, E. Sitnikova. Industrial Internet of Things Based Ransomware Detection using Stacked Variational Neural Network, In Proceedings of the 3rd International Conference on Big Data and Internet of Things (BDIOT 2019), (2019), 126{130.

Files

History

  • Receive Date: 25 July 2022
  • Revise Date: 18 September 2022
  • Accept Date: 15 November 2022

Share

How to cite

Statistics