Top

Neural Computing and Applications

Published in:

18-10-2019 | Review Article

Review of intrusion detection systems based on deep learning techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions

Authors: A. M. Aleesa, B. B. Zaidan, A. A. Zaidan, Nan M. Sahar

Published in: Neural Computing and Applications | Issue 14/2020

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This study reviews and analyses the research landscape for intrusion detection systems (IDSs) based on deep learning (DL) techniques into a coherent taxonomy and identifies the gap in this pivotal research area. The focus is on articles related to the keywords ‘deep learning’, ‘intrusion’ and ‘attack’ and their variations in four major databases, namely Web of Science, ScienceDirect, Scopus and the Institute of Electrical and Electronics Engineers’ Xplore. These databases are sufficiently broad to cover the technical literature. The dataset comprises 68 articles. The largest proportion (72.06%; 49/68) relates to articles that develop an approach for evaluating or identifying intrusion detection techniques using the DL approach. The second largest proportion (22.06%; 15/68) relates to studying/applying articles to the DL area, IDSs or other related issues. The third largest proportion (5.88%; 4/68) discusses frameworks/models for running or adopting IDSs. The basic characteristics of this emerging field are identified from the aspects of motivations, open challenges that impede the technology’s utility, authors’ recommendations and substantial analysis. Then, a result analysis mapping for new directions is discussed. Three phases are designed to meet the demands of detecting distributed denial-of-service attacks with a high accuracy rate. This study provides an extensive resource background for researchers who are interested in IDSs based on DL.

previous article Machine learning and decision support system on credit scoring

next article Moth–flame optimization algorithm: variants and applications

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Nielsen MA (2015) Neural networks and deep learning, vol 25. Determination Press USA, San Francisco

Yu Y, Long J, Liu F, Cai Z (2016) Machine learning combining with visualization for intrusion detection: a survey. In: International conference on modeling decisions for artificial intelligence. Springer, Cham, pp 239–249

Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy (SP). IEEE

Hecht-Nielsen R (1995) Replicator neural networks for universal optimal source coding. Science 269(5232):1860–1863CrossRef

Cordero CG et al (2016) Analyzing flow-based anomaly intrusion detection using replicator neural networks. In: 2016 14th annual conference on privacy, security and trust (PST). IEEE

Thilina A et al (2016) Intruder detection using deep learning and association rule mining. In: 2016 IEEE international conference on computer and information technology (CIT). IEEE

Yin C et al (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961CrossRef

Kim J, Kim H (2015) Applying recurrent neural network to intrusion detection with hessian free optimization. In International workshop on information security applications. Springer

Yuan X, Li C, Li X (2017) DeepDefense: identifying DDoS attack via deep learning. In: 2017 IEEE international conference on smart computing (SMARTCOMP). IEEE

10.

Ishitaki T et al (2017) Application of deep recurrent neural networks for prediction of user behavior in tor networks. In: 2017 31st international conference on advanced information networking and applications workshops (WAINA). IEEE

11.

Pascanu R et al (2015) Malware classification with recurrent networks. In: 2015 IEEE international conference on acoustics, speech and signal processing (ICASSP). IEEE

12.

David OE, Netanyahu NS (2015) Deepsign: deep learning for automatic malware signature generation and classification. In: 2015 international joint conference on neural networks (IJCNN). IEEE

13.

Wang Z et al (2016) droiddeeplearner: identifying android malware using deep learning. In: 2016 IEEE 37th Sarnoff symposium. IEEE

14.

Yuan Z, Lu Y, Xue Y (2016) Droiddetector: android malware characterization and detection using deep learning. Tsinghua Sci Technol 21(1):114–123CrossRef

15.

Hou S et al (2016) Droiddelver: an android malware detection system using deep belief network based on API call blocks. In: International conference on web-age information management. Springer

16.

Wu Y et al (2016) an attack-resilient middleware architecture for grid integration of distributed energy resources. In: 2016 IEEE international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE Cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData). IEEE

17.

Kang M-J, Kang J-W (2016) Intrusion detection system using deep neural network for in-vehicle network security. PLoS ONE 11(6):e0155781CrossRef

18.

Jing L, Bin W (2016) Network intrusion detection method based on relevance deep learning. In: 2016 international conference on intelligent transportation, big data & smart city (ICITBS). IEEE

19.

Diro AA, Chilamkurti N (2018) Distributed attack detection scheme using deep learning approach for Internet of Things. Future Gen Comput Syst 82:761–768CrossRef

20.

Potluri S, Diedrich C (2016) Accelerated deep neural networks for enhanced intrusion detection system. In: 2016 IEEE 21st international conference on emerging technologies and factory automation (ETFA). IEEE

21.

Liu, Y. et al (2017) Fault injection attack on deep neural network. In: Proceedings of the 36th international conference on computer-aided design. IEEE Press

22.

McElwee S et al (2017) Deep learning for prioritizing and responding to intrusion detection alerts. In: MILCOM 2017-2017 IEEE on military communications conference (MILCOM). IEEE

23.

Wang Q et al (2017) Adversary resistant deep neural networks with an application to malware detection. In: Proceedings of the 23rd ACM SIGKDD international conference on knowledge discovery and data mining. ACM

24.

Saxe J, Berlin K (2015) Deep neural network based malware detection using two dimensional binary program features. In: 2015 10th international conference on malicious and unwanted software (MALWARE). IEEE

25.

Wu T et al (2017) Twitter spam detection based on deep learning. In: Proceedings of the Australasian computer science week multiconference. ACM

26.

Aminanto ME et al (2018) Deep abstraction and weighted feature selection for Wi-Fi impersonation detection. IEEE Trans Inf Forensics Secur 13(3):621–636CrossRef

27.

Yadav S, Subramanian S (2016) Detection of application layer DDoS attack by feature learning using stacked AutoEncoder. In: 2016 international conference on computational techniques in information and communication technologies (ICCTICT). IEEE

28.

Zolotukhin M et al (2016) Increasing web service availability by detecting application-layer DDoS attacks in encrypted traffic. In: 2016 23rd international conference on telecommunications (ICT). IEEE

29.

Thing VL (2017) IEEE 802.11 network anomaly detection and attack classification: A deep learning approach. In: 2017 IEEE on wireless communications and networking conference (WCNC). IEEE

30.

Aminanto ME, Kim K (2016) Detecting impersonation attack in WiFi networks using deep learning approach. In: International workshop on information security applications. Springer

31.

Hou S et al (2016) Deep4maldroid: a deep learning framework for android malware detection based on linux kernel system call graphs. In: 2016 IEEE/WIC/ACM international conference on web intelligence workshops (WIW). IEEE

32.

Vincent P et al (2010) Stacked denoising autoencoders: learning useful representations in a deep network with a local denoising criterion. J Machine Learn Res 11:3371–3408MathSciNetMATH

33.

Yu Y, Long J, Cai Z (2017) Session-based network intrusion detection using a deep learning architecture. In: International conference on modeling decisions for artificial intelligence. Springer, Cham, pp 144–155

34.

Wei J, Mendis GJ (2016) A deep learning-based cyber-physical strategy to mitigate false data injection attack in smart grids. In: Joint workshop on cyber-physical security and resilience in smart grids (CPSR-SG). IEEE

35.

Li Z et al (2017) Intrusion detection using convolutional neural networks for representation learning. In: International conference on neural information processing. Springer

36.

O’Shea K, Nash R (2015) An introduction to convolutional neural networks. arXiv preprint, arXiv:1511.08458

37.

Mathew A et al (2017) An improved transfer learning approach for intrusion detection. Procedia Comput Sci 115:251–257CrossRef

38.

Muñoz-González L et al (2017) Towards poisoning of deep learning algorithms with back-gradient optimization. In: Proceedings of the 10th ACM workshop on artificial intelligence and security. ACM

39.

Nix R, Zhang J (2017) Classification of Android apps and malware using deep neural networks. In: 2017 international joint conference on neural networks (IJCNN). IEEE

40.

Shibahara T et al (2016) Efficient dynamic malware analysis based on network behavior using deep learning. In: 2016 IEEE on global communications conference (GLOBECOM). IEEE

41.

Mohammadi S, Namadchian A (2017) A new deep learning approach for anomaly base IDS using memetic classifier. Int J Comput Commun Control 12(5):677–688CrossRef

42.

Taormina R, Galelli S (2017) Real-time detection of cyber-physical attacks on water distribution systems using deep learning. In: World environmental and water resources congress 2017

43.

Alom MZ, Taha TM (2017) Network intrusion detection for cyber security on neuromorphic computing system. In: 2017 international joint conference on neural networks (IJCNN). IEEE

44.

Javaid A et al (2016) A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI international conference on bio-inspired information and communications technologies (formerly BIONETICS). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering)

45.

Vinayakumar R, Soman K, Poornachandran P (2017) Evaluating effectiveness of shallow and deep networks to intrusion detection system. In: 2017 international conference on advances in computing, communications and informatics (ICACCI). IEEE

46.

Martinelli F, Marulli F, Mercaldo F (2017) Evaluating convolutional neural network for effective mobile malware detection. Procedia Comput Sci 112:2372–2381CrossRef

47.

Fiore U et al (2019) Using generative adversarial networks for improving classification effectiveness in credit card fraud detection. Inf Sci 479:448–455CrossRef

48.

Liu W et al (2017) A survey of deep neural network architectures and their applications. Neurocomputing 234:11–26CrossRef

49.

Dong B, Wang X (2016) Comparison deep learning method to traditional methods using for network intrusion detection. In: Proceedings on IEEE ICCSN

50.

Harel Y, Gal IB, Elovici Y (2017) Cyber security and the role of intelligent systems in addressing its challenges. ACM Trans Intell Syst Technol (TIST) 8(4):49

51.

Zhao G, Zhang C, Zheng L (2017) Intrusion detection using deep belief network and probabilistic neural network. In: 2017 IEEE international conference on computational science and engineering (CSE) and embedded and ubiquitous computing (EUC). IEEE

52.

Bu S-J, Cho S-B (2017) A hybrid system of deep learning and learning classifier system for database intrusion detection. In: International conference on hybrid artificial intelligence systems. Springer

53.

Kim J, Kim H (2017) An effective intrusion detection classifier using long short-term memory with gradient descent optimization. In: 2017 international conference on platform technology and service (PlatCon). IEEE

54.

Kim J et al (2016) Long short term memory recurrent neural network classifier for intrusion detection. In: 2016 international conference on platform technology and service (PlatCon). IEEE

55.

Shi Y, Sagduyu Y, Grushin A (2017) How to steal a machine learning classifier with deep learning. In: 2017 IEEE international symposium on technologies for homeland security (HST). IEEE

56.

Yuan G et al (2017) A deep learning enabled subspace spectral ensemble clustering approach for web anomaly detection. In: 2017 international joint conference on neural networks (IJCNN). IEEE

57.

Ntalampiras S (2016) Automatic identification of integrity attacks in cyber-physical systems. Expert Syst Appl 58:164–173CrossRef

58.

Dinh PV et al (2017) Deep learning combined with de-noising data for network intrusion detection. In: 2017 21st Asia Pacific symposium on intelligent and evolutionary systems (IES). IEEE

59.

Liu Y, Zhang X (2016) Intrusion detection based on IDBM. In: 2016 IEEE 14th international conference on dependable, autonomic and secure computing, 14th international conference on pervasive intelligence and computing, 2nd international conference on big data intelligence and computing and cyber science and technology congress (DASC/PiCom/DataCom/CyberSciTech). IEEE

60.

Ma T et al (2016) A hybrid methodologies for intrusion detection based deep neural network with support vector machine and clustering technique. In: International conference on frontier computing. Springer

61.

Maghrebi H, Portigliatti T, Prouff E (2016) Breaking cryptographic implementations using deep learning techniques. In: International conference on security, privacy, and applied cryptography engineering. Springer

62.

Lodhi FK et al (2017) Power profiling of microcontroller’s instruction set for runtime hardware Trojans detection without golden circuit models. In: Proceedings of the conference on design, automation & test in Europe. European Design and Automation Association

63.

Yan R et al (2018) New deep learning method to detect code injection attacks on hybrid applications. J Syst Softw 137:67–77CrossRef

64.

Van NT, Thinh TN, Sach LT (2017) An anomaly-based network intrusion detection system using deep learning. In: 2017 international conference on system science and engineering (ICSSE). IEEE

65.

Deng L, Yu D (2014) Deep learning: methods and applications. Found Trends Signal Process 7(3–4):197–387MathSciNetCrossRef

66.

Roy SS et al (2017) A deep learning based artificial neural network approach for intrusion detection. In: International conference on mathematics and computing. Springer

67.

Zhang X, Chen J (2017) Deep learning based intelligent intrusion detection. In: 2017 IEEE 9th international conference on communication software and networks (ICCSN). IEEE

68.

Kim J et al (2017) Method of intrusion detection using deep neural network. In: 2017 IEEE international conference on big data and smart computing (BigComp). IEEE

69.

Aggarwal P, Sharma SK (2015) Analysis of KDD dataset attributes-class wise for intrusion detection. Procedia Comput Sci 57:842–851CrossRef

70.

Tang TA et al (2016) Deep learning approach for network intrusion detection in software defined networking. In: 2016 international conference on wireless networks and mobile communications (WINCOM). IEEE

71.

Rahul R et al (2017) Deep learning for network flow analysis and malware classification. In: International symposium on security in computing and communication. Springer

72.

Rosenberg I, Sicard G, David EO (2017) DeepAPT: nation-state APT attribution using end-to-end deep neural networks. In: International conference on artificial neural networks. Springer

73.

Vanderbruggen T, Cavazos J (2017) Large-scale exploration of feature sets and deep learning models to classify malicious applications. In: Resilience week (RWS), 2017. IEEE

74.

Jones A, Straub J (2017) Using deep learning to detect network intrusions and malware in autonomous robots. In: International society for optics and photonics cyber sensing 2017

75.

He Y, Mendis GJ, Wei J (2017) Real-time detection of false data injection attacks in smart grid: a deep learning-based intelligent mechanism. IEEE Trans Smart Grid 8(5):2505–2516CrossRef

76.

Yu Y, Long J, Cai Z (2017) Network intrusion detection through stacking dilated convolutional autoencoders. Secur Commun Netw 2017:4184196. https://doi.org/10.1155/2017/4184196 CrossRef

77.

Lamping U, Sharpe R, Warnicke E (2014) Wireshark User’s Guide: for Wireshark

78.

McKinney W (2010) Data structures for statistical computing in python. In: Proceedings of the 9th python in science conference. Austin, TX

79.

Van Der Walt S et al (2011) The NumPy array: a structure for efficient numerical computation. Comput Sci Eng 13(2):22CrossRef

80.

Rais HB, Mehmood T (2016) Feature selection in intrusion detection, state of the art: a review. J Theor Appl Inf Technol 94(1):30–43

81.

Pramokchon P, Piamsa-nga P (2014) A feature score for classifying class-imbalanced data. In: 2014 international computer science and engineering conference (ICSEC). IEEE

82.

García S, Luengo J, Herrera F (2015) Data preprocessing in data mining. Springer, BerlinCrossRef

83.

Düntsch I, Gediga G (2000) Rough set data analysis—a road to non-invasive knowledge discovery. Springer, Berlin

84.

Wang S et al (2015) Subspace learning for unsupervised feature selection via matrix factorization. Pattern Recognit 48(1):10–19CrossRef

85.

Zhang F et al (2015) Adversarial feature selection against evasion attacks. IEEE Trans Cybern 46(3):766–777CrossRef

86.

Pitt E, Nayak R (2007) The use of various data mining and feature selection methods in the analysis of a population survey dataset. In: Proceedings of the 2nd international workshop on integrating artificial intelligence and data mining, vol 84. Australian Computer Society, Inc

87.

Wang A et al (2015) Accelerating wrapper-based feature selection with K-nearest-neighbor. Knowl Based Syst 83:81–91CrossRef

88.

Hinton GE, Salakhutdinov RR (2006) Reducing the dimensionality of data with neural networks. Science 313(5786):504–507MathSciNetCrossRef

89.

Wang ZJBU (2015) The applications of deep learning on traffic identification, vol 24. BlackHat USA, Washington

Title: Review of intrusion detection systems based on deep learning techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions
Authors: A. M. Aleesa
B. B. Zaidan
A. A. Zaidan
Nan M. Sahar
Publication date: 18-10-2019
Publisher: Springer London
Published in: Neural Computing and Applications / Issue 14/2020
Print ISSN: 0941-0643
Electronic ISSN: 1433-3058
DOI: https://doi.org/10.1007/s00521-019-04557-3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Other articles of this Issue 14/2020

A stateless deep learning framework to predict net asset value

A modified Henry gas solubility optimization for solving motif discovery problem

Adaptive Monte Carlo algorithm for Wigner kernel evaluation

FABnet: feature attention-based network for simultaneous segmentation of microvessels and nerves in routine histology images of oral cancer

A reinforcement learning-based communication topology in particle swarm optimization

A new algorithm for normal and large-scale optimization problems: Nomadic People Optimizer

Premium Partner