Deep Learning Algorithms Used in Intrusion Detection Systems -- A Review
Richard Kimanzi, Peter Kimanga, Dedan Cherori, Patrick K. Gikunda
TL;DR
This systematic review analyzes the application of deep learning methods to intrusion detection systems from 2019 to 2023, categorizing approaches by model families such as CNNs, DBNs, autoencoders, DNNs, RNNs/LSTMs, SNNs, and MLPs, including hybrid and transfer-learning variants. It compiles representative studies, datasets (e.g., KDD Cup 99, NSL-KDD, UNSW-NB15, Bot-IoT), and performance trends, noting that DL models often surpass traditional ML but face challenges in cross-dataset generalization and real-time deployment in IoT/edge environments. The review highlights the architectural diversity, dataset-dependent performance, and the growing interest in lightweight and distributed DL solutions for scalable IDS. Overall, the findings provide a comprehensive foundation for researchers and practitioners to select and tailor DL-based IDS approaches to specific network contexts and threat landscapes, while identifying gaps such as dataset biases and the need for standardized evaluation benchmarks.
Abstract
The increase in network attacks has necessitated the development of robust and efficient intrusion detection systems (IDS) capable of identifying malicious activities in real-time. In the last five years, deep learning algorithms have emerged as powerful tools in this domain, offering enhanced detection capabilities compared to traditional methods. This review paper studies recent advancements in the application of deep learning techniques, including Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNN), Deep Belief Networks (DBN), Deep Neural Networks (DNN), Long Short-Term Memory (LSTM), autoencoders (AE), Multi-Layer Perceptrons (MLP), Self-Normalizing Networks (SNN) and hybrid models, within network intrusion detection systems. we delve into the unique architectures, training models, and classification methodologies tailored for network traffic analysis and anomaly detection. Furthermore, we analyze the strengths and limitations of each deep learning approach in terms of detection accuracy, computational efficiency, scalability, and adaptability to evolving threats. Additionally, this paper highlights prominent datasets and benchmarking frameworks commonly utilized for evaluating the performance of deep learning-based IDS. This review will provide researchers and industry practitioners with valuable insights into the state-of-the-art deep learning algorithms for enhancing the security framework of network environments through intrusion detection.