Deep Reinforcement Learning for Intrusion Detection in IoT: A Survey
Afrah Gueriani, Hamza Kheddar, Ahmed Cherif Mazari
TL;DR
The paper addresses the need for autonomous intrusion detection in IoT environments facing evolving attack patterns. It surveys deep reinforcement learning–based IDS methods, categorizing them into WSN, DQN-based, hybrid, healthcare, and other applications, and complements this with dataset lists and evaluation metrics. Key contributions include a structured taxonomy of RL approaches (Q-learning, DQN variants, DDPG, FRL) and a catalog of datasets (e.g., NSL-KDD, UNSW-NB15, CICIDS2017) used to evaluate DRL-IDS. The findings suggest DRL-based IDS offer adaptability and real-time threat mitigation in IoT settings but highlight challenges such as scalability, data heterogeneity, and dataset limitations, pointing to future research directions in benchmarks, privacy-preserving methods, and cross-domain transfer learning.
Abstract
The rise of new complex attacks scenarios in Internet of things (IoT) environments necessitate more advanced and intelligent cyber defense techniques such as various Intrusion Detection Systems (IDSs) which are responsible for detecting and mitigating malicious activities in IoT networks without human intervention. To address this issue, deep reinforcement learning (DRL) has been proposed in recent years, to automatically tackle intrusions/attacks. In this paper, a comprehensive survey of DRL-based IDS on IoT is presented. Furthermore, in this survey, the state-of-the-art DRL-based IDS methods have been classified into five categories including wireless sensor network (WSN), deep Q-network (DQN), healthcare, hybrid, and other techniques. In addition, the most crucial performance metrics, namely accuracy, recall, precision, false negative rate (FNR), false positive rate (FPR), and F-measure, are detailed, in order to evaluate the performance of each proposed method. The paper provides a summary of datasets utilized in the studies as well.