Deep Learning-based Intrusion Detection Systems: A Survey
Zhiwei Xu, Yujuan Wu, Shiheng Wang, Jiabao Gao, Tian Qiu, Ziqi Wang, Hai Wan, Xibin Zhao
TL;DR
This survey articulates how deep learning reshapes intrusion detection by enabling generalization to unseen attacks through a standardized DL-IDS workflow that spans data collection, storage, parsing, graph-based summarization, detection, and attack investigation. It offers a comprehensive taxonomy of DL techniques applied to audit, application, and network logs, including graph neural networks for provenance graphs and sequence models for log data, and it surveys major public datasets and benchmark challenges. The authors identify critical bottlenecks—data quality, limited labeled data, and heavy computation—and discuss the nascent role of pre-training and large language models in DL-IDS, proposing directions to improve data sharing, evaluation metrics, and scalable architectures. Overall, the work underscores the strong potential and current gaps in DL-IDS, aiming to guide future research toward robust, scalable, and generalizable intrusion detection solutions with real-world impact.
Abstract
Intrusion Detection Systems (IDS) have long been a hot topic in the cybersecurity community. In recent years, with the introduction of deep learning (DL) techniques, IDS have made great progress due to their increasing generalizability. The rationale behind this is that by learning the underlying patterns of known system behaviors, IDS detection can be generalized to intrusions that exploit zero-day vulnerabilities. In this survey, we refer to this type of IDS as DL-based IDS (DL-IDS). From the perspective of DL, this survey systematically reviews all the stages of DL-IDS, including data collection, log storage, log parsing, graph summarization, attack detection, and attack investigation. To accommodate current researchers, a section describing the publicly available benchmark datasets is included. This survey further discusses current challenges and potential future research directions, aiming to help researchers understand the basic ideas and visions of DL-IDS research, as well as to motivate their research interests.