Review of intrusion detection systems based on deep learning techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions

Abstract

This study reviews and analyses the research landscape for intrusion detection systems (IDSs) based on deep learning (DL) techniques into a coherent taxonomy and identifies the gap in this pivotal research area. The focus is on articles related to the keywords ‘deep learning’, ‘intrusion’ and ‘attack’ and their variations in four major databases, namely Web of Science, ScienceDirect, Scopus and the Institute of Electrical and Electronics Engineers’ Xplore . These databases are sufficiently broad to cover the technical literature. The dataset comprises 68 articles. The largest proportion (72.06%; 49/68) relates to articles that develop an approach for evaluating or identifying intrusion detection techniques using the DL approach. The second largest proportion (22.06%; 15/68) relates to studying/applying articles to the DL area, IDSs or other related issues. The third largest proportion (5.88%; 4/68) discusses frameworks/models for running or adopting IDSs. The basic characteristics of this emerging field are identified from the aspects of motivations, open challenges that impede the technology’s utility, authors’ recommendations and substantial analysis. Then, a result analysis mapping for new directions is discussed. Three phases are designed to meet the demands of detecting distributed denial-of-service attacks with a high accuracy rate. This study provides an extensive resource background for researchers who are interested in IDSs based on DL.