Network intrusion detection system: A systematic study of machine learning and deep learning approaches

• Published in: Transactions on emerging telecommunications technologies Vol. 32; no. 1
• Main Authors: Ahmad, Zeeshan, Shahid Khan, Adnan, Wai Shiang, Cheah, Abdullah, Johari, Ahmad, Farhan
• Format: Journal Article
• Language: English
• Published: 01.01.2021
• Subjects: Deep learning; Machine learning; Network anomaly detection; Network intrusion detection system; Network security
• ISSN: 2161-3915; 2161-3915
• DOI: 10.1002/ett.4150

The rapid advances in the internet and communication fields have resulted in a huge increase in the network size and the corresponding data. As a result, many novel attacks are being generated and have posed challenges for network security to accurately detect intrusions. Furthermore, the presence of the intruders with the aim to launch various attacks within the network cannot be ignored. An intrusion detection system (IDS) is one such tool that prevents the network from possible intrusions by inspecting the network traffic, to ensure its confidentiality, integrity, and availability. Despite enormous efforts by the researchers, IDS still faces challenges in improving detection accuracy while reducing false alarm rates and in detecting novel intrusions. Recently, machine learning (ML) and deep learning (DL)‐based IDS systems are being deployed as potential solutions to detect intrusions across the network in an efficient manner. This article first clarifies the concept of IDS and then provides the taxonomy based on the notable ML and DL techniques adopted in designing network‐based IDS (NIDS) systems. A comprehensive review of the recent NIDS‐based articles is provided by discussing the strengths and limitations of the proposed solutions. Then, recent trends and advancements of ML and DL‐based NIDS are provided in terms of the proposed methodology, evaluation metrics, and dataset selection. Using the shortcomings of the proposed methods, we highlighted various research challenges and provided the future scope for the research in improving ML and DL‐based NIDS. (1) A systematic study is conducted to select recent articles on various ML and DL‐based NIDS published during the past 3 years (2017 ‐ April 2020).(2) Extensively discussed various features of papers including proposed methodology, strength, weakness, evaluation metrics, and the used datasets.(3) Based on these observations, recent trends of using AI methods are provided for NIDS, followed by highlighting different challenges in ML/DL‐based NIDS and future directions in this important domain.