Analysis of Intrusion Detection Systems:

Techniques, Datasets and Research Opportunity

1Chaitrali T. Dhumal 2 Dr. S. V. Pingale *
Post Graduation Student, Assistant Professor
Department of Computer Science Engineering Department of Computer Science Engineering
SKN Sinhgad College of Engineering SKN Sinhgad College of Engineering
Pandharpur, Solapur, India. Pandharpur, Solapur, India.
Email: chaitralid16@gmail.com Email: subhash.pingale@sknscoe.ac.in

Abstract— In the year of 2022, all over glob 42% cyber-attacks swift response to potential threats. Traditional IDSs,
are increased as compared to the previous year 2021. Due to this however, may prove less effective against modern
growing number of cyber-attacks, there is necessary to develop sophisticated cyber- attacks. To enhance accuracy and
most effective Intrusion Detection System (IDS). In this paper robustness, the integration of data mining techniques,
we reviewed the different existing Intrusion Detection System
particularly those based on deep learning, has emerged as a
and their merits and demerits; also we reviewed the different
standard datasets by considering the different parameters. promising approach. Deep learning enables exhibit higher
Based on earlier finding we will propose new Intrusion precision and resilient behavior against cyber knowledge
Detection system which is implemented by Convolution Neural discovery and empowers IDSs to threats. While the adoption
Network (CNN) algorithm. This paper extends previous work of deep learning approaches holds great potential decision
and addresses this challenge by presenting a review of intrusion tree classifiers. They propose the RDTIDS (Rules and
detection systems utilizing deep learning approaches with the decision tree based intrusion technique) which
help of CNN algorithm and CSE (Communications Security employs binary and multi-class classifiers to minimize the
Establishment) -CIC (Canadian Institute for Cyber security) - impact of data imbalance.
IDS 2018. The main objective is to improve the accuracy and
reliability of detecting cyber -attacks on network- level
The researchers utilize the CIC-IDS-2017 dataset and explore
the outcomes achieved through deep learning models. The
Keywords: Intrusion detection system, Convolution Neural appropriate datasets that cover various benign and attack
Network, Cybersecurity. scenarios, align with real-world conditions, and are publicly
available is crucial for evaluating the performance of
. The main objective is to improve the accuracy and intrusion detection systems.
reliability of detecting cyber- attacks on network- level. The contributions of this study are multi-fold. Firstly, it is
generative/unsupervised models (deep auto encoders,
restricted Boltzmann machine, deep Boltzmann machines,
and deep belief networks). Furthermore, the performance of
Introduction each deep learning model is assessed using two real traffic
datasets, namely the CSE-CIC-IDS2018 dataset and the Bot-
With the increasing prevalence of cyber-attacks targeting IoT dataset. Lastly, a comparison is drawn between the
Critical National Infrastructures (CNIs) such as ports, performance of deep learning approaches and four traditional
hospitals, and energy providers, safeguarding these vital machine learning techniques: Naive Bayes, Artificial Neural
systems has become a matter of utmost importance. CNIs Network, Support Vector Machine, and Random Forests cost,
heavily rely on Supervisory Control and Data Acquisition and time overhead. The researchers utilize the SCADA
(SCADA) systems to manage their production processes system for security purposes and propose a foundation for
effectively. Protecting these Industrial Control Systems (ICS) real- time adaptive IDS. The main objective is to improve the
and CNIs has gained significant attention at organizational, accuracy and reliability of detecting cyber- attacks on
national, and European levels. In response to the growing network- level. The main objective is to improve the accuracy
risks faced by CNIs, several directives and regulations have and reliability of detecting cyber -attacks on network- level.
been issued by Europe in recent years, aiming to establish a
coherent framework for securing networks, information, and
electronic communications. However, beyond policy . Literature
measures, it is crucial to implement specific security
measures that address legal, organizational, capacity-building Ahmim et al. [1] introduces a new Intrusion Detection
and technical aspects of cyber security. System (IDS) called HCPTC-IDS. This system aims to boost
One essential aspect of securing systems against cyber- the identification of different cyber-attacks while keeping
attacks is the deployment of Intrusion Detection Systems false alarms to a minimum. HCPTC-IDS are designed with
(IDS). Positioned as the second line of defense, IDSs work two layers: the first layer is a tree-like structure with four
alongside other security mechanisms, including encryption levels, each representing a classifier. This structure
techniques, to fortify systems. By analyzing patterns of categorizes network connections into clusters such as Denial
benign traffic or specific attack rules, IDSs can effectively of Service (DoS), Probing attacks.
differentiate between normal and malicious actions, enabling

Electronic copy available at: https://ssrn.com/abstract=4749820

Ahmim et al. [2] presented a novel intrusion detection and 5G networks, which has led to an increase in various
system (IDS) that combines different classifier approaches, types of attacks, including APT attacks, DDOS attacks, and
specifically REP Tree, JRip algorithm, and Forest PA, to malware attacks. The review also indicates that the proposed
enhance cyber -attack detection while minimizing false attention-based CNN-LSTM model outperforms existing
alarms. The proposed IDS consist of a hierarchical model approaches and suggests the potential for further enhancing
with three classifiers. It also addresses the challenges posed performance by incorporating stacked encoders and
by evolving attack methods and emphasizes the importance exploring different architectures and methodologies.
of efficient, accurate detection and response in critical
infrastructures. Drewek-Ossowicka et al. [8] discusses how Artificial
Intelligence (AI), particularly neural networks (NN), has
Aithal [3] discusses a framework designed to detect harmful gained significant importance in recent years for various
activities on computers or networks, aimed at stealing data applications, including intrusion detection systems (IDS)
or disrupting system operations. Current intrusion detection which are used to enhance computer network security. The
methods struggle with dynamic and complex cyber-attacks. paper provides an overview of the recent literature on using
There are techniques like artificial intelligence (AI) and data neural networks for IDS, along with descriptions of neural
mining can improve detection rates and reduce false alerts, network architectures, IDS types, and training datasets. The
making them promising. In the proposed study, medical paper also notes that intrusion detection is expanding beyond
disease prediction is performed using techniques like traditional computer networks to areas like internet of things,
Principal Component Analysis (PCA) and Canny edge clouds, automotive systems, and mobile communication. It
detection. The study seeks to discover patterns and aims to provide a comprehensive understanding of using
associations in data using various data mining methods like neural networks for intrusion detection, offering a starting
Decision Trees, Neural Networks, K-nearest neighbors. point for future research in the field.

Berman et al. [4] focuses on deep learning (DL) methods for Ferrag et al. [9] examined different deep learning models for
cyber-security. It offers short explanations of various DL intrusion detection. They tested seven types of deep learning
techniques like deep auto-encoders, recurrent neural models, including deep neural networks, recurrent neural
networks, and more. As cyber-attacks become more complex, networks, convolution neural networks, restricted Boltzmann
traditional methods struggle to keep up, creating an machines, deep belief networks, deep Boltzmann machines,
opportunity to use DL to detect new attack variants. The and deep auto-encoders. They used the CSE-CIC-IDS 2018
paper reviews how DL is used to detect various cyber threats dataset and Tensor Flow for their experiments and evaluated
and covers training processes for different DL methods. It the models based on accuracy, detection rate, and false alarm
also highlights the need for considering the full attack rate. The goal was to compare the performance of these deep
lifecycle and emphasizes the importance of benchmark learning methods for intrusion detection, both discriminative
datasets for fair comparisons. and generative/unsupervised ones.

Buczak et al. [5] focuses on using machine learning (ML) Kurniabudi et al.[10] focuses on picking the most important
and data mining (DM) techniques for cyber-security and parts of data to make analyzing it faster and more accurate.
intrusion detection. The paper provides brief tutorials on The results show that having the right important parts of data
different ML/DM methods and discusses their relevance. The improves finding problems. One algorithm called "Random
importance of data sets for training these methods is Forest" does really well with a small number of important
highlighted, emphasizing the challenges of obtaining suitable parts, while another called "J48" is good with a bit more parts
data. The paper acknowledges the complexity of evaluating but takes longer. The study also shows that even though one
the methods and suggests criteria like accuracy, complexity, algorithm isn't as accurate, it can still find all the problems in
and time for classification. It also points out the need for certain cases. The study also found that the chosen important
labeled data and proposes the idea of collecting and labeling parts help reduce false alarms.
new data to enhance ML/DM methods for cyber-security.
Maglaras et al. [11] discusses the cyber security challenges
Dewa and Maglaras [6] discussed rapid technology growth faced by modern Supervisory Control and Data Acquisition
and increased connectivity creates cyber security challenges. (SCADA) systems, which play a vital role in monitoring and
The article explores existing IDS and suggests using data managing power generation and distribution. The paper
mining to enhance accuracy against new attacks. It highlights emphasizes the need for security methods that balance high
the need for accurate IDS due to rising cyber incidents and efficiency, real-time intrusion identification, and minimal
mentions testing methods like NSL-KDD dataset for modern overhead. The study highlights the importance of
networks. Despite progress, there's still a need for smarter safeguarding Industrial Control Systems (ICS), including
IDS to counter evolving cyber threats. SCADA and Distributed Control Systems (DCS), due to their
critical role in various sectors.
Dey[7] discusses challenges such as data availability, the
emergence of new machine learning algorithms, and the need Maimoet. Al.[12] suggests a fresh way to protect against
to address evolving cyber threats. The introduction of a novel cyber threats in 5G networks. They use advanced machine
attention-based CNN-LSTM model for intrusion detection learning to analyze network traffic and adapt their defense
using the IDS 2018 dataset is proposed. The review also system to changing conditions. This makes detection more
highlights the growing complexity of networks due to IoT efficient and saves resources. Tests show that their system

Electronic copy available at: https://ssrn.com/abstract=4749820

can detect unusual activities effectively. They also compare model improves accuracy and provides a new way to do
different methods to find the best one for their system. intrusion detection. The study also plans to make the model
Overall, their approach adjusts to 5G's features and enhances faster and explore other methods in the future.
protection against cyber threats. .
Pingale and Sutar [18] explores detection solutions such as
Nguyen &Kim[13] introduces a new method for intrusion Intrusion Detection Systems, Web Application Firewalls, and
detection in computer networks. Intrusion detection helps machine learning. It compares existing web application
identify unauthorized access to a network. In this approach, firewalls, identifies their limitations, and proposes a new one
they use a combination of genetic algorithms, fuzzy C-means with three innovative approaches. The review also addresses
clustering, and convolution neural networks (CNN) to select the challenges posed by growing internet users and traffic,
the most important features for detecting intrusions. The emphasizing the need for robust packet classification for
process involves creating a feature set using these techniques, detecting malicious patterns. It underscores the importance of
and then they use a bagging classifier to validate the Web Application Firewalls in filtering HTTP traffic to protect
performance of this feature set. This three-layered approach, against vulnerabilities, acknowledging the inefficiencies of
involving genetic algorithms, fuzzy clustering, and CNN, traditional methods. The proposed solution involves
helps improve the accuracy of intrusion detection. The results developing an automated web application firewall with three
of their approach show that it's effective in classifying distinct approaches to enhance security measures.
dangerous network attacks, making it valuable for enhancing
network security. Pingale and Sutar [19] delves into the pressing need for
robust security measures in the evolving landscape of the
Rekha et al. [14] explores how machine learning (ML) and Internet of Things (IoT). With the proliferation of connected
data mining can be applied to detect intrusions in networks, devices, cyber threats have become more prevalent and
offering accurate results through methods like classification sophisticated. The paper proposes a security model, the
and regression. The review discusses various attacks and Remora-based Deep Maxout Network, to counter these
vulnerabilities that emphasize the importance of cyber challenges. This model employs advanced techniques such as
security and intrusion detection. The paper also evaluates the missing value imputation, dimension transformation, and
role of ML techniques in addressing IDS issues and Convolutional Neural Network feature extraction. The
highlights the promising role of classifiers and algorithms in intrusion detection capability is enhanced through the
cyber security research. The paper identifies future research application of the Remora Optimization Algorithm, yielding
directions, including optimizing data selection and adopting a remarkable testing accuracy of 0.945. The review
ensemble classification algorithms for improved underscores the importance of addressing the increasing
performance. volume of online data as a prime target for malicious attacks.
The proposed approach showcases a comprehensive strategy,
Sharafaldin et al. [15] focuses on improving the encompassing preprocessing, feature extraction, and
effectiveness of Intrusion Detection Systems (IDSs) and detection. Future directions involve refining the identification
Intrusion Prevention Systems (IPSs) in protecting computer of intrusion classes within the Web Attack domain and
networks. It does this by addressing the problem of outdated addressing dataset imbalances to further improve overall
and limited datasets used for training and evaluating these performance.
systems. The authors created a new dataset with real-world
network traffic, including normal and attack patterns. This Pingale and Sutar [20] address the challenge of intrusion
work aims to provide researchers with a more reliable and up- detection by proposing a novel approach using multimodal
to-date dataset for evaluating IDSs and IPSs, ultimately networks. Unlike previous methods that treat all parameters
enhancing network security. as a single input, this approach segregates input logs into
subgroups, training each differently. The intermediate
Stewartet al. [16] showed how Industrial Control Systems representations from these subgroups are combined to make
(ICS) are becoming more vulnerable due to increased the final prediction, effectively utilizing individual feature
connections with other systems, particularly with the rise of strengths. Tested on the NSL-KDD dataset, the proposed
the Industrial Internet of Things (IIoT). They tested their idea system achieves an accuracy of 83.5, surpassing standard
using assimilated system with dynamic network changes. The methods. The concept of multimodal networks, grouping
research points out that most existing studies focus on static features based on characteristics, proves effective in
SCADA systems, while modern SCADA systems are enhancing deep learning power with lower training costs.
becoming more dynamic, requiring new approaches to Future improvements may explore additional deep learning
security. layers, bidirectional models, advanced clustering techniques,
and expanding multimodal networks to include vectors
Pingale S.V. et al. [17] focuses on detecting network attacks related to cyber-security information. This approach aligns
to keep information safe. It uses a deep learning method with efforts to imitate human decision-making processes,
called Remora based optimization using Convolutional avoiding reliance on a single method for prediction. The
neural networks (CNN) features . The study compares CNN- summary of literature referred in this paper is presented in the
IDS with other methods like J48 and random forest, using a form of Table 1 and also summary of different approaches for
standard dataset. Results show that CNN are really accurate Intrusion detection Systems is presented in Table 2.
and outperform traditional methods in detecting attacks. It's Related Work
especially good at recognizing different types of attacks. This

Electronic copy available at: https://ssrn.com/abstract=4749820

 TABLE 1. Rekha et al. ML and DM Discusses ML General mention of
[14] for IDS techniques for ML, lacks specific
Analysis of literature review of intrusion detection system. intrusion methods
detection
Author Method Advantages Disadvantages Sharafaldin Machine Overview of Broad overview
Name Name et al. [15] Learning and machine without specific
Ahmim et HCPTC-IDS Boosts - Potential false Deep learning and deep learning
al. [1] identification alarms Learning deep learning techniques explored.
of cyber for cyber
attacks security
Ahmim et Novel IDS - Combines Complexity in applications.
al. [2] classifier managing multiple Stewart et One-Class Investigation Limited focus on
approaches for classifiers al. [16] SVMs of intrusion deep learning
detection detection techniques. Specific
using support application to one-
Aithal [3] AI and Data Proposes AI - Specific vector class SVMs rather
Mining and data techniques not machine than broader deep
mining for detailed models. learning models.
improved Evaluation
detection based on
Berman et DL Methods Focuses on Doesn't delve into various
al. [4] using DL for specific DL model metrics
complex cyber implementations Pingale et Remora - Higher It does not work on
attacks al. [17] Whale accuracy imbalanced attack
optimization obtained dataset
Buczak et ML and DM - Provides Emphasizes
al. [5] Techniques tutorials on challenges in
ML/DM obtaining suitable Pingale & Automated Proposes a Challenges in
methods data Sutar [18] Web new web developing and
Application application maintaining
Dewa & Data Mining Utilization of Lack of specific Firewall firewall with automated web
Marglas [6] Techniques data mining focus on deep three application
methods for learning techniques. innovative firewalls. - May
cyber security approaches require significant
Importance of . - Addresses resources and
the NSL KDD the expertise for
dataset in inefficiencies implementation .
network of traditional
analysis. methods. -
Dey [7] Attention- Proposes No detailed Recognizes
based CNN- attention- discussion of model the importance
LSTM based CNN- architecture/method of Web
LSTM model Application
Firewalls in
Drewek- Neural Provides Limited specifics on
filtering HTTP
Ossowicka Networks overview of NN architectures
et al. [8] using NN for and methods traffic.
IDS Pingale & Deep Achieves high Potential challenges
Ferrag et al. Deep Explores Doesn't discuss Sutar [19] Maxout testing in developing and
[9] Learning various deep specific Network accuracy of maintaining
Models learning implementation Remora - 0.945 . automated web
models details based Utilizes application
advanced firewalls.
Kurniabudi Random Shows Limited information techniques - Future
et al. [10] Forest and importance of on accuracy and use such as improvements may
J48 selecting key cases missing value be required to
data parts imputation and explore additional
Maglaras et Security Enhance the May introduce Convolutional layers and advanced
al. [11] Methods security of complexity and Neural clustering
SCADA additional overhead. Network techniques.
systems feature
against threats. extraction .
Maimo et al. Machine Uses ML to Doesn't delve into
Pingale & Multimodal Proposes a Implementation
[12] Learning in adapt defence specific ML
Sutar [20] Networks for novel challenges,
5G to changing methods and models
Intrusion approach especially when
conditions
Detection using dealing with large-
Nguyen & Genetic Improved Complexity:
multimodal scale networks. -
Kim[13] Algorithm- Detection Involves complex
networks for Future
Based Accuracy: components like intrusion improvements may
Hybrid Utilizes GAs, CNNs, and
detection. - be required to
Intrusion genetic ensemble learning,
Segregates explore additional
Detection algorithms, requiring expertise input logs into layers and advanced
System (GA- fuzzy C-means and computational
subgroups, clustering
HIDS) clustering, and resources
utilizing techniques. -
CNNs to individual Resource-intensive
enhance
feature
detection
strengths. -
accuracy.

Electronic copy available at: https://ssrn.com/abstract=4749820

 Achieves an RNN-IDS Yin et al. [17] NSL-KDD 311029
accuracy of
83.5 on the Machine Pingale & HTTP Dataset 36000
NSL-KDD learning Sutar[18] CSIC 2010
dataset Remora -based Pingale & - -
DMN Sutar [19]
Multimodal Pingale & NSL-KDD 4,898,431
TABLE 2. Networks for Sutar [20] dataset
Intrusion
Summary of different approaches, datasets and techniques for Detection

Intrusion Detection Systems

CIS-IDS-2018 Dataset Description
Approach Author name Dataset used Total number
of instances
used
Purpose: The dataset is likely designed for evaluating and
HCPTC-IDS Ahmim et al. KDD99 4,898,430 testing Intrusion Detection Systems. IDS datasets are crucial
for training and assessing the performance of algorithms and
[1] models in detecting various types of cyber threats.
Features :
Decision Tree Abhmim et al. CICIDS2017 2,830,743
and Rule based
Model [2] Size: The dataset size can vary, including a substantial
number of records to ensure comprehensive coverage of
Data mining Aithal [3] DARPA 201 different attack scenarios.
Approach
Deep Learning Berman et al. NSL-KDD 4,898,431
Source: The dataset might have been created by researchers,
[4] cyber-security experts, or organizations specializing in cyber-
security.
Machine Buczak et al. KDD1999 126,620
learning and
Data mining [5] Traffic Data: It may include network traffic data, capturing
information about the communication between devices on a
Data Minin g Dewa & NSL, KDD 1,48,517 network.
Techniques for
Cyber Security Maglaras [6]
Attack Scenarios: Different types of cyber-attacks, such as
CNN Model Dey [7] CIC-IDS-2018 16,000,000 DoS (Denial of Service), DDoS (Distributed Denial of
Service), SQL injection, malware, etc., may be represented in
Neural Drewek- KDD Cup99 5000000 the dataset.
Ossowicka et
Network al. [8]
Normal Behavior: The dataset would likely include
Deep Learning Ferrag et al. [9] CSE-CIC- 16,000,000 instances of normal or benign network behavior to provide a
Techniqu baseline for comparison.
Es IDS2018

Anomaly Kurniabudi et CID-IDS-2017 28,30,743 Preprocessing: Datasets for IDS often undergo
preprocessing steps, such as cleaning, normalization, and
detection .al [10] feature extraction, to prepare the data for model training and
evaluation.
Scada -system Maglaras et al. - -

[11] The different Techniques for Intrusion Detection Systems are

reviewed and presented in the following paragraphs.
Anomaly Maimo et al. Bot-net 7062606

detection [12]
1. Data Mining Techniques: This method is crucial
for protecting networks and systems from cyber
CNN Model Nguyen & NSL-KDD 311,027 threats in which clustering helps in identifying
unusual patterns in network traffic, potentially
Kim[13]
signalling intrusions. The traffic is categorized as
Artificial Rekha et al. KDD1998 768 normal or malicious, based on data features. The
Neural anomaly detection spots deviations from typical
Network [14] behaviour, alerting to potential security breaches.
Machine Sharafaldin et CICIDS2017 2,830,743
Learning 2. Machine Learning Techniques: Machine learning
Algorithms al. [15] techniques are vital tools in the realm of cyber-
security. Deep Neural Networks (DNN) employs
One Class Stewart et al. DARPA dataset 4,900,000 multi-layer neural networks to effectively learn and
Support Vector
Machine [16] classify network traffic patterns, making them
(OCSVM) invaluable for precise intrusion detection. Support

Electronic copy available at: https://ssrn.com/abstract=4749820

 Vector Machines (SVM) utilize supervised learning learn relevant features from raw input data, reducing the need
to discern normal and anomalous network traffic for manual feature engineering. The algorithm's past success
based on defined features and decision boundaries. in similar domains, such as image and signal processing, and
The decision Trees create tree-like structures for its effectiveness with large labeled datasets contribute to its
decision-making based on feature values, enabling suitability for intrusion detection tasks.
rule-based intrusion detection. Random Forest, on
the other hand, enhances detection accuracy by
combining multiple decision trees to tackle intricate Block diagram:
network traffic patterns. Finally, rule-based models
employ predefined rules or signatures to identify
known attacks by matching them against network
traffic patterns. These machine learning techniques
collectively fortify cyber-security efforts, ensuring
the protection of networks and systems against a
myriad of potential threats.

3. Deep Learning Techniques:

Deep learning techniques have revolutionized
cyber-security. convolution Neural Networks
(CNNs) excel at analyzing network traffic logs and
packet payloads, uncovering local dependencies and
extract crucial features for intrusion detection.
Recurrent Neural Networks (RNNs) specialize in
handling sequential data, identifying temporal
dependencies, and capturing long-term patterns
within network traffic. Generative Adversarial
Networks (GANs) are instrumental in generating
synthetic network traffic data and crafting realistic
attack scenarios to train and test intrusion detection
Fig 1: Block diagram of CNN algorithm
systems effectively. Meanwhile, Auto-encoders
prove invaluable by learning normal representations
network traffic data and crafting realistic attack
scenarios to train and test intrusion detection Input: We will use CIC-IDS2018 dataset for intrusion
systems effectively. Meanwhile, Auto-encoders detection system.
prove invaluable by learning normal representations Dataset Collection: The dataset is a collection of network
of network traffic data and promptly detecting traffic data that includes both normal and malicious activities.
anomalies based on deviations from these learned It serves as the foundation for training and evaluating the
patterns. These deep learning methods bolster intrusion detection system will be deployed. It typically
cyber-security, enhancing the capacity to safeguard contains features like source and destination IP addresses,
networks against evolving threats. port numbers, protocol types, packet payload, flow duration,
etc. The dataset should be labeled, where normal traffic
instances are labeled as "benign," and malicious instances are
Proposed Work labeled with specific attack types. We will collect diverse and
up-to-date cyber security datasets from reputable sources,
In this proposed work, we aim to develop an effective and including network traffic-based datasets, application logs,
robust intrusion detection system (IDS) for cyber security and system- level data.
applications using CNN algorithm. The main objective is to
improve the accuracy and reliability of detecting cyber - Data Preprocessing: Preprocess the data, such as converting
attacks on network- level. categorical features to numerical representations,
The CNN algorithm was chosen for intrusion detection over normalizing numerical features, and splitting the dataset into
other machine learning or deep learning techniques due to its training and testing sets.
proficiency in automatically extracting hierarchical features
and recognizing spatial patterns in data. CNNs excel at Feature Extraction: Feature extraction is the process of
capturing local patterns and spatial dependencies within identifying relevant patterns and characteristics from raw
network traffic, making them well-suited for identifying network traffic data. In deep learning, feature extraction is
anomalies associated with intrusions. Their translation typically done automatically by the deep neural network
invariance allows them to detect patterns irrespective of their itself. Convolution layers in the CNN, for example,
location in the input data, crucial for discerning attacks that automatically learn and extract features from the input data.
may occur at different points in the network. The grid-like This is one of the main advantages of using deep learning for
structure of network data, represented as sequences or time- intrusion detection, as the model can learn complex
series, aligns with CNNs' capabilities. Additionally, CNNs representations and patterns from raw data without manual
support end-to-end learning, enabling them to automatically feature engineering.

Electronic copy available at: https://ssrn.com/abstract=4749820

 data can result in robust against
Feature Selection: Feature selection aims to choose the most misclassifications. adversarial attempts
to evade detection.
relevant features from the dataset to reduce dimensionality
and improve the model's efficiency and generalization. In Model Training Tuning and training The complexity of
deep learning, feature selection is often not explicitly Complexity deep CNNs for training deep models
performed as the deep neural networks can learn which intrusion detection may might limit their
require expertise and adoption in certain
features are important during the training process. However, extensive settings without
in some cases, feature selection techniques can be applied computational access to adequate
before feeding the data to the model to focus on the most resources resources or
informative features. expertise.
Limited Feature CNNs learn The ability to
Reusability: hierarchical features, generalize and share
Classification: The core task of an intrusion detection system but these features might learned features
is classification, which involves identifying network traffic not be easily reusable across diverse
instances as either normal or malicious. The deep neural across different types of attacks is crucial for
attacks. effective intrusion
network, specifically the output layer, performs this detection.
classification. For binary classification (normal vs.
malicious), a sigmoid activation function is commonly used
in the output layer, producing a probability score between 0
and 1. Instances with a score above a certain threshold are Improving intrusion detection accuracy is of paramount
classified as malicious, and those below the threshold are importance in the field of cyber-security, and it has broad
classified as normal. For multi-class classification, the output implications for both individuals and organizations. Here are
layer often uses a soft ax activation function to assign some key aspects of the impact and significance:
probabilities to different attack types. TABLE 4
Analysis of impact and significance of improving intrusion detection
Output: The output can be in the form of a binary accuracy .
classification label (e.g., normal/malicious) and detected Key Aspects Significance Impact
packet contains normal data or intruder. Early threat detection Higher accuracy Prompt response
allows early and mitigation,
identification of reducing potential
Challenges and limitations of CNN algorithm: threats. damage caused by
TABLE 3 threats.
Reduced False Improves precision by Focus on genuine
Using Convolutional Neural Networks (CNNs) for intrusion detection comes Positives/Negatives minimizing false threats, avoiding
with several challenges and limitations presented in table 3: alarms. disruptions and
resource wastage.
Key Aspects Challenges Limitations Enhanced security Contributes to an Crucial for
Limited Context CNNs are designed for Intrusion patterns posture organization's overall safeguarding
Understanding grid-like data such as might require security stance information and
images, and they may understanding preserving
struggle to capture broader context and stakeholder trust
long-range temporal Cost Savings Efficient resource Avoidance of
dependencies and dependencies that allocation and remediation costs,
complex relationships traditional CNNs reduced financial legal expenses, and
in sequential data, may not effectively impact. potential revenue
which is often the case capture. loss.
in network traffic. Preservation of Demonstrates Builds trust among
Reputation commitment to customers,
Variable-Length Network traffic data CNNs typically security, preserving partners, and the
Sequences: can have variable require fixed-size reputation public.
lengths, making it inputs, and handling Protection of Sensitive Crucial for Prevents data theft
challenging to directly sequences of varying Data safeguarding sensitive or unauthorized
apply standard CNN lengths may involve information. access, ensuring
architectures. additional privacy and
preprocessing or security.
result in information
loss.
Limited Explain CNNs, especially with Understanding and
ability deeper architectures, explaining why a
Conclusion
can be considered as certain decision was
"black-box" models, made by the CNN This paper attempts to undergo comprehensive review on
making it challenging may be crucial for existing Intrusion Detection Systems (IDS) and datasets.
to interpret their building trust in the Different recent techniques such as data mining, machine
decisions. intrusion detection
system, especially in learning and deep learning are reviewed. In addition to this,
critical the proposed work presents a comprehensive approach in the
environments. field of cyber security and machine learning by using CNN
Adversarial Attacks: CNNs are susceptible to In a security-critica l algorithm and CSE-CIC-IDS2018 dataset. The intended work
adversarial attacks application like
where subtle intrusion detection, shall include the calculation the different performance matrix
modifications to input the system must be such as precision, recall, f1score and accuracy.

Electronic copy available at: https://ssrn.com/abstract=4749820

 [13] Nguyen, M. T., & Kim, K. (2020). Genetic convolutional neural
network for intrusion detection systems. Future Generation Computer
REFERENCES Systems, 113, 418-427.
[14] Rekha, G., Malik, S., Tyagi, A. K., & Nair, M. M. (2020). Intrusion
[1] Ahmim, A., Derdour, M., & Ferrag, M. A. (2018). An intrusio n
detection in cyber security: role of machine learning and data mining
detection system based on combining probability predictions of a tree
in cyber security. Advances in Science, Technology and Engineering
of classifiers. International Journal of Communication Systems, 31(9),
Systems Journal, 5(3), 72-81.
e3547.
[15] Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward
[2] Ahmim, A., Derdour, M., & Ferrag, M. A. (2018). An intrusio n generating a new intrusion detection dataset and intrusion traffic
detection system based on combining probability predictions of a tree characterization. ICISSp, 1, 108-116.
of classifiers. International Journal of Communication Systems, 31(9),
e3547. [16] Stewart, B., Rosa, L., Maglaras, L. A., Cruz, T. J., Ferrag, M. A.,
Simoes, P., & Janicke, H. (2017). A novel intrusion detection
[3] Aithal, P. S. (2020). Data Mining and Machine Learning Techniques
mechanism for scada systems which automatically adapts to network
for Cyber Security Intrusion Detection.
topology changes. EAI Endorsed Transactions on Industrial Networks
[4] Berman, D. S., Buczak, A. L., Chavis, J. S., & Corbett, C. L. (2019). A
and intelligence system
survey of deep learning methods for cyber security. Information, 10(4),
[17] ] Pingale, S. V. et al. (2022). Remora Whale optimization hybrid deep
122.
learning for network intrusion detection using CNN features Exprt
[5] Buczak, A. L., & Guven, E. (2015). A survey of data mining and System with Applications , 210, 118476 .
machine learning methods for cyber security intrusion detection. IEEE
Communications surveys & tutorials, 18(2), 1153-1176.
[18] Pingale, S. V., & Sutar, S. R. (2022). Analysis of Web Apation
[6] Dewa, Z., & Maglaras, L. A. (2016). Data mining and intrusio n Firewalls, Challenges, and Research Opportunities. In ICDSMLA
detection systems. International Journal of Advanced Computer 2020: Proceedings of the 2nd International Conference on Data
Science and Applications, 7(1). Science, Machine Learning and Applications (pp. 239-248). Springer
[7] Dey, A. (2020, December). Deep IDS: A deep learning approach for Singapore.
Intrusion detection based on IDS 2018. In 2020 2nd International [19] Pingale, S. V., & Sutar, S. R. (2023). Remora based Deep Maxout
Conference on Sustainable Technologies for Industry 4.0 (STI) (pp. 1- Network model for network intrusion detection using Convolutional
5). IEEE. Neural Network features. Computers and Electrical Engineering, 110,
[8] Drewek-Ossowicka, A., Pietrołaj, M., & Rumiński, J. (2021). A survey 108831 .
of neural networks usage for intrusion detection systems. Journal of [20] Pingale, S. V., & Sutar, S. R. (2022). Automated network intrusion
Ambient Intelligence and Humanized Computing, 12, 497-514. detection using multimodal networks. International Journal of
[9] Ferrag MA, Maglaras L, Janicke H, Smith R. Deep learning techniques Computational Science and Engineering, 25(3), 339-352.
for cyber security intrusion detection : a detailed techniques for cyber
security intrusion detection : a detailed analysis. 6th Interna -tional
Symposium for ICS SCADA Cyber Security Research (ICS-CSR
2019), Athens, 10–12 September;2019.
[10] Kurniabudi, Stiawan, D., Idris, M. Y. B., Bamhdi, A. M., & Budiarto,
R. (2020). CICIDS-2017 dataset feature analysis with information gain
for anomaly detection. IEEE Access, 8, 132911-13292
[11] Maglaras, L. A., Kim, K. H., Janicke, H., Ferrag, M. A., Rallis, S.,
Fragkou, P., ... & Cruz, T. J. (2018). Cyber security of critica l
infrastructures. Ict Express, 4(1), 42-45
[12] Maimó, L. F., Gómez, Á. L. P., Clemente, F. J. G., Pérez, M. G., &
Pérez, G. M. (2018). A self-adaptive deep learning-based system for
anomaly detection in 5G networks. Ieee Access, 6, 7700-7712.

Electronic copy available at: https://ssrn.com/abstract=4749820