Machine and Deep Learning for Intrusion Detection: A PRISMA-Guided Systematic Review of Recent Advances
https://doi.org/10.26594/register.v11i1.5589
Keywords:
Intrusion Detection System, Machine Learning, Deep Learning, Network Security, Anomaly DetectionAbstract
The massive increase in the number and complexity of cyberattacks has surpassed the capabilities of traditional Intrusion Detection Systems (IDS), prompting a shift toward Machine Learning (ML) and Deep Learning (DL) solutions. This systematic literature review critically examines research published between 2020 and 2025 on ML- and DL-based IDSs, focusing on model architectures, benchmark datasets, evaluation metrics, and key performance results. By adapting a rigorous methodology based on PRISMA 2020, 41 high-quality studies were selected and analyzed. The findings reveal a strong preference for DL models, particularly Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), Bidirectional Long Short-Term Memory (BiLSTM) and hybrid ensembles, which demonstrate higher detection rates and robustness compared to traditional deep learning methods. However, persistent challenges such as data imbalance, high false positive rates, adversarial vulnerabilities and real-time deployment constraints, continue to hinder widespread adoption.
Downloads
References
[1] H. Hindy et al., ‘A Taxonomy of Network Threats and the Effect of Current Datasets on Intrusion Detection Systems’, IEEE Access, vol. 8, pp. 104650–104675, 2020, doi: 10.1109/ACCESS.2020.3000179.
[2] M. A. Ambusaidi, X. He, P. Nanda, and Z. Tan, ‘Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm’, IEEE Trans. Comput., vol. 65, no. 10, pp. 2986–2998, Oct. 2016, doi: 10.1109/TC.2016.2519914.
[3] T. Sowmya and E. A. Mary Anita, ‘A comprehensive review of AI based intrusion detection system’, Measurement: Sensors, vol. 28, p. 100827, Aug. 2023, doi: 10.1016/j.measen.2023.100827.
[4] Y. Ma, B. Niu, and Y. Qi, ‘Survey of image classification algorithms based on deep learning’, in 2nd International Conference on Computer Vision, Image, and Deep Learning, F. Cen and B. H. Bin Ahmad, Eds., Liuzhou, China: SPIE, Oct. 2021, p. 9. doi: 10.1117/12.2604526.
[5] A. Kumar, A. Kumar, M. K. Singh, and P. Kumari, ‘Cyber Attack Detection using Deep Learning’, Middle East Res J Engr Technol, vol. 3, no. 04, pp. 44–50, Jul. 2023, doi: 10.36348/merjet.2023.v03i04.001.
[6] L. Diana, P. Dini, and D. Paolini, ‘Overview on Intrusion Detection Systems for Computers Networking Security’, Computers, vol. 14, no. 3, p. 87, Mar. 2025, doi: 10.3390/computers14030087.
[7] J. Burgert and G. C. Richards, ‘Funding matters: time to update preferred reporting items for systematic reviews and meta-analyses?’, Journal of Clinical Epidemiology, vol. 180, p. 111678, Apr. 2025, doi: 10.1016/j.jclinepi.2025.111678.
[8] R. Dhahbi and F. Jemili, ‘A Deep Learning Approach for Intrusion Detection’, in 2021 IEEE 23rd Int Conf on High Performance Computing & Communications; 7th Int Conf on Data Science & Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys), Haikou, Hainan, China: IEEE, Dec. 2021, pp. 1211–1218. doi: 10.1109/HPCC-DSS-SmartCity-DependSys53884.2021.00186.
[9] N. Singh, S. Jaiswar, P. Jha, K. Virendra, V. Tiwari, and K. Saket, ‘Adaptive Intrusion Detection Using Deep Reinforcement Learning: A Novel Approach’, pp. 2455–6211, May 2024.
[10] J. Simon, N. Kapileswar, P. K. Polasi, and M. A. Elaveini, ‘Hybrid intrusion detection system for wireless IoT networks using deep learning algorithm’, Computers and Electrical Engineering, vol. 102, p. 108190, Sep. 2022, doi: 10.1016/j.compeleceng.2022.108190.
[11] V. Ravi, R. Chaganti, and M. Alazab, ‘Recurrent deep learning-based feature fusion ensemble meta-classifier approach for intelligent network intrusion detection system’, Computers and Electrical Engineering, vol. 102, p. 108156, Sep. 2022, doi: 10.1016/j.compeleceng.2022.108156.
[12] L. Zhang, K. Liu, X. Xie, W. Bai, B. Wu, and P. Dong, ‘A data-driven network intrusion detection system using feature selection and deep learning’, Journal of Information Security and Applications, vol. 78, p. 103606, Nov. 2023, doi: 10.1016/j.jisa.2023.103606.
[13] S. Hassen and A. Abdlrazaq, ‘Contextual Deep Semantic Feature Driven Multi-Types Network Intrusion Detection System for IoT-Edge Networks’, ZJPAS, vol. 36, no. 6, pp. 132–147, Dec. 2024, doi: 10.21271/ZJPAS.36.6.14.
[14] M. Abd Elaziz, M. A. A. Al-qaness, A. Dahou, R. A. Ibrahim, and A. A. A. El-Latif, ‘Intrusion detection approach for cloud and IoT environments using deep learning and Capuchin Search Algorithm’, Advances in Engineering Software, vol. 176, p. 103402, Feb. 2023, doi: 10.1016/j.advengsoft.2022.103402.
[15] Y. N. Kunang, S. Nurmaini, D. Stiawan, and B. Y. Suprapto, ‘Attack classification of an intrusion detection system using deep learning and hyperparameter optimization’, Journal of Information Security and Applications, vol. 58, p. 102804, May 2021, doi: 10.1016/j.jisa.2021.102804.
[16] M. Vishwakarma and N. Kesswani, ‘DIDS: A Deep Neural Network based real-time Intrusion detection system for IoT’, Decision Analytics Journal, vol. 5, p. 100142, Dec. 2022, doi: 10.1016/j.dajour.2022.100142.
[17] R. Devendiran and A. V. Turukmane, ‘Dugat-LSTM: Deep learning based network intrusion detection system using chaotic optimization strategy’, Expert Systems with Applications, vol. 245, p. 123027, Jul. 2024, doi: 10.1016/j.eswa.2023.123027.
[18] Y. Imrana, Y. Xiang, L. Ali, and Z. Abdul-Rauf, ‘A bidirectional LSTM deep learning approach for intrusion detection’, Expert Systems with Applications, vol. 185, p. 115524, Dec. 2021, doi: 10.1016/j.eswa.2021.115524.
[19] Y. Xue, C. Kang, and H. Yu, ‘HAE-HRL: A network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced LSTM-CNN-based residual network’, Computers & Security, vol. 151, p. 104328, Apr. 2025, doi: 10.1016/j.cose.2025.104328.
[20] J. Fang and F. Leng, ‘Network Security Intrusion Detection System Based on Deep Learning’, Procedia Computer Science, vol. 261, pp. 1107–1113, Jan. 2025, doi: 10.1016/j.procs.2025.04.692.
[21] B. Xu, L. Sun, X. Mao, C. Liu, and Z. Ding, ‘Strengthening Network Security: Deep Learning Models for Intrusion Detection with Optimized Feature Subset and Effective Imbalance Handling’, CMC, vol. 78, no. 2, pp. 1995–2022, 2024, doi: 10.32604/cmc.2023.046478.
[22] M. Catillo, A. Del Vecchio, A. Pecchia, and U. Villano, ‘A Case Study with CICIDS2017 on the Robustness of Machine Learning against Adversarial Attacks in Intrusion Detection’, in Proceedings of the 18th International Conference on Availability, Reliability and Security, Benevento Italy: ACM, Aug. 2023, pp. 1–8. doi: 10.1145/3600160.3605031.
[23] S. Asif, ‘OSEN-IoT: An optimized stack ensemble network with genetic algorithm for robust intrusion detection in heterogeneous IoT networks’, Expert Systems with Applications, vol. 276, p. 127183, Jun. 2025, doi: 10.1016/j.eswa.2025.127183.
[24] F. Alrayes, M. Zakariah, S. Amin, Z. Khan, and J. Alqurni, ‘Network Security Enhanced with Deep Neural Network-Based Intrusion Detection System’, CMC, vol. 80, no. 1, pp. 1457–1490, 2024, doi: 10.32604/cmc.2024.051996.
[25] R. A. Abed, E. K. Hamza, and A. J. Humaidi, ‘A modified CNN-IDS model for enhancing the efficacy of intrusion detection system’, Measurement: Sensors, vol. 35, p. 101299, Oct. 2024, doi: 10.1016/j.measen.2024.101299.
[26] D. Suja Mary, L. Jaya Singh Dhas, A. R. Deepa, M. A. Chaurasia, and C. Jaspin Jeba Sheela, ‘Network intrusion detection: An optimized deep learning approach using big data analytics’, Expert Systems with Applications, vol. 251, p. 123919, Oct. 2024, doi: 10.1016/j.eswa.2024.123919.
[27] S. Shen, C. Cai, Z. Li, Y. Shen, G. Wu, and S. Yu, ‘Deep Q-network-based heuristic intrusion detection against edge-based SIoT zero-day attacks’, Applied Soft Computing, vol. 150, p. 111080, Jan. 2024, doi: 10.1016/j.asoc.2023.111080.
[28] B. Sharma, L. Sharma, C. Lal, and S. Roy, ‘Explainable artificial intelligence for intrusion detection in IoT networks: A deep learning based approach’, Expert Systems with Applications, vol. 238, p. 121751, Mar. 2024, doi: 10.1016/j.eswa.2023.121751.
[29] N. O. Aljehane et al., ‘Golden jackal optimization algorithm with deep learning assisted intrusion detection system for network security’, Alexandria Engineering Journal, vol. 86, pp. 415–424, Jan. 2024, doi: 10.1016/j.aej.2023.11.078.
[30] A. Ba and M. Adda, ‘Intrusion Detection in IIoT Using Machine Learning’, Procedia Computer Science, vol. 251, pp. 265–272, 2024, doi: 10.1016/j.procs.2024.11.109.
[31] R. Kimanzi, P. Kimanga, D. Cherori, and P. K. Gikunda, ‘Deep Learning Algorithms Used in Intrusion Detection Systems -- A Review’, Feb. 26, 2024, arXiv: arXiv:2402.17020. doi: 10.48550/arXiv.2402.17020.
[32] R. Chinnasamy, M. Subramanian, S. V. Easwaramoorthy, and J. Cho, ‘Deep learning-driven methods for network-based intrusion detection systems: A systematic review’, ICT Express, vol. 11, no. 1, pp. 181–215, Feb. 2025, doi: 10.1016/j.icte.2025.01.005.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Hicham Zmaimita, Abdellah Madani, Khalid Zine-Dine
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Please find the rights and licenses in Register: Jurnal Ilmiah Teknologi Sistem Informasi. By submitting the article/manuscript of the article, the author(s) agree with this policy. No specific document sign-off is required.
1. License
The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
2. Author(s)' Warranties
The author warrants that the article is original, written by stated author(s), has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary written permissions to quote from other sources have been obtained by the author(s).
3. User/Public Rights
Register's spirit is to disseminate articles published are as free as possible. Under the Creative Commons license, Register permits users to copy, distribute, display, and perform the work for non-commercial purposes only. Users will also need to attribute authors and Register on distributing works in the journal and other media of publications. Unless otherwise stated, the authors are public entities as soon as their articles got published.
4. Rights of Authors
Authors retain all their rights to the published works, such as (but not limited to) the following rights;
Copyright and other proprietary rights relating to the article, such as patent rights,
The right to use the substance of the article in own future works, including lectures and books,
The right to reproduce the article for own purposes,
The right to self-archive the article (please read out deposit policy),
The right to enter into separate, additional contractual arrangements for the non-exclusive distribution of the article's published version (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal (Register: Jurnal Ilmiah Teknologi Sistem Informasi).
5. Co-Authorship
If the article was jointly prepared by more than one author, any authors submitting the manuscript warrants that he/she has been authorized by all co-authors to be agreed on this copyright and license notice (agreement) on their behalf, and agrees to inform his/her co-authors of the terms of this policy. Register will not be held liable for anything that may arise due to the author(s) internal dispute. Register will only communicate with the corresponding author.
6. Royalties
Being an open accessed journal and disseminating articles for free under the Creative Commons license term mentioned, author(s) aware that Register entitles the author(s) to no royalties or other fees.
7. Miscellaneous
Register will publish the article (or have it published) in the journal if the article’s editorial process is successfully completed. Register's editors may modify the article to a style of punctuation, spelling, capitalization, referencing and usage that deems appropriate. The author acknowledges that the article may be published so that it will be publicly accessible and such access will be free of charge for the readers as mentioned in point 3.
