Professional Documents
Culture Documents
Intrusion Detection Systems With Deep Learning: A Systematic Mapping Study
Intrusion Detection Systems With Deep Learning: A Systematic Mapping Study
net/publication/333925714
CITATION READS
1 65
4 authors, including:
Gozde Karatas
T.C. Istanbul Kultur University
9 PUBLICATIONS 20 CITATIONS
SEE PROFILE
All content following this page was uploaded by Gozde Karatas on 03 October 2019.
Deep Belief Networks (DBN) which was put forth by Stage of the investigation methods are defined as Planning,
Geoffrey Hinton again, can be considered to be a component of Propulsion, Reporting and Data Extraction respectively. These
RBMs. It is a productive deep neural network where every steps are demonstrated in the following section.
layer is linked to one another and it is a multi-layered graphics
model. In general, DBNs has many uses in areas like A. Planning
electroencephalography and medicine discovery. In this section, investigation questions, searching strategies,
inclusiveness and externalizations criteria, data retrieval and
Auto encoders (AE), which are also named as Diabolo
synthesizing ways are revealed. Research questions which is
network, is a specific neural network which copies the values at
below are determined to state primary studies in Intrusion
input layer to output layer; and is used for unsupervised
Detection Systems:
learning in which the labels are not pronounced distinctively
while training the data set. AE produces its own labels while RQ1: What are the commonly used research techniques?
(theory, survey, test, experiment, examination etc.)
RQ2: Which one of the electronic databases include more according to inclusion-exclusion criteria. First, the key words
publishing relevant to intrusion detection systems with deep were eliminated, then the whole text was read out and the
learning subject? number of the final papers was found. Also, only one of
duplicated study is selected and the others were eliminated.
RQ3: Which journals and conferences contain more After the items were eliminated, the works were reduced to 87
publishing about intrusion detection systems? related papers and the research questions were applied to these
RQ4: What is the distribution of publishing by years? papers.
RQ5: What is distribution of studies according to their
publishing type? IV. RESULTS
Distribution according to types of papers shown in Figure-
Semi-automatic seeking is done to reach resources by using
1. Academic Article is most published one.
key words below;
o “Deep Learning” and “Intrusion Detection”
o Deep learning with intrusion detection
o Deep learning-based intrusion detection
o “Deep Learning “ “Intrusion Detection”
Databases which are used to find publications are ACM
Digital Library, IEEE Explorer, Science Direct and Wiley. Due
to the fact that some of the publications are included in more
than one database one of them is chosen and used. For this
Figure 1: Distribution of publications by types
investigation literatures which is published years between 2009
to 2019 are viewed. Publications are excluded that is not Figure-2 shows the distributions of the publications
relevant to the Intrusion Detection subject. Inclusion Criteria analyzed by years. There is a increase in the number of
(IC) and Exclusion Criteria (EC) are identified in Table 1 publications since 2009. It is seen that most publications about
below: deep learning were prepared in 2016.
C. Reporting
Based on research questions, on the verge of answering each
question all needed reporting is done and consequences are
evaluated.
D. Data Extraction
Figure 3: Distribution of publications by study context
In this phase, the number of studies received from each data
source via search sequences is IEEE 158, Scopus 301, ACM The preferred deep learning algorithms in the publications
3506, Wiley 1674 and ScienceDirect 1449 were found. examined in Figure-4. Within all deep learning algorithms,
Subsequently, these studies were examined and eliminated
DNN is the most preferred one. In particular the Others Also, more work should be done on the algorithms used for
includes all machine learning algorithms. sequential data.
In the future work, try to find out the problems in the deep
learning algorithms which are not included/investigated in this
study will be done in the last stage.
REFERENCES
[1] G. Karatas and O. K. Sahingoz, “Neural network based intrusion
detection systems with different training functions,” In: 2018 6th
International Symposium on Digital Forensic and Security (ISDFS).
IEEE, 2018. p. 1-6.
[2] G. Karatas, “Genetic algorithm for intrusion detection system,” In: 2016
24th Signal Processing and Communication Application Conference
Figure 4: Distribution of Deep Learning Algorithms (SIU). IEEE, 2016. p. 1341-1344.
In this study, 87 publications were taken into consideration. [3] H. Om and T. Hazra, “Statistical techniques in anomaly intrusion
detection system,” International Journal of Advances in Engineering &
Figure-5 shows the distribution of the publications used for Technology, vol. 5, no. 1, pp. 387–398, 2012.
examination by databases from electronic databases. According [4] G. Zhao, C. Zhang, and L. Zheng, “Intrusion detection using deep belief
to this numerical data, the most relevant publication is in the network and probabilistic neural network,” in Computational Science
IEEE Explorer database. and Engineering (CSE) and Embedded and Ubiquitous Computing
(EUC), 2017 IEEE International Conference on, vol. 1. IEEE, 2017, pp.
639–642.
[5] T. Shibahara, T. Yagi, M. Akiyama, D. Chiba, and T. Yada, “Efficient
dynamic malware analysis based on network behavior using deep
learning,” in Global Communications Conference (GLOBECOM), 2016
IEEE. IEEE, 2016, pp. 1–7.
[6] J. Yan, D. Jin, C. W. Lee, and P. Liu, “A comparative study of offline
deep learning based network intrusion detection,” in 2018 Tenth
International Conference on Ubiquitous and Future Networks (ICUFN).
IEEE, 2018, pp. 299–304.
[7] M.-J. Kang and J.-W. Kang, “A novel intrusion detection method using
Figure 5: Distribution of publications by databases deep neural network for in-vehicle network security,” in Vehicular
Technology Conference (VTC Spring), 2016 IEEE 83rd. IEEE, 2016,
In this study, 22 journal articles and 65 conference papers pp. 1–5.
were studied. The majority of the publications used in the [8] S. Potluri and C. Diedrich, “Accelerated deep neural networks for
review are conference proceedings. The names of the enhanced intrusion detection system,” in Emerging Technologies and
conferences with more than 1 publications are given in the Factory Automation (ETFA), 2016 IEEE 21st International Conference
Table 2. Also IEEE Access is the most widely published on. IEEE, 2016, pp. 1–8.
journal. It has 4 publications. Other journals has one. [9] O. Kaynar, A. G. Y¨uksek, Y. G¨ormez, and Y. E. Is¸ik, “Intrusion
detection with autoencoder based deep learning machine,” in Signal
Processing and Communications Applications Conference (SIU), 2017
Table 2: Most Published Conferences 25th. IEEE, 2017, pp. 1–4.
[10] K. Alrawashdeh and C. Purdy, “Toward an online anomaly intrusion
Number of detection system based on deep learning,” in Machine Learning and
Conference Name Publication Applications (ICMLA), 2016 15th IEEE International Conference on.
IEEE, 2016, pp. 195–200.
2017 IEEE National Aerospace and Electronics Conf. 2 [11] S.DingandG.Wang,“Researchonintrusiondetectiontechnologybased on
2017 Int. Conf. on Adv. in Comp., Communi. and deep learning,” in Computer and Communications (ICCC), 2017 3rd
IEEE International Conference on. IEEE, 2017, pp. 1474–1478.
Informatics 2
[12] https://www.kisa.link/LDwM
2018 Int. Telecommunication Net. and App. Conf. 2
2018 Int. Cong. on Big Data, Deep Learning and
Fighting Cyber Terrorism 2
Int. Conf. on Bio-inspired Inf. and Communi. Tech. 2
V. CONCLUSION
Five electronic databases were used in this study, 6088
publication were found, but only 87 of them were used [12].
Suggestions at the end of the research are as follows; book
chapters on intrusion detection systems should be developed,
different types of study areas which are suitable for
implementing deep learning algorithms should be determined.