A Systematic Review of Deep Learning Models for Intrusion Detection: From CNN to Hybrid Architectures
摘要
The growing complexity and frequency of cyberattacks necessitate the development of advanced intrusion detection systems (IDSs) capable of accurately identifying malicious activities. In this paper, we explore the application of deep learning (DL) methods, including Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNN), Long Short-Term Memory (LSTM) networks, and hybrid architectures such as CNN-LSTM and DCNNBiLSTM, to enhance the performance of IDSs. Using benchmark datasets-NSL-KDD, CICIDS2017, and UNSW-NB15-, we evaluate the models based on accuracy, F1-score, and false positive rate (FPR). The results demonstrate that hybrid models outperform standalone architectures, achieving up to 98.7% accuracy with a lower FPR, particularly on complex datasets like CICIDS 2017. However, hybrid models present challenges related to computational complexity, limiting their real-time deployment potential. This research highlights the trade-offs between detection accuracy and computational efficiency. It suggests future directions for optimizing model performance in real-world environments through techniques such as model compression and Explainable AI (XAI). Furthermore, we discuss the implications of these findings for practical deployment in resource-constrained environments such as IoT networks.