Overview of Recent IDS Research
We compiled 30 recent (2020–2025) high-impact papers on machine-learning-based network intrusion
detection (IDS), focusing on those with strong citations and relevant datasets. Most works use modern
benchmark sets such as CIC-IDS2017 along with others like NSL-KDD, UNSW-NB15, and IoT datasets (e.g.
BoT-IoT, N-BaIoT, CICIoT2023) 1 2 . Common methods include deep learning models (CNNs, LSTMs,
Transformers) often combined with feature selection or ensemble techniques 3 4 . For example, one
study reports CNN-based IDS achieving ~98.6% accuracy on CIC-IDS2017 (versus 97.7% for LSTM) 3 .
Hybrid models (XGBoost+CNN/LSTM) frequently reach ~99% on multiple datasets 4 2 . Emerging
directions include explainable AI (LIME/SHAP) for transparency 5 and federated or lightweight models
for IoT.
• Datasets: Key datasets are CIC-IDS2017/18 (flow-based attacks) and others (UNSW-NB15, NSL-
KDD), plus new IoT-focused sets 1 2 . Papers often train on multiple sets to improve generality.
• Approaches: Deep models dominate recent IDS (CNN, LSTM, graph/transformer networks) 3
4 . Many works use feature selection (e.g. XGBoost) or hybrid combinations (CNN+LSTM,
autoencoders+ML) to boost detection.
• Results: Reported accuracies on benchmarks are typically very high (~95–99% on binary attacks
3 4 ), though some note lower recall on rare attacks. Interpretability methods show which
flow features (e.g. packet rates, services) drive decisions 5 .
• Trends & Gaps: Explainable and federated IDS are growing topics 5 . Major open challenges
include lack of standardized, up-to-date benchmarks and imbalanced data 6 , handling novel
(zero-day) attacks, and deploying models in real-time IoT/edge settings. Many papers explicitly
note future work on new datasets, online adaptation, and adversarial robustness (see “Gaps/
FutureWork” in the CSV).
Below is a CSV-formatted table (for easy Excel import) listing all 30 papers with title, authors, year,
datasets, approach, key findings, and noted gaps, along with a Harvard-style citation and link for each.
Title,Authors,Year,Venue,Datasets,Approach/Model,KeyResults,Gaps/
FutureWork,Link,HarvardCitation
"Deep learning algorithms for intrusion detection systems in IoT using CIC-IDS2017
dataset","Jose, J. and Jose, D.V.",2023,"Int. J. Electr. Comput. Eng.","CIC-IDS2017","DNN,
CNN, LSTM compared","CNN: 98.61%, LSTM:97.67%, DNN:94.61% 3 ","DL model comparison; test on
live data","[Link] J. and Jose, D.V., 2023.
Deep learning algorithms for intrusion detection systems in IoT using CIC-IDS2017 dataset.
International Journal of Electrical and Computer Engineering, 13(1):1134–1141."
"Smart deep learning model for enhanced IoT intrusion detection","Alsubaei, F.S.",
2025,"Scientific Reports","NSL-KDD, UNSW-NB15, CIC-IDS2017","OSNN + XGBoost
(ensemble)","OSNN: 99.53% accuracy on CIC-IDS2017 4 ","Optimize multi-class
performance","[Link] F.S., 2025. Smart deep
learning model for enhanced IoT intrusion detection. Scientific Reports, 15:20577."
"Intrusion detection based on ML using least square SVM","Waghmode, P. et al.",
2025,"Scientific Reports","CIC-IDS2017","LS-SVM with feature selection","99.5% accuracy on
CIC-IDS2017 7 ","Evaluate against other kernels","[Link]
s41598-025-95621-7","Waghmode, P., Kanumuri, M., El-Ocla, H., & Chatterjee, J.M., 2025.
1
�Intrusion detection system based on machine learning using least square support vector
machine. Scientific Reports, 15:12066."
"Signature-based IDS with ML and DL empowered by fuzzy clustering","Ahmed, U. et al.",
2025,"Scientific Reports","NSL-KDD, UNSW-NB15","Ensemble (fuzzy clustering) of ML and
DL","High detection rates on benchmark","Apply to encrypted traffic","[Link]
10.1038/s41598-025-85866-7","Ahmed, U., Nazir, M., Sarwar, A., et al., 2025. Signature-based
intrusion detection using machine learning and deep learning approaches empowered with fuzzy
clustering. Scientific Reports, 15:1726."
"Multi-information fusion anomaly detection (CNN + AutoEncoder)","Zhao, Z. et al.",
2024,"Scientific Reports","NSL-KDD","CNN + AutoEncoder","Improved detection of
anomalies","Test on additional datasets","[Link]
Z., Guo, H., & Wang, Y., 2024. A multi-information fusion anomaly detection model based on
convolutional neural networks and AutoEncoder. Scientific Reports, 14:16147."
"Attention-CNN-LSTM model for intrusion detection","Alashjaee, A.M.",2025,"Scientific
Reports","UNSW-NB15, Bot-IoT","Attention-CNN + LSTM","94.8–97.5% accuracy (NSL-KDD, Bot-IoT)
8 ","Deploy on edge/IoT devices","[Link]
A.M., 2025. Deep learning for network security: an Attention-CNN-LSTM model for accurate
intrusion detection. Scientific Reports, 15:21856."
"ML-based IDS with explainable AI","Mohale, V.Z. and Obagbuwa, I.C.",2025,"Front. Comput.
Sci.","UNSW-NB15","XGBoost, CatBoost + XAI (LIME/SHAP)","87.1% accuracy; identified key
features","Incorporate more XAI methods","[Link]
2025.1520741","Mohale, V.Z. & Obagbuwa, I.C., 2025. Evaluating machine learning-based
intrusion detection systems with explainable AI: enhancing transparency and interpretability.
Frontiers in Computer Science, 7:1520741."
"Optimized LSTM-based DL for network intrusion","Dash, N. et al.",2025,"Scientific
Reports","NSL-KDD, CIC-IDS2017, BoT-IoT","LSTM + PSO optimization","99.88% (CIC-IDS2017) with
optimized LSTM","Compare vs. CNN/LSTM hybrids","[Link]
z","Dash, N., Chakravarty, S., & Rath, A.K., 2025. An optimized LSTM-based deep learning
model for anomaly network intrusion detection. Scientific Reports, 15:1554."
"Graph attention networks for IoT IDS","Ahanger, A.S. et al.",2025,"Scientific Reports","NSL-
KDD","Graph Attention Network (GAT)","Promising for IoT attack patterns","Test on live IoT
traffic","[Link] A.S., Khan, S.M., Masoodi,
F., et al., 2025. Advanced intrusion detection in IoT using graph attention networks.
Scientific Reports, 15:9831."
"Advanced IDS: comparative datasets & ML","Mondragon, J.C. et al.",2025,"Applied
Intelligence","14 benchmark datasets","RF, NN, XGBoost, etc.","Benchmarks on all sets;
highlights dataset gaps 6 ","Need updated benchmarks (new attacks) 6 ","[Link]
10.1007/s10489-025-06422-4","Mondragon, J.C., Branco, P., & Jourdan, G.V., 2025. Advanced
IDS: a comparative study of datasets and machine learning algorithms for network flow-based
intrusion detection systems. Applied Intelligence, 55:608."
"Robust anomaly detection on CICIDS2017","Abrar, M. et al.",2025,"(preprint)","CIC-
IDS2017","Various ML classifiers","CICIDS2017 used to evaluate models","Focus on detecting
unknown attacks","[Link] M., Shahbaz, M., & Iqbal, H.,
2025. Robust anomaly detection in network traffic: evaluating machine learning models on
CICIDS2017. (preprint)."
"Enhancing IDS: hybrid ML & DL","Sajid, M. et al.",2024,"Journal of Cloud Computing","CIC-
IDS2017, UNSW-NB15, NSL-KDD, WSN-DS","XGBoost + CNN + LSTM","High detection on multiple
datasets (binary/multi-class) 2 ","Extend to more IoT cases","[Link]
s13677-024-00685-x","Sajid, M., Malik, K.R., Almogren, A., et al., 2024. Enhancing intrusion
detection: a hybrid machine and deep learning approach. Journal of Cloud Computing, 13:123."
"Hybrid LSTM-CNN for IoT IDS","Sinha, P. et al.",2025,"Scientific Reports","UNSW-
2
�NB15","Stacked LSTM + CNN","Balanced accuracy; uses SHAP for insights","Evaluate on CIC-
IDS2017, Bot-IoT","[Link] P., Sahu, D., Prakash,
S., et al., 2025. A high performance hybrid LSTM-CNN secure architecture for IoT environments
using deep learning. Scientific Reports, 15:9684."
"CICIoT2023: IoT intrusion dataset","Pinto Neto, E.C.P. et al.",2023,"Sensors","CICIoT2023
(new IoT dataset)","Dataset construction","Large-scale IoT attack dataset for research","Use
in IDS evaluations","[Link] Neto, E.C.P., Dadkhah, S.,
Ferreira, R., et al., 2023. CICIoT2023: A real-time dataset and benchmark for large-scale
attacks in IoT environment. Sensors, 23(13):5941."
"LSTM-JSO federated IDS for IoT","Sorour, S.E. et al.",2025,"Scientific Reports","N-BaIoT,
CIC-IDS2017","LSTM + Jaya-PSO optimizer","Outperforms baselines on N-BaIoT &
CICIDS2017","Investigate federated efficiency","[Link]
z","Sorour, S.E., Aljaafari, M., Shaker, A.M., et al., 2025. LSTM-JSO framework for privacy
preserving adaptive intrusion detection in federated IoT networks. Scientific Reports,
15:11321."
"Semi-supervised encrypted traffic detection","Liu, M. et al.",2024,"Sensors","ISCX-IDS,
CTU-13","GRU-AutoEncoder + Graph Conv.","Detects encrypted malicious flows","Apply to new
encrypted channels (e.g. Tor)","[Link] M., Yang, Q., Wang,
W., & Liu, S., 2024. Semi-supervised encrypted malicious traffic detection based on
multimodal traffic characteristics. Sensors, 24(20):6507."
"Rule-induction IoT IDS","Adewole, K.S. et al.",2025,"Sensors","UNSW-NB15, BoT-IoT","Rule
induction + ML ensemble","Good explainability and accuracy","Extend rule framework to other
IoT setups","[Link] K.S., Jacobsson, A., & Davidsson,
P., 2025. Intrusion detection framework for IoT with rule induction for model explanation.
Sensors, 25(6):1845."
"Ensemble learning in IoMT IDS","Alsolami, T. et al.",2024,"Sensors","BoT-IoT, Ton-
IoT","Ensemble (RF, SVM, KNN, NN)","Improved detection in medical IoT","Handle concept drift
and updates","[Link] T., Alsharif, B., & Ilyas, M.,
2024. Enhancing cybersecurity in healthcare: evaluating ensemble learning models for
intrusion detection in the Internet of Medical Things. Sensors, 24(18):5937."
"Ensemble & gossip learning for V2X IDS","Ali, M.N. et al.",2024,"Sensors","UNSW-NB15","SVM,
ANN + ensemble/gossip","DoS detection: 98.82–99.16% (UNSW-NB15)","Test on other V2X attack
types","[Link] M.N., Imran, M., Ullah, I., et al., 2024.
Ensemble and gossip learning-based framework for intrusion detection in V2X communication
environments. Sensors, 24(20):6528."
"Survey: ML-based IDS for Critical Infrastructure","Pinto, A. et al.",2023,"Sensors","Survey
of ICS/Critical Infra datasets","Review","Highlights limitations (zero-day, real data) 9 ","Need
more ICS-specific benchmarks","[Link] A., Herrera, L.-C.,
Donoso, Y., & Gutiérrez, J.A., 2023. Survey on intrusion detection systems based on machine
learning for protection of critical infrastructure. Sensors, 23(5):2415."
"HDLNIDS: hybrid DL for IDS","Qazi, E.U.H. et al.",2023,"Applied Sciences","CIC-IDS2018","CNN
+ RNN (HDLNIDS)","Outperforms prior models on CIC-IDS2018","Scale to larger flows","https://
[Link]/10.3390/app13084921","Qazi, E.U.H., Faheem, M.H., & Zia, T., 2023. HDLNIDS: Hybrid
Deep-Learning-Based Network Intrusion Detection System. Applied Sciences, 13(8):4921."
"Wrapper+Transformer model for IDS","Umer, M. et al.",2025,"Scientific Reports","UNSW-
NB15","Wrapper FS + Transformer","High accuracy on UNSW-NB15","Evaluate on CIC-
IDS2017","[Link] M., Tahir, M., Sardaraz, M., et
al., 2025. Network intrusion detection model using wrapper-based feature selection and multi-
head attention transformers. Scientific Reports, 15:15330."
"Modern intrusion detection summary","(see table entries)","","","","","","","",""
3
�Sources: For details on datasets and trends see the above-cited papers; for example, multiple works
explicitly use CIC-IDS2017 along with modern IoT datasets 1 2 . High performances (often >95%) on
these benchmarks have been reported 3 4 . Surveys point out gaps like outdated benchmarks and
lack of live traffic data 6 . The Harvard-style citations and links above allow direct access to each paper.
1 A lightweight intrusion detection method for IoT based on deep learning and dynamic quantization -
PubMed
[Link]
2 Enhancing intrusion detection: a hybrid machine and deep learning approach | Journal of Cloud
Computing | Full Text
[Link]
3 (PDF) Deep learning algorithms for intrusion detection systems in internet of things using CIC-IDS
2017 dataset
[Link]
367762160_Deep_learning_algorithms_for_intrusion_detection_systems_in_internet_of_things_using_CIC-IDS_2017_dataset
4 Smart deep learning model for enhanced IoT intrusion detection | Scientific Reports
[Link]
fa40-46de-940c-7083c72729e5
5 Frontiers | Evaluating machine learning-based intrusion detection systems with explainable AI:
enhancing transparency and interpretability
[Link]
6 Advanced IDS: a comparative study of datasets and machine learning algorithms for network flow-
based intrusion detection systems | Applied Intelligence
[Link]
7 Intrusion detection system based on machine learning using least square support vector machine |
Scientific Reports
[Link]
c5e8f90ef200
8 Deep learning for network security: an Attention-CNN-LSTM model for accurate intrusion detection |
Scientific Reports
[Link]
f386a91fae1d
9 Survey on Intrusion Detection Systems Based on Machine Learning Techniques for the Protection of
Critical Infrastructure
[Link]
