AI-Enhanced Intrusion Detection and Prevention Systems
DOI:
https://doi.org/10.15662/IJARCST.2025.0803002Keywords:
Machine Learning, Deep Learning, Intrusion Detection Systems, Intrusion Prevention Systems, Anomaly Detection, Reinforcement Learning, Federated Learning, Explainable AI, Cybersecurity AutomationAbstract
With cyber threats growing increasingly sophisticated, traditional signature-based Intrusion Detection and Prevention Systems (IDPS) struggle to detect novel, polymorphic attacks. AI-enhanced IDPS offer powerful alternatives—leveraging machine learning (ML) and deep learning (DL) to model patterns, anomalies, and behaviors in network and host systems. These solutions enhance detection accuracy, reduce false positives, and provide dynamic adaptability to evolving threat landscapes.
This paper reviews foundational AI techniques in IDPS, including supervised classifiers (e.g., SVM, decision trees), ensemble methods, deep neural networks (like CNNs and RNNs), hybrid models, and reinforcement learning (RL). It outlines training methodologies, performance evaluation, system deployment architectures, and introduces explainability and federated learning for privacy and transparency.
Key findings suggest AI-IDPS can achieve accuracy exceeding 97%, significantly lower false positives, and real-time responsiveness surpassing traditional systems IJISEscienceacadpress.com. RL-based models like QL-IDS have reached near-perfect detection rates on benchmarking datasets arXiv. Federated learning enables decentralized, privacy-preserving deployment suitable for distributed infrastructures arXiv. Incorporation of explainable AI (XAI) techniques—such as LIME and SHAP—enhances analyst trust and transparency MDPIarXiv.
However, challenges persist: acquiring large, representative datasets; ensuring model interpretability; mitigating adversarial attacks; managing computational costs; and safeguarding privacy and fairness scienceacadpress.comAZoAiAICompetence.orgarXiv.
We present a workflow that includes stages such as data gathering, feature extraction, model training/tuning, deployment, monitoring, and feedback loops, all enhanced via XAI and federated learning modules to balance accuracy with explainability and privacy. The paper highlights key advantages (e.g., adaptability, accuracy, threat generalization) and disadvantages (e.g., complexity, data/resource demands, transparency concerns), discusses results and implications, and outlines future work such as adversarial robustness, continual learning, edge deployment, and standardization of XAI evaluation metrics.
References
1. “AI-powered Intrusion Detection Systems: Real-World Performance Analysis.” Journal of AI-Assisted Scientific Discovery
2. Yakub Reddy & ShankarLingam, “Artificial Intelligence in Intrusion Detection Systems: Trends, Frameworks, and Future Directions,”
3. Safa Otoum, Burak Kantarci, Hussein Mouftah, “A Comparative Study of AI-based Intrusion Detection Techniques in Critical Infrastructures,”
4. Shaashwat Agrawal et al., “Federated Learning for Intrusion Detection System: Concepts, Challenges and Future Directions,”
5. Shraddha Mane & Dattaraj Rao, “Explaining Network Intrusion Detection System Using Explainable AI Framework,”
6. Explainable Artificial Intelligence for Intrusion Detection System (X-IDS), MDPI, 2022
7. AI-based Intrusion Detection: Enhancing Cybersecurity Defence, Insights2TechInfo
8. The Rise of AI-Driven Network Intrusion Detection Systems: Innovations, Challenges, and Future Directions
