Reinforcement-Learning-Based Intrusion Detection in Communication Networks: A Review

Modern communication networks have to meet the performance requirements of contemporary industrial control systems (ICSs), which are increasingly being connected to the external Internet. This connectivity exposes them to vulnerabilities that necessitate timely and effective protection measures. The integration of intrusion-detection systems (IDSs) into communication networks serves as a preventive mechanism to defend against malicious threats and hostile activities, ensuring secure operations within the broader industrial infrastructure. This review explores the cutting-edge artificial-intelligence techniques that are employed in the development of IDSs for diverse industrial control networks, emphasizing the application of deep reinforcement learning (DRL) within IDS-based systems across various communication networks. DRL has been successful in solving complex sequential decision-making problems in various domains, including robotics, game playing, and natural-language processing. The review examines a broad scope of publications, and these are categorized into three groups: DRL-only and IDS-only in the introduction and background, and DRL-based IDS papers in the core section of the review. This seeks to provide researchers with an overview of the current state of DRL approaches in IDSs for various network types. Through a meticulous comparative analysis with existing surveys, our review stands out, emphasizing its uniqueness and comprehensiveness. This inclusivity extends beyond traditional boundaries, encompassing a wide array of IDS techniques and environments, ranging from the Internet of Things to ICSs, smart grids, and other domains. Additionally, this review provides useful information such as the datasets used, types of DRL employed, pretrained networks, IDS techniques, evaluation metrics, and improvements gained. Furthermore, the algorithms and methods used in several studies are presented to illustrate the principles of each DRL-based IDS subcategory clearly and in depth. A detailed taxonomy is presented, providing nuanced insights into diverse applications with a triple focus on IDSs, deep-learning, and DRL techniques, which makes this review unique.