| Title |
A Survey of Deep Learning-Based Network Anomaly Detection: Benchmarking on NSL-KDD, UNSW-NB15, and CICIDS2017 |
| Authors |
(Seoyeon Choi) ; (Songhye Kim) ; (Jihyeon Ryu) |
| DOI |
https://doi.org/10.5573/IEIESPC.2026.15.3.410 |
| Keywords |
Time series; Anomaly detection; Deep learning; Computer network |
| Abstract |
Network anomaly detection is a critical component of cybersecurity, enabling the identification of potential infringements and malicious traffic. In recent years, machine learning and deep learning methods have been widely applied for this purpose. This study systematically reviews research employing NSL-KDD, UNSW-NB15, and CICIDS2017 datasets and compares the performance of commonly used models. The analysis shows that convolutional neural networks (CNNs) achieve strong results on imbalanced, high-dimensional data by leveraging regional patterns and hierarchical feature learning, while long short-term memory (LSTM) networks excel in capturing temporal dependencies. Generative adversarial networks (GANs) further enhance detection performance by addressing data imbalance and producing realistic attack samples. However, CNNs struggle with long-term dependencies, LSTMs incur high computational costs for long sequences, and GANs face instability and mode collapse. To address these limitations, emerging approaches such as transformers, contrastive learning, and LLMbased multimodal frameworks are gaining attention. This paper highlights the strengths and weaknesses of CNNs, LSTMs, and GANs and outlines promising directions for next-generation network anomaly detection. |