Cyber Defense through Machine Intelligence: Evolving Perspectives on Intrusion Detection and Prevention
Keywords:
Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Internet of Things (IoT), Machine Learning, Deep Learning, Federated Learning, Edge/Fog/Cloud Computing, Explainable AI (XAI), Adversarial Machine Learning, Concept Drift, Benchmarking & Reproducibility.Abstract
This review synthesizes a decade of research on AI-driven Intrusion Detection and Prevention Systems (IDS/IPS) with a focus on Internet of Things (IoT) environments. We consolidate the taxonomy of IDS/IPS (host/network; signature/anomaly; hybrid), map modern learning paradigms (centralized, collaborative, and federated learning), and compare deployment strategies across cloud, fog, and edge. The survey catalogs commonly used datasets and evaluation practices, highlighting gaps in realism, class imbalance, and reporting of resource/latency costs. We analyze persistent challenges—concept drift, high false-positive rates, resource constraints on embedded devices, privacy and governance barriers, limited explainability, and adversarial vulnerability—and distill design recommendations. The review argues for data-centric and drift-aware pipelines, lightweight models at the edge with hybrid cloud analytics, privacy-preserving collaboration (e.g., robust federated learning), human-centered explanations with uncertainty, and reproducible benchmarking that reports accuracy alongside latency and energy. We conclude with a deployment-oriented research agenda and a reference set of emerging trends intended to guide reliable, real-world IDS/IPS in heterogeneous IoT networks.
