Intrusion Detection Systems (IDS) have long been a hot topic in the cybersecurity community. In recent years, with the introduction of deep learning (DL) techniques, IDS have made great progress due to their increasing generalizability. The rationale behind this is that by learning the underlying patterns of known system behaviors, IDS detection can be generalized to intrusions that exploit zero-day vulnerabilities. In this survey, we refer to this type of IDS as DL-based IDS (DL-IDS). From the perspective of DL, this survey systematically reviews all the stages of DL-IDS, including data collection, log storage, log parsing, graph summarization, attack detection, and attack investigation. To accommodate current researchers, a section describing the publicly available benchmark datasets is included. This survey further discusses current challenges and potential future research directions, aiming to help researchers understand the basic ideas and visions of DL-IDS research, as well as to motivate their research interests.

翻译：入侵检测系统（IDS）长期以来一直是网络安全领域的研究热点。近年来，随着深度学习（DL）技术的引入，IDS因其日益增强的泛化能力而取得了重大进展。其基本原理在于，通过学习已知系统行为的潜在模式，IDS检测可以泛化到利用零日漏洞的入侵行为。在本综述中，我们将此类IDS称为基于深度学习的IDS（DL-IDS）。本文从深度学习的视角，系统性地回顾了DL-IDS的各个阶段，包括数据收集、日志存储、日志解析、图摘要、攻击检测与攻击溯源。为适应当前研究者的需求，本文还包含一节介绍公开可用的基准数据集。本综述进一步探讨了当前面临的挑战与未来潜在的研究方向，旨在帮助研究者理解DL-IDS研究的基本思路与愿景，并激发其研究兴趣。