Cyber-attacks are becoming increasingly sophisticated and frequent, highlighting the importance of network intrusion detection systems. This paper explores the potential and challenges of using deep reinforcement learning (DRL) in network intrusion detection. It begins by introducing key DRL concepts and frameworks, such as deep Q-networks and actor-critic algorithms, and reviews recent research utilizing DRL for intrusion detection. The study evaluates challenges related to model training efficiency, detection of minority and unknown class attacks, feature selection, and handling unbalanced datasets. The performance of DRL models is comprehensively analyzed, showing that while DRL holds promise, many recent technologies remain underexplored. Some DRL models achieve state-of-the-art results on public datasets, occasionally outperforming traditional deep learning methods. The paper concludes with recommendations for enhancing DRL deployment and testing in real-world network scenarios, with a focus on Internet of Things intrusion detection. It discusses recent DRL architectures and suggests future policy functions for DRL-based intrusion detection. Finally, the paper proposes integrating DRL with generative methods to further improve performance, addressing current gaps and supporting more robust and adaptive network intrusion detection systems.

翻译：网络攻击日益复杂频繁，突显了网络入侵检测系统的重要性。本文探讨了深度强化学习在网络入侵检测中的应用潜力与挑战。首先介绍了深度强化学习的核心概念与框架，如深度Q网络和演员-批评家算法，并综述了近期利用深度强化学习进行入侵检测的研究进展。研究评估了模型训练效率、少数类与未知类攻击检测、特征选择以及不平衡数据集处理等方面的挑战。通过对深度强化学习模型的性能进行全面分析，发现尽管该技术前景广阔，但许多最新方法仍待深入探索。部分深度强化学习模型在公开数据集上取得了最先进的检测效果，其性能有时甚至超越传统深度学习方法。本文最后提出了在实际网络场景中加强深度强化学习部署与测试的建议，重点关注物联网入侵检测领域。文中讨论了最新的深度强化学习架构，并展望了基于深度强化学习的入侵检测系统未来可采用的策略函数。最终，本文提出将深度强化学习与生成式方法相结合以进一步提升性能，旨在解决当前技术缺口，构建更鲁棒、更自适应的网络入侵检测系统。