Neurosymbolic AI for network intrusion detection systems: A survey

IF 3.7 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-08-26 DOI:10.1016/j.jisa.2025.104205

Alice Bizzarri , Chung-En (Johnny) Yu , Brian Jalaian , Fabrizio Riguzzi , Nathaniel D. Bastian

{"title":"Neurosymbolic AI for network intrusion detection systems: A survey","authors":"Alice Bizzarri , Chung-En (Johnny) Yu , Brian Jalaian , Fabrizio Riguzzi , Nathaniel D. Bastian","doi":"10.1016/j.jisa.2025.104205","DOIUrl":null,"url":null,"abstract":"<div><div>Current data-driven AI approaches in Network Intrusion Detection System (NIDS) face challenges related to high resource consumption, high computational demands, and limited interpretability. Moreover, they often struggle to detect unknown and rapidly evolving cyber threats. This survey explores the integration of Neurosymbolic AI (NeSy AI) into NIDS, combining the data-driven capabilities of Deep Learning (DL) with the structured reasoning of symbolic AI to address emerging cybersecurity threats. The integration of NeSy AI into NIDS demonstrates significant improvements in both the detection and interpretation of complex network threats by exploiting the advanced pattern recognition typical of neural processing and the interpretive capabilities of symbolic reasoning. In this survey, we categorise the analysed NeSy AI approaches applied to NIDS into logic-based and graph-based representations. Logic-based approaches emphasise symbolic reasoning and rule-based inference. On the other hand, graph-based representations capture the relational and structural aspects of network traffic. We examine various NeSy systems applied to NIDS, highlighting their potential and main challenges. Furthermore, we discuss the most relevant issues in the field of NIDS and the contribution NeSy can offer. We present a comparison between the main XAI techniques applied to NIDS in the literature and the increased explainability offered by NeSy systems.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"94 ","pages":"Article 104205"},"PeriodicalIF":3.7000,"publicationDate":"2025-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S221421262500242X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Current data-driven AI approaches in Network Intrusion Detection System (NIDS) face challenges related to high resource consumption, high computational demands, and limited interpretability. Moreover, they often struggle to detect unknown and rapidly evolving cyber threats. This survey explores the integration of Neurosymbolic AI (NeSy AI) into NIDS, combining the data-driven capabilities of Deep Learning (DL) with the structured reasoning of symbolic AI to address emerging cybersecurity threats. The integration of NeSy AI into NIDS demonstrates significant improvements in both the detection and interpretation of complex network threats by exploiting the advanced pattern recognition typical of neural processing and the interpretive capabilities of symbolic reasoning. In this survey, we categorise the analysed NeSy AI approaches applied to NIDS into logic-based and graph-based representations. Logic-based approaches emphasise symbolic reasoning and rule-based inference. On the other hand, graph-based representations capture the relational and structural aspects of network traffic. We examine various NeSy systems applied to NIDS, highlighting their potential and main challenges. Furthermore, we discuss the most relevant issues in the field of NIDS and the contribution NeSy can offer. We present a comparison between the main XAI techniques applied to NIDS in the literature and the increased explainability offered by NeSy systems.

查看原文本刊更多论文

用于网络入侵检测系统的神经符号人工智能：综述

当前网络入侵检测系统（NIDS）中数据驱动的人工智能方法面临着高资源消耗、高计算需求和有限可解释性的挑战。此外，他们往往难以发现未知的和快速发展的网络威胁。本调查探讨了将神经符号人工智能（NeSy AI）集成到NIDS中，将深度学习（DL）的数据驱动功能与符号人工智能的结构化推理相结合，以应对新兴的网络安全威胁。通过利用神经处理的高级模式识别和符号推理的解释能力，将NeSy AI集成到NIDS中，在复杂网络威胁的检测和解释方面都有了显著的改进。在本调查中，我们将分析的NeSy AI方法应用于NIDS分为基于逻辑和基于图形的表示。基于逻辑的方法强调符号推理和基于规则的推理。另一方面，基于图的表示捕获网络流量的关系和结构方面。我们研究了应用于NIDS的各种NeSy系统，强调了它们的潜力和主要挑战。此外，我们还讨论了NIDS领域中最相关的问题以及NeSy可以提供的贡献。我们将文献中应用于NIDS的主要XAI技术与NeSy系统提供的更高的可解释性进行比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.