Neurosymbolic AI for network intrusion detection systems: A survey

Current data-driven AI approaches in Network Intrusion Detection System (NIDS) face challenges related to high resource consumption, high computational demands, and limited interpretability. Moreover, they often struggle to detect unknown and rapidly evolving cyber threats. This survey explores the integration of Neurosymbolic AI (NeSy AI) into NIDS, combining the data-driven capabilities of Deep Learning (DL) with the structured reasoning of symbolic AI to address emerging cybersecurity threats. The integration of NeSy AI into NIDS demonstrates significant improvements in both the detection and interpretation of complex network threats by exploiting the advanced pattern recognition typical of neural processing and the interpretive capabilities of symbolic reasoning. In this survey, we categorise the analysed NeSy AI approaches applied to NIDS into logic-based and graph-based representations. Logic-based approaches emphasise symbolic reasoning and rule-based inference. On the other hand, graph-based representations capture the relational and structural aspects of network traffic. We examine various NeSy systems applied to NIDS, highlighting their potential and main challenges. Furthermore, we discuss the most relevant issues in the field of NIDS and the contribution NeSy can offer. We present a comparison between the main XAI techniques applied to NIDS in the literature and the increased explainability offered by NeSy systems.