A Systematic Review on the use of Deep Learning in Classifying Malicious Network Traffic

Finding and managing malicious network protocols is still very difficult in cybersecurity due to sophisticated attacks and encrypted communications. This systematic review analyzes the 59 most recent studies from 2018 to 2025 discussing using Deep Learning to recognize malicious traffic. Importantly, the study proves that more people rely on transformer networks, consider self-supervised and blended approaches, and do not validate sophisticated systems in real time. In addition, it makes it clear that the data used, evaluation metrics, and methods for deploying models on hardware are not realistic enough. Quantitative synthesis reveals: CNN-based architectures dominate (42% of studies, mean accuracy = 96.8%), followed by hybrid CNN-LSTM models (22%, mean accuracy = 97.4%), while Transformer-based approaches (8% of studies) achieve the highest mean accuracy (98.2%) yet only 12% evaluate real-time latency; NSL-KDD remains the most frequent dataset (n=18, mean accuracy = 94.2%), whereas CICIDS2017 (n=14) yields higher performance (97.1% mean); only 6 of 59 studies (10.2%) report inference latency or throughput; and self-supervised or unsupervised methods appear in just 8.5% of studies despite demonstrating 96%+ zero-day detection capability. These statistically grounded findings provide a roadmap for developing deployable, real-time intrusion detection systems while exposing critical gaps in current research methodology.