Machine Learning and Deep Learning Techniques for Cybersecurity: A Review

  • Said A. SalloumEmail author
  • Muhammad Alshurideh
  • Ashraf Elnagar
  • Khaled Shaalan
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1153)


In this review, significant literature surveys on machine learning (ML) and deep learning (DL) techniques for network analysis of intrusion detection are explained. In addition, it presents a short tutorial explanation on every ML/DL method. Data holds a significant position in ML/DL methods; hence this paper highlights the datasets used in machine learning techniques, which are the primary tools for analyzing network traffic and detecting abnormalities. In addition, we elaborate on the issues faced in using ML/DL for cybersecurity and offer recommendations for future studies.


Cyber security Machine learning Deep learning 


  1. 1.
    Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153–1176 (2015)CrossRefGoogle Scholar
  2. 2.
    Mukkamala, S., Sung, A., Abraham, A.: Cyber security challenges: designing efficient intrusion detection systems and antivirus tools. In: Vemuri, V.R. (ed.) Enhancing Computer Security with Smart Technology 2006, pp. 125–163 (2005)Google Scholar
  3. 3.
    Yavanoglu, O., Aydos, M.: A review on cyber security datasets for machine learning algorithms. In: 2017 IEEE International Conference on Big Data (Big Data), pp. 2186–2193 (2017)Google Scholar
  4. 4.
    da Costa, K.A.P., Papa, J.P., Lisboa, C.O., Munoz, R., de Albuquerque, V.H.C.: Internet of Things: a survey on machine learning-based intrusion detection approaches. Comput. Netw. 151, 147–157 (2019)CrossRefGoogle Scholar
  5. 5.
    Liu, Q., Li, P., Zhao, W., Cai, W., Yu, S., Leung, V.C.M.: A survey on security threats and defensive techniques of machine learning: a data driven view. IEEE Access 6, 12103–12117 (2018)CrossRefGoogle Scholar
  6. 6.
    Xin, Y., et al.: Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365–35381 (2018)CrossRefGoogle Scholar
  7. 7.
    Dua, S., Du, X.: Data Mining and Machine Learning in Cybersecurity. Auerbach Publications (2016)Google Scholar
  8. 8.
    Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017)CrossRefGoogle Scholar
  9. 9.
    Xiao, L., Wan, X., Lu, X., Zhang, Y., Wu, D.: IoT security techniques based on machine learning (2018). arXiv Prepr. arXiv:1801.06275
  10. 10.
    Jordan, M.I., Mitchell, T.M.: Machine learning: Trends, perspectives, and prospects. Science (80-.) 349(6245), 255–260 (2015)CrossRefMathSciNetzbMATHGoogle Scholar
  11. 11.
    Fraley, J.B., Cannady, J.: The promise of machine learning in cybersecurity. SoutheastCon 2017, 1–6 (2017)Google Scholar
  12. 12.
    Alazab, M., Tang, M.: Deep Learning Applications for Cyber Security. Springer, Heidelberg (2019)CrossRefGoogle Scholar
  13. 13.
    Li, J.: Cyber security meets artificial intelligence: a survey. Front. Inf. Technol. Electron. Eng. 19(12), 1462–1474 (2018)CrossRefGoogle Scholar
  14. 14.
    Jones, C.L., Bridges, R.A., Huffer, K.M.T., Goodall, J.R.: Towards a relation extraction framework for cyber-security concepts. In: Proceedings of the 10th Annual Cyber and Information Security Research Conference, p. 11 (2015)Google Scholar
  15. 15.
    McNeil, N., Bridges, R.A., Iannacone, M.D., Czejdo, B., Perez, N., Goodall, J.R.: Pace: pattern accurate computationally efficient bootstrapping for timely discovery of cyber-security concepts. In: 2013 12th International Conference on Machine Learning and Applications, vol. 2, pp. 60–65 (2013)Google Scholar
  16. 16.
    Zhang, Q., Man, D., Yang, W.: Using HMM for intent recognition in cyber security situation awareness. In: 2009 Second International Symposium on Knowledge Acquisition and Modeling, vol. 2, pp. 166–169 (2009)Google Scholar
  17. 17.
    Bonaci, T., Herron, J., Yusuf, T., Yan, J., Kohno, T., Chizeck, H.J.: To make a robot secure: an experimental analysis of cyber security threats against teleoperated surgical robots (2015). arXiv Prepr. arXiv:1504.04339
  18. 18.
    Hacioglu, U., Sevgilioglu, G.: The evolving role of automated systems and its cyber-security issue for global business operations in Industry 4.0. Int. J. Bus. Ecosyst. Strategy 1(1), 1–11 (2019)Google Scholar
  19. 19.
    Alhashmi, S.F.S., Salloum, S.A., Abdallah, S.: Critical success factors for implementing artificial intelligence (AI) projects in Dubai government United Arab Emirates (UAE) health sector: applying the extended technology acceptance model (TAM). In: International Conference on Advanced Intelligent Systems and Informatics, pp. 393–405 (2019)Google Scholar
  20. 20.
    Darwish, A., Ezzat, D., Hassanien, A.E.: An optimized model based on convolutional neural networks and orthogonal learning particle swarm optimization algorithm for plant diseases diagnosis. Swarm Evol. Comput. 52, 100616 (2020)CrossRefGoogle Scholar
  21. 21.
    Abdelghafar, S., Darwish, A., Hassanien, A.E.: Intelligent health monitoring systems for space missions based on data mining techniques. In: Machine Learning and Data Mining in Aerospace Technology, pp. 65–78. Springer (2020)Google Scholar
  22. 22.
    Elsayad, D., Ali, A., Shedeed, H.A., Tolba, M.F.: PAGeneRN: parallel architecture for gene regulatory network. In: Data Analytics in Medicine: Concepts, Methodologies, Tools, and Applications, pp. 1052–1075. IGI Global (2020)Google Scholar
  23. 23.
    Pacheco, A.G.C., Ali, A.-R., Trappenberg, T.: Skin cancer detection based on deep learning and entropy to detect outlier samples (2019). arXiv Prepr. arXiv:1909.04525
  24. 24.
    Salloum, S.A., Al-Emran, M., Monem, A., Shaalan, K.: A survey of text mining in social media: facebook and twitter perspectives. Adv. Sci. Technol. Eng. Syst. J. 2(1), 127–133 (2017)CrossRefGoogle Scholar
  25. 25.
    Alomari, K.M., AlHamad, A.Q., Salloum, S.: Prediction of the digital game rating systems based on the ESRB. Opción 35(19), 1368–1393 (2019)Google Scholar
  26. 26.
    Salloum, S.A., Al-Emran, M., Shaalan, K.: Mining social media text: extracting knowledge from facebook. Int. J. Comput. Digit. Syst. 6(2), 73–81 (2017)CrossRefGoogle Scholar
  27. 27.
    Salloum, S.A., Al-Emran, M., Abdallah, S., Shaalan, K.: Analyzing the Arab Gulf newspapers using text mining techniques. In: International Conference on Advanced Intelligent Systems and Informatics, pp. 396–405 (2017)Google Scholar
  28. 28.
    Salloum, S.A., Al-Emran, M., Shaalan, K.: Mining text in news channels: a case study from facebook. Int. J. Inf. Technol. Lang. Stud. 1(1), 1–9 (2017)Google Scholar
  29. 29.
    Salloum, S.A., AlHamad, A.Q., Al-Emran, M., Shaalan, K.: A survey of Arabic text mining, vol. 740 (2018)Google Scholar
  30. 30.
    Salloum, S.A., Mhamdi, C., Al-Emran, M., Shaalan, K.: Analysis and classification of Arabic newspapers’ facebook pages using text mining techniques. Int. J. Inf. Technol. Lang. Stud. 1(2), 8–17 (2017)Google Scholar
  31. 31.
    Amodei, D., Olah, C., Steinhardt, J., Christiano, P., Schulman, J., Mané, D.: Concrete problems in AI safety (2016). arXiv Prepr. arXiv:1606.06565
  32. 32.
    Papernot, N., McDaniel, P., Sinha, A., Wellman, M.: Towards the science of security and privacy in machine learning (2016). arXiv Prepr. arXiv:1611.03814
  33. 33.
    Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: 2009 Third International Conference on Emerging Security Information, Systems and Technologies, pp. 268–273 (2009)Google Scholar
  34. 34.
    Ben Salem, M., Hershkop, S., Stolfo, S.J.: A survey of insider attack detection research. In: Insider Attack and Cyber Security, pp. 69–90. Springer (2008)Google Scholar
  35. 35.
    Bhamare, D., Salman, T., Samaka, M., Erbad, A., Jain, R.: Feasibility of supervised machine learning for cloud security. In: 2016 International Conference on Information Science and Security (ICISS), pp. 1–5 (2016)Google Scholar
  36. 36.
    Gallagher, B., Eliassi-Rad, T.: Classification of http attacks: a study on the ECML/PKDD 2007 discovery challenge. Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States) (2009)Google Scholar
  37. 37.
    Haddadi, F., Le Cong, D., Porter, L., Zincir-Heywood, A.N.: On the effectiveness of different botnet detection approaches. In: International Conference on Information Security Practice and Experience, pp. 121–135 (2015)Google Scholar
  38. 38.
    Xie, M., Hu, J., Slay, J.: Evaluating host-based anomaly detection systems: application of the one-class SVM algorithm to ADFA-LD. In: 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), pp. 978–982 (2014)Google Scholar
  39. 39.
    Kato, K., Klyuev, V.: An intelligent DDoS attack detection system using packet analysis and support vector machine. In: IJICR, pp. 478–485 (2014)Google Scholar
  40. 40.
    Yusof, A.R., Udzir, N.I., Selamat, A.: An evaluation on KNN-SVM algorithm for detection and prediction of DDoS attack. In: International Conference on Industrial, Engineering and Other Applications of Applied Intelligent Systems, pp. 95–102 (2016)Google Scholar
  41. 41.
    Hasan, M.A.M., Nasser, M., Ahmad, S., Molla, K.I.: Feature selection for intrusion detection using random forest. J. Inf. Secur. 7(03), 129 (2016)Google Scholar
  42. 42.
    Javaid, A., Niyaz, Q., Sun, W., Alam, M.: A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS), pp. 21–26 (2016)Google Scholar
  43. 43.
    Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258–263 (2016)Google Scholar
  44. 44.
    Chowdhury, S., et al.: Botnet detection using graph-based feature clustering. J. Big Data 4(1), 14 (2017)CrossRefGoogle Scholar
  45. 45.
    Neethu, B.: Adaptive intrusion detection using machine learning. Int. J. Comput. Sci. Netw. Secur. 13(3), 118 (2013)Google Scholar
  46. 46.
    Kozik, R., Choraś, M., Renk, R., Hołubowicz, W.: A proposal of algorithm for web applications cyber attack detection. In: IFIP International Conference on Computer Information Systems and Industrial Management, pp. 680–687 (2015)Google Scholar
  47. 47.
    Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Comput. Netw. 34(4), 579–595 (2000)CrossRefGoogle Scholar
  48. 48.
    Saad, S., et al.: Detecting P2P botnets through network behavior analysis and machine learning. In: 2011 Ninth Annual International Conference on Privacy, Security and Trust, pp. 174–180 (2011)Google Scholar
  49. 49.
    Torrano-Gimenez, C., Perez-Villegas, A., Alvarez, G.: A self-learning anomaly-based web application firewall. In: Computational Intelligence in Security for Information Systems, pp. 85–92. Springer (2009)Google Scholar
  50. 50.
    Torrano-Gimenez, C., Pérez-Villegas, A., Álvarez, G., Fernández-Medina, E., Malek, M., Hernando, J.: An anomaly-based web application firewall. In: SECRYPT, pp. 23–28 (2009)Google Scholar
  51. 51.
    Nguyen, H.T., Torrano-Gimenez, C., Alvarez, G., Petrović, S., Franke, K.: Application of the generic feature selection measure in detection of web attacks. In: Computational Intelligence in Security for Information Systems, pp. 25–32. Springer (2011)Google Scholar
  52. 52.
    Hoque, N., Bhattacharyya, D.K., Kalita, J.K.: A novel measure for low-rate and high-rate DDoS attack detection using multivariate data analysis. In: 2016 8th International Conference on Communication Systems and Networks (COMSNETS), pp. 1–2 (2016)Google Scholar
  53. 53.
    Torrano-Giménez, C., Perez-Villegas, A., Alvarez Maranón, G.: An anomaly-based approach for intrusion detection in web traffic (2010)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Research Institute of Sciences and EngineeringUniversity of SharjahSharjahUAE
  2. 2.Faculty of Engineering and ITThe British University in DubaiDubaiUAE
  3. 3.Faculty of BusinessUniversity of JordanAmmanJordan
  4. 4.Management DepartmentUniversity of SharjahSharjahUAE
  5. 5.Department of Computer ScienceUniversity of SharjahSharjahUAE

Personalised recommendations