Cyber Security's Silver Bullet- A Systematic

Literature Review of AI-Powered Security

Iqra Tabassum
Dept. of Computer Science,
Balochistan University of Information
Technology, Engineering, and
Management Sciences (BUITEMS),
2022 3rd International Informatics and Software Engineering Conference (IISEC) | 978-1-6654-5995-2/22/$31.00 ©2022 IEEE | DOI: 10.1109/IISEC56263.2022.9998305
Sibghat Ullah Bazai
Dept. of Computer Engineering,
Balochistan University of Information
Technology, Engineering, and
Management Sciences (BUITEMS),
Zubair Zaland
Dept. of Software Engineering,
Balochistan University of Information
Technology, Engineering, and
Management Sciences (BUITEMS),

Quetta, Pakistan Quetta, Pakistan Quetta, Pakistan

iqra_tabassum47@yahoo.com 0000-0003-3042-5977 zubair.zaland@buitms.edu.pk

Shah Marjan Muhammad Zahid Khan Muhammad Imran Ghafoor

Dept. of Software Engineering, Dept. of Computer Engineering, Dept. of Engineering, Pakistan
Balochistan University of Information Balochistan University of Information Television Corporation
Technology, Engineering, and Technology, Engineering, and Lahore, Pakistan
Management Sciences (BUITEMS), Management Sciences (BUITEMS), 0000-0002-0809-3163
Quetta, Pakistan Quetta, Pakistan
0000-0001-9163-0259 Zahidkhan827@yahoo.com

Abstract— One of the areas that stand to gain the most from
the adoption of Artificial Intelligence (AI) is Cyber Security.
Traditional well-known system approaches may be slow and
inadequate despite their virtues for a variety of purposes due to
their lack of intelligence and dynamism. As a result, they may
be unable to meet the diverse needs of the current cyber sector.
As an alternative, AI approaches may enhance security
performance and provide superior defense against a wide range
of sophisticated cyber threats. We conducted a Systematic
Literature Review (SLR) to examine the possibility that AI
could reduce cyber security assaults. As a result of AI, a
revolution has been triggered. Criminals could not stay away
from this ball of fire. We analyze three areas of analysis: (i) AI
for enhanced cyber security (ii) How AI-powered cyber security
works (iii) Applications of AI in cyber security and the analysis
of cyber security attack detection through AI techniques and
methods. Our analysis of the attributes for every area can help
both researchers and practitioners as they carry out their
upcoming applications and research.
Keywords—Artificial Intelligence, Machine Learning, Deep
Learning, Cyber Security, Data Privacy
I. INTRODUCTION
The study and invention of systems capable of performing
operations that would typically require human intelligence,
such as voice recognition, visual perception, decision-
making, and language translation, is referred to as Artificial
Intelligence (AI). As a result, a rise in automation spurs
competition for new skills presents opportunities, and creates
difficulties for cyber security [1]. Security is a key problem
in the age of the internet's exponential growth and the intense
workloads in the fields of Artificial Intelligence, Machine
Learning (ML), the Internet of Things (IoT), blockchain
technology, big data analysis, and data science.
In 2021, the AI market was estimated to be worth USD
93.5 billion, with a projected CAGR of 38.1% from 2022 to
2030. The global cyber security industry was estimated by
Mordor Intelligence to be worth $156.24 billion in 2020 and
to expand to $352.25 billion with an average annual growth
rate of 14.5% by 2026 [2]. These figures illustrate the
synergistic ability of the domains and the necessity of
establishing the right cohesion.
The relationship between Artificial Intelligence and Cyber
Security is best illustrated by the CAPTCHA (Completely
Automated Public Turing Test to Tell Computers and
Humans Apart), and the application of AI in cyber security
solutions is currently a hot topic [3]. Gmail uses AI to detect
and stop unwanted spam and fraudulent emails [4]. To
achieve outstanding results against new cyber security
threats, the Darktrace organization heavily invests in AL and
ML. They built their entire business strategy for security
products on top of AI and ML. There is an "Enterprise
Immune System" that can protect business operations from
infections in a similar manner to how the human body does.
They assert that by utilizing ML approaches for real-time
detection, they can stop network-based assaults without the
usage of rules [5].
Employees are recognized by 52% of businesses as the
most serious cyber security weakness, per a study by
Kaspersky. According to Verizon's yearly report on data
breaches, human error is a factor in 85% of these breaches.
[6]. Adopting AI in cyber security has the benefit of reducing
human error as these platforms can function more precisely
and meticulously. With the assistance of machine learning /
Deep Learning (DL) algorithms, AI can stop any security
breach by alerting the appropriate authorities to the events in
a matter of seconds [7]. Certainly, AI holds some promise as
a cyber security cure. While AI-based solutions can
significantly cut the time required for threat identification and
incident response. The transition to ML and DL will be the
main advancement in the modern generation of cyber security
as we approach the dawn of a new era: the era of AI.
The Systematic Literature Review (SLR) of AI, ML, and
DL in cyber security is presented in this study. The Research
method is discussed in the next portion of the study. Section
II of the paper will outline the procedure for choosing literary
sources. The study of the literature resources is presented in
Section III and is broken down into major categories. The
outcomes of the literature review and the research's
conclusions are presented in the last parts.
II. RESEARCH DESIGN
The investigation is built on the SLR technique, a visible,
thorough, and repeatable process that enables researchers to

978-1-6654-5995-2/22/$31.00 ©2022 IEEE

Authorized licensed use limited to: University of London: Online Library. Downloaded on November 14,2023 at 14:23:28 UTC from IEEE Xplore. Restrictions apply.
govern judgments, procedures, and conclusions, to evaluate Stage 1
the role of AI-Powered cyber security. We concentrate on the
upcoming points to accomplish this goal: (i) The necessity of
AI for enhanced cyber security; (ii) How AI-Powered cyber Filter Document Type
security; (iii) Applications of AI in Cyber security approaches. IEEE = 37
Even though a variety of SLR strategies have been put forth, ResearchGate = 10
the SLR procedure put forward by [8] was chosen for this Springer = 19
work since it was thought to be the most appropriate given the Elsevier = 7
goals of this research paper. Four phases were followed in the MDPI = 8
execution of an SLR: (i) planning the review based on Hindawi = 3 Initial set of
research questions; (ii) search execution process; (iii) Academia =1 #Results
document analysis using inclusion-exclusion criteria; and (iv) Others = 25 127
reporting results. As shown in Fig. 1, each stage involved
particular tasks that were completed in a particular order.
Even though our SLR cannot be regarded as exhaustive, we Stage 2
provide a critical description of the role played by AI in the
context of cyber security as a way of avoiding or minimizing Filter Duplicated
the onset of cyberattacks and organizational security problems Results
as well as making firms resilient to cyber warfare. 110
A. Literature Search
The research process was carried out utilizing electronic
databases that were indexed by the Google search engine, Stage 3
Research Gate, and Science Hub, in accordance with the Selection after
suggested SLR technique once the purpose of the analysis Selection after
reading Title and
was identified. All the sources were accessed between August reading Paper
Abstract
and September 2022. 58
82
The execution process proceeds by the search criteria by
previously defined search strings, keywords: “Artificial
Fig. 1. Results of the filtering and selection process
Intelligence in Cybersecurity”, “Al Powered Cybersecurity”,
“Applications of AI in cyber security”, “AI /ML techniques the articles, which decreased this number to 110 as displayed
threat detection in Cybersecurity”, and “Privacy”. Several in the "Filter duplicate documents". 28 papers were excluded
variants were considered to strengthen the search. from the analysis after the title, abstract, and keywords were
The method of document selection and filtering for each reviewed because they did not meet the study's goals. The
source is quantitatively described in Fig. 1 along with remaining 58 articles' whole contents were subsequently
summary data. The total number of resulting papers was examined. This demonstrated that some of the papers did not
listed in stage 1 under "# Results." The following searches as specifically mention the area. Based on the language and
illustrated in Table I were used to narrow down the research document type, all the papers were manually filtered.
requirements:
III. ANALYSIS OF LITERATURE RESOURCES
TABLE I. INCLUSION AND EXCLUSION CRITERIA
A. Necessity of AI for Enhanced Cyber Security
Inclusion Criteria Exclusion Criteria
Current digital civilization recognizes that personal data is
Study Type Review and original Reports, thesis, and
more susceptible than before. Data is stored on connected
content editorials
computers and devices in our modern society, which covers
Source Peer-reviewed
everything from governmental infrastructure to online
articles, Conference
financial transactions. Data may contain sensitive
proceedings. __
information including financial data, intellectual property,
Year of 2017-2022 Before 2017 and personal information that could have unforeseen effects
Publication if exposed without authorization [8]. Security providers,
Language English Other than English companies, and individuals can gain the upper hand in several
Region Not confined to a __ key areas when it comes to preventing cyber-attacks thanks
specific area to AI prediction powers [9]. Some of the key defensive
Parameters ML and DL Conventional innovations of AI in Cybersecurity are:
methods in cyber techniques • Identifying Emerging Threats [4]
security and other
• Breach Risk Prediction [4]
privacy aspects.
• Better End Point Protection [4]
The use of language and document type filters resulted in • Network Traffic Anomaly Detection [9]
a reduction of the number of publications to 127 from an • Restrict the launch of malicious software and files [9]
initial set of results (as evidenced by the "#Results"). To • Identify attackers and prohibit them from
prevent including the same paper more than once from compromising IoT devices [9]
different sources, a title and author comparison were done on • Quantitative risk [9]

Authorized licensed use limited to: University of London: Online Library. Downloaded on November 14,2023 at 14:23:28 UTC from IEEE Xplore. Restrictions apply.
 • Fraud Detection [10]
• Botnet Detection [10]
• Intrusion Detection and Intrusion Prevention [11]
• Automated surveillance systems [12]
• Timely and accurate Cyber Threat Intelligence [12]
These are just a few examples of how artificial intelligence
is being used in cyber security. 85–99% of assaults are
successfully located, according to the statistics. Dark Trace,
a firm that develops intelligent software, asserts that it has
thousands of clients worldwide and a success record of 99%
[9].
B. AI-Powered Cyber Security
Artificial intelligence is the foundation of intelligent cyber
security management, which employs a variety of AI
approaches to ultimately pursue smart decisions in cyber
services or applications. We have used ML and DL
methodologies, two of the most well-liked AI techniques. The
actions that make up this AI-based security intelligence
modeling are briefly scrutinized below and have the potential
to be used to do cyber security duties with sensible decision-
making [13].
Machine Learning and Deep Learning-based Modeling:
Using the provided prior cyber security data, ML,
especially neural network-based DL, can be leveraged to
create efficient security modeling [13]. The conventional
method of preventing network security is to try to match the
code with the known signatures of the malware to stop it from
running. There is frequently little effort that can be done to
try to stop the execution Aiming to identify malware attacks
in real-time, the machine learning method combines network
isolation technology with artificial intelligence to isolate
compromised PCs or entire network segments in
milliseconds, preventing the propagation of dangerous code
[9]. The classification of ML and DL is based on how it
learns. The three main learning processes are supervised
learning, unsupervised learning, and reinforcement learning.
Numerous well-known ML and DL algorithms exist [7, 14,
15], that can be put to use for a variety of reasons in the
security field, including the exploitation of malware and the
identification of risky behavior that might result in phishing
attacks or malicious code.
1. Supervised Learning: The use of supervised learning
as a classification or regression technique typically
necessitates the use of labeled input data. An example of a
binary classification scenario is malware detection (malicious
or benign). As opposed to classification, regression learning
generates a prediction value which is one or more continuous-
valued integers depending on the data input. [16]. Spam and
malicious behavior can be classified using supervised
learning methods. Naïve Bayes (NB) [7], K-Nearest Neighbors
(KNN) and Decision Tree (DT) [7, 16], Support Vector
Machines (SVM) [7, 14, 16], Logistic Regression and Linear
Regression [7] and Random Forest [7, 14], etc. are prominent
classification methods in this field.
2. Unsupervised Learning: As opposed to supervised
learning, which employs labeled input data, unsupervised
Authorized licensed use limited to: University of London: Online Library. Downloaded on November 14,2023 at 14:23:28 UTC from IEEE Xplore. Restrictions apply.
learning uses unlabeled input data. Unsupervised learning is
frequently used to estimate density, decrease dimensionality,
and cluster data. To get a highly accurate clustering, a fuzzy
Deep Brief Network (DBN) system, which combines the
Takagi-Sugeno-Kang (TSK) fuzzy system, can give an adaptive
mechanism to govern the depth of the DBN [16]. To achieve
these goals, a variety of clustering algorithms can be used,
including partitioning techniques like K-means [7], K-
meloids [13, 15], CLARA, distribution-based clustering like
Gaussian mixture models (GMMs), density-based methods like
DBSCAN, agglomerative or divisive techniques like Single
linkage, Complete linkage, BOTS [13] hierarchical-based
methods, etc.
3. Reinforcement Learning (RL): The foundation of RL
is rewarding a smart agent's action. By acting and interacting
with its surroundings, an agent learns through mistakes and
rewards. It is appropriate for jobs that will receive ongoing
feedback. [17-18], created the deep Q-network, a deep
reinforcement learning architecture that can attain human-
level control, by merging the advancements in deep neural
network training.
C. Applications of AI in the Context of CyberSecurity
a) Intrusion Detection (ID): IDSs are among the most
crucial parts of the defensive systems for defending against
cyberattacks. The IDS mostly use methods of signature
matching. The IDSs based on signature detection will scan
the incoming network flow for specified signatures (or
patterns) to stop the suspect ones. The methods have shown
good performance in identifying recognized dangers. The
solutions that rely on signature matching, however, are
unable to counter new or zero-day attacks [19].
b) Botnet Detection: A network of computers and other
devices known as "bots" is referred to as a "botnet." A botnet
is a collection of connected computers that have been infected
with malware. A "botmaster" utilizes a network channel to
instruct the bots after the infection has started. The botmaster
typically encrypts the channel to prevent detection. The
botmaster uses a Command and Control (C&C) server to push
commands and patches. DDoS attacks rely largely on botnets.
The bigger the botnet, the more effective the DDoS assault
will be. Botnets are also used to steal data and steal people's
identities [20]. In a short period in 2017, the Necurs botnet
transmitted over 40,000 malicious emails. Taking 2.047 BTC
(Bitcoin Currency) from a large number of people. 30 million
systems were infiltrated by the Monero mining botnet
mominru in 2018, and 500,000 crypto mining equipment
were destroyed as a result [21].
c) Phishing Detection: Phishing attacks use
sophisticated strategies and technologies to collect sensitive
data, including social engineering, content injection phishing,
mobile applications, and online social networks [22].
Phishing attacks peaked in 2021, according to APWG's
Phishing Activity Trends Report. These occurrences are now
more than three times as frequent as they were less than two
years ago, with more than 300,000 attacks documented in
December. The 2021 research also emphasizes a rising
tendency for phishing attempts targeted at cryptocurrency
organizations. These represent 6.5 percent of attacks as of
late.
 d) Malware Detection: As malware damages systems classification and LIME for
directly or takes their sensitive data, it is regarded as the extract explanations.
biggest danger to cyber security. Malware includes rootkits, [30] 2021 Springer Proposed a framework
worms, viruses, ransomware, and trojans. Malicious software FAIXID to leverage the XAI
is now more prevalent than it was a few years ago, up 22.9%, and data cleaning methods for
signaling an alarming surge in risks to computer users. IDS alerts to eliminate false
According to the authors, in January 2021 there were roughly positives.
one billion infected files [23]. [31] 2021 TechRxiv Proposed an IDS framework
powered that integrates with ML-based
by IEEE RFC and XAI SHAP model
for a global explanation.
56
[32] 2021 IEEE Proposed a novel Reliable-
Intrusion Detection NIDS (RNIDS) that enables
104
ML models to operate on
Botnet Detection integrated datasets.
72 [33] 2020 IEEE Explains the idea behind the
Phishing Detection
Hybrid Oracle-Explainer for
64 Malware Detection achieving XIDS.
64 [34] 2019 ACM An anomaly-based IDS was
Privacy Aspects presented to detect network
anomalies and generate SDN
flow rules to enable dynamic
Fig. 2. Distribution of studies in terms of security areas network access control.
[35] 2018 IEEE Presents a Deep Auto Encoder
Fig. 2 depicts the traits of the chosen studies that looked at (DAE) DL model for IDS by
the application of various AI algorithms in detecting and utilizing the KDD-CUP’99
eliminating threats in the context of cyber security and dataset.
privacy issues. [36] 2017 IEEE Proposed a DL approach for
ID using RNN-IDS and check
TABLE II. STUDIES FOCUS ON AI AND XAI INTRUSION DETECTION
the effectiveness for binary
Ref Year Publisher Focused Area and multiclass classification.
[24] 2022 Springer Proposed an interpretable and
explainable hybrid IDS in TABLE III. STUDIES FOCUS ON AI AND XAI BOTNET DETECTION
conjunction with AI rule- Ref Year Publisher Entity Detected
based DT algorithm for long- [37] 2022 IEEE Network traffic
lasting security. [38] 2022 IEEE DGA-based botnets
[25] 2022 MDPI Proposed an IDS for IIoT [39] 2022 IEEE -----
imbalanced datasets by
[40] 2021 IEEE IoT Botnet detection on Mirai
utilizing the XGBoost model
and Bashlite Malware
to address the problem of
[41] 2019 IEEE ------
multiclass output with
[42] 2019 Elsevier AI-enabled malware traffic
imbalanced distributions.
[43] 2018 IEEE Malware traffic
[26] 2022 Arxiv Develop a SOMs XAI
algorithm based on X-IDS [44] 2018 Springer Botnet Zero-day attack in real
that can generate explanatory time
visualizations.
TABLE IV. STUDIES FOCUS ON PHISHING DETECTION
[27] 2022 MDPI Proposed a Classification for
IDS based on ensemble trees, Ref Year Publisher Validation Domain
incorporating DT and RF [45] 2021 IEEE Phishing URLs
classifiers with two IoT-based [46] 2020 IEEE Websites
datasets and the SHAP
method to explain and [47] 2020 Journal of Websites URL
interpret results. Critical
[28] 2022 MJBAS ANN was proposed for Reviews
network security and data [48] 2019 IEEE Classify emails as phishing or
confidentiality using the non-phishing
CICIDS 2017 dataset. [49] 2019 IEEE Adaptive Real-time anti-
[29] 2021 HCIS Proposed an adversarial attack phishing website system
detection in ML-based XAI [50] 2018 IWSPA Detecting Phishing emails
IDS using SVM for

Authorized licensed use limited to: University of London: Online Library. Downloaded on November 14,2023 at 14:23:28 UTC from IEEE Xplore. Restrictions apply.
 [51] 2018 IEEE Extract Statistical and lexical TABLE VI. STUDIES FOCUS ON PRIVACY ASPECTS
features from URLs and Ref Year Publisher Focused Area
webpage links [62] 2021 ACM Compared to earlier
[52] 2018 IEEE Websites Transactions methodologies, produced a
on Privacy lot less RDDs and smaller
TABLE V. STUDIES FOCUS ON MALWARE DETECTION
and Security size partitions connected to
Ref Year Publisher Focused Area each RDD, lowering the
[53] 2021 Springer Designed a malware classifier essential operating costs in
based on a graph terms of re-computation
convolutional network that costs, shuffle operations,
can adjust to diverse malware cache management and
traits. message exchange. So, for
[54] 2021 Elsevier Proposed a novel approach Apache Spark, a novel
utilizing LIME to emphasize hybrid solution to multi-
features for CNN model dimensional data
explainability in Android anonymization was
malware detection. developed.
[55] 2021 ACM Proposed a novel technique [63] 2021 MDPI The generalized Subtree
“XMAL” that uses a Data Anonymization
specialized attention Technique for Apache
mechanism and an MLP Spark is proposed as an
model to analyze the harmful RDD-based
behavior of Android apps. implementation to solve the
[56] 2021 USENIX CADE is designed to detect drawbacks of its
drifting instances that depart MapReduce-based
from the initial training equivalents. Therefore,
distribution in order to combat anonymization
concept drift in security texts. strategies guarantee
[57] 2020 Elsevier Engine-specific patterns privacy levels.
based on co-opcode graphs [64] 2021 IEEE Introduced an innovative
are used to detect technique that incorporates
metamorphic malware. SQLi protection,
[58] 2019 IEEE The proposed method encryption, salting, and
investigated the malicious hashing the passwords to
payloads in various files based create a three-tier password
on binary visualization security algorithm.
and incremental NNs. [65] 2020 MDPI Proposed “SparkDA” a
[59] 2019 Hindawi To locate malware in an IoT novel anonymization
environment, a Behavior- technique to generate
Based DL framework was privacy-preserving
proposed. anonymized datasets for
[60] 2018 Springer Two distinct models ResNet iterative operations.
and GoogleNet models [66] 2019 Springer Proposed Data
utilized to identify hidden or Anonymization Algorithm
new malware. that provides great data
[61] 2018 IEEE Generalize the Black-box ML utility with privacy using
model by strengthening a Spark Resilient Distributed
Gradient-Based approach to Dataset.
recognize influential local [67] 2019 Springer Delivering big data Issues
features with privacy encountered
while processing data in a
MapReduce cluster.
The SLR is concentrating on how AI-powered cyber security
[68] 2018 Springer Proposed a k-NN
works in terms of ML and DL approaches, as well as a study
Classification to run on a
focus on various data privacy and security issues in big data
MapReduce platform with
analytics. Data privacy has been a problem as it sometimes
an anonymized dataset.
encompasses sensitive personal information that, if revealed,
leaves the user's data open to unwanted access and raises IV. DISCUSSION
serious privacy concerns.
The results presented above show that to develop an
advanced and automated cyber security system, cyber
security must be integrated with AI, ML, and DL techniques.

Authorized licensed use limited to: University of London: Online Library. Downloaded on November 14,2023 at 14:23:28 UTC from IEEE Xplore. Restrictions apply.
TABLE II displays a tabular analysis of the literature on AI
and XAI intrusion detection. TABLE III provides a summary
of the AI and XAI Botnet Detection techniques. TABLE IV
and V provide a tabular summary of the literature on phishing
detection and malware detection, respectively and the tabular
summary of Privacy sensitivity domains is provided in
TABLE VI. For each of these topics, information is provided
on the focused subject, AI/ML models/techniques, key traits,
and performance assessment of each study. This research
may also act as a foundation for the creation of novel
conceptual frameworks. Studies show that AI systems are
more flexible, resilient, and versatile, which improves
security performance and better protects systems from ever-
more sophisticated threats. The AI techniques built on deep
learning may be the most effective and promising. The paper
claims that businesses will soon be required to incorporate
AI, ML, and DL into their cybersecurity policies and move
swiftly to improve their proficiency in these fields.
V. CONCLUSION
This article is aimed at how AI can be used to address
cyber security concerns. According to a report, AI is
becoming an indispensable component for enhancing the
productivity of information security organizations. As
humans aren’t any longer able to properly secure corporate-
level attack vectors, artificial intelligence provides the vital
analysis and threat detection that security specialists may
utilize to minimize the likelihood of a violation and boost
their organization's defense capabilities. The most effective
anomaly detection systems currently in use are based on
artificial intelligence, and as these systems develop, more
cyber-security applications will incorporate them.
REFERENCES
[1] J. A. Kroll, J. B. Michael, and D. B. Thaw, “Enhancing cybersecurity
via artificial intelligence: Risks, rewards, and frameworks,” Computer
(Long. Beach. Calif)., vol. 54, no. 6, pp. 64–71, 2021.
[2] N. Capuano, G. Fenza, V. Loia, and C. Stanzione, “Explainable
Artificial Intelligence in Cybersecurity: A Survey,” IEEE Access, vol.
10, no. August, pp. 93575–93600, 2022, doi:
10.1109/ACCESS.2022.3204171.
[3] K. R. Bhatele, H. Shrivastava, and N. Kumari, “The Role of Artificial
Intelligence in Cyber Security,” no. January, pp. 170–192, 2019, doi:
10.4018/978-1-5225-8241-0.ch009.
[4] I. Azhar and M. Sr, “Novateur Publications International Journal of
Innovations in Engineering Research and Technology [Ijiert] Artificial
Intelligence for Cybersecurity: a Systematic Mapping of Literature,”
Website ijiert.org Vol., vol. 7, no. 9, pp. 172–176, 2020.
[5] A. P. Veiga, “Applications of Artificial Intelligence to Network
Security,” no. March, 2018.
[6] A. Corallo, M. Lazoi, M. Lezzi, and A. Luperto, “Cybersecurity
awareness in the context of the Industrial Internet of Things: A
systematic literature review,” Comput. Ind., vol. 137, 2022, doi:
10.1016/j.compind.2022.103614.
[7] R. Prasad and V. Rohokale, Cyber Threats and Attack Overview. 2020.
doi: 10.1007/978-3-030-31703-4_2.
[8] D. Y. Perwej, S. Qamar Abbas, J. Pratap Dixit, D. N. Akhtar, and A.
Kumar Jaiswal, “A Systematic Literature Review on the Cyber
Security,” Int. J. Sci. Res. Manag., vol. 9, no. 12, pp. 669–710, 2021,
doi: 10.18535/ijsrm/v9i12.ec04.
[9] G. Wang and Z. Liu, Android malware detection model based on
lightGBM, vol. 1031 AISC. 2020. doi: 10.1007/978-981-13-9406-
5_29.
[10] R. Das and R. Sandhane, “Artificial Intelligence in Cyber Security,” J.
Phys. Conf. Ser., vol. 1964, no. 4, pp. 488–491, 2021, doi:
10.1088/1742-6596/1964/4/042072.
[11] D. Richards, “The Benefits of Artificial Intelligence on Workplace
Productivity,” Mavinlink, 2017.
[12] M. Aloqaily, S. Kanhere, P. Bellavista, and M. Nogueira, “Special
Authorized licensed use limited to: University of London: Online Library. Downloaded on November 14,2023 at 14:23:28 UTC from IEEE Xplore. Restrictions apply.
Issue on Cybersecurity Management in the Era of AI,” J. Netw. Syst.
Manag., vol. 30, no. 3, pp. 1–7, 2022, doi: 10.1007/s10922-022-09659-
3.
[13] I. H. Sarker, M. H. Furhad, and R. Nowrozy, “AI-Driven
Cybersecurity: An Overview, Security Intelligence Modeling and
Research Directions,” SN Comput. Sci., vol. 2, no. 3, pp. 1–18, 2021,
doi: 10.1007/s42979-021-00557-0.
[14] M. Chakraborty and M. Singh, Introduction to Network Security
Technologies, vol. 163. 2021. doi: 10.1007/978-981-15-9317-8_1.
[15] I. H. Sarker, A. S. M. Kayes, S. Badsha, H. Alqahtani, P. Watters, and
A. Ng, “Cybersecurity data science: an overview from machine
learning perspective,” J. Big Data, vol. 7, no. 1, 2020, doi:
10.1186/s40537-020-00318-5.
[16] J. hua Li, “Cyber security meets artificial intelligence: a survey,” Front.
Inf. Technol. Electron. Eng., vol. 19, no. 12, pp. 1462–1474, 2018, doi:
10.1631/FITEE.1800573.
[17] C. Li, “Deep Reinforcement Learning,” Reinf. Learn. Cyber-Physical
Syst., no. November, pp. 125–154, 2019, doi:
10.1201/9781351006620-6.
[18] V. Mnih et al., “Human-level control through deep reinforcement
learning,” Nature, vol. 518, no. 7540, pp. 529–533, 2015, doi:
10.1038/nature14236.
[19] Q.-V. Dang, “Using Machine Learning for Intrusion Detection
Systems,” Comput. Informatics, vol. 41, no. 1, pp. 12–33, 2022.
[20] R. Calderon, “The benefits of artificial intelligence in cybersecurity,”
2019.
[21] X. Yang, Z. Guo, and Z. Mai, “Botnet Detection Based on Machine
Learning,” pp. 213–217, 2022, doi: 10.1109/icbctis55569.2022.00056.
[22] C. Catal, G. Giray, B. Tekinerdogan, S. Kumar, and S. Shukla,
Applications of deep learning for phishing detection: a systematic
literature review, vol. 64, no. 6. Springer London, 2022. doi:
10.1007/s10115-022-01672-x.
[23] F. A. Aboaoja, A. Zainal, F. A. Ghaleb, B. A. S. Al-rimy, T. A. E. Eisa,
and A. A. H. Elnour, “Malware Detection Issues, Challenges, and
Future Directions: A Survey,” Appl. Sci., vol. 12, no. 17, p. 8482, 2022,
doi: 10.3390/app12178482.
[24] T. Dias, N. Oliveira, N. Sousa, I. Praça, and O. Sousa, “A Hybrid
Approach for an Interpretable and Explainable Intrusion Detection
System,” Lect. Notes Networks Syst., vol. 418 LNNS, pp. 1035–1045,
2022, doi: 10.1007/978-3-030-96308-8_96.
[25] T.-T.-H. Le, Y. E. Oktian, and H. Kim, “XGBoost for Imbalanced
Multiclass Classification-Based Industrial Internet of Things Intrusion
Detection Systems,” Sustainability, vol. 14, no. 14, p. 8707, 2022, doi:
10.3390/su14148707.
[26] J. Ables et al., “Creating an Explainable Intrusion Detection System
Using Self Organizing Maps”.
[27] T. T. H. Le, H. Kim, H. Kang, and H. Kim, “Classification and
Explanation for Intrusion Detection System Based on Ensemble Trees
and SHAP Method,” Sensors, vol. 22, no. 3, pp. 1–28, 2022, doi:
10.3390/s22031154.
[28] Y. M. Malgwi, I. Goni, and B. M. Ahmad, “Artificial Neural Network
Model for Intrusion Detection System,” Mediterr. J. Basic Appl. Sci.,
vol. 06, no. 01, pp. 20–26, 2022, doi: 10.46382/mjbas.2022.6103.
[29] E. Tcydenova, T. W. Kim, C. Lee, and J. H. Park, “Detection of
Adversarial Attacks in AI-Based Intrusion Detection Systems Using
Explainable AI,” Human-centric Comput. Inf. Sci., vol. 11, 2021, doi:
10.22967/HCIS.2021.11.035.
[30] H. Liu, C. Zhong, A. Alnusair, and S. R. Islam, “FAIXID: A
Framework for Enhancing AI Explainability of Intrusion Detection
Results Using Data Cleaning Techniques,” J. Netw. Syst. Manag., vol.
29, no. 4, pp. 1–30, 2021, doi: 10.1007/s10922-021-09606-8.
[31] S. Wali, I. A. Khan, and S. Member, “Explainable AI and Random
Forest Based Reliable Intrusion Detection system,” techarXiv, 2021,
doi: 10.36227/techrxiv.17169080.v1.
[32] R. Magan-Carrion, D. Urda, I. Diaz-Cano, and B. Dorronsoro,
“Improving the Reliability of Network Intrusion Detection Systems
through Dataset Aggregation,” IEEE Trans. Emerg. Top. Comput., pp.
1–15, 2022, doi: 10.1109/TETC.2022.3178283.
[33] M. Szczepanski, M. Choras, M. Pawlicki, and R. Kozik, “Achieving
Explainability of Intrusion Detection System by Hybrid Oracle-
Explainer Approach,” Proc. Int. Jt. Conf. Neural Networks, 2020, doi:
10.1109/IJCNN48605.2020.9207199.
[34] H. Li, F. Wei, and H. Hu, “Enabling dynamic network access control
with anomaly-based IDS and SDN,” SDN-NFV 2019 - Proc. ACM Int.
Work. Secur. Softw. Defin. Networks Netw. Funct. Virtualization, co-
located with CODASPY 2019, pp. 13–16, 2019, doi:
10.1145/3309194.3309199.
[35] F. Farahnakian and J. Heikkonen, “A deep auto-encoder based
approach for intrusion detection system,” Int. Conf. Adv. Commun.
Technol. ICACT, vol. 2018-Febru, pp. 178–183, 2018, doi:
10.23919/ICACT.2018.8323688.
[36] C. Yin, Y. Zhu, J. Fei, and X. He, “A Deep Learning Approach for
Intrusion Detection Using Recurrent Neural Networks,” IEEE Access,
vol. 5, pp. 21954–21961, 2017, doi: 10.1109/ACCESS.2017.2762418.
[37] P. P. Kundu, T. Truong-Huu, L. Chen, L. Zhou, and S. G. Teo,
“Detection and Classification of Botnet Traffic using Deep Learning
with Model Explanation,” IEEE Trans. Dependable Secur. Comput.,
pp. 1–15, 2022, doi: 10.1109/TDSC.2022.3183361.
[38] H. Suryotrisongko, Y. Musashi, A. Tsuneda, and K. Sugitani, “Robust
Botnet DGA Detection: Blending XAI and OSINT for Cyber Threat
Intelligence Sharing,” IEEE Access, vol. 10, pp. 34613–34624, 2022,
doi: 10.1109/ACCESS.2022.3162588.
[39] X. Zhu, Y. Zhang, Z. Zhang, D. Guo, Q. Li, and Z. Li, “Interpretability
Evaluation of Botnet Detection Model based on Graph Neural
Network,” INFOCOM WKSHPS 2022 - IEEE Conf. Comput. Commun.
Work., pp. 0–5, 2022, doi:
10.1109/INFOCOMWKSHPS54753.2022.9798287.
[40] N. Ben Rabah, B. Le Grand, and M. K. Pinheiro, “IoT Botnet Detection
using Black-box Machine Learning Models: The Trade-off between
Performance and Interpretability,” Proc. Work. Enabling Technol.
Infrastruct. Collab. Enterp. WETICE, vol. 2021-Octob, pp. 101–106,
2021, doi: 10.1109/WETICE53228.2021.00030.
[41] S. Nomm, A. Guerra-Manzanares, and H. Bahsi, “Towards the
integration of a post-hoc interpretation step into the machine learning
workflow for IoT botnet detection,” Proc. - 18th IEEE Int. Conf. Mach.
Learn. Appl. ICMLA 2019, pp. 1162–1169, 2019, doi:
10.1109/ICMLA.2019.00193.
[42] D. Arivudainambi, V. K. Varun, S. C. S., and P. Visu, “Malware traffic
classification using principal component analysis and artificial neural
network for extreme surveillance,” Comput. Commun., vol. 147, no.
July, pp. 50–57, 2019, doi: 10.1016/j.comcom.2019.08.003.
[43] S. C. Chen, Y. R. Chen, and W. G. Tzeng, “Effective Botnet Detection
Through Neural Networks on Convolutional Features,” Proc. - 17th
IEEE Int. Conf. Trust. Secur. Priv. Comput. Commun. 12th IEEE Int.
Conf. Big Data Sci. Eng. Trust. 2018, pp. 372–378, 2018, doi:
10.1109/TrustCom/BigDataSE.2018.00062.
[44] A. A. Ahmed, Botnet detection using a feed-forward backpropagation
artificial neural network, vol. 888. Springer International Publishing,
2019. doi: 10.1007/978-3-030-03302-6_3.
[45] A. Ghimire, A. K. Jha, S. Thapa, S. Mishra, and A. M. Jha, “Machine
learning approach based on hybrid features for detection of phishing
URLs,” Proc. Conflu. 2021 11th Int. Conf. Cloud Comput. Data Sci.
Eng., no. January, pp. 954–959, 2021, doi:
10.1109/Confluence51648.2021.9377113.
[46] A. Basit, M. Zafar, A. R. Javed, and Z. Jalil, “A Novel Ensemble
Machine Learning Method to Detect Phishing Attack,” Proc. - 2020
23rd IEEE Int. Multi-Topic Conf. INMIC 2020, no. November, 2020,
doi: 10.1109/INMIC50486.2020.9318210.
[47] J. M. Reddy and K. V. Rao, “An Approach for Detecting Phishing
Attacks Using Machine Learning AN APPROACH FOR
DETECTING PHISHING ATTACKS,” no. June, 2020.
[48] S. Bagui and R. J. White, “Classifying Phishing Email Using Machine
Learning and Deep Learning,” no. Ml.
[49] M. M. Yadollahi, F. Shoeleh, E. Serkani, A. Madani, and H. Gharaee,
“An Adaptive Machine Learning Based Approach for Phishing
Detection Using Hybrid Features,” 2019 5th Int. Conf. Web Res., pp.
281–286, 2019.
Authorized licensed use limited to: University of London: Online Library. Downloaded on November 14,2023 at 14:23:28 UTC from IEEE Xplore. Restrictions apply.
[50] A. V. Vidyapeetham, M. City, P. Poornachandran, and A. V.
Vidyapeetham, “DeepAnti-PhishNet : Applying Deep Neural
Networks for Phishing Email Detection,” 2018.
[51] H. Yuan, X. Chen, Y. Li, Z. Yang, and W. Liu, “Detecting Phishing
Websites and Targets Based on URLs and Webpage Links,” pp. 2–7,
2018.
[52] X. Zhang, D. Shi, H. Zhang, W. Liu, and R. Li, “Efficient Detection of
Phishing Attacks with Hybrid Neural Networks,” pp. 844–848, 2018.
[53] S. Li, Q. Zhou, R. Zhou, and Q. Lv, “Intelligent malware detection
based on graph convolutional network,” J. Supercomput., vol. 78, no.
3, pp. 4182–4198, 2022, doi: 10.1007/s11227-021-04020-y.
[54] M. Kinkead et al., “ScienceDirect Towards Towards Explainable
Explainable CNNs CNNs for for Android Android Malware Malware
Detection Detection,” Procedia Comput. Sci., vol. 184, no. 2019, pp.
959–965, 2021, doi: 10.1016/j.procs.2021.03.118.
[55] B. Wu et al., “Why an Android App is Classified as Malware ?
Towards Malware Classification Interpretation arXiv : 2004 . 11516v2
[ cs . CR ] 4 Sep 2020,” vol. 1, no. 1, pp. 1–29, 2020.
[56] L. Yang, W. Guo, A. Ciptadi, A. Ahmadzadeh, B. Hexagon, and U. S.
Symposium, “CADE : Detecting and Explaining Concept Drift
Samples for Security Applications,” 2021.
[57] A. G. Kakisim, M. Nar, and I. Sogukpinar, “Computer Standards &
Interfaces Metamorphic malware identi fi cation using engine-speci fi
c patterns based on co-opcode graphs,” vol. 71, no. April, 2020, doi:
10.1016/j.csi.2020.103443.
[58] I. Baptista, S. Shiaeles, and N. Kolokotronis, “A Novel Malware
Detection System Based On Machine Learning and Binary
Visualization,” no. May, pp. 20–24, 2019.
[59] F. Xiao, Z. Lin, and Y. Sun, “Malware Detection Based on Deep
Learning of Behavior Graphs,” vol. 2019, 2019.
[60] R. Ullah, K. Xiaosong, and Z. Rajesh, “Analysis of ResNet and
GoogleNet models for malware detection,” J. Comput. Virol. Hacking
Tech., 2018, doi: 10.1007/s11416-018-0324-z.
[61] M. Melis, D. Maiorca, B. Biggio, G. Giacinto, and F. Roli, “Explaining
Black-box Android Malware Detection”.
[62] S. U. Bazai, J. Jang-Jaccard, and H. Alavizadeh, “A novel hybrid
approach for multi-dimensional data anonymization for apache spark,”
ACM Trans. Priv. Secur., vol. 25, no. 1, pp. 1–25, 2021.
[63] S. U. Bazai, J. Jang-Jaccard, and H. Alavizadeh, “Scalable, high-
performance, and generalized subtree data anonymization approach for
apache spark,” Electron., vol. 10, no. 5, pp. 1–28, 2021, doi:
10.3390/electronics10050589.
[64] Z. Zaland, S. U. Bazai, S. Marjan, and M. Ashraf, “Three-Tier
Password Security Algorithm for Online Databases,” in 2021 2nd
International Informatics and Software Engineering Conference
(IISEC), 2021, pp. 1–6.
[65] S. U. Bazai and J. Jang-Jaccard, “In-memory data anonymization using
scalable and high performance rdd design,” Electron., vol. 9, no. 10,
pp. 1–26, 2020, doi: 10.3390/electronics9101732.
[66] S. U. Bazai and J. Jang-Jaccard, “SparkDA: RDD-based high-
performance data anonymization technique for Spark platform,” in
International Conference on Network and System Security, 2019, pp.
646–662.
[67] S. U. Bazai, J. Jang-Jaccard, and X. Zhang, “Scalable Big Data Privacy
with MapReduce,” Encycl. Big Data Technol., pp. 1454–1462, 2019,
doi: 10.1007/978-3-319-77525-8_243.
[68] S. U. Bazai, J. Jang-jaccard, and R. Wang, “Anonymizing k -NN Classi
fi cation on MapReduce,” pp. 364–377, 2018, doi: 10.1007/978-3-319-
90775-8.