A review of AI-Based Threat Detection: Enhancing

Network Security with Machine Learning

Eng Qamar Burhan Abdullah Asst. Prof. Dr. Mayada Faris Ghanim
Computer engineering department Computer engineering department
Mosul, Iraq Mosul, Iraq
qamar.en1402@student.uomosul.edu.iq mayada.faris@uomosul.edu.iq

Abstract—More effective and efficient security solutions are

desperately needed in light of the proliferation of network-
connected devices and the increasing complexity and frequency of
cyberattacks. Traditional security methods frequently fall short,
potentially compromising system integrity by failing to identify
subtle or complex threats inside network traffic. The most recent
developments in machine learning (ML) for threat detection
are thoroughly looked at in this review paper, with particular
attention paid to ML’s ability to analyze network traffic patterns
and detect anomalies that could be signs of security risks. The
goal of the paper is to improve knowledge of machine learning
(ML)-based threat detection methods and to provide practitioners
and academics with strategic advice for building strong and Fig. 1. How cyber attacks are detected using artificial intelligence
effective security frameworks. In addition to discussing the
status of technology today, this review highlights the dynamic
relationships between these new tools and the always changing increased awareness, and skill development, as well as lessen
landscape of cyber security threats by examining important
machine learning techniques and how they might be applied
the harm that comes from system intrusions. [2].
to improve cyber threat identification. This overview of recent
research highlights the critical role that machine learning has Cyberattacks and security procedures have evolved
performed in improving cyber security procedures and predicts significantly in recent years. The following brief statistics:
future developments in this important area.
Physical theft of information was the most common method
Index Terms—Machine learning, Threat detection, Network of fraud against businesses for a decade, ending in 2017.
security, Anomaly detection, Cyberattacks. More than 140 million new malicious software attempts
were made in 2019, and there are already 30 million new
I. INTRODUCTION ones as of April 2020. Since 2019, 95% of malware is
Threat detection is an essential part of cybersecurity. With polymorphic, which means it regularly changes its code to
insider threats becoming more frequent and severe, this field prevent detection. In the same year, 50% of infected devices
has become more important. Insider threats include activities experienced re-infection [3].
like fraud, sabotage, data theft, and espionage by reliable
insiders. [1] Machine learning (ML) can help enhance the detection
The global setting that makes it easier for people to share of network threats. ML algorithms can analyze massive
electronic resources from all over the world is referred to quantities of network data to find patterns and anomalies
as the cyberspace. Electronic documents, audio files, videos, that can point to malicious activity. This review paper
images, and tweets are examples of resources. A huge examines the most recent developments in machine learning
number of elements make up the cyberspace, such as the (ML)-based threat identification to enhance understanding of
Internet, technically proficient users, system resources, data, this powerful approach. Figure 1 illustration of how cyber
and inexperienced users. [2]. attacks are detected using artificial intelligence by training
a model to detect the treats or classifying the normal traffic
The development and expansion of cyberspace has led from abnormally traffic or which is defined as threats. Its
to an increase in the complexity and precision of attackers’ goal is to provide security specialists and researchers with
attacks and activities. Budgets increased from over $141 the information they need to create more robust and effective
billion in 2018 to over $124 billion in 2019, according to protection against an increasingly associated world.
Gartner. Company leaders in charge of information technology
security have agreed to boost funding by 72% in 2020 in This paper presents an overview of key machine learning
order to implement measures like ongoing employee training, techniques for enhancing cyber threat detection through
behavioral modeling of network traffic patterns. First, we
provide background on threat detection. Next, it explain
how popular machine learning algorithms establish baseline
patterns and detect anomalies. it then present a comparison
of the performance of different techniques based on metrics
like threat type and dataset. it conclude the discussed leaning
model that used to detect various types of cyber threat.
II. OVERVIEW
Network security has become critical in today’s digital
world as people rely more and more on networked systems
for personal, corporate, and governmental functions. Network
security entails securing data in transit and at rest to protect
networks against attacks and illegal access. The cyber threat
landscape has shifted considerably, with hackers using
sophisticated strategies like ransomware, phishing, zero-day
exploits, and advanced persistent threats (APTs) to break
security protocols.
Traditional network security systems, which usually use
signature-based and rule-based strategies, fail to keep up with
these new threats. These systems fail mostly because they
are unable to generalize from known dangers to new ones,
as well as because they have limited scalability in the face
of increasing data volumes. Machine learning (ML), on the
other hand, offers a dynamic and strong system for detecting
and reacting to new and complex threat patterns via huge
dataset analysis.
In real cyberspace, as shown in figure 2, which illustrates
how threats are applied through networks and the normal
activities that occupy the dominant position, most traffic data
are normal traffic (they hide themselves, also it’s becoming
like a business), only a few are malicious cyber-attacks,
resulting in a high imbalance of categories. Threat detection
has huge difficulties in the highly dispersed and duplicated
network traffic data. Cyber-attacks can hide among a huge
amount of normal traffic. As a result, the machine learning
algorithm cannot completely understand the distribution of a
few categories, making it easy to misclassify.[4].
Cybersecurity has been plagued with many forms of
attacks launched by cybercriminals, hackers, and other digital
attackers. Their primary goal is to obtain illegal access to
computer networks or systems, often with the intent of
modifying, deleting, or disclosing sensitive information.
These hacks can target individuals, businesses, and even
governments. According to the "2021 SonicWall Cyber Threat
Report," global ransomware attacks increased by 62% in
2020, with more than 304 million documented occurrences.
The increase in attacks has highlighted the need for stronger
cybersecurity measures, pushing the development of new
technologies like AI and ML algorithms [5].
Fig. 2. Cyber Threat
Machine learning in network security can be divided into
three types of applications: supervised learning models predict
based on labeled datasets, unsupervised learning discovers
hidden patterns in data, and deep learning uses advanced
neural networks to perform more complex pattern recognition,
such as anomaly detection and behavioral analysis. These
technologies have been critical in designing systems that can
not only detect threats more accurately but also respond to
them in real-time.
Recent research in machine learning-based threat detection
shows important improvements in cyber threat identification
and management. Convolutional neural networks (CNNs) and
recurrent neural networks (RNNs) are successful at detecting
strange patterns that indicate network intrusions and malicious
activity. However, using these technologies provides its own
set of challenges. Issues such as the imbalance in datasets
where normal cases greatly number anomalies, the high
computing cost, and the need for extensive, well-labeled
training data are common.
In this quickly changing information, ML-based network
security not only improves detection capabilities but also
brings new models for analyzing and managing cyber
threats, resulting in a more robust digital network. These
challenges will continue as long as regulatory monitoring and
information security issues remain. Improving the information
security culture within these organizations will help in the
protection of governance information, activities, and personal
information, as well as the continued performance of critical
governance activities. [6].
III. LITERATURE REVIEW
The literature survey begins by delineating four fundamental
facets within the domain of insider threats: types of insider
threats, insider threat detection approaches, data sources and
features, and machine learning and data mining techniques.
These constituent elements represent critical dimensions of
research and inquiry surrounding the complex issue of insider
threats to organizational security, see table 1. The following
sections will provide an in-depth exploration of each of these
components, explaining the existing body of knowledge [1].
Authors in [2] present an insightful analysis of the utiliza-
tion of deep learning for the detection of APT attacks, a critical
and sophisticated security threat in network systems. The study
employs machine learning models such as C5.0 decision trees,
Bayesian networks, and deep learning to classify and predict
APT incidents using the NSL-KDD dataset.
Their findings highlight the superior performance of deep
learning models, which achieved a remarkable detection
accuracy of 98.85%, significantly outperforming other
models. Deep learning not only provided high accuracy
but also maintained low false positive rates, demonstrating
its effectiveness in handling the complexity and subtlety
of APT attacks. The research underscores the potential of
deep learning to enhance the timeliness and reliability of
threat detection systems, advocating for its integration into
contemporary cyber security strategies to counteract the
evolving nature of cyber threats. The dataset used: NSL-KDD
dataset with 148517 data samples.
The effectiveness of Network Intrusion Detection Systems
(NIDS) in dealing with imbalanced data, where harmful cases
are infrequent in comparison to normal ones, is critical for
strong cybersecurity. To solve this challenge. Authors in [4]
proposed a complex machine learning strategy that employs
a Difficult Set Sampling Technique (DSSTE) to increase
detection accuracy. Their research focuses on the imbalance
that exists in network traffic datasets, providing a strategy
that significantly improves the training process by dividing
the dataset into difficult but easy groups. Their approach
effectively balances the dataset by first using the Edited
Nearest Neighbor (ENN) algorithm for segmentation and then
the K-Means algorithm to compress over-represented samples
and augment under-represented ones.
This targeted data augmentation method ensures that
classification models, which include complex algorithms like
Random Forest and SVM, as well as deep learning networks
like LSTM and Mini-VGGNet, can learn more successfully
from both minority and majority classes. The experimental
testing done using widely recognized datasets, NSL-KDD
and CSE-CIC-IDS2018, showed that the DSSTE algorithm
outperformed traditional resampling techniques, significantly
increasing detection rates by optimizing the classifier’s
exposure to both common and rare attack vectors.
Authors in [7] propose a new intrusion detection model,
BAT-MC, The model integrates Bidirectional Long Short-Term
Memory (BLSTM) and an attention mechanism. This approach
overcomes the constraints of classic machine learning meth-
ods, which have low accuracy and depend heavily on manually
constructed traffic features.
BAT-MC automatically learns major traffic patterns without
the need for manual feature engineering by using BLSTM
to learn packet characteristics and attention methods to
highlight important features. The model was assessed using
the NSL-KDD dataset and displayed improved performance
compared to conventional approaches, with an accuracy of
84.25%. This is approximately 4.12% higher than CNN and
2.96% higher than RNN. This research discusses the use
of deep learning approaches to improve the accuracy and
reliability of network intrusion detection systems.
Authors in [8] describes a complete approach to predicting
insider threats in organizational environments even before
actual attacks. Recognizing the growing dangers and impacts
of insider threats, because of technology improvements and the
dark web, the authors suggest a unique prediction method-
ology. This paradigm considers many viewpoints, including
technological, organizational, and human variables, and mod-
els these characteristics using a Bayesian network.
The Bayesian network model was chosen specifically for
its ability to handle complex probabilistic linkages and is
tested in many difficult scenarios to ensure its efficacy. The
approach outperforms standard security expert assessments
by quantitatively forecasting the level of risk from insider
threats for each authorized individual within an organization.
This proactive strategy tries to help businesses avoid possible
internal threats by detecting and resolving them in a systematic
and timely manner.
The study proposes a robust and unique method for
early identification of insider threats based on a Bayesian
network, focusing on a comprehensive strategy that takes
into account human behavior patterns as well as technical
and organizational risk factors. This methodology can greatly
improve organizational security processes by enabling early
actions based on realistic risk evaluations.
Authors in [9] introduces a unique intrusion detection model
that uses machine learning to improve cyber security. The
model, known as IntruDTree, is built with a tree-based algo-
rithm that prioritizes and rates security factors based on their
value to maximize both accuracy and computing efficiency.
This approach addresses the high dimensionality of security
datasets, which can cause overfitting and increasing processing
demands in traditional models.
The authors empirically validate IntruDTree against es-
tablished machine learning techniques such as naive Bayes,
logistic regression, support vector machines, and k-nearest
neighbor, demonstrating that it outperforms them on cyberse-
curity datasets in terms of precision, recall, F-score, accuracy,
and ROC (Receiver Operating Characteristic).
This paper not only presents a strong model for identifying
cyber intrusions, but it also contributes to the larger field by
enhancing model generalization and reducing computing cost,
resulting in an important improvement in machine learning
applications for cyber security.
 Authers in [10] investigates the development and application
of machine learning models to improve Intrusion Detection
Systems (IDS) for network security, particularly in cloud com-
puting environments. The authors underline the importance of
powerful IDS due to the increasing intensity and intelligence
of network attacks. They offer an efficient framework based on
machine learning that integrates simply into existing network
infrastructure and operates in real-time.
This model is trained on the ISOT-CID dataset, which
contains precise network traffic parameters that aid in the
successful detection of harmful actions. The researchers also
include new network elements, which they feel will consider-
ably improve the model’s prediction accuracy. These properties
include measurements like as traffic in/out, average packet
length, and time between packets, which are critical for detect-
ing network irregularities. The suggested IDS’s effectiveness
is proven by rigorous testing against established machine
learning models such as Decision Trees, K-Nearest Neighbors,
and Support Vector Machines, with measures like precision,
recall, and F-score.
Their findings indicate that their model not only detects
recognized kinds of network breaks but may also discover
new, previously unknown attack paths, demonstrating machine
learning’s potential to advance the field of cybersecurity. This
study adds to the current discussion in cybersecurity literature
on the incorporation of machine learning techniques into
IDS and the need for models that can adapt to the changing
landscape of network threats.
Authors in [11] illustrates the evolution and challenges in
insider threat detection, particularly the limitations posed by
spatial heterogeneity and sample imbalance of input features.
Traditional detection systems, which rely on manually derived
user behavior variables, frequently struggle with long-term
behavior modeling, reducing threat detection effectiveness.
The review observes a move toward temporal models and
deep learning, which provide dynamic feature extraction and
better capture temporal dependencies, resulting in improved
anomaly identification. These newer algorithms, particularly
those based on Recurrent Neural Networks (RNN) and its
derivatives, approach threat detection as a sequence prediction
problem and are more adept at detecting tiny abnormalities in
user behavior.
However, issues continue, particularly in accurately
describing user entities and managing unbalanced datasets
that cause overfitting. The review critically examines current
approaches, emphasizing the need for new strategies that
improve detection accuracy and toughness, leading to the
proposed method in the study, which addresses these gaps by
combining group learning with a self-supervised approach.
This literature analysis clearly distinguishes the transition from
old methodologies to powerful machine learning approaches
in addressing the difficulties of insider threats in cybersecurity.
Author in [12] investigates the growing cyber dangers to the
Internet of Medical Things (IoMT). The IoMT is especially
vulnerable because of its essential position in healthcare,
where security failures can have negative effects. The authors
point out that typical detection systems, while suitable for
less important applications, are ineffective in dealing with the
complex nature of attacks on medical devices. As a result,
there is a move toward using advanced machine learning (ML)
and deep learning (DL) approaches, such as Deep Recurrent
Neural Networks (DRNNs), which provide more effective
anomaly detection by learning complicated patterns in data
over time.
The paper also examines the use of bio-inspired techniques
such as Particle Swarm Optimization (PSO) for feature
optimization, which improves the efficiency of these ML
models in recognizing subtle threats. The employment of
such advanced techniques marks a substantial departure
from previous methodologies, which relied mainly on
simpler statistical models and threshold-based monitoring
systems. This trend highlights an important move toward
more dynamic, intelligent systems capable of protecting the
security and integrity of sensitive medical data inside the
IoMT framework, while also tackling current and new cyber
threats.
Authors in [13] used an experimental design that included
both supervised and unsupervised machine learning methods.
Key techniques tested were neural networks, support vector
machines (SVM), and isolation forests, among others. The
study’s methodology included the development of a testbed
that simulated real network environments, allowing for the
collection and analysis of data across multiple machine learn-
ing frameworks. The sample size contained more than 190
million network flows and 4,000+ attack scenarios, resulting
in a comprehensive dataset for study. The study’s findings
were noteworthy, demonstrating that machine learning mod-
els, specifically deep learning networks and isolation forests,
outperformed standard rule-based intrusion detection systems.
Deep neural networks achieved high accuracy (up to 98.1%)
and detection rates (up to 99.3%) while having very low
false positive rates. These results show that machine learning
can detect and respond to emerging cyber threats more
effectively than traditional techniques. The study indicated
that incorporating machine learning into cybersecurity
operations significantly improves threat detection capabilities,
indicating a move toward more intelligent and responsive
cybersecurity systems.
Authors in [14] found that, whereas traditional IDS systems
rely mainly on signature- or rule-based detection, which limits
their ability to detect new and undiscovered threats, machine
learning models may learn and predict from data, possibly
discovering novel attacks. The study discovered that SVM,
KNN, and DT models obtained varying degrees of accuracy,
precision, and recall across the datasets.
The major findings of the comparison research reveal that,
while no single model consistently outperformed others across
all datasets, various models did better in specific settings,
with DT generally delivering strong performance. These
findings highlight the significance of choosing appropriate
machine-learning algorithms depending on the individual
requirements and features of the data being examined in
IDS. The findings call for a more nuanced approach to using
machine learning in cyber security, implying that a variety of
models may be required to attain optimal performance across
various types of cyber threats.
Authors in [15] investigate the improvement of network
intrusion detection systems (IDS) using a novel integration
of Q-learning-based reinforcement learning with deep feed
forward neural networks, known as Deep Q-Learning (DQL).
The primary goal of the research is to create a self-learning
intrusion detection system capable of autonomously detecting
and adapting to various network intrusions with minimal
human intervention. This experimental study takes a compre-
hensive empirical approach, with the DQL model carefully
tested using the NSL-KDD dataset, which serves as the major
data source for assessing the model’s performance.
The DQL model offers a significant methodological im-
provement in that it combines theoretical components of rein-
forcement learning with practical, deep learning applications
to effectively handle complex state spaces. The experimental
strategy for the study included training the DQL model over
many sessions and evaluating its performance against several
intrusion detection criteria.
The study’s key findings show that the DQL model
outperformed other comparable machine learning algorithms
with a detection accuracy of more than 90%. The data show
that lower discount factors in the reinforcement learning
algorithm, especially 0.001, produce the greatest results after
250 training episodes. These findings indicate that the DQL
model not only accurately recognizes numerous types of
network intrusions.
Authors in [16] focuses on creating a comprehensive system
for detecting insider threats using machine learning techniques,
with a particular emphasis on data theft cases. The study
adopts an experimental design, with a large sample of data
from the publicly available CERT insider threat dataset. The
authors employ the Deep Feature Synthesis (DFS) technique to
synthesize a comprehensive set of behavioral features (69,738
features per user) from historical data. Dimensionality is
reduced using Principal Component Analysis (PCA), and the
imbalance in the dataset is handled with the Synthetic Minority
Over-sampling Technique. The study’s key variables include
user activity measurements extracted from the dataset, which
are then examined using a variety of machine learning models,
including anomaly detection and classification.
The findings of the study are highly notable. The anomaly
detection models obtained up to 91% accuracy, while the
classification models yielded even better results. The Support
Vector Machine (SVM) model, in particular, stood out for its
perfect accuracy rate of 100% in detecting insider threats.
These findings show the value of using advanced feature
engineering and machine learning techniques to improve
cybersecurity safeguards against insider threats.
Authors in [17] focuses on improving cybersecurity in IoT
environments using automated technologies. The major goal
is to create a robust system that uses machine learning (ML)
and artificial intelligence (AI) to efficiently detect and classify
cybersecurity vulnerabilities in IoT devices. MFO-RELM is
a new model developed by researchers that combines Mayfly
optimization (MFO) and a Regularized Extreme Learning Ma-
chine (RELM). This approach preprocesses real IoT data into
a meaningful format and uses RELM for classification, with
MFO being utilized to modify the RELM model’s parameters
for better performance.
The study found that the MFO-RELM model outperforms
existing models in detecting and categorizing cybersecurity
risks. The model performed well in terms of accuracy
approximately 99.79% across different threat scenarios,
precision was about 98.84%, recall averaged around 98.84%,
and F-scorewas about 98.84%, these metrics across a variety
of threat scenarios. These findings imply that incorporating
MFO for parameter optimization into the RELM model
significantly improves its ability to identify and categorize
cybersecurity threats in IoT contexts, making it a promising
tool for maintaining the security of increasingly common IoT
devices.
Authors in [18] offers an AI-based Security Information
and Event Management (AI-SIEM) system that uses event
profiling and artificial neural networks (ANNs) to improve
cyber threat detection accuracy while reducing false positives,
allowing security analysts to respond quickly and effectively.
The study employs an experimental methodology, applying
the AI-SIEM system to two benchmark datasets, NSLKDD
and CICIDS2017, as well as two real-world datasets, to
ensure the model’s effectiveness in a variety of contexts.
The methodology begins with data preprocessing by event
profiling, followed by the deployment of multiple ANN mod-
els for threat categorization and prediction, including Fully
Connected Neural Networks (FCNN), Convolutional Neural
Networks (CNN), and Long Short-Term Memory (LSTM).
Accuracy, precision, recall, and F-score are some of the
key performance indicators considered. Notably, the CNN
model obtained an accuracy of around 99% after several
training rounds, suggesting its high effectiveness in threat
identification. Precision, recall, and F-score metrics all
showed strong performance, outperforming classic machine
learning models such as SVM, k-NN, RF, NB, and DT. This
study demonstrates the potential for incorporating advanced
neural network designs into cybersecurity infrastructures to
greatly increase real-time threat detection capabilities.
Authors in [19] developed and evaluated a new machine
learning approach, the Class Probability Random Forest
(CPRF), to improve network attack detection. Using the CI-
CIDS2017 dataset, the study employs an experimental research
methodology and focuses on data preparation, feature engi-
neering, and advanced machine learning techniques such as
logistic regression, random forest, Gaussian Naive Bayes, and
decision trees.
The major variables in this study are network traffic
characteristics that aid in distinguishing between legitimate
and malicious operations. The performance is validated using
a k-fold cross-validation method and then optimized using
hyperparameter tweaking. The study’s noteworthy findings
include the CPRF strategy achieving an outstanding accuracy
of 99.9%, and the random forest model outperforming
conventional machine learning techniques. Furthermore, the
CPRF model’s precision, recall, and F1-score all reached
100%, demonstrating its ability to effectively identify and
categorize cybersecurity threats.
Authors in [20] focuses on improving cyber-attack detection
in cyber-physical systems (CPS) using Artificial Intelligence
(AI) and Machine Learning (ML) techniques. This experimen-
tal study uses AI and ML to improve the security of CPS,
which are becoming increasingly vulnerable to cyber threats
due to their network connectivity.
The study suggests a new framework that uses Linear
Discriminant Analysis (LDA) for feature extraction and
combines Self-tuned Fuzzy Logic-based Hidden Markov
Model (SFL-HMM) with Heuristic Multi-Swarm Optimization
(HMS-ACO) for attack detection. The efficiency of this
technology is proved using MATLAB simulations and
contrasted to traditional methods. The major findings
demonstrate significant gains, with the new framework
beating existing detection algorithms in terms of efficiency
and accuracy.
This section provides a comprehensive assessment of
widely used machine learning approaches to evaluate their
performance in detecting several well-known cybercrimes.
has examined commonly used machine learning algorithms,
including decision trees, deep belief networks, support vector
machines, and other novel methods like deep Q-learning and
BAT deep learning. The majority of the review papers focused
solely on a certain threat. However, the article considered
common cyber threats.
IV. CONCLUSION
Cyber threats are increasing at a growing pace. The
conventional security techniques are not capable enough of
coping with these threats. Machine learning techniques are
being applied to overcome the limitations of conventional
security systems. Machine learning techniques are playing
their role at both ends: at defender-end and attacker-end. it has
presented a performance comparison of some learning models
to detect and classify the intrusion, spam and malware. it
has considered frequently used and benchmark datasets to
compare the evaluation results in terms of recall, recision
[21] , and accuracy.
Different learning models are being used for specific
different cyber threats. On the other hand, there is avast
number of authors who have worked to highlight the
constraints faced by machine learning techniques. it has
observed and suggested that there is a dare need of latest
benchmark dataset to test the latest advancement in the field
of machine learning for cyber threat detection. Available
datasets lack in terms of diversity and sophisticated attacks
and contain missing values. There is a need for specific and
customized learning models specifically designed for security
purposes. In future, we will focus on analyzing more learning
techniques for cyber threat detection.[21]
REFERENCES
[1] M. N. Al-Mhiqani, R. Ahmad, Z. Zainal Abidin,
W. Yassin, A. Hassan, K. H. Abdulkareem, N. S. Ali, and
Z. Yunos, “A review of insider threat detection: Classifi-
cation, machine learning techniques, datasets, open chal-
lenges, and recommendations,” Applied Sciences, vol. 10,
no. 15, p. 5208, 2020.
[2] J. H. Joloudari, M. Haderbadi, A. Mashmool,
M. GhasemiGol, S. S. Band, and A. Mosavi, “Early
detection of the advanced persistent threat attack using
performance analysis of deep learning,” IEEE Access,
vol. 8, pp. 186125–186137, 2020.
[3] G. Tsochev, R. Trifonov, O. Nakov, S. Manolov, and
G. Pavlova, “Cyber security: Threats and challenges,” in
2020 International Conference Automatics and Informat-
ics (ICAI), pp. 1–6, IEEE, 2020.
[4] L. Liu, P. Wang, J. Lin, and L. Liu, “Intrusion detection
of imbalanced network traffic based on machine learning
and deep learning,” IEEE access, vol. 9, pp. 7550–7563,
2020.
[5] A. Manoharan and M. Sarker, “Revolutionizing cyberse-
curity: Unleashing the power of artificial intelligence and
machine learning for next-generation threat detection,”
DOI: https://www. doi. org/10.56726/IRJMETS32644,
2023.
[6] V. Demertzi, S. Demertzis, and K. Demertzis, “An
overview of cyber threats, attacks and countermeasures
on the primary domains of smart cities,” Applied Sci-
ences, vol. 13, p. 790, Jan 2023.
[7] T. Su, H. Sun, J. Zhu, S. Wang, and Y. Li, “Bat: Deep
learning methods on network intrusion detection using
nsl-kdd dataset,” IEEE Access, vol. 8, pp. 29575–29585,
2020.
[8] N. Elmrabit, S.-H. Yang, L. Yang, and H. Zhou, “Insider
threat risk prediction based on bayesian network,” Com-
puters & Security, vol. 96, p. 101908, 2020.
[9] I. H. Sarker, Y. B. Abushark, F. Alsolami, and A. I. Khan,
“Intrudtree: a machine learning based cyber security
intrusion detection model,” Symmetry, vol. 12, no. 5,
p. 754, 2020.
[10] A. Alshammari and A. Aldribi, “Apply machine learning
techniques to detect malicious network traffic in cloud
computing,” Journal of Big Data, vol. 8, no. 1, p. 90,
2021.
[11] C. Zhang, S. Wang, D. Zhan, T. Yu, T. Wang, and M. Yin,
“Detecting insider threat from behavioral logs based
on ensemble and self-supervised learning,” Security and
Communication Networks, vol. 2021, pp. 1–11, 2021.
[12] Y. K. Saheed and M. O. Arowolo, “Efficient cyber
attack detection on the internet of medical things-smart
environment based on deep recurrent neural network
and machine learning algorithms,” IEEE Access, vol. 9,
pp. 161546–161554, 2021.
[13] F. Bouchama and M. Kamal, “Enhancing cyber threat de-
tection through machine learning-based behavioral mod-
eling of network traffic patterns,” International Journal
of Business Intelligence and Big Data Analytics, vol. 4,
no. 9, pp. 1–9, 2021.
[14] I. F. Kilincer, F. Ertam, and A. Sengur, “Machine learning
methods for cyber security intrusion detection: Datasets
and comparative study,” Computer Networks, vol. 188,
p. 107840, 2021.
[15] H. Alavizadeh, H. Alavizadeh, and J. Jang-Jaccard,
“Deep q-learning based reinforcement learning approach
for network intrusion detection,” Computers, vol. 11,
no. 3, p. 41, 2022.
[16] B. Bin Sarhan and N. Altwaijry, “Insider threat detection
using machine learning approach,” Applied Sciences,
vol. 13, no. 1, p. 259, 2022.
[17] F. Alrowais, S. Althahabi, S. S. Alotaibi, A. Mohamed,
M. A. Hamza, and R. Marzouk, “Automated machine
learning enabled cybersecurity threat detection in internet
of things environment.,” Computer Systems Science &
Engineering, vol. 45, no. 1, 2023.
[18] M. Sravanthi, G. Suchithra, and P. Vennela, “Cyber threat
detection based on artificial neural networks using event
profiles,”
[19] A. Raza, K. Munir, M. S. Almutairi, and R. Sehar, “Novel
class probability features for optimizing network attack
detection with machine learning,” IEEE Access, 2023.
[20] R. Almajed, A. Ibrahim, A. Z. Abualkishik, N. Mourad,
and F. A. Almansour, “Using machine learning algorithm
for detection of cyber-attacks in cyber physical systems,”
Periodicals of Engineering and Natural Sciences, vol. 10,
no. 3, pp. 261–275, 2022.
[21] K. Shaukat, S. Luo, S. Chen, and D. Liu, “Cyber threat
detection using machine learning techniques: A perfor-
mance evaluation perspective,” in 2020 international con-
ference on cyber warfare and security (ICCWS), pp. 1–6,
IEEE, 2020.
Table 1. Comparison of literature review

No Reference Year Threat type Learning model Sub-domain Accuracy

1 [2] Early 2020 Advanced Persistent Deep learning Anomaly-Based Deep learning =
Detection Threat (APT) Bayesian network 98.85%
C5.0 Decision tree Bayesian network =
88.37%
C5.0 decision tree =
95.64%
2 [4] 2021 R2L and U2R attacks DSSTE, classification, Anomaly-based DDSTE= 82%
Intrusion detected by Siam-IDS SVM Other=94%
detect
embalance
d
3 [7] BAT 2020 Normal, DoS, R2L, BAT-MC model The research 84.25%
deep U2R, Probe combines BLSTM paper focuses on
network intrusion
detection using
deep learning.
4 [8] insider 2020 Insider threat Bayesian Network/ insider threat risk 87%
threat risck Directed Acyclic prediction.
Graph (DAG)
5 [9] 2020 Intrusion Decision Tree Hybrid-Based 86.29 %
intuDTree (Misuse +
anomaly)
6 [10] Apply 2021 DoS, Ninth attacks Lightweight ML Intrusion SVM =68% to 84%
machine type detection, ANN =96
learning anomaly KNN =100
detection Random Forest = 100

7 [11] 2021 Insider threats LSTM-based detector Insider threats 99.2% and 95.3%
Detecting
insider
8 [10] 2021 Data breaches, man- KNN, RNN Internet of 99.76%
Efficient in-the-middle, DoS, Medical Things
cyber- probing, U2R (IoMT)
attack
detection
9 [11] 2021 sophisticated attacks DNN, CNN, long The research DNN = 97%
Enhancing short-term memory, focuses on CNN=98%
cyber random forest enhancing cyber LSTM=97%
threat detection RF=91%
through machine
learning.
10 [12] 2021 DDoS, probing Deep Recurrent Internet of 99.76%
Internet of attacks, remote to Neural Network Medical Things
Medical local attacks, and user (DRNN), Random (IoMT)
to root attacks. Forest (RF), Decision
Things
Tree (DT), K-Nearest
Neighbors (KNN),
Particle Swarm
Optimization (PSO)
11 [13] 2021 general network- SVM, k-means Anomaly-based 98.1%
Enhancing based threats clustering and
cyber
isolation forests,
threat
detection
12 [ 14] ML 2021 Brute Force Attack SVM, DT, and KNN Hybrid based 99.18%
methods (DoS)
Exploit
SQL Injection
(DDoS)

13 [15] Deep 2022 Intrusion detection Deep Q-Learning Anomaly-based 94%

Q learning model
14 [16] Insider 2022 Data theft, Privilege SVM Insider threat 100%
threat abuse, Privilege detection
detection escalation, Sabotage

15 [17] 2022 General cybersecurity Mayfly Optimization IoT environments 99.76% accuracy,
Automated threats (MFO) + Regularized 99.19% precision,
machine Extreme Learning 98.20% recall, and
learning Machine (RELM), 98.69% F-score
named MFO-RELM
16 [18] cyber 2023 malware infections, (FCNN), (CNN), and Network 99%
threat unauthorized Long Short-Term intrusion
detection
access attempts, Memory (LSTM) detection
based on
AI DoS attacks networks. These
models are part of
(AI-SIEM)
17 [19] Novel 2023 Phishing, malware Class Probability Network security 99.9%
Class distribution, brute- Random Forest and intrusion
Probability force attacks (CPRF) detection.
Features
18 [20] using 2022 General cyber attacks Linear Discriminant Cyber-Physical in terms of detection
machine Analysis (LDA), Self- Systems (CPS). rate, false positive
learning tuned Fuzzy Logic rate, and computation
algorithm based Hidden Markov time
for Model (SFL-HMM),
detecting Heuristic Multi-
Swarm Optimization
(HMS-ACO