Machine Learning Approaches for Cyber Threat Detection

Abstract

As cyber threats increasingly pose challenges to keeping both security and integrity as a hallmark of digital infrastructures, there is a need for advancing detection mechanisms capable of tackling the nature of evolving threats such as zero-day exploits, advanced persistent threats, and insider intrusions, among others. Using Machine Learning (ML)—enabling systems to learn what patterns are normal and which are malicious—means that organizations are able to utilize ML as an effective tool for acceleration and improvement in cyber threat detection. This paper reviews ML approaches including supervised, unsupervised, and ensemble learning approaches focused on tasks such as attacker intrusion detection and anomaly detection. There are unique contributions to the study of ML for cyber threat detection in areas of the interdisciplinary field, including findings of classification algorithms (both supervised and unsupervised), feature selection methods, and accuracy metrics like accuracy, precision, recall, and F1-score. The weaknesses and strengths of ML models for aiding in the processing of large-scale, imbalanced datasets were also highlighted, alongside the ability of organizations to use ML in ever-evolving threats. Additionally, we indicated open challenges for future research and development that pertain to using both Trustworthy and Explainable AI systems; real-time detection; explain ability and usability; privacy by design; new mitigation, containment and remediation schemes; and data privacy issues; and we identified areas for develop future studies based on existing issues needing further development to make more advanced cyber defense systems in the future.