Network and cybersecurity applications of defense in adversarial attacks: A state-of-the-art using machine learning and deep learning methods

4.1.1 Most relevant words

Common words that are often repeated in research papers in this field are indicated in Figure 9. These words are the key descriptors of popular themes and topics in the literature, providing an idea of the major areas of concentration as well as research trends. Through the identification of the recurring terms, researchers can identify the focused and central issues of the scholarly discourse in the field of network and cybersecurity applications of defense against adversarial attacks.

We selected the top essential words from 42 papers. For this purpose, we identified the main concepts and significant terms of each article. With a wide variety of topics presented in these papers, the most useful words will change based on which article they are associated with. There are many shared subjects in these studies, such as ML, cybersecurity, IDSs, adversarial attacks, DL, and other similar ones.

4.1.2 Most relevant sources

Figure 10 shows the most significant journals as sources of publications based on the number of times they were cited in the papers. The figure demonstrates the most influential and frequently cited journals as sources for papers.

The chosen relevant sources among the 42 papers involve respectable academic publications, which include Computers & Security, the Internet of Things, the Journal of Information Security and Applications, Computer Communications, Computers and Security, Expert Systems with Applications, the Journal of King Saud University-Computer and Information Sciences, Ad Hoc Networks, Applied Soft Computing, and Computer Networks. These journals are also commonly distinguished because they make significant innovative contributions to cybersecurity, network security, artificial intelligence, and related areas. High-quality research papers, reviews, and theoretical concepts are published by the magazine with works that make profound contributions to societies. Researchers frequently use papers published in these journals because they are recognized to be accurate, the methodology is rigorous, and such research corresponds to areas of interest in cybersecurity and networking.

4.1.3 Words, sources frequency, and trend topic over time

The rarest words of the most frequent words found in the titles or abstracts of scientific papers, sorted by publication year, are represented in Figure 11. Through such visualization, one can deduce which themes are gaining momentum within the field over time and which terms have been most appealing for researchers to engage with in each particular year. In contrast, Figure 12 represents various sources that served as a research base over time. This visualization provides insight into the research flow and represents the journals and platforms through which research works in different years were disseminated. Figure 13 shows the trend topics analyzed over time, providing an interpretation of the changing subject niches and study focus within the field. Through this visualization, these choices can be revealed, such as recurrent themes, emerging trends, and evolving research continuing lines, which together provide a holistic overview of the advancement of networks and cybersecurity based on defense against adversarial attacks.

The compilation of 42 papers covers a broad spectrum of issues concerning cybersecurity, ML, and network security. In-depth papers have been written on many topics, including intrusion detection, adversarial attacks, anomaly detection in IoT devices, malware detection, federated learning, and predictive maintenance in smart systems. Technologies include but are not limited to DL, reinforcement learning (RL), adversarial learning, and blockchain technologies. The conclusions of those articles contribute to the development of reliable security strategies for the IoT. The incorporation of ML along with cutting-edge methods, such as federated learning and blockchain, gives rise to interesting avenues for preventing and protecting against emerging cyber threats.

4.1.4 Word cloud

The word cloud delivers a holistic view of certain topics [69] through the most frequent terms picked from Document titles (Figure 14), Keywords (Figure 15), and Abstracts (Figure 16). The expression “adversarial attack” takes the lead in statistics. Other notable terms that have been used by researchers most frequently include “cybersecurity,” “IoTs,” “defense,” “security,” and “network.” These outcomes represent the main areas and the most relevant concepts that are focused on cyber and network security system protection against hostile attacks and unknown elements, opening more possibilities for further studies in this area.

The 42 papers covered a vast field covering all the cybersecurity viewpoints within the framework of network defense. Some professional fields, such as “computer and network security,” indicate the importance of keeping IT structures secure. In addition, the two most significant trending topics were “ML” and “adversarial attacks,” which indicated that there was a rapid increase in the number of studies on the use of ML techniques to detect and handle adversarial attacks. In addition to “network,” “IoT” also appears, which can be assumed to focus on ensuring the security of IoT devices and the overall networked infrastructure. “Intrusion detection” or “anomaly detection” is paramount in this context because surveillance systems are fortified to address and address deviant behaviour products of abnormalities. These keywords outline what is typically done by the teams that carry out research to bolster Internet safety and shield against cyber threats that are ever-changing.

4.1.5 Tree map

The traditional approach of depicting hierarchical information, which mostly utilizes structured trees, has some flaws when portraying large and multilayered data since it become difficult to visualize such information in the given space constraints. The Tree-Map algorithm had to be designed to solve this problem, and this algorithm renders large trees for thousands of nodes [70].

For the application of this empirical research, Figure 17 shows the tree map generated by using the algorithm. In the higher stratum of the hierarchy, the definitions of words such as “adversarial,” “attack,” “network,” and “detection” are visualized. The words probably depict the broadest subject or anchor point for the research subdomain. The next step involves a visualization that shows further terms such as “IoT” at the lower level of the hierarchy, depicted in a forest plot that demonstrates the hierarchical relationship to the first-level terms.

Owing to the Tree-Map technique, the map covers a wide range of research subjects without causing overcomplication, which is essential for researchers to determine the correlation between various terms and concepts faster and more effectively.

The term “security” is clearly evident in the tree map visualization, symbolizing the central attention given to diverse cyber-security issues. It can refer to various issues such as adversarial, attack, network, and detection. It acts as the main hub in the tree map, which adds attention to the overall importance of the research area in the papers.

4.1.6 Co-occurrence network

Bibliometric studies incorporate co-occurrence networks as one of the main instruments that they investigate. The broad network of key concepts entails the previous terms that have been connected with the analysis, and then the professionals are provided policy-makers and experts with the conceptual structure of such a given area of study [61]. Figures 18 and 19 consist of co-occurrence networks created from titles and abstract articles in the literature.

The relevant terms and concepts in the research cybersecurity papers are linked in the co-occurrence network, and 42 papers reveal the cohesiveness of these terms and concepts. Along with these significant categories, the main categories displayed in the titles and abstracts are “learning,” “detection,” “adversarial,” and “attack.” It can be concluded that these particular terms frequently appear in the same context among the subject matter of the artworks. This implies that most of the period when one is looking for “learning,” they are doing so in the context of “detection,” which shows the wide application of ML methods in building IDSs. In addition, “adversarial” and “networks” are especially connected, which points to the continuous actions taken to develop cybersecurity defenses for fast-changing threats. As a result, the network of terms offers extremely useful data on the main ideas and passages in the topic study of cybersecurity research represented by the 42 articles.

4.1.7 Thematic map

A map of thematic map was also created based on the density and centrality indices to be divided into four topological regions (Figure 20). This conclusion was derived by surveying the papers analyzed in this study with additional relevant keywords.

The cybersecurity thematic map, generated from the 42 papers, illustrates the wide spectrum of topics covered by cybersecurity research. Thematic consists of associated concepts that are spread across abstracts. For instance, one topic may be “ML in Cybersecurity”, which comprises various elements, including anomaly detection, adversarial attacks, and IDSs. There can also be a theme called “IoT Security,” which might cover topics such as vulnerability analysis, anomaly detection in IoT networks, and blockchain-based security solutions for IoT devices. Each group characterizes the complex interrelations among research subjects within the larger framework of cybersecurity themes in the study, thereby clarifying the overall research domain.

4.1.8 Factorial analysis

Factorial analysis assesses similarity by enabling users to standardize bibliographic coupling, co-occurrence, and cocitation measures. It is utilized to chart the conceptual framework of a discipline by analysing word frequency within specific bibliographic clusters [71] (Figure 21).

Factorial analysis of the 42 articles allowed us to study the interrelation and trend among distinguished issues such as research methods and findings. Through examination of the factors listed earlier, discerning trends as well as the interrelations they have with each other can be accomplished. Suppose we realize that texts about “adversarial attacks,” in most cases, take “ML” techniques into account and evaluate “robustness evaluation” as major issues of their analysis. Factorial analysis, in turn, purposefully reveals the backstage structure and tendencies of cybersecurity research in general.

4.2.1 Security enhancement techniques

In the realm of this category, a notable subset comprises 16 articles out of the 42 chosen articles. Two studies delve into neural network-based malware detectors. Shaukat et al. [72] developed 10 malware classifiers based on neural networks. Among this group of systems, nine were trained to face a specific type of assault, whereas the tenth was not. The approach involved not only the creation of but also the introduction to the defending system of new techniques. Such a mode of training a neural network requires the application of different adversarial strategies to the network. A similar work by Falana et al. [73] used an ensemble of deep convolutional neural network (CNN)s and GANs (known as Mal-Detect) to perform malware analysis, classification, and detection. Two studies delve into this field, but more research is needed because it is a critical area in cybersecurity. Enhancing these detectors can bolster digital defense strategies effectively

In the field of IDSs, seven studies have been conducted. Sharma et al. [74] proposed a novel anomaly-based IDS system for IoT networks using the DL technique. In particular, a filter-based feature selection DNN model in which highly correlated features are removed has been presented. In the study by Sethi et al. [75], a multiagent IDS model in which deep Q-networks are engaged by several agents and core attention mechanisms are applied to effectively perceive and categorize sophisticated network intrusions was introduced. Mishra et al. [76] presented a weighted stacked ensemble model that combined bidirectional long short-term memory networks with deep convolutional generative adversarial networks. The main objective of Khan et al. [77] was to examine various forms of CAN-bus traffic data for intrusion attack detection while also taking into account time complexity. In addition, Saheed et al. [78] proposed an IoT defender framework that employs a modified genetic algorithm (MGA) and an LSTM model to detect cyberattacks in IoT networks. The implementation is pioneering because the MGA is used for feature selection, while the GA for the refinement of the LSTM parameters is incorporated within the evolutionary computation framework. Furthermore, Rookard and Khojandi [79] defined RRIoT, which is based on a RL algorithm that works in an adversarial environment. Along with these factors, an LSTM layer is also applied. Here, the performance of the aforementioned approach is evaluated against that of both novel methods and state-of-the-art ML/RL algorithms. Finally, the research conducted by van Geest et al. [80] brought to light a new experiment of simulating bypass attacks on models whose principle of operation is limited to a single analysis. Then, the potential of hybrid methods was explored, and the advantages of these techniques with multiple models are that they compromise confidentiality and effectiveness. These studies further revealed the drawbacks of hybrid models, which largely favour their effectiveness while prioritizing their universality. These studies could improve clarity by condensing lengthy sentences and emphasizing the practical implications of the research findings for cybersecurity practices.

In addition, seven papers on cybersecurity tactics and procedure identification were published. Imran et al. [81] focused on identifying and detecting cybersecurity tactics, techniques, and procedures based on an ML approach. For I-IoT systems, Gungor et al. [82] showed that cybersecurity is a great challenge because of inadequate standardization and the lack of skills required to implement such systems. The goal of Alzahrani and Asghar [83] was to ascertain how IoT frameworks centred around logistics can categorize different threats. Consequently, this study sought to explore the optimal approach for deploying a system to detect cyber vulnerabilities within the data exchange of logistics-based IoT, utilizing historical data. Alshaikh et al. [84] aimed to understand decision makers’ and specialists’ perceptions of ML capabilities for defensive cybersecurity applications. The contributions are made in the following three areas: (1) MLCS capabilities, (2) MLCS implementation, and (3) MLCS evaluation and communication. Aurangzeb et al. [85] aimed to commence a study on deep black box adversarial attacks against smart power grids, demonstrating that statistically significant impacts on a national smart power grid can be achieved with absolute security. In addition, they investigated the detection of cybersecurity attacks on smart power grids. In addition, Nkoro et al.’s [86] methodology endeavours to identify various cyber threat categories that could impact virtual reality (VR) learning platforms by employing a straightforward DNN that offers explanations for its detection. In addition, Aygul et al. [87] investigated the capabilities and possible weaknesses of ML-driven transient stability prediction (TSP) models when confronted with such cyber threats. By tackling the hurdles associated with integrating renewable energy and modifying grids, their objective is to offer valuable insights that can bolster grid security and maintain a dependable power distribution system. From these studies, we infer insufficient practical implementation insights in the study of IoT frameworks, potential oversight of technical feasibility in perception-based analysis in defensive cybersecurity, lack of scalability considerations in the study of adversarial attacks, incomplete coverage of potential threats in the methodology employed for threat identification in VR platforms, and a failure to address broader system vulnerabilities beyond cyber threats in the investigation of ML-driven TSP models.

4.2.2 Adversarial attack strategies and defense mechanisms

This section includes adversarial attack strategies and defense mechanisms, as this section consists of seven contributions out of 42.

Two studies of secure physical systems and interconnection architecture were conducted. Jia et al. [88] devised an attack that bypasses the anomaly detectors and rules checkers of cyber-physical systems (CPSs). Due to the popularity of gradient-based methods, adversarial attacks produce noise in sensor action values, and a genetic algorithm is used to enhance this noise. Ahmed et al. [89] presented a secure mm-wave wireless interconnection architecture for mobile communication management centre systems. Even though wireless interconnects can provide an advantage to off-chip communication in MCMC systems by decreasing single-hop link energy consumption, when they are attacked, for example, by jamming-based DoS attacks, they will offer little protection. Sports the ML algorithm-based firewall and protection schemes our architecture believed to counter both external and internal persistent DoS attacks based on jamming.

Four studies on generating adversarial attacks and model robustness. Dai et al. [90] present negative sampling-based network embedding adversarial training with refinement for subtraction and for textured models that evolve in a specific manner. The central aspect in Pawlicki et al. [91] is to provide a way to counter the attacks on ML due to cyberattacks with a suggestion of the adversarial ML solution for such detection, and after the evaluation of the possibility of reducing the performance of the well-optimized intrusion detection, four methods for attack detection are provided. Furthermore, Duy et al. [92] explored the method of generating adversarial attack samples via the GAN model to develop an IDS. They proposed DIGFuPAS, a framework that can create attack samples that can bypass ML-based IDSs in software-defined networks in a black-box manner. Research on the weaknesses of wireless communication toward remote connections as a means of control in mini-electric AVs was performed [93]. The study consisted of vehicle production and the demonstration of the existence of threats in autonomous driving technology via an attack on the testing environment in the form, for example, DDoS.

Moreover, the field of disablement of IDSs consisted of only one study. Chen et al. [94] designed an attack model characteristic of IDS evasion – the Anti-Intrusion Detection AutoEncoder – to generate features that can bypass an IDS. The proposed structure works out with an encoding feature, and in the opposite direction, different decoders reconstruct continuous and discrete features. In addition, a GAN is utilized to gather the expansive prior distribution of the latent space. These studies provide insights into adversarial attack strategies and defense mechanisms with many contributions. This article details studies on secure physical systems, wireless interconnection architecture, and adversarial attacks on ML models. However, it lacks clarity due to dense information and could benefit from clearer organization and summarization of key findings.

4.2.3 Innovative security mechanisms and solutions

Within the innovative security mechanisms and solutions category, 19 of 42 papers focused on six subcategories. There were two papers in the field of blockchain and semantic computing networks (SCN). In the study by Mirsky et al. [95], (1) a novel approach for anomaly detection and (2) a lightweight framework that utilizes the blockchain to assemble an anomaly detection model in a distributed environment were proposed. Shi et al. [96] proposed a knowledge-guided SCN constructed with a primary knowledge-guided semantic tree module and an auxiliary data-driven lightweight neural network module. Blockchain and SCNs are crucial areas requiring extensive research. Two studies alone cannot adequately address the complexities and potential of these fields. Further investigation is necessary for comprehensive understanding and development. Blockchain and SCNs are crucial areas requiring extensive research. Two studies alone cannot adequately address the complexities and potential of these fields. Further investigation is necessary for comprehensive understanding and development.

Four contributions to privacy preservation and adversarial robustness. Bai et al. [97] proposed detecting evidence of LM using ML and Windows RDP event logs. They explored different feature sets extracted from these logs and evaluated various supervised ML techniques for classifying RDP sessions with high precision and recall. Chen et al. [98] demonstrated that the multiexit network can reduce the impact of adversarial perturbations by outputting easily identified samples at early exits. Therefore, it can improve the adversarial robustness. Furthermore, the multiexit network can prevent catastrophic overfitting in single-step adversarial training. In the study by Roshan and Zafar [99], the objective was to introduce a dual-phase defense strategy against the potent optimization-based adversarial attack known as Carlini & Wagner (C&W). These two defense phases consisted of training and testing phases. Through the training phase, a modified adversarial training approach employing Gaussian data augmentation is utilized. In the testing phase, the feature squeezing technique is applied to the generated list of adversarial samples before they are fed into the resilient NIDS model for the ultimate classification. In the study by Sharma et al. [100], a GAN architecture called MIGAN was proposed for the generation of malware images. This system has the advantage of being able to generate malware images of very high quality and sorting out the malware samples according to families. One potential downside of these studies is their focus on specific techniques or approaches, which do not fully address the diverse range of adversarial threats and privacy concerns present in complex real-world scenarios. In addition, the effectiveness of these methods in practical applications outside controlled environments may vary.

In addition, there are five studies in the field of federated learning security optimization. Wan et al. [101] proposed integrating blockchain-enabled FL with Wasserstein generative adversarial network (WGAN)-enabled differential privacy (DP) to protect the model parameters of edge devices in B5G networks. OQFL is a newly introduced federated learning scheme that optimizes hyperparameters by employing various adversarial attacks in AV settings [102]. In the study by Ahmad and Shah [103], the goal was to identify attacks while safeguarding the privacy of IoT users. To achieve this goal, they pursued a lightweight mini-batch federated learning approach that is computationally efficient and demands only a minimal number of federation rounds to detect malicious activity in an IoT network. FedGenID is a novel and highly valuable federated generative IDS, for the protection of industrial Internet of thing (IIoT) networks that was proposed by [104]. Compared to the existing attacks, the FedGenID assessment based on the sophisticated industrial cybersecurity dataset reveals that it is capable of detecting class imbalances and multiclass cyberattacks. In addition, its ability to remain stable against adversarial attacks is proven. Bukhari et al. [105] proposed a new SCNN-Bi-LSTM model for intrusion detection in wireless sensor networks (WSNs). This model is based on FL, which enables better intrusion detection performance and privacy. The FL-based SCNN-Bi-LSTM model applies a novel strategy in which multiple sensor nodes coordinate when training a global model without disclosing private data; as a result, privacy issues are resolved. While these studies have made progress in federated learning security optimization, they exhibit limitations. They primarily focus on specific aspects of security without considering the broader spectrum of potential threats. In addition, their efficacy in real-world scenarios with diverse network architectures and data distributions needs further validation.

The category of improving the detection of unknown attacks consists of four papers. Roshan et al. [106] studied important aspects related to NIDS, adversarial attacks, and defense mechanisms to increase the robustness of ML- and DL-based NIDS. In the study by Nguyen and Le [107], the research aimed to address limitations in detecting unknown attacks and provide better protection for IoT networks against DoS/DDoS attacks. The study by Xie and Chen [108] strives to offer a streamlined yet potent approach to intrusion detection, designed to operate efficiently even in settings with restricted computational and energy capacities. Liu et al. [109] focused on SeMalBERT, which is an adaptive malware detection model used for detecting malicious software in Windows-based systems. It trains the features on the utilization of API function sequences as learned features. For word representation, BERT is being used, as is semantic chaining. Moreover, CNNs and LSTMs can be used to explore chaining relationships. Moreover, an outgoing attention mechanism makes a model stay focused on the relevant information in the text. While these studies aim to enhance the detection of unknown attacks, they have some shortcomings. These methods may lack comprehensive validation in real-world environments, potentially limiting their applicability. In addition, their focus on specific aspects of intrusion detection may overlook broader security concerns and fail to address evolving threats effectively. While these studies aim to enhance the detection of unknown attacks, they have some shortcomings. These methods may lack comprehensive validation in real-world environments, potentially limiting their applicability. In addition, their focus on specific aspects of intrusion detection may overlook broader security concerns and fail to address evolving threats effectively.

Furthermore, there are three papers on advancements in security. In the study by Ardito et al. [110], the study aimed to encourage the implementation of ML security models in the context of smart grids. In the study by Duy et al. [111], the authors explored the ability of the WGAN with gradient penalty (WGAN‒GP) by generating perturbed attack samples to bypass attack detectors. This method can be used for regular assessment of the robustness of ML-based IDS in software-defined networks (SDN) to achieve the objective of upgrading it as a service in SDN. Albahri et al. [112] presented a fuzzy MCDM structure incorporating multiple perspectives of data fusion. Its purpose is to evaluate diverse ML models to quickly detect adversarial attacks in VANETs. This implies reckoning dedicated short-range communication systems as well as developing multi-ML models by applying standard and feature fusion preprocessing to the data and finally evaluating and benchmarking these models with fuzzy decision-making logic by using FDOSM (fuzzy decision by opinion score). In this field, authors can have the flexibility to explore various DL approaches beyond WGAN and MCDM, allowing for a diverse range of methodologies to address security challenges.

However, in the field of automatic generation of imperceptible adversarial examples, there was one contribution. Marchisio et al. [113] suggested a “greedy” algorithm for the automatization of imperceptible adversarial samples when an attacker has limited feedback. The limited scope of research on the automatic generation of imperceptible adversarial examples poses a critical drawback. Relying solely on one paper may hinder a comprehensive understanding and development of effective defense mechanisms against evolving adversarial threats.

5.1.1 Improving IoT security

The IoT is the aggregation of the numerous individual physical devices currently called things that form a network. The connected products in the network are constrained by limited processing power and memory storage resources. As the number of IoT heterogeneous physical devices, through which the internet is accessed, continues to increase, the amount of data generated also becomes enormous; therefore, IoT networks have become more lucrative targets for attackers [74]. The study by Gungor et al. [82] showed that computational systems in the IIoT are usually not designed with security in mind. Their limited computational power creates security vulnerabilities that attackers can exploit to prevent asset availability, sabotage communication, and corrupt system data. In addition, Alzahrani and Asghar [83] mentioned the need for a cyber vulnerability detection system in logistics-based IoT data exchange. The sharing of IoT data with the cloud data centre may affect the privacy of the user’s sensitive data [103]. In the study by Nkoro et al. [86], the swift incorporation of the Internet of artificial intelligence and IoTs (AI-IoT) technologies has brought forth a crucial aspect of the forthcoming digital age: the Metaverse. Furthermore, with the rapid development of technology, cyber threats and privacy issues always arise before the IIoT. To solve this problem, there is a great demand for an advanced sequence detection system for the protection of IIoT networks [104]. The articles seem to assert the necessity for cyber vulnerability detection systems, protective measures, and the integration of novel technologies without thoroughly exploring the intricacies of these subjects. Such broad generalizations could undermine the credibility of the arguments and fail to sufficiently address the complexities inherent in the discussed issues.

5.1.2 Enhancement of IDSs

Regarding the enhancement of IDSs [75] reported that there was a need to design IDSs for networks. The implementation of a sophisticated adversary assault against an IPS may lead to a failure of detection; hence, this can be viewed as a direct problem in the application of ML models in IDS [91]. To evaluate and improve the weaknesses of IDSs against the latest attack methods, adding traffic is necessary [92]. In addition, the primary goal of Mishra et al. [76] is to create the best possible arrangement for the detection of security breaches. The optimal selection of the activation function, optimization process, epoch count, and batch size are the main topics of this study. In the realm of intrusion detection [108], there is a research void concerning the effectiveness and flexibility of such models in environments with limited resources. On the other hand, despite the immense growth of the digital sphere nudged by innovative technologies, cybersecurity vulnerabilities have reached a high level of importance. Accordingly, IDSs are the cardinal parts of network security systems that help in identifying abnormal network traffic, which may be indicative of malicious activity [105]. In addition, automated antiphishing detection systems have become a non-negotiable necessity, given that cybercriminals are continuing to innovate their methods [80].

5.1.3 Cyberscale physical system security

CPSs of critical infrastructure are exposed to a series of threats, and this has prompted investigations into the different detection techniques that can be deployed in such environments, including the use of neural network-based anomaly detection systems [88]. Research has shown that intelligent transportation systems, namely, AVs, are gaining stronger influence and that their power to transform the modern world is enormous. However, the security and privacy of these systems should be protected [102]. The controller area network protocol serves as a vital communication mechanism in vehicular systems. Nevertheless, its extensive utilization has led to vulnerabilities in in-vehicle communication channels, rendering them prone to diverse security risks such as denial-of-service, fuzzy, and impersonation attacks [77]. The rise in successful cyberattacks raises doubts about the efficacy of ML in cybersecurity applications [84]. There have been numerous concerns raised about the vulnerability of smart grid technologies to hacking [85]. In addition, cyberattacks have the potential to induce inaccurate forecasts, resulting in power outages, as shown by Aygul et al. [87]. TSP models must be engineered with robustness to withstand such cyberattacks. As a result of a global increase in cyberattacks occurring through computer systems, specifically IoT devices, the need for robust and automated methods to discover and mitigate these attacks in real time is urgent and sharp, and these techniques are fundamental for that purpose [79].

5.1.4 General ML security and defense strategies

Supervised learning models, even though they are being used to identify threats and address them, are being challenged in regard to detecting unfamiliar types of attacks, which could be very serious [107]. Mirsky et al. [95] showed that anomaly detection models need to be trained to consider all legitimate behaviours and actions. Moreover, the models are vulnerable to adversarial attacks because they presume that all observations during training are harmless [98]. It is observed that compared to normal training, adversarial training takes less time to achieve resilience against attacks, but it is limited by the number of epochs, resulting in suboptimal performance. In addition, ML has advanced at a great pace, and it will be necessary to study adversarial attacks and defense mechanisms to mitigate multiple cybersecurity problems [106]. The omission of the intuitive consideration of both normal and adversarial attack perspectives during the ML model generation stage, the absence of various preprocessing methods for VANET communication data, the insufficiency of the selection criteria for real-time adversarial attack detection models, and the minimum focus on explainability in adversarial attack detection procedures inspired the research carried out by Albahri et al. [112].

5.2.1 Adversarial attacks and security vulnerabilities

DL malware detectors are being implemented as one of the solutions to malware detection challenges. Although no system is completely secure, these detectors are at risk of being compromised by an adversary’s assault [72]. In regard to the challenges associated with the IoT, resource-constrained peripheral devices (i.e., those with low computational and storage capacity) and security (i.e., those for which it is more difficult to implement necessary security measures) both make implementation more difficult [74]. Although well adapted in disciplines such as images and audio, adversarial attacks turning on CPSs prove to be difficult to implement due to the presence of other built-in defense mechanisms such as rule checkers (or invariant checkers) [88]. As DNNs are widely used in various challenging ML tasks in real life, the threat of adversarial examples is receiving particular attention in the DL community [98]. In Khan et al. [77], two notable challenges must be addressed. First, the evaluation lacks exploration of diverse real-world scenarios, limiting the understanding of the robustness and generalizability of DivaCAN beyond the experimental setup. Second, practical implementation in real vehicular systems requires the consideration of hardware constraints to ensure efficient real-time operation without compromising vehicle performance.

Currently, the problem of securing IoT technologies has become very significant because of the increased complexity, imprecise settings, and conflicts between old and new systems. Such problems heavily affect the availability and reliability of existing essential infrastructure [78]. In addition, Nkoro et al. [86] reported that the increasing dependence on the Metaverse has led to the recognition of the critical importance of implementing strong cybersecurity measures. This is essential for identifying and addressing cyber threats effectively, thus safeguarding user safety. In addition, the challenge addressed in the study by Aygul et al. [87] is accurate online transient stability prediction in modern power systems that are increasingly dependent on smart grid technology and are susceptible to cyberattacks. Furthermore, automatic driving systems, whose main goal is to enhance the safety and comfort of passengers, simultaneously become prone to attack by hackers or other malicious actors because they are dependent on network technologies and require remote connections [93]. The systems of IDS can have either a hardware or software basis. Nevertheless, classic IDS schemes are not always able to efficiently perform accurate information security tasks and identify sophisticated, rare types of cyberattacks, particularly in WSN environments [105]. These articles highlight challenges in securing IoT, metaverse power systems, and autonomous driving due to the complexity, cybersecurity risks, and limitations of existing IDSs, necessitating innovative solutions.

5.2.2 Cybersecurity datasets

By far, the greatest hurdle for creating advanced ML-based fault and security defensive systems is the current scarcity of significant datasets on smart electrical grids, which provide both a wide category of such grids and their characteristics [110]. Labelling such a large dataset is very challenging since it can be performed only by an expert trained for at least 5 years [96]. Nguyen and Le [107] outlined three existing security challenges with IoT networks in terms of DoS/DDoS attacks. The first problem is related to the fact that the state-of-the-art popular datasets for IDS assessment develop certain restrictions. The second challenge is that the detection of new attacks should not require any training data. The third point is adversarial attacks that can allow the attacker to use vulnerabilities of the ML/DL-based NIDS to bypass the security mechanism. A significant obstacle in the study by Mishra et al. [76] lies in the absence of balance within real-time data, posing difficulties in adapting DL techniques to function effectively as real-time classifiers for detecting attacks when dealing with imbalanced data. According to Ahmad and Shah [103], increased training time and computational expensiveness are challenges in an IoT network. The articles highlight significant data-related challenges, so they underscore the scarcity of large, labelled datasets for ML in smart grids and IoT networks, hindering the development of effective security systems.

5.2.3 Complexity and evolution of attacks

The design of an efficient network intrusion system (IDS) is a serious problem considering the large number of new emerging attacks and complex network applications [75]. Identifying attacks can prove to be very difficult because one attack may develop in several steps, each of which is created to hinder the defense and at a separate timeline [97]. In Falana et al. [73], the challenge is that malware has become more prevalent given the complexity of today’s network and the attack landscape. Computer users and business owners find it very difficult to keep pace with cybercriminals.

5.2.4 Robustness of ML models

With the application of ML-based solutions and AI technologies in almost every sphere of present-day life, several issues regarding this pursuit have appeared as well. The immediate problem relates to adversarial attacks. In a recent study, algorithms, which are the most commonly used data-driven mechanisms in many intelligent systems, have become the targets of many attacks [91]. In the same vein, SDNs, when employed with IDSs, take advantage of the centralized control plane in an SDN to support massive-scale monitoring in a network. Nevertheless, ML-based IDSs can be overlooked and fooled by adversarial examples with the addition of natural perturbations to the original IDSs [92]. The proposed system in Alzahrani and Asghar [83] exhibits various limitations, such as (i) relying solely on one statistical method, the chi-squared measure, to identify significant features (predictors) and (ii) failing to leverage pretrained DL models. In addition, Xie and Chen [108] possess the potential vulnerability to novel or hostile attacks that were not encountered during the training phase, and the complexity of the CSNN model increases to accommodate a wider range.

Gungor et al. [82] demonstrated how cyberattacks can have a dramatic effect on the efficiency of ML methods aimed at process diagnosis and monitoring (PDM), and the results were up to 120× less efficient. Thereafter, they worked on constructing a multiple-layer combination learning environment that is unchanging against an assortment of various white-box adversarial attacks. Duy et al. [111] were exposed to two problems. First, the threat should not cause any other technologies to respond in an interlocked security system. Next, the initiator must be able to cause a given output by receiving corresponding feedback. Along these lines, it is important to mention that although federated learning is one of the most suitable mechanisms for data privacy, and it is prone to various attacks as well, especially data poisoning attacks where the adversary adds vectors in the training phase [102]. Even though hyperparameters are very useful in constructing an efficient federated learning model, they are robust against possible sideline events. The convolution layers of CNNs are not able to retain hierarchical spatial relationships such as the orientations, positions, and scaling of objects. CNNs tend to locate an object of interest via featurewise pattern recognition, not by deducing spatial relations within larger spatial structures [113].

On the other hand, [85], given the computational capabilities of quantum computers, existing encryption techniques are under significant threat, and it is only a matter of time before secure cryptography is compromised. In addition, the ML technique has shown potential in the detection of some types of attacks. However, despite its reasonable success in subsequent assaults, this approach does not provide an ideal solution [79]. In addition, a variety of current systems utilize a single-analysis model structure, resulting in weak points and, therefore, easier targets for hackers [80]. These models can be vulnerable to adversarial examples that are dependent on a single statistical technique and are incapable of accurately predicting complicated attacks. Although ML reportedly produces positive outcomes in the detection of attacks, its effectiveness is still inadequate, especially because of the danger of a mono-variate model system structure.

5.3.1 Defense and protection against adversarial attacks

This category addresses the difficulties and potential of using ML in adversarial environments, such as malware detection, network intrusion detection, and failure prediction. In Shaukat et al. [72], the authors envisaged several future research directions. For instance, it would be useful to investigate the performance of DL models other than the models proposed by Shaukat et al. [72] in adversarial settings. In addition, it would also be useful to examine the robustness of malware detectors trained against other evasion attacks. The proposed model by Sharma et al. [74] can be applied to other datasets with imbalanced class labels, and GANs can be adopted to generate traffic from minority attacks in the dataset. In addition, other minority attack classes can be categorized into new DNN-based classifiers with increased accuracy and reduced loss in terms of false negative (FN) and false positive (FP) predictions. Duy et al. [92] recommended conducting the framework on more datasets with diverse modern attacks, considering other more complex detection algorithms, and using other GAN formulations for training improvement. Ardito et al. [110] highlighted that defending these systems against alternative adversarial training and detection techniques would require more nuanced and in-depth research, which they hope to pursue in the future work. Another interesting future direction is to consider the privacy of fault-prediction systems such that separate zones do not need to exchange their data with a central server.

Chen et al. [98] explored other potential causes of catastrophic overfitting and discovered more properties of adversarial examples in DNNs. Wan et al. [101] recommended simultaneously improving the learning efficiency of non-independent and identically distributed (NIID) dataset data and further improving the robustness of the adversarial training process. Roshan et al. [106] explored the implications of adopting the described method on other kinds of ML and DL architectures. In the same context, there is a possibility to examine the transferability concept in the field of adversarial ML, where the approach that works in one case can also be developed for other purposes. The method should be used in the series in the same way, which also addresses the concept of drift network streaming data-based NIDS system.

On the other hand, in the ever-changing arena of adversarial attacks, forthcoming studies need to delve into the consequences of emerging attack methodologies, encompassing white-box, black-box, and gray-box approaches [99]. Xie and Chen [108] focused on mitigating constraints by exploring methods to enhance model resilience, decrease computational intricacy, and augment detection capabilities tailored to particular attack types. Nkoro et al. [86] recommended exploring the computational complexities of the SHAP and LIME XAI methods and investigating the integration of an explainable adversarial protection mechanism to fortify the NIDS against potential DNN adversarial attacks. Albahri et al. [112] moved to a stage that demands rigorous testing and validation. This involved the setting of boundaries of operation, such as attacks and examination of frameworks regarding stability. The performance metrics of framework development should focus on issues such as the amount of data and model complexity, and the real-world benefit of the implemented framework should also be evaluated. Sharma et al. [100] introduce a hybrid approach for Windows Malware Classification. Despite this, an area that is still under debate is the reliability of the model against adversarial attacks. In addition, the model should be checked for the ability to identify malware created for other platforms, such as Android or Linux [100]. A study conducted by Hamouda et al. [104] suggested exploring ensemble learning methods for collective decision-making and self-supervised learning techniques to improve the capabilities of generative models. Further investigations can focus on developing complex feature-selecting methods that perceive subtle attack strategies to be detected by the model. In addition, the model can also evolve to be more efficient, especially in real-time detection scenarios, which is another area that needs to be emphasized [105]. Finally, van Geest et al. [80] proposed an extended duration trial of the framework including more models, complex bypass simulations, and the integration of existing models to refine the hybrid design. There is a need for broader investigations into ML model performance in adversarial settings, including robustness against various evasion attacks and diverse attack types.

5.3.2 Data generation and augmentation

The studies in this category are concerned with the methods and use cases of creating artificial or enhanced data employing methods such as RL and GANs. Gungor et al. [82] were the first to plan to add black-box attack methods that do not have any knowledge about the attacked models. Duy et al. [111] recommended RL by being able to learn the behaviour of modifying network traffic; hence, this approach can be used to obtain adversarial network traffic at the byte level. The suggestion put forward by Mishra et al. [76] involves integrating temporal features and improving benchmark datasets. In addition, there are plans to enhance the proposed model by integrating federated learning methodologies, which can address concerns regarding data confidentiality and privacy more effectively. Alzahrani and Asghar [83] aimed to assess its performance in the future using more datasets. (ii) In addition to chi-squared analysis, they investigated additional feature selection techniques. (iii) Currently, each attack class is categorized separately. (iv) Furthermore, researchers looking into logistics-based IoT vulnerability screening may find it helpful to use the BoT-IoT dataset in combination with hybrid DL. However, there is a need for further refinement and diversification in data generation and augmentation methods.

5.3.3 IoT security and analysis

This category includes the papers that address the security and analysis of IoT devices and systems – malware, threat case generation, framework design, and log analysis. Imran et al. [81] recommended that future work aims at developing use cases based on different log outputs and deducing exact results by using ML algorithms that will remove false positives. The proposed framework by Mirsky et al. [95] has the potential to provide IoT manufacturers with a cheap and effective solution. They hope that this framework, and its variants, will assist researchers and the IoT industry in securing the future of the IoT. Bai et al. [97] evaluate the developed approach to other session-based protocols, such as Secure Shell. In addition, Windows event logs contain a variety of event types that can be leveraged to identify different stages of an APT (advanced persistent threat) attack. Finally, in the study by Falana et al. [73], MalDetect was tested against larger datasets, and the proposed framework was integrated into an IoT-based system for assessment and precision. In the study by Ahmad and Shah [103], further assessments were conducted to evaluate the computational complexity and effectiveness of the proposed model across various IoT application scenarios. In addition, they recommend exploring the implementation of an efficient data compression technique to minimize the volume of data transmitted to a cloud data centre in a federated learning framework. These studies need more comprehensive evaluation and practical implementation of the proposed frameworks in real-world IoT environments. Recommendations include developing use-case scenarios based on different log outputs, refining frameworks to ensure affordability and effectiveness for IoT manufacturers, and conducting further assessments to evaluate computational complexity and effectiveness across various IoT application scenarios. In addition, suggestions involve exploring efficient data compression techniques to minimize data transmission volumes in federated learning frameworks. However, there is a lack of discussion on potential challenges and limitations that may arise during implementation and operation in diverse IoT settings.

5.4.1 Available datasets

This approach contributes to the basic function of training AI models in the case of adversarial attacks [114]. In particular, within the adversarial attack setting, the dataset turns out to be fundamental for identifying subtleties and for pinpointing possible dangers. This impedes the evaluation of model applicability and generalizability due to the lack of specific details on the datasets, as is evident from the literature review. The nature of the data type, size, composition, and aspects specific to the training and test datasets are pivotal parts of the data used to evaluate the robustness of adversarial attacks in AI models (Table 1).

The validity and homogeneity of the training data are further emphasized, which is what validation provides, as well as the depiction of reality and consistency for successful generalization across a variety of cases [115]. It is critical to ensure transparency in the revelation of the source of the dataset, whether it is available from public sources or has been collected in the field of research on adversarial attacks; the replicability and validity of research findings depend on it.

The total number of datasets deployed throughout all the experiments is 37. The total number of datasets that are used for the development of taxonomy-related portions of the study attests to the fact that many of them still deserve further analysis. The high number of datasets applied and the discrepancy in the quantity of the studies being conducted throughout this period were remarkable because for the period from 2020 to 2023, there were 23 studies, and during only the first quarter of 2024, 19 studies were conducted. For the sake of deriving future research options in the context of past analysis, we performed an intersection analysis taking the two aforementioned intervals (Figure 27).

Figure 27

The datasets used for the period from 2020–2023 vs the datasets used in the first quarter of 2024.

Such meticulous observations are graphically represented in Figures 28 and 29, as they are a library of datasets for future studies. Through this visualization, the first figure shows the correlation between the datasets used in the research from 2020 to 2023, while the second figure shows the datasets used for the first quarter of 2024. Therefore, these graphs highlight the pursuing trend for further research in this specific sector. This connection shows datasets that at times are scanned across multiple studies, indicating their ongoing value and appropriateness for more research in the future.

Figure 28

Datasets used vs unused for the period from 2020 to 2023.

Figure 29

Datasets used vs unused datasets in the first quarter of 2024.

The examination of the datasets utilized versus those left unused in comparison with the first quarter of 2024 revealed a microcosm of the evolution of the cybersecurity research landscape. Initially, researchers mainly used available datasets such as NSL-KDD, CICIDS2017, and UNSW-NB15 to investigate various branches of intrusion detection, anomaly detection in IoT networks, and attacks for ML models. On the other hand, the transition of dataset utilization to more complex and specific data is evident in 2024. This suggests that people are beginning to acknowledge that more different and particular data may have to be used in addressing emerging cybersecurity challenges. This transition implies a shift toward more advanced implementation in the field, as researchers have reviewed and explored other advanced methods, such as federated learning, quantum-based strategies, and ensemble methods, for the purpose of boosting the reliability and resiliency of cybersecurity systems. To fill the gap between the dataset used and that unused and solve the challenges in the taxonomy, the vital solutions include the promotion of the diversity of the dataset that will be achieved by collaboration with industrial partners and cybersecurity organizations, standardizing the protocol for the sharing of the dataset that would stimulate the use, leveraging synthetic data generation techniques to supplement the existing datasets, and conducting longitudinal studies to observe the changes in cyber threats. On the one hand, researchers can apply these solutions to circumvent the complexities of modern cybersecurity scape, and on the other hand, they can develop efficient measures to counter emerging cyber threats.

5.4.2 ML/DL techniques

ML and DL techniques provide many benefits but also pose considerable difficulties. Fundamentally, it has been proven that they can adequately perform image classification, object recognition, and natural language data processing [116], the latter of which is authenticated by progress in data representation [117]. In ML [118], transferring data from models trained with training sets to other models is an interesting topic. However, one of the primary challenges is obtaining the large amounts of qualitative data needed for training these ML algorithms [119,120]. It takes time and money to collect, label, and annotate the data [121]. Moreover, the ethical implications, possible biases, and consequences of AI-driven content call for a thorough assessment, especially in the fields of NLP, computer vision, and image analysis [122,123,124].

However, during ML thinking, there are many security threats that ML and DL face [8]. As illustrated, attackers have a massive incentive to alter the results of ML and DL model outputs or acquire confidential information for their benefit [25]. The analysis was carried out for networks and cybersecurity in adversarial attacks, and based on the algorithms given in Table 2, we considered this unique feature to define gaps in the use of ML and DL techniques in the literature. Consequently, one of our contributions is identifying algorithms that have not hitherto been researched as such subjects for separate studies, constituting unique classifications and inquiries.

This study incorporated 62 different methods used in all the contributions. By comparing the presented taxonomy with how frequently each of these methods was employed in papers, it is revealed that there are plenty of avenues for future study. The remarkable techniques illustrated by the green accent in Figure 30 are explained below.

Figure 30

The methods of ML and DL used for the period from 2020 to 2023 vs the methods used in the first quarter of 2024.

Figure 31 shows an overview of the interlinkages between the methods applied by researchers in the period of 2020–2023 and shows the methods employed in the quarter of 2024 (1st Q 2024). Figures 31 and 32 expand on this idea, showing a list of methods previously used in research papers and methods that are not yet used (for the future). These graphical illustrations serve more as the result of an ongoing investigation within this given sector, with an emphasis on where further research may lead.

Figure 31

Methods of ML used vs unused for the period from 2020 to 2023.

Figure 32

Methods of ML used vs unused in the first quarter of 2024.

By comparing the ML and DL methods employed in 24 papers (2020–2023) to the methods used in 42 papers (first quarter of 2024), it is clear that there have been significant shifts and advancements in cybersecurity research methodology. At the beginning of ML evolution, researchers mostly worked with classical algorithms such as decision trees, random forests, support vector machines (SVMs), and k-nearest neighbours (KNNs) to design IDSs, anomaly detection models, and malware detectors, but now, these algorithms have been revolutionized by the latest DL approaches. While traditional methods, such as supervised learning and simple approaches, have been in use for a long time, recent developments in the realm of DL techniques, especially DNNs, CNNs, and recurrent neural networks (RNNs), have led to the emergence of more advanced and data-driven solutions. In 2024, DL is booming, while various cutting-edge approaches, including adversarial autoencoding, GANs, and federated learning, are increasingly adopted in cybersecurity research to move the direction toward resilient security systems. In addition, hybrids dominate, which use the possibility of both logic and DL as the most important techniques. This change is symbolic of the overall event of capitalizing on the potential of DL to solve sophisticated cybersecurity problems through techniques such as malware detection, adversarial signals, and network nastiness detection. DL methodologies will help researchers manoeuvre dynamically and develop better approaches to fight cyber threats, which will continue to evolve in the future.

5.4.3 New insights into cybersecurity

The future applications of defense networks and cybersecurity concerning adversarial attacks span a wide range. These include benchmarking DL systems, malware detectors, and other models to study their operational variability in adversarial settings and devising new classifiers for higher precision by increasing the rationality of the decision conditional on representational evidence while generating threat cases from several log sources based on ML accuracy. Moreover, researchers also seek to widen the datasets for diverse purposes and investigate complicated detection algorithms as well as utilize several formulations of GANs that are designed to be used only during training. The scope also includes supplying cost-efficient IoT security systems, combining semantic tree neural networks and survey approaches over various protocols as well as event logs. In addition, goals are set to address overfitting in DNNs and software acceleration for non-independent and identically distributed dataset optimization of learning rate tests against larger datasets. In pursuit of realism, researchers have aimed to consider black-box attack methods and study transferability within adversarial ML and DL. The use of RL in GAN-based attack generation and walking on federated learning-based IDSs contributes to expanding the research scope. In general, the focus is on handling a broad spectrum of attacks and compromising false alarms under good restoration conditions in different adversary settings.