Reviewing Machine Learning Algorithms for Threat Detection in Cybersecurity

Abstract

The recent increase in the prevalence and popularity of artificial intelligence in everyday life, such as chat agents like ChatGPT, Claude, and Google Gemini, has led to its incorporation in many fields, cybersecurity notwithstanding. In particular, machine learning, a subset of the artificial intelligence field, has led many researchers to investigate this promising technology as a method to better optimize cybersecurity applications for threat detection. The rise in machine learning comes alongside, and potentially is caused by, an ever-increasing volume of cyberattacks. As attackers have access to more sophisticated tools, using Artificial Intelligence for vectors such as social engineering and automation, cybersecurity specialists are also forced to turn to AI to match the increasing fervor. But are all algorithms created equal? The paper focuses on IEEE-sponsored journals and conferences, identifying keywords like threat detection and machine learning, using studies published within the last year. In doing so, this paper focuses on recent works that relate machine learning to cybersecurity, specifically threat detection models. This survey identifies the types of algorithms used in these applications and how they are implemented. Several baseline algorithms, such as support vector machines, k-nearest-neighbors, and convolutional neural networks, were featured in several works, while others compounded these baseline models into an ensemble algorithm, using various methods. This survey identifies strengths and weaknesses in machine learning threat detection by comparing various researched algorithms and implementations. In doing so, opportunities for future research become apparent, where researchers could attempt to defeat these algorithms or even exploit the algorithm itself to bypass detection. Another avenue for future research involves strengthening the algorithms in areas where they performed poorly by combining models into a new end product or layering them to address specific weaknesses.