THEORETICAL AND TECHNICAL ASPECTS OF MACHINE LEARNING USAGE IN CYBERSECURITY
DOI:
https://doi.org/10.28925/2663-4023.2025.28.774Keywords:
cybersecurity, cyberattack, cyberdefense, machine learning, deep learning, machine learning in cybersecurityAbstract
The article explores the technical and theoretical aspects of machine learning (ML) in addressing the escalating complexities of cybersecurity threats in the digital age since the ever-growing rise in cybercrime has prompted users to utilize newer approaches to raise the bar on cybersecurity. Research considers the adoption of machine learning (ML) technology as a cornerstone of virtually any contemporary problem in cyber security, particularly processes and techniques involved in problem analysis, detection, attack prediction, and even behavioral profiling. Elaborated on how ML makes a better response compared to traditional methods like signature-based detection by explaining how real-time analysis of massive data becomes possible. An overview of the important features of supervised and unsupervised learning is provided in the context of anomaly detection and malicious activity recognition with a focus on Support Vector Machine and Isolation Forests algorithms as well as a detailed look at the LSTM model for phishing URL evolution analysis. Also, those algorithms have been highlighted from the technical implementation side: supervised learning with Support Vector Machines using Scikit-Learn to classify network traffic trained on features like IP addresses and ports, unsupervised learning with Isolation Forests for anomaly detection in multidimensional data, and deep learning with Long Short-Term Memory (LSTM) networks for phishing URL analysis. This paper investigates significantly important difficulties in carrying out ML algorithms, such as class imbalance, adversarial attacks, and lack of model transparency. Such techniques as SMOTE (Synthetic Minority Over-sampling Technique) are proposed for developing training datasets, whereas model adversarial training and robust optimization methods are suggested for defense against malicious model exploitation. Also, the role of explainability methods such as SHAP and LIME are emphasized to build the trust and acceptance of automated ML systems in cybersecurity. Identified research opportunities and suggested that further testing be done on improving model robustness and performance metrics in constrained environments.
Downloads
References
Singer, P. W., & Friedman, A. (2014). Cybersecurity and cyberwar: What everyone needs to know. Oxford University Press.
Mitchell, T. M. (1997). Machine learning. McGraw-Hill.
James, G., Witten, D., Hastie, T., & Tibshirani, R. (2013). An introduction to statistical learning: With applications in R. Springer.
Goodfellow, I., Bengio, Y., & Courville, A. (2016). Deep learning. MIT Press.
Jacobs, J., & Rudis, B. (2014). Data-driven security: Analysis, visualization and dashboards. Wiley.
Joseph, A. D., Nelson, B., Rubinstein, B. I. P., & Tygar, J. D. (2019). Adversarial machine learning. Morgan & Claypool Publishers.
Géron, A. (2019). Hands-on machine learning with Scikit-Learn, Keras, and TensorFlow: Concepts, tools, and techniques to build intelligent systems (2nd ed.). O'Reilly Media.
Gulli, A., Kapoor, A., & Pal, S. (2019). Deep learning with TensorFlow 2 and Keras: Regression, ConvNets, GANs, RNNs, NLP, and more with TensorFlow 2 and the Keras API (2nd ed.). Packt Publishing.
Chio, C., & Wagner, D. (2018). Machine learning and security: Protecting systems with data and algorithms. O'Reilly Media.
Liu, F. T., Ting, K. M., & Zhou, Z.-H. (2008). Isolation forest. In 2008 Eighth IEEE International Conference on Data Mining, 413–422. IEEE. https://doi.org/10.1109/ICDM.2008.17
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., & Duchesnay, É. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12(10), 2825–2830.
Chawla, N. V., Bowyer, K. W., Hall, L. O., & Kegelmeyer, W. P. (2002). SMOTE: Synthetic Minority Over-sampling Technique. Journal of Artificial Intelligence Research, 16, 321–357.
Sahoo, D., Liu, C., & Hoi, S. C. H. (2019). Malicious URL detection using machine learning: A survey. ACM Computing Surveys, 52(3), 1–37.
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Тарас Мелько, Володимир Коцун
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
