Application of Machine Learning Algorithms for Anomaly Detection in Cybersecurity Threat Mitigation
Abstract
The integration of Artificial Intelligence (AI) into cybersecurity has transformed the landscape of threat detection, analysis, and mitigation. As cyber-attacks become increasingly sophisticated and evasive, traditional rule-based defences are no longer sufficient to identify zero-day exploits and advanced persistent threats. AI-driven approaches, leveraging machine learning and deep learning, enable proactive anomaly detection, behavioural modelling, and predictive analytics that enhance both the accuracy and agility of cyber defence mechanisms.This paper provides a comprehensive examination of AI applications in cybersecurity, spanning anomaly detection, automated incident response, and adaptive defence frameworks. It also emphasizes the emerging role of AI in vulnerability management, where predictive modelling, natural language processing, and automated remediation are used to identify, prioritize, and mitigate vulnerabilities before they can be exploited. A real-world case study of Panasonic’s VERZEUSE™ platform is presented to illustrate the industrial implementation of AI-enhanced cybersecurity. The platform exemplifies how AI-based predictive analytics, threat intelligence integration, and continuous monitoring can strengthen risk management and compliance in complex IT and IoT ecosystems.The findings demonstrate that AI substantially improves detection accuracy, response speed, and proactive defence capabilities. However, challenges related to data quality, model robustness, interpretability, and ethical deployment must be addressed to ensure trustworthy adoption. The study concludes that the future of cybersecurity depends on harmonizing human expertise with adaptive AI systems to achieve resilient, self-learning defence frameworks.References
S. A. Shaikh, N. A. Shaikh, and M. N. Shaikh, "A review of artificial intelligence techniques in cybersecurity," *2020 3rd International Conference on Computing, Mathematics and Engineering Technologies (iCoMET)*, Sukkur, Pakistan, 2020, pp. 1–5, doi: 10.1109/iCoMET48670.2020.9073885.
M. Conti, A. Dehghantanha, K. Franke, and S. Watson, "Internet of Things security and forensics: Challenges and opportunities," *Future Generation Computer Systems*, vol. 78, pp. 544–546, Jan. 2018, doi: 10.1016/j.future.2017.07.060.
M. Vinayakumar, K. P. Soman, and P. Poornachandran, "Evaluating deep learning approaches to intrusion detection," *Procedia Computer Science*, vol. 132, pp. 485–490, 2018, doi: 10.1016/j.procs.2018.05.198.
R. Sommer and V. Paxson, "Outside the closed world: On using machine learning for network intrusion detection," *2010 IEEE Symposium on Security and Privacy*, Oakland, CA, USA, 2010, pp. 305–316, doi: 10.1109/SP.2010.25.
IBM Security, “Cost of a Data Breach Report 2023,” IBM Corporation, 2023. [Online
M. Conti, A. Dehghantanha, K. Franke, and S. Watson, “Internet of Things security and forensics: Challenges and opportunities,” *Future Generation Computer Systems*, vol. 78, pp. 544–546, Jan. 2018, doi: 10.1016/j.future.2017.07.060.
S. A. Shaikh, N. A. Shaikh, and M. N. Shaikh, “A review of artificial intelligence techniques in cybersecurity,” *2020 3rd Int. Conf. on Computing, Mathematics and Engineering Technologies (iCoMET)*, Sukkur, Pakistan, 2020, pp. 1–5, doi: 10.1109/iCoMET48670.2020.9073885
M. Alazab et al., “Zero-day malware detection based on supervised learning algorithms of API call signatures,” *2010 Ninth Australasian Data Mining Conference*, 2011, pp. 171–182.
S. A. Shaikh, N. A. Shaikh, and M. N. Shaikh, “A review of artificial intelligence techniques in cybersecurity,” *2020 3rd Int. Conf. on Computing, Mathematics and Engineering Technologies (iCoMET)*, Sukkur, Pakistan, 2020, pp. 1–5, doi: 10.1109/iCoMET48670.2020.9073885.
R. M. Alguliyev, Y. E. Imamverdiyev, and L. A. Sukhostat, “Cyber-attacks detection in critical information infrastructures using artificial intelligence approaches: A review,” *IEEE Access*, vol. 9, pp. 14014–14043, 2021, doi: 10.1109/ACCESS.2021.3052133.
M. Vinayakumar, K. P. Soman, and P. Poornachandran, “Evaluating deep learning approaches to intrusion detection,” *Procedia Computer Science*, vol. 132, pp. 485–490, 2018, doi: 10.1016/j.procs.2018.05.198.
R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,” *2010 IEEE Symposium on Security and Privacy*, Oakland, CA, USA, 2010, pp. 305–316, doi: 10.1109/SP.2010.25.
N. Idika and B. Bhargava, “Extending attack graph-based security metrics and aggregating their application,” *IEEE Trans. Dependable and Secure Computing*, vol. 9, no. 1, pp. 75–85, Jan.-Feb. 2012, doi: 10.1109/TDSC.2011.44.
R. M. Alguliyev, Y. E. Imamverdiyev, and L. A. Sukhostat, “Cyber-attacks detection in critical information infrastructures using artificial intelligence approaches: A review,” *IEEE Access*, vol. 9, pp. 14014–14043, 2021, doi: 10.1109/ACCESS.2021.3052133.
H. Huang, Z. Wang, and X. Huang, “A blockchain-based privacy-preserving incentive mechanism in crowdsensing applications,” *IEEE Access*, vol. 7, pp. 62996–63006, 2019, doi: 10.1109/ACCESS.2019.2916556.
Y. Liu, R. Wang, and Y. Chen, “Federated learning for cyber security: Concepts, applications, and future directions,” *IEEE Trans. Ind. Informatics*, vol. 18, no. 5, pp. 2926–2939, May 2022, doi: 10.1109/TII.2021.3085284.
M. Conti, A. Dehghantanha, K. Franke, and S. Watson, "Internet of Things security and forensics: Challenges and opportunities," Future Generation Computer Systems, vol. 78, pp. 544–546, Jan. 2018.
R. Kumar and P. Kumar, "Phishing attack detection using machine learning techniques," in Proc. Int. Conf. Computational Intelligence and Data Science, 2019, pp. 157–160.
S. Axelsson, "The base-rate fallacy and its implications for the difficulty of intrusion detection," in Proc. ACM Conf. Computer and Communications Security, 1999, pp. 1–7.
K. M. Rogers, "Ransomware: Evolution, mitigation and prevention," Journal of Information Security, vol. 7, no. 1, pp. 11–22, Mar. 2016.
D. L. White, "Insider threat detection: Techniques and countermeasures," Journal of Cybersecurity and Privacy, vol. 2, no. 3, pp. 98–112, 2018.
S. Z. Alawneh, A. J. Alenezi, and I. A. Alenezi, "Cybersecurity risks in critical infrastructure: A survey," Computers & Security, vol. 93, article 101751, Apr. 2020.
H. J. Wang, M. I. Wang, and H. Yu, "Polymorphic malware detection using machine learning," in Proc. IEEE Int. Conf. Big Data, 2018, pp. 3087–3095.
T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. C. Freiling, "Measurements and mitigation of peer-to-peer-based botnets: A case study on Storm worm," in Proc. 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, 2008.
Z. Zhao, J. Fan, and Q. Chen, "Zero-day vulnerability detection based on machine learning," IEEE Access, vol. 7, pp. 18439–18450, 2019.
Y. Yang et al., "Artificial intelligence-enabled phishing attacks: Threats and countermeasures," IEEE Network, vol. 34, no. 2, pp. 123–129, Mar.–Apr. 2020.
A. S. Elmaghraby and M. M. Losavio, "Cybersecurity challenges in Smart Cities: Safety, security and privacy," Journal of Advanced Research, vol. 5, no. 4, pp. 491–497, 2014.
M. Roesch, "Snort - lightweight intrusion detection for networks," in Proc. 13th USENIX Conf. System Administration, 1999, pp. 229–238.
G. Creech and J. Hu, "A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns," IEEE Trans. Comput., vol. 63, no. 4, pp. 807–819, Apr. 2014.
K. A. Yokoyama, S. Yamaguchi, and Y. Hori, "Anomaly detection using deep learning for cyber-physical system security," in Proc. IEEE Int. Conf. on Cyber-Physical Systems, 2020, pp. 45–54.
M. S. Islam, T. Kwak, M. H. Islam, and J. H. Park, "Cybersecurity and artificial intelligence: Research advances and applications," IEEE Access, vol. 7, pp. 12864–12877, 2019.
T. T. Nguyen and G. Armitage, "A survey of techniques for internet traffic classification using machine learning," IEEE Commun. Surveys Tuts., vol. 10, no. 4, pp. 56–76, Fourth Quarter 2008.
J. Zhang, X. Xiao, and M. Li, "A survey on machine learning techniques for phishing detection," IEEE Access, vol. 6, pp. 29661–29674, 2018.
S. Hochreiter and J. Schmidhuber, "Long short-term memory," Neural Computation, vol. 9, no. 8, pp. 1735–1780, Nov. 1997.
C. M. Bishop, Pattern Recognition and Machine Learning. New York, NY, USA: Springer, 2006.
I. Goodfellow, Y. Bengio, and A. Courville, Deep Learning. Cambridge, MA, USA: MIT Press, 2016.
O. Chapelle, B. Schölkopf, and A. Zien, Semi-Supervised Learning. Cambridge, MA, USA: MIT Press, 2006.
D. E. Denning, "An intrusion-detection model," IEEE Trans. Software Eng., vol. SE-13, no. 2, pp. 222–232, Feb. 1987.
A. S. Tanenbaum and D. J. Wetherall, Computer Networks, 5th ed. Upper Saddle River, NJ, USA: Pearson, 2011.
DOI:
https://doi.org/10.31449/inf.v50i6.10011Downloads
Published
How to Cite
Issue
Section
License
Authors retain copyright in their work. By submitting to and publishing with Informatica, authors grant the publisher (Slovene Society Informatika) the non-exclusive right to publish, reproduce, and distribute the article and to identify itself as the original publisher.
All articles are published under the Creative Commons Attribution license CC BY 3.0. Under this license, others may share and adapt the work for any purpose, provided appropriate credit is given and changes (if any) are indicated.
Authors may deposit and share the submitted version, accepted manuscript, and published version, provided the original publication in Informatica is properly cited.
