Authors: Shah Md. Tanzimul Kabir, Md. Saiduzzaman
Abstract: This paper provides a comprehensive analysis of machine learning in cyber security threat detection, tracing the history of its development from traditional signature-based systems towards intelligent and adaptive systems that can identify new and sophisticated threats. The study systematically examines recent research articles from 2021 to 2026 to explore the use of supervised, unsupervised, and deep learning in various domains of network intrusion detection systems, malware classification systems, and anomaly detection systems. The study proposes a new Integrated Threat Detection Framework (ITDF) that includes data preprocessing, feature engineering, model selection, and real-time detection. The study indicates that machine learning algorithms such as ensemble methods using Random Forest and XGBoost provide the best results with 95-99% accuracy on various benchmark datasets such as NSL-KDD, CIC-IDS2017, and UNSW-NB15. Deep learning methods such as Convolutional Neural Networks (CNN) and Recurrent Neural Networks (RNN) perform exceptionally well in identifying patterns in network traffic with 98-99% accuracy for network intrusion detection systems. Emerging trends in machine learning for cyber security include federated learning for privacy in distributed environments and Generative Adversarial Networks (GAN) for generating training data for rare types of threats. The key challenges that still need to be addressed relate to the problem of concept drift, adversarial attacks on ML models, and the need for interpretability in security operations. The comparative evaluation of the proposed approach with respect to four analytical dimensions—detection accuracy, false positive rate, real-time capability, and adversarial robustness—shows that the hybrid approach provides the best robustness against cyber attacks.
DOI: https://doi.org/10.5281/zenodo.20270619
