A comprehensive review on detection of cyber-attacks: Data sets, methods, challenges, and future research directions

Abstract

Rapid developments in network technologies and the amount and scope of data transferred on networks are increasing day by day. Depending on this situation, the density and complexity of cyber threats and attacks are also expanding. The ever-increasing network density makes it difficult for cyber-security professionals to monitor every movement on the network. More frequent and complex cyber-attacks make the detection and identification of anomalies in network events more complex. Machine learning offers various tools and techniques for automating the detection of cyber attacks and for rapid prediction and analysis of attack types. This study discusses the approaches to machine learning methods used to detect attacks. We examined the detection, classification, clustering, and analysis of anomalies in network traffic. We gave the cyber-security focus, machine learning methods, and data sets used in each study we examined. We investigated which feature selection or dimension reduction method was applied to the data sets used in the studies. We presented in detail the types of classification carried out in these studies, which methods were compared with other methods, the performance metrics used, and the results obtained in tables. We examined the data sets of network attacks presented as open access. We suggested a basic taxonomy for cyber attacks. Finally, we discussed the difficulties encountered in machine learning applications used in network attacks and their solutions.